It Should Definitely Bother Apple
Casey:
In other news, some jackass named Casey just started recording two and a half minutes ago.
Casey:
So I'm going to leave you a nice edit.
Casey:
So in case you want to cut all that.
Casey:
I'm going to kill you.
Casey:
I know.
Marco:
Your punishment is I'm going to have to use the low quality Zoom version for your opening banter.
Casey:
That is also completely acceptable.
Casey:
No joke.
Casey:
But do you want me to leave you like a nice let's start with follow up right now?
John:
Do you need to have a checklist, Casey?
Casey:
I do.
Casey:
I need to call Merlin.
John:
I suggested that Merlin have a checklist.
John:
And maybe you need a checklist too.
Casey:
It's been a long time.
Casey:
And the problem is I was all out of sorts today and I'm the one who caused us to come and do this today.
Casey:
And then I felt like I was late to get to our Zoom call.
Casey:
It's entirely my fault.
Casey:
Like I'm not trying to blame anyone but me, but I was all out of sorts.
Casey:
I didn't hit record and I'm used to call recorder having my back on this one.
Casey:
And because we switched to Zoom and because, you know, we were all eventually going to be on M1 Max, except maybe John, it wasn't there to save me.
Casey:
It's all my fault, but I feel dumb.
Casey:
Anyway, so you don't want a good edit, you're just going to use the crap copy.
Casey:
That's totally fine.
Casey:
It's entirely my fault.
Casey:
I do not blame you at all, but I'll leave you a nice intro if you want it.
Marco:
You'll find out.
Marco:
Okay.
Marco:
See, the problem is if I use the crap copy, it punishes you, but it also punishes me because people will first think that I just suck at audio quality.
Casey:
Well, you could also leave all this in if you would like.
John:
People don't even notice.
John:
It'll be short enough.
John:
It'll be like, oh, it sounded weird in the beginning, but then it sounded normal.
John:
It'll be fine.
Casey:
Uh, I'm going to do this for me and you're going to ignore it and that's fine, but it will make me feel slightly better about my ineptitude.
Casey:
So I need you two to shut the hell up for like 10 seconds.
John:
Are you rerecording an intro?
John:
You're never going to be able to do it naturally.
John:
It's always going to sound awkward.
John:
No, no, just let me give it a shot.
Marco:
We are sponsored this week by Squarespace.
Marco:
God damn it.
Casey:
All right.
Marco:
Recording.
Casey:
Hey, listeners.
Casey:
Would you two shut up for two seconds?
John:
That's an incomparable joke for you there, Casey.
Casey:
Hey, listeners.
Casey:
It's your pal Casey.
Casey:
Some dummy like me forgot to hit record right away when I started recording tonight.
Casey:
So if I sound like garbage, it's not Marco's fault.
Casey:
It's not John's fault.
Casey:
It's not your phone's fault.
Casey:
It's my fault.
Casey:
But don't worry.
Casey:
I hit record after a few minutes and then I'll sound just like I normally do.
Marco:
I'm not going to use this.
Marco:
I would never put that in.
Marco:
I've already done the edit in my head.
Marco:
I got it covered.
Marco:
Don't worry.
Marco:
I know exactly what I'm going to do.
Marco:
There's no way I'm going to use something like that ever.
John:
You've heard of headcanon?
John:
Marco's got head edit.
Casey:
Yeah.
John:
Hi, listeners.
John:
Like this.
Casey:
What?
Casey:
Why would I ever do that?
Casey:
Because I just wanted to give you the option.
Casey:
It makes me feel better to know you have the option.
Casey:
I know you're not going to use it.
Casey:
It's not for you.
Casey:
It's for me.
Marco:
Hey, listeners.
Marco:
Casey here.
Marco:
I'd like to apologize for my ineptitude starting my recording tonight.
John:
You should apologize for his counterfactual statements about cryptocurrency.
John:
That's what you should be apologizing for.
Marco:
Oh, God.
John:
I hate to tell you, Casey, but you really just don't have any of your facts right on cryptocurrency.
Marco:
things you said were based not in fact but ignorance here are five paragraphs describing how wrong you are we're lucky if they have paragraph breaks oh god you want to restart the whole friggin show because we could do no no i'm kidding i'm kidding i'm kidding i'm kidding i'm kidding we plow bravely forward yep this is all going in
Casey:
I wanted to bring up just a very quick follow-up item from last week's Ask ATP.
Casey:
Somebody had asked about what camera to take to Disney World, and I actually really enjoyed that discussion.
Casey:
I thought it was very interesting.
Casey:
But somebody, Ryan D, wrote in to remind me of Disney PhotoPass.
Casey:
And if you're not a Disney World person, this probably means nothing to you.
Casey:
I'll try to be very brief.
Casey:
Disney PhotoPass is a thing that you can add on, of course, for money, where as you are around the parks, you can choose to have your picture taken and
Casey:
and by you know disney photographers that have you know dslrs and i don't recall exactly what equipment they have but i know they're dslrs and as you're around the park you can say hey would you mind taking a picture of us please and they'll scan your ticket or your magic band or what have you and then that evening that that thing will that picture will be in your like online account so you can download a full res copy and and so on and so forth uh i think it was like a
Casey:
A couple hundred bucks when we went in late 2019 for Declan Spiff, which on the surface is a lot of money to have, you know, these Disney photographers take your picture.
Casey:
But I absolutely think it's worth every ounce of the money you spend because not only can you do this, you know, and get everyone in the pictures as opposed to all of our family pictures where it's everyone but me because I'm taking the picture.
Casey:
But also, as you get on and off rides, you can just bloop your ticket, and it will automatically send that ride photo in the before times, before before times.
Casey:
It used to cost like $20 for each of these.
Casey:
It'll sync that ride photo with your account, and then you can just download it on your own, which is super great.
Casey:
In some cases, in some rides, by some magic I'm not entirely clear on, it'll actually automatically figure out which vehicle you're on and which photo you're in and sync that with your account.
Casey:
You don't have to do any manual blooping of any sort.
Casey:
So that's Disney PhotoPass.
Casey:
If you are a Disney World person or Disneyland, I mean, I'm sorry if all you have is Disneyland, but that's neither here nor there.
Casey:
If you're a Disney World person, please check that out.
Casey:
It's very, very good.
John:
yeah i think we got that when we went um and if you if you were like the person last week who was asking what kind of camera should they bring and whether they should use like a rental company to get one chances are good that you probably also want to take your own photos because the disney the photo pass ones are what you expect it's you in front of landmarks taking in a group picture maybe doing a fun pose right but if you're taking your own camera and wanting to get more candid things or casual things or photos of other aspects traveling to and from the park your hotel room
John:
you know kids waiting in line or all sorts of stuff like that you want to take your own pictures too so like like everything at disney it's it's an add-on and it's a good add-on and you should get it in addition to the other thing and also the other thing and also the other thing so disney is expensive but uh but photopass does have value like say casey like i think the only pictures we have with me and them are the photopass pictures exactly i'm taking all the pictures and some of them some of them are good um and then one more note casey keeps saying dslr
John:
I'm assuming they don't have little mirrors flapping up and down in their cameras anymore, but this is just the... What you're trying to say with that is an interchangeable lens digital camera?
John:
Is that what you're trying to say?
John:
Yes, yes.
Casey:
A big fancy camera, TM.
Casey:
Moving right along, Dan Chandler had some interesting feedback with regard to cybersecurity and bug bounties and things of that nature.
Casey:
I'm a cybersecurity professional, says Dan Chandler, and have helped run bug bounties for some large organizations.
Casey:
There are a few reasons why an organization should not just pay out for any bug that's reported.
Casey:
First of all, many vulnerabilities reported to bug bounty programs are also sold to criminals.
Casey:
If I'm willing to sell to criminals, then why not get paid twice?
Casey:
Secondly, if you host a bug bounty program that is too quote-unquote generous, then you get more and more people hunting for defects in your product.
Casey:
You have to assume that some percentage of these people are going to sell their exploit to a criminal as well as submit it to the bug bounty program.
Casey:
Since you cannot fix every vulnerability instantly, you want to balance the desire to encourage someone who finds a
Casey:
of paying random people to hunt for vulnerabilities in your product or service.
Casey:
And then finally, it's actually pretty uncommon for a bug bounty program to uncover a major vulnerability the company did not already know about.
Casey:
It happens, but it's rare.
Casey:
The main purpose of the large bug bounty payouts is essentially to provide hush money to someone who does find a major vulnerability before it is patched.
John:
Yeah, I think that's true in general, but for Apple and the iPhone specifically, there's probably not much more you could do to encourage people to find exploits.
John:
People are already highly motivated to do that.
John:
So, I mean, it is definitely a balance, but in general, this definitely makes sense.
John:
The getting paid twice thing, I feel like that's just the cost of doing business.
John:
I mean, like, yeah, that's going to happen.
John:
You don't have control over it, but...
John:
All you can do is encourage all the honest people to come.
John:
And yeah, the dishonest people are also going to come.
John:
It's just cost of doing business, which is a shame.
John:
The hush money thing is interesting because you see it from my read on these people's blog posts and stuff.
John:
The people who are trying to do the right thing...
John:
and keep quiet for such a long time and what i feel like is the the motivation of these people to eventually break their silence and just essentially refuse the money is not so much that like oh you know you can pay me to keep quiet but if you don't i'm going to out you is there is cachet and reputation you know boost to finding an important vulnerability you can talk about it at a security conference right like you it helps your profile in the security business you
John:
to find big vulnerabilities.
John:
And the longer you have to keep quiet about them, the more you can't give talks about them.
John:
It's like you don't get reputational credit for it, right?
John:
And the things I'm reading are people who essentially end up turning down the money from Apple.
John:
Now, maybe they already sold it to criminals, but I can't tell that from their blog post.
John:
But it seems to me that they really just want to tell the world that they found this because they're proud of it.
John:
But Apple says, oh, you can't until we fix it.
John:
And, you know, they send an email once every six months to say, no, it's not fixed yet.
John:
So that can be frustrating.
John:
But anyway, these are all important points in general with bug bounty programs that especially if you have a thing that people previously weren't breaking into, but suddenly you're giving out millions of dollars.
John:
Yeah, it's going to attract a bunch of new people to try to find holes in your thing.
John:
And your thing does have holes in it because they all do because they're made by people.
Casey:
I wanted to briefly talk about cryptocurrency because I really like feedback email, apparently.
Casey:
Why?
Casey:
We got a ton of feedback.
Casey:
We got a ton of feedback about crypto.
Marco:
Mostly from libertarians, tech bros, and finance bros.
Casey:
Yes.
Casey:
And to my recollection, maybe I missed it, but to my recollection, we got literally zero email about CSAM or maybe a couple of items.
Casey:
And boy, did we get a bunch on crypto so we can tell what ATP listeners care about or perhaps what they disagree with.
Casey:
But I did want to point out the only... I'm trying to temper myself here.
Casey:
The most compelling argument that I personally have heard in favor of cryptocurrency, which I have not had a lot of time to research, but I did very, very briefly, is that apparently in countries like Nigeria, as an example...
Casey:
Bitcoin may actually be kind of the savior it is claimed to be.
Casey:
My limited understanding, please fact check this if you're interested because I'm probably lying to you accidentally.
Casey:
My limited understanding is in some of these countries like Nigeria, the, what is it, fiat currency?
Casey:
What's the derogatory term?
Casey:
I believe that's it, yeah, fiat currency, yeah.
Casey:
um the fiat currency is like falling apart in a disaster and so a lot of like regular schmoes in nigeria if i'm if what i've read is to be believed are turning to bitcoin to kind of take banking or you know take money into their own hands and if that really is the case then okay i can get behind that that that seems somewhat legitimate um i still think there are better ways to go about this perhaps but uh you know if it costs the heat death of the universe in order to get us there then you know yolo
Casey:
But I did want to point out that that was one of the few semi compelling arguments I've heard, even though we have heard a lot of arguments about Bitcoin over the last week, not even like six days, four to five days since we released.
Casey:
Would you call them arguments?
Casey:
A lot of a lot of well actuallys.
Marco:
We've been sent a lot of words about Bitcoin over the last few days.
Marco:
A lot like the average length of the emails is quite, quite high.
John:
Yeah.
John:
So Bitcoin to the rescue, right?
John:
That's exactly the scenario we're describing where Bitcoin is useful.
John:
If you have a bunch of people who can't trust each other and there's no middle party to be the trusted, you know, finance institution.
John:
Like, say, if you're a criminal or you're trying to collect ransomware or you're living in a failed state and the monetary system of your entire country has fallen apart.
John:
Yeah, Bitcoin is there for you.
John:
That's the exact use case.
John:
Now, in this case, you're not a criminal or you're not doing anything wrong.
John:
It's not your fault you live in this country.
John:
And so it's good that there's something.
John:
And that's why the underlying technical...
John:
structure of having a way for people who don't trust each other to nevertheless be able to securely transact without anyone in the middle who they all have to trust.
John:
That's why this is interesting.
John:
But if the only time it becomes relevant or useful is if it's your last resort, that's not an endorsement of Bitcoin or cryptocurrency.
John:
That's a condemnation of the monetary system of the country that you live in, right?
John:
If Bitcoin was super awesome for doing thing for being a currency We would all be using it in this country because why wouldn't we but instead we use dollars because they're better for that Yeah, and like as a as a sort of you know, if you have to use Bitcoin specifically as your For your monetary transactions because you have no choice
John:
Your other monetary choices must be really bad because I would never want to use as my money a thing whose value can be cut in half over the course of a couple of months.
John:
It's extremely volatile.
John:
You don't want that in a currency.
John:
You don't want it to be that volatile.
John:
Maybe if you're using it as an investment vehicle and you're speculating, volatility can be fun and you can make lots of money or lose lots of money, depending on how it goes.
John:
But really, if you look at the all time graph of Bitcoin value, it is extremely spiky.
John:
And depending on where you are in the timeline.
John:
You can lose half of your money in, you know, less than a quarter of a year.
John:
And if you're on the other side of the spikes, you can or you could quintuple your money in less than a half a year, which is the part that the Bitcoin fans all look at.
John:
So if you find yourself in a situation where Bitcoin is your best choice for as a currency, that's a bummer.
John:
But I don't think it is an endorsement of Bitcoin as a as a replacement for, you know, quote unquote, normal currency.
Marco:
Yeah.
Marco:
and there's also i think there's also the the technical barrier is also not to be underestimated i mean you have this this currency that people are are putting real money into and collecting real money from that has a pretty massive technical requirement of like knowledge that you need to have and care that you need to take in order to have this very responsibly if such a thing can be
Marco:
Imagine if people's entire retirement savings were dependent on their password hygiene.
Marco:
This would be a bad scene.
Marco:
That would be really bad.
Marco:
And that's because Bitcoin is so technical and because it works a lot more like cash under your mattress.
Marco:
But it's cash under your mattress that the entire world can access.
Marco:
And if you make one mistake, the entire world can exploit it.
Marco:
Um, that's, that's not a good place for the general audience of non-technical users to be relying on a lot of their money to be, to be stored in.
Marco:
Um, and so any scenario that you say, oh, Bitcoin's great for this.
Marco:
Like, well, there's also, in addition to all the downsides we talked about last week, you know, with the environmental costs and everything and the, you know, the, the various like illicit trades and ransomware and everything that it seems to have, have fueled, um,
Marco:
There's also just this massive technical risk factor here that people get scammed out of their Bitcoins or hacked out of their Bitcoins all the time.
Marco:
And then you involve all these weird, shady wallet companies and exchanges that introduces its own whole levels of technical risk and opportunities for sleaziness or scams.
Marco:
It's like this giant, seedy underbelly of finance that...
Marco:
The proponents of it seem to be very hell-bent on getting regular people to put their money into it.
Marco:
See, also the stock market.
Marco:
Whereas, really, if you don't have a baseline level of knowledge, you will be at risk to lose everything through no fault of your own.
Marco:
I think that can't be overlooked.
John:
Yeah, a lot of companies build on top of the infrastructure of Bitcoin or whatever.
John:
Like, you end up going through one of these companies to deal with stuff just because you don't, like, there is a technical barrier to being able to sort of figure out how to do it and having the capacity to do it, you know, right on the network itself.
John:
So there's tons of companies that will keep a wallet for you and mining pools and all sorts of other things where...
John:
Even though Bitcoin is supposed to be decentralized and no central authority or whatever, it doesn't mean that there aren't intermediaries.
John:
I imagine most sort of casual individuals who are doing things with any kind of cryptocurrency are using some kind of intermediary that makes it more convenient for them.
John:
Some of them don't actually require you to...
John:
give up any particular security in which case you're back to the marco scenario where well it's on you to make sure you're careful with this stuff um but other ones do sort of take over some of the tasks of security for you in exchange for transaction fees or whatever you know like there are businesses built on top of this and some people have been promoted this is the model that bitcoin even though it has a very crappy transaction rate due to proof of work stuff uh you can build a second layer on top of that and that's your currency system and so on and so forth but
John:
You know, it's kind of a shame that Bitcoin is the one with all of the PR and everything, because in many ways, it's kind of the most the most primitive and the sort of the least user friendly, let's say.
John:
But that's not like there are lots of other cryptocurrencies and lots of these other, you know, anyone can make a cryptocurrency and they all have different feature sets.
John:
And some of them are clones or other ones.
John:
And there's lots of monetary scams around them.
John:
But it's a big world of stuff like Bitcoin.
John:
there are lots of interesting ideas floating around there from like ethereum's like contracts on the blockchain and everything to all sorts of you know the proof of work worth proof of stake for stuff and all the all the various uh parameters within those models and how they're distributed and it's sort of like a bunch of experiments all being run at once which one of these works which is easiest to scam which makes the most money for investors which has the highest chance of you losing all your money because you forgot your password or got hacked and got your you know private key stolen like
John:
That's all happening out there.
John:
And I think some, you know, the technology, the underlying technology, you can't put this genie back in the bottle.
John:
Like, this is technology that has a use, even if it ends up mostly being used to, like, stop cheaters in online games or something in the future, like, decades from now.
John:
Something is going to come of this.
John:
But right now, it is a fairly dangerous place for individuals to be.
John:
So...
John:
We, you know, when we come down hard on crypto, it's not like we're saying, oh, nothing will ever come of this.
John:
This technology is bad and should be, you know, erased.
John:
No, the technology, you know, the knowledge, the math, the, you know, the experimentation, that's all great.
John:
But if you're an individual listening to a tech podcast and you're like, should I put all my money into cryptocurrency?
John:
Should I put any money into cryptocurrency?
John:
You kind of have to know what you're getting into.
John:
It's super risky.
John:
very dangerous you have to know a lot about what you're doing and there are a lot of people out there who are going to encourage you with all their might to put as much as possible into whatever their pet cryptocurrency is because they stand to gain from it so kind of like the stock market like marco said there are people who will encourage you oh become a day trader get on e-trade do individual investing and that's just a losing bet not because the stock market is inherently a bad thing that we should eliminate although maybe there's a different argument for that elsewhere but but because
John:
But because as an individual, if you are going to try to be an individual investor and speculate on what's going to go up and what's going to go down, you're probably going to lose.
John:
So maybe don't do that.
John:
Like, that's why you see the, you know, sort of boring financial advice of even though it's fun to be a day trader and maybe you can do it as a hobby.
John:
Don't bet your life savings on it.
John:
Right.
John:
Cryptocurrency is very similar.
John:
And, you know, I'm always very wary of.
John:
People really pushing that everyone should be getting into Bitcoin coming from somebody who has a big stake in Bitcoin or it's their hobby or, you know, it's not always nefarious.
John:
Sometimes they're just enthusiastic, like they're super into it, right?
John:
Some people are super into something.
John:
They really want you to get into it and they will encourage you.
John:
it's not like they're trying to scam you and they're not even, may not even be doing it to think, well, if more people get into Bitcoin, the value will go up and my money will go up.
John:
They're just really enthusiastic about it, but it still doesn't mean, like people enthusiastic about day trading too, it still doesn't mean that it's right for you.
John:
So in general, I would say cryptocurrency, like you'll know it when it becomes a thing that is reasonable and safe for people to do.
John:
But right now we are still definitely in the lots of experiments going on phase.
John:
NFT is out there, you got Ethereum, you got Bitcoin.
John:
We don't know how this is going to all work out.
John:
And lots of signs point to it not working out really well at all.
John:
So the safe bet is to just stay away.
John:
If you want to throw a couple bucks in and play with it and you can deal with the potential moral implications of a tiny increase in CO2 output from your tiny individual contribution, go for it.
John:
But don't buy the hype that any one of these things is necessarily the future of currency because that is, to say the least, a huge open question.
Marco:
We are sponsored this week by Squarespace.
Marco:
Start building your new website today at squarespace.com slash ATP.
Marco:
Enter offer code ATP at checkout to get 10% off.
Marco:
Make your next move with a beautiful website from Squarespace.
Marco:
Squarespace quite simply makes it incredibly easy to make great websites.
Marco:
It takes almost no time and you don't need to be a web developer or a designer or a nerd in order to make it.
Marco:
There's no coding required.
Marco:
So this has amazing potential.
Marco:
As nerds like me, even if you could make a website yourself in some manual way,
Marco:
Squarespace can be a massive time saver, especially if you want to do something complicated.
Marco:
Normally, for hosting it yourself, things like storefronts or podcast hosting or really any kind of dynamic functionality, galleries, calendars, stuff like that, it's tricky to do all that stuff yourself.
Marco:
Or you create work for yourself in the future if you do it.
Marco:
Like you have to set up a server somewhere.
Marco:
You have to do software upgrades.
Marco:
You've got to worry about server maintenance and uptime and security patches and stuff like that.
Marco:
Squarespace takes all of that away.
Marco:
So even if you are a nerd, that's a huge time saver and it reduces your own future liability and work.
Marco:
And if you're not a nerd, you can create websites that are just as good as what professionals can make even if you don't have any design or development or web development skills.
Marco:
So it's amazing.
Marco:
See for yourself by starting a free trial.
Marco:
at squarespace.com slash ATP.
Marco:
There's no credit card required.
Marco:
You can build the entire site in trial mode and see how it works for you and if it works for you.
Marco:
And once you're ready to sign up, go back there, squarespace.com slash ATP.
Marco:
Use offer code ATP to get 10% off your first purchase.
Marco:
That's squarespace.com slash ATP.
Marco:
Code ATP for 10% off your first purchase.
Marco:
Thank you so much to Squarespace for sponsoring our show.
Marco:
Make your next move at Squarespace.
Casey:
uh see sam stuff this is child uh safety stuff we talked about quite a bit last week which i actually really enjoyed the conversation we got a lot of very positive feedback about it which i really genuinely appreciate that was very kind of all of you uh we do have some feedback about it there excuse me follow-up about it though uh facebook found 20 million photos not 20 million people that is quite a big difference i'm not sure which one of us said that incorrectly but uh it is worth noting
John:
Yeah, we said it right a whole bunch of times, but I think I eventually said it wrong once.
John:
So just to make that clear in case you're afraid that there are 20 million child predators out there now.
John:
But if you want to get depressed, you can start trying to do the math and figure out, well, so how many pictures per person is it and how many people is it?
John:
I don't know that math.
John:
All I know is it was 20 million photos.
John:
And that was in one year.
John:
So maybe that doesn't make you feel as good.
John:
But anyway.
Casey:
Yikes.
Casey:
Moving right along.
Casey:
John, you found a very entrancing PDF that you'd like to share with the class.
John:
Yeah, I've got to reference this in the next item, but these are all on Apple's apple.com slash child hyphen safety.
John:
This one was called, what is it, security threat model review, Apple's child safety features.
John:
I thought it was interesting because if you read it, each thing that is part of the system that we described last week is broken into sections where it says, what are the goals of this feature?
John:
What are the design principles and what are the security and privacy requirements?
John:
And if you read this document in isolation, it makes a lot of sense.
John:
Like, it's like, okay, here's this feature.
John:
Here's the principles we have.
John:
Like, what the principles are, you know, how is it vulnerable?
John:
Should Apple be able to do this or not be able to do it?
John:
Should information never leave the user's device or stay on the device?
John:
Like, the security and privacy requirements.
John:
Like, it's saying, when implementing this feature, here are the things we want to be true about it.
John:
And if you list it, you'll be nodding your head and going, yeah.
John:
That's a good goal of this feature.
John:
I like those design principles.
John:
I like the security and privacy requirements.
John:
And it explains why is this system made the way it is.
John:
And it also explains why in this interview with Craig Federighi from Joanna Stern of the Wall Street Journal,
John:
that Federighi really hammers on the superior privacy of Apple's approach.
John:
It's almost like he's reading from this document of saying, we did it this way because this provides more privacy.
John:
And he doesn't elaborate on it.
John:
This document elaborates on it.
John:
When he says, more privacy...
John:
This is what he means.
John:
The things in this document are saying it has these qualities.
John:
It adheres to these principles.
John:
The goals of this features were X, Y, and Z. And that's why we did it this way to achieve these goals.
John:
So I'm going to get back to that in a second, but I'll let Casey summarize the interview.
Casey:
Right.
Casey:
So this is the interview with Craig Federighi and Joanna Stern, which I just wanted to say, I think Joanna is excellent.
Casey:
She did such a great job at this.
Casey:
There are some quibbles that I think we have, but by and large, I thought it was really, really well done.
Casey:
And I liked the way that she would like pause Federighi and they would do their little motion graphics or illustrations, whatever they are, in order to explain stuff.
Casey:
There were a couple of interesting points about this, though.
Casey:
I love Federighi.
Casey:
I really do.
Casey:
I think he strikes me as a very nice and very smart guy.
Casey:
I didn't love this interview with him, though.
Casey:
It seemed I got the vibe that he wasn't telling me the whole story, even though allegedly he was trying to tell the whole story.
Casey:
And granted, it's a short interview.
Casey:
Granted, it's for a more basic audience.
Casey:
But I don't know.
Casey:
Some of the things he said just didn't rub me right.
Casey:
One of the things he did say, though, is that the database of hashes, I guess, are shipped on device, which we'd known last week.
Casey:
And he specifically cited that it's the same database in China as it is in America, which I thought it was interesting that he kind of...
Casey:
gave a nod in the direction of China is something that we're all, you know, not fearful of, but I can't think of a better way of phrasing it.
Casey:
And it makes sense.
Casey:
I mean, that is what we're all thinking about, but I was surprised that he acknowledged it.
Casey:
And then the other thing that struck me a little weird was he said there are multiple levels of auditability in this system.
Casey:
Like there are multiple places where regular people can audit it.
Casey:
And he implied, for example, that regular people could audit the contents of the database that is shipped as part of iOS.
Casey:
And
Casey:
I just – where is this?
Casey:
Because I don't see this.
Casey:
Maybe it's to be announced, like how a regular person or perhaps a security researcher could go in and look at this.
John:
Did he say regular people?
Casey:
No, he didn't.
John:
He means people outside Apple.
Casey:
Yes, exactly.
Casey:
But even still, like even like a me or you or a Marco or like a Guy Rambeau, like where is this stuff that we can go look at?
Casey:
Because Apple generally –
Casey:
doesn't take too kindly to us, you know, opening up iOS releases and trying to go spelunking within them.
Casey:
So perhaps I'm being chicken little and perhaps there'll be explicit instructions about it, even for regular people, for all I know.
Casey:
But sitting here today, it seemed a little dubious to me.
John:
Well, I mean, they're going to ship the bits to you.
John:
So, you know, and if it's if it's in the OS, people will be able to find it and compare it and know when it changes and see that it is the same across regions and all the other stuff.
John:
Right.
John:
And there's not more technical detail that I felt like in this interview, he was trying to he couldn't possibly go into the stuff that these tech documents go into.
John:
Not even the stuff from the threat model document that I put in the links, but he was everything he was saying in them.
John:
You can sort of reference back to that.
John:
But here's there was one question that Joanna didn't ask.
John:
that I think would have been illuminating.
John:
It really is the thing that I've been thinking about since our discussion last week.
John:
It's not a problem for Apple now, but I feel like everything they say and people's discomfort with it makes more sense when you look in on this one point and this question.
John:
We talked about it last week too, but I'm going to dive into it again here.
John:
Joanna didn't ask about end-to-end encryption.
John:
on iCloud backups and iCloud photo library.
John:
It doesn't currently exist.
John:
Right now, when you do an iCloud backup, Apple has the key to it.
John:
It's encrypted at rest, but Apple has the key so they can look at it.
John:
Same thing with your iCloud photo library.
John:
If Apple wanted, they can look at all your pictures because they're on Apple servers.
John:
And yes, they're all encrypted, but Apple has the key.
John:
right that's my understanding and i've checked that in a couple different places and that's that's the case right everything in this threat model document is true within the scope of the features they added like here was our design requirements we didn't want apple to be able to see any of your pictures until you've crossed the threshold and you know we didn't want to know if you were near the threshold you know with all like and by the way something i got wrong on the thing they sent a security voucher for every single picture so even the
John:
you know the good ones and the bad ones so apple has no idea like every single picture gets a security voucher that they scan apple has no idea whether whether of all the security vouchers they got are a few of them indicating a bad picture has passed the threshold or whatever right so these are the design principles like apple's like we didn't want to know this we wanted to make it secure so we can't tell this mathematically we can't do this and it's like okay the feature you described fulfills these requirements but there's a huge problem
John:
None of that matters because you don't need to mess with this at all, Apple, because you have access to all our pictures.
John:
Like you don't have to worry.
John:
This CSAM feature doesn't change the fact that you already have access to all our pictures.
John:
Like every one of the sort of design goals and security and privacy requirements in the CSAM features is pointless because as I was trying to make the point last week,
John:
No one would ever try to use this system to get to the pictures because there's already complete access to every single person's picture on the server side today.
John:
That's the way it is.
John:
Right.
John:
So when reading this document and them saying this is better privacy, the only way it makes sense to me is that.
John:
But eventually, if Apple does end-to-end encryption of iCloud backups or even just photos things or whatever, suddenly this all makes sense.
John:
Because suddenly these security requirements and design principles are relevant, right?
John:
It's like saying, boy, this door has a million locks on it and even Apple can't open it, but there's no wall.
John:
And so you can just walk past the door.
John:
But the door is super secure.
John:
The door really preserves your privacy.
John:
But it's like, but there's no wall.
John:
It's like, but...
John:
But we won't, we'll only try to go, it doesn't make any sense, right?
John:
And so what I get out of this whole week's worth of press and everything is that Apple seems like Apple does not want to be able to see your photos, but they currently can.
John:
Every part of the CSAM system and the scanning thing or whatever is made so that Apple's like, look, we don't want to see your photos.
John:
We don't want to be able to see your photos.
John:
Like not until this threshold, like that's why they built this complicated system of like, you know, we have the system that's going to try to see if it's a match against this database, but it's not exact.
John:
So we have to do a threshold and when it hits only then do we ever want to even be able to see a low resolution thumbnail to try to confirm if it's one of the pictures from the NCMEC database.
John:
But otherwise we don't want to be able to see your photos at all, but we totally can.
John:
We can see all of them.
John:
Right.
John:
And so and they haven't said anything about this.
John:
Like, I mean, if you ask them, if you had asked them, hey, Apple, you ever going to do end-end encryption on a cloud photo library and cloud cloud backups?
John:
They're not going to tell you because they don't talk about future products.
John:
But this entire feature only makes sense in a world where Apple plans to do that.
John:
Here's the second problem.
John:
Everything I said last week about don't worry about this feature because it doesn't make security any worse because Apple already has access to all of your photos.
John:
If that ever changes and Apple suddenly doesn't have access to all your photos, this CSAM feature does become the most attractive vector
John:
for governments or anyone else to force Apple to get its stuff, right?
John:
What I was trying to say last week, which a lot of people weren't understanding, is like, no one would go through the CSAM feature to do this.
John:
There's way easier ways, right?
John:
Why would you make your life more difficult?
John:
The system is way more secure than the, hey, Apple...
John:
just, you know, decrypting everything and let us scan it or like hacking Apple to do that or whatever, right?
John:
But if that changes this, then what everyone's saying about, oh, you built the feature and now it's easy to get it, that suddenly becomes true because the previous lack of a wall, now there's a brick wall there and the door suddenly becomes the most viable vector because at least it opens and closes and you just have to pick the locks or whatever, right?
John:
So it's kind of a weird situation.
John:
Like, and I haven't seen this really put in these terms in any of the discussion.
John:
It's like,
John:
Some of these features are nonsensical now, but if you make them make sense by implementing end-to-end encryption, all of the sort of scare tactics about the slippery slope things become worse because then this does become the most valid way to try to have a government force Apple to do things.
John:
And as I was trying to emphasize last week, governments can force you to do things because that's the way government works.
John:
They have all the guns and they control the laws in the countries in which they operate and
John:
And if you don't like that, there's no amount of security that can fix that.
John:
Governments can outlaw end-to-end security, and then it'll become illegal for you to do that, and they can make it criminal and take you to court and blah, blah, blah.
John:
You really need to deal with your government.
John:
That is your core problem here.
John:
Since we don't know, okay, does Apple plan to implement end-to-end security?
John:
It's hard to know how to feel about these features.
John:
If that Apple has said, and by the way, we're going to do end-to-end security, if they announced that at the same time of this, I would be much more on the side of, ooh, the CSAM feature, now that they've built it, it makes it more likely that bad things will happen.
John:
But they didn't announce that.
John:
So we have no idea if they're ever going to do end-to-end encryption.
John:
So it's really weird.
John:
Like...
John:
And that's why I think this threat model document is great.
John:
If you read it and don't know about all the other aspects of Apple security on their servers, like the fact that the iCloud backups are not end to end encrypted and Apple already has access to your photos, then this document in isolation looks airtight.
John:
But if you do know that context, this document starts to seem really weird and nonsensical.
John:
And by the way, if I'm wrong about the photos thing, again, I tried to confirm that with as many people as I could think to ask this question to.
John:
And everyone said, yes, this is the truth.
John:
But if that's not the case, someone from Apple, please tell me.
John:
Can Apple currently look at all the iCloud, you know, photos in someone's in theory?
John:
Not that they do.
John:
I'm sure they don't.
John:
But in theory, could they look at everyone's photos in their iCloud photo library?
John:
As far as I've been able to tell, the answer to that is yes.
John:
We know it's true for iCloud backups because they've done that.
John:
And, you know, law enforcement and stuff has made them do that in the U.S.
John:
or whatever.
Marco:
Well, and I think that's a critical differentiator.
Marco:
A lot of people here are assuming, like you are proposing, like many people have proposed, like, well, this seems like an obvious precursor to Apple offering end-to-end iCloud encryption.
Marco:
And that's actually – that's probably a separate discussion of whether that's even a good idea and certainly whether that should be the default or whether it should be an opt-in thing because there are –
Marco:
serious repercussions if, for example, you forget your password and you lose access to all your devices.
Marco:
That's a big support issue just from the reality of customer support and everything that Apple have to deal with.
John:
We talked about this on past episodes of ATP.
John:
Why the reason Apple is resisting doing that is not so much because it's a principled stand against or they want to be able to access your things.
John:
It's a customer support issue, which
John:
I kind of believe, but as time marches on, I think, as we said last time we discussed, as time marches on, it becomes less and less tenable to say, okay, customer support, but.
John:
And I think some support for the idea that Apple's coming around on this is the new features they added about delegating to a family member to unlock your stuff, whatever that feature is called.
Marco:
Right, yeah, legacy planning stuff.
John:
Right.
John:
That is a thing that someone would do if they were eventually planning to really bite the bullet and say, I know it's going to be a pain in the ass for customer support, but I would imagine they would really start pushing hard on when everybody sets up your phone, like,
John:
Tell us, please tell us.
John:
Are you sure you don't want to tell us somebody like your brother or sister or parent or a friend who you want to trust?
John:
Because you're going to need this later when you forget your passwords, right?
John:
If they hammer that feature really hard, then maybe they can mitigate against the eventual end-to-end encryption.
Marco:
Yeah, but I think ultimately I would bet that this feature's existence, while this would, I think, make end-to-end encryption easier for the law and governments to swallow if it does eventually become either an option or the default, I don't know that this necessarily suggests that that's coming because you're right that I'm pretty sure Apple does have the keys to all of your iCloud data with the exception of iCloud Keychain, which is end-to-end encrypted.
Marco:
Yeah.
Marco:
But as far as I can guess, it seems like maybe they wouldn't want whatever the process is that they use internally to make sure that random employees aren't just snooping on everyone's iCloud data.
Marco:
I'm sure they probably have some kind of process for...
Marco:
actually decrypting customer data and handing it over to law enforcement.
Marco:
And they might only want to invoke that when served with the warrant, for instance.
Marco:
Whereas the CSAM scanning feature, this is the difference between law enforcement versus surveillance.
Marco:
This feature is constantly scanning your stuff
Marco:
going up to iCloud, even if no warrant has been issued against you.
Marco:
And so, maybe they don't want that same, you know, like, whatever the warrant reply system is, where, okay, we're sure for this warrant, we are forced, we legally must comply with it, so we are forced to hand over any data we have about this customer, so then they have a process to deal with that, right?
Marco:
But what if
Marco:
if they use that process to look into your photos and then hand it off to the police maybe they could get sued for i don't know like maybe like suppose suppose they refer somebody to the to law enforcement and it's and it ends up it's it's actually like a false positive it's actually you know the stuff they have is actually legal and they get law enforcement on their backs and it ruins their life and then they sue apple like maybe apple just wants to keep their hands as clean as possible and like okay well
Marco:
Yeah.
Marco:
Yeah.
John:
I think it's kind of the opposite where they're served a warrant that the information they get from that will be admissible in court, whereas it's questionable whether the surveillance stuff that they catch, you know, just by scanning everybody is.
John:
But in terms of the government making them do things like even just the plain old U.S.
John:
government can not just make Apple say, oh, we'll scan this person's thing.
John:
They can, because terrorism, I'm sure, make Apple under the right conditions, have a secret warrant that requires Apple to scan everybody's picture all the time, 24 hours a day in perpetuity for whatever the government wants them to because terrorism and because of some terrible Patriot Act law and a secret judge that offers a secret thing.
John:
And by the way, Apple can't talk about it.
John:
Maybe they're already doing this, right?
John:
Setting aside the NSA hacking them and being already being inside their data centers or, you know, having cracked all the encryption and gotten the secret keys out for everyone's like,
John:
There's so many scenarios in which the U.S.
John:
government has done things that are no worse than what I just described for very stupid reasons.
John:
And so that like that's why when I read all these documents, it's like what I keep hearing in my head and what I hear in the Fedorini thing is Apple doesn't want to be able to see your photos like they don't even want to be able to do it.
John:
Kind of like the reason they were able to resist the FBI thing is there's literally nothing they can do.
John:
Right.
John:
Right now, Apple can, is able, yes, there are policies and processes involved, but they're able to see your photos.
John:
And it's much easier for Apple to say, we literally can't do that.
John:
We don't have the keys.
John:
That's where Apple wants to be.
John:
That's how these CSAM features have been designed, but that is not how iCloud backups and iCloud photo library are designed.
John:
And so those two features are not in keeping with everything that Apple is doing and saying about, like they would prefer not to.
John:
And the CSAM thing is like, again, with the potential event in the future,
John:
If these EU and UK laws come down that requires Apple to scan, now they can still do that with end-to-end encryption.
John:
It doesn't prevent them from doing end-to-end encryption on the iCloud photo library.
John:
They're now well-positioned to comply with all laws, but also no longer be able to see things on their servers.
John:
which will then like i said make the csm feature much more dangerous so it's a weird situation they're in and apple's you know some other people said this another podcast listen to that like apple secrecy about this means that we don't hear anything and all of a sudden it just arrives and i was like oh what's all this stuff and they announced everything all together and their secrecy also means that they're not going to tell us this is a precursor to doing an encryption so we just have to guess and so we don't really know quite how to feel about it so it's weird and complicated and i think
John:
Apple's actual security threat model of their entire company is very different than what they're doing more recently.
John:
And the things they're doing more recently lean in one direction very strongly, but the things they've done in the past are variable, to say the least.
Casey:
Yeah, it's a mess.
Casey:
Like, I don't need to rehash everything we talked about last week, but they're kind of darned if they do, darned if they don't.
Casey:
And I think in a lot of ways, they've kind of set themselves up in this position because of secrecy, because of, oh, we're the most private of all the people or all the companies.
Casey:
And so it's just, it's tough.
Marco:
They knew this was going to be a problem.
Marco:
That's why they announced it late in the weekend in August.
Marco:
This is when you drop news that might be unpopular.
Marco:
You drop it Thursday or Friday in August.
John:
Like it's hot.
John:
I don't think they have that much to worry about because I think most of the people flipping out about this are people who are tech nerds or into the security world.
John:
But in terms of a story that has legs with the general public...
John:
i mean there's the possibility that it sort of you know latches on is like apple's always scanning your phone but even those things like the whole facebook is listening on your microphone or whatever i think people lose interest in those maybe they're just not juicy enough this is the problem with lots of tech security related stuff for good and for bad when something really bad happens it's very difficult to get regular people to care about it because it just seems so weird and esoteric and you have to convince them of these fourth order effects that may affect them and it's
John:
it's it's why we get so many bad laws i mean remember how much we fought against the dmca and everything and all the you know bad things that that could cause and now if there's three milliseconds of music from a passing car in your youtube video one strike is against you and soon your livelihood is going to be gone if it happens three times right like the consequences happened still no one cares like that's just the way thing is no copyright intended
John:
It's hard to get people to care about these issues.
John:
And so Apple, in this case, I feel like Apple is going to benefit from that apathy of the general public.
Marco:
We are sponsored this week by Mack Weldon, the brand that has reinvented men's basics.
Marco:
They got famous because their underwear.
Marco:
Their underwear is fantastic.
Marco:
I wear it literally every day.
Marco:
And they are so much more than underwear now.
Marco:
They have a huge collection of amazing men's basics.
Marco:
T-shirts, polos, button-ups, shorts, pants, swimsuits, and so much more.
Marco:
What I like about them, you know, I wear Mack Weldon every day.
Marco:
I'm wearing their underwear, no matter what, because it's literally 100 percent of my underwear.
Marco:
So every day I'm wearing Mack Weldon underwear.
Marco:
I know you really want to know this, right?
Marco:
I also have many of their socks.
Marco:
I have tons of their T-shirts.
Marco:
I especially love their silver line of T-shirts.
Marco:
I wear these all summer long and much of the winter because silver fibers in the fabric blend actually are antimicrobial and makes it basically impossible to stink while wearing it.
Marco:
Also, if you want different materials for workout clothes, they're great at all of that.
Marco:
They have all sorts of breathable mesh fabrics and stuff like that.
Marco:
As the summer comes to a close and we get into the fall, I love their long sleeve collection.
Marco:
It is fantastic.
Marco:
My favorite is the Warm Knit series of long sleeve shirts, and they have all sorts of other options from there.
Marco:
Tech cashmere, all sorts of great stuff.
Marco:
So they have amazing materials, amazing products.
Marco:
I love the fit of their clothes.
Marco:
It's modern, but it's also comfortable.
Marco:
It's not like, you know, too skin tight or anything.
Marco:
So it's comfortable.
Marco:
It's consistent, easy to buy, easy to wear, easy to care for.
Marco:
And it lasts forever.
Marco:
I've had Mack Weldon clothes now for something like four or five years.
Marco:
I don't think I've ever lost a single item of clothing to like just wearing out.
Marco:
Their stuff is just fantastic.
Marco:
So see for yourself at MackWeldon.com slash ATP podcast.
Marco:
And you can get 20% off your first order with promo code ATP podcast.
Marco:
Once again, that's Mack Weldon dot com.
Marco:
M-A-C-K-W-E-L-D-O-N.
Marco:
Mack Weldon dot com slash ATP podcast.
Marco:
Promo code ATP podcast for 20% off.
Marco:
I love Mack Weldon's clothes.
Marco:
I wear them all the time.
Marco:
Mack Weldon dot com slash ATP podcast.
Marco:
Thank you so much to Mack Weldon for sponsoring our show.
Marco:
Mack Weldon Reinventing Men's Basics.
Casey:
Speaking of benefiting from apathy from the general public, what do you guys think about Electron?
Marco:
Oh, man.
Marco:
I'm so happy we finally got to this.
Marco:
It was pressing on us because it had just happened right before we recorded last week, but we were not going to have room for it in the show with all the CSAM stuff last week.
Marco:
So here we go.
Casey:
Yeah.
Casey:
All right.
Casey:
So I, for my own benefit, I would like to issue a quick series of disclosures.
Casey:
First of all, 1Password has sponsored the show in the past, most recently on the 8th of June, which was episode 434.
Casey:
You probably won't believe it based on this conversation we're about to have, but they have sponsored us in the past.
Marco:
well and to be clear they they sponsored us one time they there are currently no future sponsors books sponsorships booked with them um although i wouldn't i don't think we would turn them down because i still use one password and like them as a company and we are i think about to criticize them and i think this should tell you listeners that we are not afraid to criticize sponsors um and you know and i hope you trust us on that because we're we're gonna just you know let it rip here and
Marco:
You know, I think we will be civil to them because I think that's just our style most of the time.
Marco:
But we will criticize them freely.
Marco:
So here we go.
John:
You're not going to suggest that their CEO be fired?
John:
We only do that to Apple.
Casey:
Yeah, only Apple.
Casey:
Only Apple.
Casey:
Oh, that's funny.
Casey:
No, but I do want to also note that the one-passer people that I've spoken to, and I don't know any of them terribly well, but any of the ones that I've spoken to have been incredibly, impossibly nice people because, hey, guess what?
Casey:
A lot of them are Canadian, so that stands.
Casey:
But they are very, very nice.
Casey:
I do think they are well-meaning, but...
Casey:
Don't like the decisions of late, I got to tell you, gentlemen.
Casey:
So this morning, I downloaded 1Password 8 Beta for macOS, which is now being written or has been written in Electron.
Casey:
Electron, again, is the cross-platform thing.
Casey:
thing, app framework that lets you allegedly, ostensibly write once, run anywhere.
Casey:
It is based on web technologies.
Casey:
And so in my personal estimation, it's write once, feel not native everywhere.
Casey:
So it does kind of work everywhere, but it doesn't feel native anywhere.
Casey:
And there's probably 350 different takes we can have on this or different approaches on this.
Casey:
But I think the thing that really bums me out that I'd like to say up front is that
Casey:
there's a list of software, there's not a long list, but a list of software that I feel like I evangelize because I love it.
Casey:
I really, really love the software.
Casey:
And hand to God, 1Password has always been
Casey:
on that list.
Casey:
And this list for me anyway is very, very short.
Casey:
1Password so far has been pretty much bulletproof for me.
Casey:
I personally really like their subscription service.
Casey:
I know a lot of people are deeply turned off by it and that's fine.
Casey:
I can totally understand why you would feel that way.
Casey:
But for me,
Casey:
I jumped on 1Password for families early, and it has become absolutely critical for Aaron and I to share important passwords and also documents between each other in a way that's secure and safe.
Casey:
And I have always held their apps, their entire...
Casey:
Apple App Suite, I can't speak for Windows or Linux, but... I can.
Casey:
Or for Android either, but apparently Marco can either confirm what I'm about to say or deny it.
Casey:
But at least on Apple platforms, their apps have always been excellent platform citizens.
Casey:
By that I mean, whatever the convention of the particular platform we're talking about, whatever the convention is on iOS, whatever the convention is on macOS, perhaps Marco on Windows or maybe Android, they've always...
Marco:
treated that platform well and they've always acted as a good citizen within the platform you know when in rome do what the romans do well they've always done that very well irrespective of platform is that true on windows too um i mean i've used one password on windows for a total of like 20 minutes but and and i've used windows you know outside of a game i've used windows for not that much more than that
Marco:
in the last decade or more.
Marco:
So I can't really say how good of a Windows app it is compared to other Windows apps.
Marco:
But I can say that as a 1Password user for many years, as a 1Password family plan user, again, I think I mentioned this all during the ad, and certainly we've talked about them occasionally here and there before.
Marco:
We have it for my family.
Marco:
We like it.
Marco:
It works well.
Marco:
For the most part, I have a few asterisks on that, but for the most part, it works well.
Marco:
It has worked well.
Marco:
One of the great things about it that I think is a major advantage it has over Apple's iCloud keychain stuff that's been increasing in scope over the last few years is that I can use it on Windows.
Marco:
And this is not even that new.
Marco:
I mean, for a while, they would have this JavaScript web app you could export and have that work on Windows or anything else.
Marco:
At some point in the last few years, I believe, they started offering the actual native Windows client.
Marco:
I haven't used it on Linux.
Marco:
Sorry.
Marco:
I mean, who has?
Marco:
But next year.
Casey:
Next year is the year.
Casey:
Next year.
Casey:
Damn it!
Marco:
Yeah.
Marco:
But the cross-platform nature of being able, like when I was setting up a gaming PC, being able to have all my passwords in there for all of the stupid Microsoft accounts and Dropbox and everything, it was really nice.
Marco:
It's a very convenient thing to have that available cross-platform.
Marco:
So I very much value 1Password.
Marco:
And I think what we're about to get into here is their new beta for their new stuff.
Marco:
And it really suggests that the client experience of 1Password is about to get worse.
Marco:
And that makes me sad because I've had, for the most part, only very good things to say about it.
Marco:
I mean, the only problems I've really had with it in the last maybe year or so
Marco:
I've found the browser plugin to be less reliable at various things.
Marco:
But otherwise, it's been great for years before that.
Marco:
And the fact that it's about to get worse in certain ways, it seems like a really unfortunate thing and possibly an avoidable thing.
Casey:
Yeah, and real-time follow-up.
Casey:
As of just a few hours ago, Apple released iCloud for Windows 12.5, which apparently includes a password manager app.
Casey:
Really?
Casey:
They don't have one on the Mac?
John:
Unless you count keychain access, which is terrible.
Casey:
Oh, come on.
John:
Keychain's the best.
John:
In Monterey, they moved it into system preferences, so there's a preference pane for passwords.
John:
Oh, that's right.
John:
Yeah, that's a little better.
John:
yeah it is i mean that's probably kind of where you'd expect to see it keychain access is more like a utilities folder kind of thing but like if you just like normal people don't use keychain access but i feel like normal people will go to system preferences and click on the thing that says passwords and that's the exposure to the new like the new password thing has like a two-factor thing built in and will generate your passwords and it's also by the way reflected in safari in monterey so like safari has it in its own preferences like also decked out with the new features but they also put it in system preferences because that's where people will look for it so
John:
Things are getting better and slightly more featureful on the Mac.
John:
Still nowhere close to 1Password's feature.
John:
You haven't even mentioned the family thing, which I think is the real killer feature of 1Password, even if you never do anything cross-platform.
John:
Narrator, they both mentioned it.
Okay, there you go.
Casey:
Yeah, no, that's the thing.
Casey:
For me, what I love about 1Password as compared to iCloud Keychain is that, first of all, I can store things other than passwords.
Casey:
And maybe you can in iCloud Keychain, but last I had looked at it, that wasn't the case.
Casey:
I can store documents.
Casey:
I can store notes.
Casey:
I can store things that aren't just passwords, which for me is very important.
John:
You can store notes.
John:
I haven't tried documents, but you can just make notes in Keychain Access, I'm pretty sure.
Casey:
Okay, well, I also keep PDFs, for example, and things like that in there.
Marco:
Yeah, I keep a scan of my driver's license.
Marco:
It's handy to have this kind of stuff.
Casey:
And again, as both Marco and I were evangelizing and touting, 1Password for Families, or when I last had a real job, I brought 1Password to our company, and we were using 1Password for Business.
Casey:
At the same time, I was using 1Password for Families.
Casey:
And all of that intermingled really, really well, actually.
Casey:
Uh, so again, I love one password, the service.
Casey:
I personally love paying for one password, the service.
Casey:
I mean, I mean that genuinely because not only are the people very good in the apps until maybe now really good, but the service is really good and it genuinely makes my online life better and more secure.
Casey:
And for that, I think it's well worth whatever money it is I pay them every year.
Casey:
Uh, but yeah.
Casey:
Yeah, this new beta Mac app is based on Electron.
Casey:
And again, that means it's written in JavaScript and apparently a whole bunch of Rust.
Casey:
They're very excited about Rust over there.
Casey:
And what that means is...
Casey:
In my personal opinion, it will never feel properly and truly native.
Casey:
Now, can you get close?
Casey:
You certainly can.
Casey:
But take, for me, the canonical good Electron app is Visual Studio Code.
Casey:
And Visual Studio Code, to me, is a genuinely and truly great app.
Casey:
Native, though?
Casey:
Not really.
Casey:
It's a great app, but it doesn't really feel native.
Casey:
It doesn't really feel like it's part of the Mac.
Casey:
And that's okay.
Casey:
But what bums me out about 1Password is they have this long, long, long, like 15 or 20 years history of being excellent platform systems everywhere everywhere.
Casey:
Excellent platform citizens, excuse me, everywhere.
Casey:
And this certainly doesn't smell like it's going to be the case too much longer.
Casey:
And I have installed the beta, and I've used it for a little while.
Casey:
And as the three of us do...
Casey:
I have thoughts.
Casey:
Do you want me to start, do you want me to start diving into this or would we rather kind of talk about, oh, Penny is not on airplane mode right now.
Casey:
Would you rather, let me just reboot that whole thing.
Casey:
Would you like to have me go into my particulars or would you rather talk kind of more generally previous before we get into that?
John:
I think you should go through your, your list of complaints because I think, I mean, I think it's important that you made this list because lots of people will say this, oh, it uses web technologies and there, it doesn't feel native on the Mac or whatever, but like,
John:
What does that mean?
John:
Like, what does it mean in concrete terms?
John:
How does it affect me as the user?
John:
What if I'm not a touchy feely person who has this inherent feel of if I can feel this isn't right for the Mac?
John:
Like, what are the actual consequences?
John:
And I think that's what you have a list of here.
John:
We say that all the time, but I think it's important to nail it down.
John:
So please do.
Casey:
Yeah, so I went on a Twitter rant about this, which I directed at the 1Password account.
Casey:
So if you happen to follow me but don't follow 1Password, you wouldn't have seen it.
Casey:
I'll put an unrolled version of it linked in the show notes.
Casey:
But nevertheless, so here's some examples.
Casey:
When I installed the beta, one of the first things it asked me on my iMac Pro, on my Intel iMac Pro, was, hey, do you want to use Touch ID?
Yeah.
Casey:
What?
Casey:
I'm sorry, on my Intel iMac Pro?
Casey:
Yes, I would like to use Touch ID, but I can't.
Casey:
I can't.
Casey:
And that is a very silly thing that lasted two and a half seconds.
Casey:
But it's the sort of thing that if it were a native app, and perhaps there is a way with this new based on Electron app, maybe, or powered by Electron or whatever, maybe there's a way to get to the API that would tell them whether or not Touch ID is even available on this particular computer.
Casey:
But based on my experience, they certainly didn't bother trying to figure that out.
Casey:
And so this is a great example of least common denominator user interface.
Casey:
One of the platforms that this app may run on has Touch ID.
Casey:
So screw it.
Casey:
Let's ask everyone about Touch ID, which is fine.
Casey:
Is it in and of itself a big deal?
Casey:
Certainly not.
Casey:
But that's my first paper cut, and I've been running this new app for 30 seconds.
Casey:
Okay, so let's say I go and I try to enter my master password.
Casey:
So I'm sorry, I should have said this already.
Casey:
But basically, if you've somehow lived under a rock and aren't familiar with one password, you have one password.
Casey:
You have a single password that opens up.
Marco:
You figured it out.
Marco:
You cracked it.
Marco:
Maybe that's why he became a dentist.
Casey:
So you have this 1Password that once you open it up, then you have unique passwords for everything under the sun.
Casey:
You have a unique password for Gmail, a unique password for Facebook, and so on and so forth.
Casey:
So when you enter that 1Password incorrectly, in every version of 1Password I've ever used, or every native version, I don't recall if it did it on the web or not, but in every native version, though, the screen would shake side to side, just like the login screen does on a Mac.
Casey:
And at one point I entered my password incorrectly, either on purpose or by accident, and nothing happened.
Casey:
It just said, oh, that's not right.
Casey:
Is that a big deal?
Casey:
Certainly not.
Casey:
But I have, I've been using one password, geez, 10, 15, probably like 10 years.
Casey:
And I'm used to seeing a shake when I get the password wrong.
Casey:
I'm not even really looking at the screen, but I'm seeing something shaking side to side in my periphery.
Casey:
And I know, oh, I got to try that again.
Casey:
Again, something silly, something that maybe could be done, but at least as of the time in which we are recording, is not being done.
Marco:
And to be fair, it is a beta.
Casey:
Yeah, absolutely.
Marco:
But I think a lot of this stuff, ultimately, I think a lot of this stuff is probably not going to improve for the final version.
Casey:
And that's the thing is...
Casey:
If the ostensible reason for going to this electron-powered monstrosity is to have as little custom user interface on any given platform as you can get away with, then why would they make it shake?
Casey:
Unless they make it shake everywhere, and gosh knows that the animation APIs are going to be different on a Mac versus Windows and so on and so forth.
Casey:
So...
Casey:
I don't think things like this are going to change.
Casey:
And I'd love to be wrong.
Casey:
Golly, I would love more than almost anything in the world, even more than eating crow about crypto, which I'm never going to do because I'm right.
Casey:
I would love to be able to eat crow on this and say, you know what, this new Electron version, you know, the final released version.
John:
hand to god i can't tell the difference between this and the real one and the native one the real one see what i did there and the native one uh so yeah i was wrong it's it's just fine by the way the animation apis would be the same in all platforms because they'd be web apis that's the whole point of a web oh that's true no you're right you're right you're right css animation but but what you're getting at is the conventions like did it always shake on windows or was that just a mac thing right uh is that a convention on windows like it is in the mac shaking when you get it wrong or is it not a convention so if you did it everywhere you may not be you may not like you said before may not feel like a
Casey:
a native citizen of the platform like that you're not complying with the conventions of your environment but instead are complying with the conventions that someone has decided it should be the same across all platforms right so then things got dodgy and i think i've since figured out what the problem is i suspect and i hope that this will get fixed by the
Casey:
But when I first started trying to use this new 1Password 8 Beta, it had me install a new version of the extension for Safari, which makes perfect sense.
Casey:
It's totally reasonable.
Casey:
But it didn't seem like it really wanted to do anything.
Casey:
There was no solid communication between Safari and the actual app.
Casey:
And for the life of me, I couldn't figure out what I was doing wrong.
Casey:
But I would go to hit the little icon in the toolbar in Safari, which in the past would ask me to enter my password right there in the extension, which I believe is not the case anymore.
Casey:
I think I was running an old extension or something like that.
Casey:
I'm a little wishy-washy on this, so I might be lying.
Casey:
But one way or another, the extension that I was used to was that it would let me enter the password right there in the extension, and then it would give me my list of passwords for that particular website.
Casey:
Well, now it's asking, it's kicking open the full app, which is kind of annoying because it's a context switch I'm not expecting and don't particularly want, but okay, fine.
Casey:
But then when I tried, when I would successfully enter my password, the extension would just sit there and spin.
Casey:
Okay.
Casey:
So I tried it again.
Casey:
Same story.
Okay.
Casey:
Eventually, I figured out what appears to be the problem was I made the critical mistake of asking one password not to be in my menu bar on my Mac, which is something I've done forever.
Casey:
I really don't like menu bar items except the ones I want up there, which is funny because I have like 304 up there.
Casey:
But the ones I want, darn it.
Marco:
I'm so with you on this, by the way.
Marco:
I'm a thousand percent with you on that.
Casey:
Thank you.
Casey:
And so I hate having things that I don't want on my menu bar.
Casey:
And yes, I'm aware that Bartender exists.
Casey:
I don't want to use Bartender.
Casey:
I just want to have the stuff I want up there.
Casey:
And so immediately when I had installed the beta, I had unchecked, I guess I should say, the option of having one pass from the menu bar.
Casey:
And kudos to them that that option was already there in the beta.
Casey:
Everything was great.
Casey:
Except it appears that by taking it out of the menu bar, I have also killed the like daemon, for lack of a better term, you know, the always resident server, if you will, that's within my Mac in order to communicate with one password.
Casey:
So when Safari was going to talk to the daemon, it wasn't there.
Marco:
It's pronounced affluent.
Casey:
Oh, God.
Casey:
I don't even know what I just said that made you think of that.
Casey:
But anyways, the point is that I was trying to get to this process that wasn't there, and so it wasn't working.
Casey:
And then once I finally figured out, oh, I wonder if I need to keep one password in the minute.
Casey:
Okay, great.
Casey:
So apparently I do need to have the menu bar icon there, which I really, really don't want.
Casey:
And again, I would hope and suspect that this will get fixed in the future, but if this is the way it is forever, I'm going to be real grumpy about it.
Casey:
It's a dumb thing to be grumpy about, but darn it, I'm going to be grumpy about it.
Casey:
No, no, no.
Marco:
This is not... No, I mean, first of all, it's probably just a beta bug.
Marco:
But second of all... I agree, I agree.
Marco:
If that were actually how it would ship, I would be grumpy about that too, because I... And this is, I think, part of the larger picture here, but I hate...
Marco:
when I install something that is, to me, a utility, and it wants to take over my computer.
Marco:
And it's like, hey, you know what, did you know we now do all these other things?
Marco:
Now you can use, you know, Dropbox is the biggest example of this in recent years, but it's like, now you can use us for all your collaboration and tools.
Marco:
No, I don't want, you are a utility, not my entire computer.
Marco:
My computer is not yours.
Marco:
And when applications that have no good reason to have a menu bar item
Marco:
put one there, especially as they almost always do by default.
Marco:
And it's like, now we're running all the time to help you out.
Marco:
It's like, no, you're running all the time to help you out, not to help me out.
Marco:
So, yeah.
Marco:
I am totally with you on, like, basically keeping these sprawling businesses' apps from sprawling all over my computer.
Marco:
It's like, your business is making you do this, but
Marco:
That's not my problem.
Marco:
My problem is this utility app that I thought was only going to do this one basic thing in a normal way wants to grab more real estate than I think it deserves.
John:
Except for my two apps, which do have to be running all the time and only appear in the menu bar.
John:
They're fine, right?
John:
Are they Electron?
John:
They're brutal.
John:
They are not.
John:
But if they're not running all the time, they don't work.
John:
So there's that.
Casey:
So Andrew Beyer in the chat is telling me one of the big... Andrew works on 1Password.
Casey:
One of the big changes between 1Password 7 and 8 is our change from Safari app extensions to a web extension, which comes with some new Apple API issues.
Casey:
Safari 15 brings a bunch of improvements on macOS, like the popover opening speed.
Casey:
So I'm hopeful to see that those improvements land.
Casey:
And I think, like I was alluding to earlier...
Casey:
Perhaps I was using like an ancient version of the extension, and that's part of the reason why I find this new one so crummy is because not only is it working with the crummier native app, but on top of that, I'm using the crummier new APIs that Apple is giving 1Password.
Casey:
So it's just crummy all the way down.
Casey:
And those are just a handful of examples of why I was not in love and am not in love with the new beta.
Casey:
Again, it is certainly possible all these things will be fixed.
Casey:
I'd be surprised, but it is possible.
Casey:
But the thing of it is, is that 1Password, as I've said this before, I'll say it a few more times, was always, to use a gruberism, it was always a Mac-assed Mac app.
Casey:
It was always a really strong, really solid Mac app.
Casey:
I'm sure I could come up with complaints about 1Password 7, but for the most part, it was a really great shining example, almost to a panic level, of what a great Mac app could be.
Casey:
And I would say the same with the iOS apps, too.
Casey:
I'm sure I could come up with complaints.
Casey:
But on the whole, they were really, really, really great, solid apps.
Casey:
And now I feel like it's an app on my computer.
Casey:
It's just another one.
Casey:
And that's fine.
Casey:
Like, I guess one could argue that I should not get my engine revved as much as I used to by a password manager.
Casey:
But darn it, there's not a lot of things to be happy about these days.
Casey:
And it always made me happy.
Casey:
And 1Password 8 does not make me happy.
Casey:
With that said, to give credit where credit is potentially due, I did not compare to 1Password 7, but I did look at the memory usage of 1Password 8.
Casey:
And one of the things that people love to whine about, including me, with regard to electron-powered stuff, is that it uses a butt-ton of memory.
Casey:
And when I looked earlier today, I was using about 135 megs of memory at, you know, idle, which is a lot and is more than it should be, but it's not like the 17 gigs that Chrome uses when it's looking at, you know, about blank.
Casey:
So,
Casey:
It certainly could be worse.
Casey:
There is a long explanation that Dave Tear wrote.
Casey:
Dave was one of the co-founders of 1Password that explains kind of the history of 1Password for Linux.
Casey:
And he and I exchanged a couple of tweets earlier today.
Casey:
Again, nicest guy.
Casey:
Everyone there is so nice.
Casey:
Dave had offered, and we just crisscrossed on timing to get on the phone with me to talk about kind of the motivations of Linux.
Casey:
of why they're, they're going the way they're going.
Casey:
Um, which most of me honestly does not really care or want to hear, but because I love one password and the people there so much, I was going to hear them out and at least entertain the conversation.
Casey:
As it turns out that the timing just didn't work out, but this medium post goes through, like, how did you, how did one password land on, on electron power, uh, being powered by electron as, as the way forward.
Casey:
And I
Casey:
I guess what I keep coming back to, and it is so easy for me to armchair quarterback, but hey, that's what I do for a living now.
Casey:
It's so easy for me to armchair quarterback, but it seems to me that this is not the way forward that I want or that I think ultimately 1Password wants.
Casey:
Because what it gives them is a kind of meh experience everywhere, right?
Casey:
Rather than a certainly more difficult, more expensive, more time consuming, but ultimately excellent experience everywhere.
Casey:
And I think I don't want to get into it yet, but I think we should talk a little bit about what their alternatives were, both with regards to SwiftUI and Catalyst.
Casey:
But let's let's put that in the parking lot for a minute and let's come back to that.
Casey:
I know I've been talking for a long time.
Casey:
Gentlemen, what's your take on this?
John:
You should mention the blog post on the OnePassword site itself that also goes through this from a slightly different perspective than the Medium post.
John:
In fact, that's the first place I would say you should look to where the company explains how did we end up where we are.
John:
We previously had like a Mac app and a Windows app or whatever.
John:
how did we end up where we have this Electron app across all the platforms?
John:
And I think it, I think it explains it well.
John:
There's a bunch of quotes in here about their various requirements.
John:
And like, you know, like it explains basically that they, this wasn't, they had a, there's like a plan A and a plan B, or I don't even know which one would be A or B, but when they did the Mac app,
John:
They had the Electron one and they also had a SwiftUI app and they were doing both Presumably to see like which one's gonna work out better and in the end the one that worked out better Was the Electron one and so they went with that like it's not like they decided from day one We're going to Electron everywhere.
John:
They were hedging their bets saying we should try making a native Mac app Try using SwiftUI, you know get some cross-platform stuff with iOS and iPad OS or whatever
John:
And it just turned out that the electron one was there.
John:
Anyway, they explain in the blog post, you can read it.
John:
But I think they go into this a little bit.
John:
But the underlying assumption, which I think is true, is that part of one passwords value as a product is the fact that it is cross platform.
John:
Apple's keychain is just now trying to kind of be like that.
John:
Oh, hey, we have a Windows app.
John:
But 1Password runs in Linux, for crying out loud.
John:
Runs in Android, runs in Windows.
John:
Their selling point is, especially for a password manager, as Marco figured out, even if you are essentially a one-platform household, using a password manager that is available...
John:
many different places can come in surprisingly handy that one time you do end up having an android phone briefly or having a windows pc for gaming or whatever it's convenient like because that's exactly the type of thing like when you go to another password platform your passwords don't change or disappear like you still have whatever your dropbox account your microsoft account your login to amazon.com whatever right that's still you you are the same person so why shouldn't your passwords come with you
John:
so it makes perfect sense that a company like one password correctly realizes like two things one a part a great part of our value is that we're cross-platform and two within the realm of any single platform we are essentially competing against the platform vendor apple has a solution to this called icloud keychain right but and if you're one password you're like well on the apple platform
John:
Not that our days are numbered because Apple's probably never going to have all the features that 1Password does.
John:
And 1Password probably cares more about this than Apple does.
John:
But anytime you're competing with a built-in feature, the built-in feature doesn't actually have to be better than you to sort of gobble up your market share.
John:
So it's kind of dangerous to sort of bet the future of your company on the fact that
John:
we'll always have a better password manager than Apple and people will be able to recognize that we have the better password manager and reward us by paying money for a thing they could get for free with their OS.
John:
It's much better to say we need to go cross-platform because we feel like that's an area where
John:
Maybe they at one time thought that's an area where Apple won't go.
John:
Apple has proved them wrong with their Windows iCloud stuff that they've been doing in recent years.
John:
But you can have more confidence that even if Apple does go there, Apple's track record of making really good Windows apps has not been great.
John:
See Safari for Windows, QuickTime for Windows, basically anything they've ever done for Windows.
John:
The boot camp drivers for Windows, maybe.
John:
So that's a better strategy for the company.
John:
So that's the context of this thing.
John:
Why do they care about cross-platform?
John:
And then from there, everything else follows this in this blog post.
John:
How many people are me?
John:
How much money has been invested?
John:
The investors want to see in their return on their investment.
John:
We need to do the thing that is the strength of our company, right?
John:
You know, how much time and energy have we spent for the past years with all the years that Casey loves, where they had a really, you know, Mac native app, uh, as they describe in their blog posts, it became a problem trying to coordinate two teams, making two separate applications.
John:
And it was making them as a company move more slowly and take more time to add features.
John:
Like, uh,
John:
Kind of like reading the threat model, the CSAM thing.
John:
If you read the document in isolation, you will be nodding your head and going, yes, yeah, this all makes sense, right?
John:
But where the rubber meets the road is what Casey was talking about.
John:
It's like, okay, but I'm not an employee or shareholder of 1Password.
John:
I'm just a user of their product.
John:
And my experience has gotten worse.
John:
Now, I have to say the list of things that Casey went down here, a lot of them seem like, you know, potential beta bugs or small things that aren't a big deal.
John:
But I think the earlier point that you made about Visual Studio is a good one.
John:
Most users don't know or care what API their app use, but within any given API, you can have a good Electron app or you can have a bad one.
John:
My choice for a good Electron app, I think Slack is still Electron, right?
John:
Or an app that uses web technologies or web views or whatever.
John:
There is a huge difference between a good Electron app and a bad one.
John:
I say this is someone who uses Teams and Slack.
John:
I don't know if Teams is Electron.
John:
I hope it is because there's no other excuse for it to be so horrible on the Mac app.
John:
Like it looks like it's using web technology.
John:
It is so much worse than Slack.
John:
It's not even funny.
John:
Same thing, pick an API.
John:
UIKit on the iPhone.
John:
You can make a good app with UIKit and you can make a bad app.
John:
And I think the range between a good app within a given framework and a bad app within a given framework is probably bigger than the average range between...
John:
apps on different frameworks, right?
John:
So it's not ridiculous to think that 1Password strategy of using Electron, like it has huge benefits for their ability, for their velocity, as we say in the business, for their ability to get features, for their ability to get features out the door in a timely manner, to have a consistent experience across all their platforms, to be able to roll out features simultaneously, like there's all these reasons.
John:
And the Rust backend is, you know, like making the core and across platform Rust, you know, a language with more safety features, like it all makes tech sense.
John:
But I don't want to minimize Casey's complaints here because the bottom line is, you would hope 1Password8, here it is, that as a user of this app, you would be excited because the app would get, in your estimation, better.
John:
And thus far, Casey is not excited about the app getting better.
John:
I mean, you can offset this with new features.
John:
And maybe if you did hop across platforms a lot, you would enjoy the consistency where before...
John:
They were different for weird reasons, or they got features at different times.
John:
But that's the challenge for 1Password, the company, and the product is to, one, make a really good Electron app, and two, try not to downgrade the user experience of your customers from what they are previously accustomed to.
John:
And it sounds like, at least in Casey's estimation, it feels like a downgrade right now, even though it's just a beta.
Casey:
It definitely does feel like a downgrade.
Casey:
But again, the complaints I have so far are beta kind of complaints.
Casey:
And they're not that big a deal in the grand scheme of things.
Casey:
And the actual app itself, I haven't spent too much time with it today.
Casey:
I feel like there's a lot of white space here that isn't necessary, but that's a quibble of a quibble of a quibble.
Casey:
The app itself seems like it's perfectly functional and will work just fine, which really, especially for a beta this early, is pretty high praise.
Casey:
Like if the app itself is workable and sufficient, then one could make an argument that I should get off my high horse and you might be right and just shut up and deal.
Casey:
It just makes me sad, man, because it was such a great idea.
John:
That's not what I said at all.
Casey:
No, no, no, no, no, no.
Casey:
I'm sorry.
Casey:
I'm not trying to put words in your mouth at all.
Casey:
I just mean in general, one could say, the royal you could say that, you know, I'm whining and moaning about nothing.
Casey:
And maybe that's true.
Casey:
But I don't know.
Casey:
It just makes me so sad that what was once a shining example, at least today...
John:
is not a shining example now maybe it will be later i don't know but it's not today and and it still bums me out do you feel like it's a good electron app like you know compare it to whatever your favorite is video studio code slack or whatever do you feel like it is within the bounds of electron and web technology does it feel like a good one or does it feel like teams
Casey:
Uh, well, I, I haven't used teams, but I take the point you're driving at.
Casey:
Uh, yeah, it's good.
Casey:
Yep.
Casey:
It's good.
Casey:
But again, like I would never say that about the old one password.
John:
I would say it's frigging great, but you were enthusiastic.
John:
Yeah.
John:
I totally get it.
John:
So, so here's the thing.
John:
Like, uh, I don't want to take one password off the hook.
John:
Um, because, you know, as they outlined in their, you know, in their thing here, like, uh,
John:
an option that was on the table is to just continue making a complete native mac app like they had always made with a rust core underneath it which would probably mean rewriting the whole thing from scratch or whatever but that would be more expensive and time consuming and difficult than doing what they did right and maybe maybe they'll change their mind about that depending on what the feedback is like but maybe most people don't even care and as long as they get a good electron app it'll be fine but there is a portion of blame for this whole situation it lands squarely in the lap of apple and it's
John:
Not really super apples.
John:
Oh, we'll get there.
John:
I'm not going to say.
John:
I'm going to get there now.
John:
Oh, come on.
John:
I want to talk about 1Password.
Marco:
Give Marco a chance.
John:
Go ahead.
John:
Have you used it?
John:
I wasn't aware you'd used version 8 yet.
Marco:
I haven't.
Marco:
I think this is... I want to split this discussion between... In a moment, I want to close the book on 1Password and have kind of a separate discussion about
Marco:
the problem of SwiftUI and Apple's cross-platform stuff and how Electron plays into that.
Marco:
Because I think the reason why we're seeing all this rage at 1Password over this right now I think is a combination of factors.
Marco:
I mean, first of all, many long-time 1Password consumer users...
Marco:
have been upset with the company's overall direction the last few years towards their own sync service with, you know, towards subscription pricing.
Marco:
And this is like, you know, 1Password has kind of borne the brunt of a lot of just like the general consumer resentment towards things moving towards subscription pricing and like that.
Marco:
So like, there's a lot of that going into this.
Marco:
I think it's also worth noting the context of like the changes that 1Password has been going through as a company in the last few years.
Marco:
Like,
Marco:
The news came out a couple weeks ago about their new fundraising round.
Marco:
I think this surprised a lot of people, myself included, with quite how big of a company they are now.
Marco:
I pasted the link here.
Marco:
It's raised $100 million.
Marco:
It's their second round.
Marco:
I think what's most interesting here is looking at
Marco:
how different the numbers are between their first round from two years ago and now.
Marco:
So they went in two years from 174 employees, which is way higher than I would have guessed that they had, to 475 employees.
Marco:
So 475 employees currently work at 1Password.
Marco:
It is a massive company.
Marco:
They do $120 million in revenue.
Marco:
And if you look at also, they're getting into way more business stuff than anything that the three of us would even probably even know about, let alone use.
John:
They should be sponsoring us more.
John:
I didn't know they had that much money.
Marco:
Buy some more ads.
Marco:
It's chump change for you.
Marco:
And their number of business customers has nearly doubled in that time, according to all this news.
Marco:
So like, if you look at like, this is a company that has exploded in money, in people, in focus and in scope over the last couple of years.
Marco:
And for those of us, like the three of us or two of us, John, you don't even use it, do you?
John:
No, I don't use it, but I do recommend other people use it.
Marco:
Right.
Marco:
So for Casey and I and many of the listeners who are big 1Password fans for years, not only does this stuff mostly happen without us even knowing about it, like all this growth into business and everything, but most of this is stuff that will actively make this company worse for serving our needs or at least will incentivize them to go in much different directions and focus in much different directions.
Marco:
And so –
Marco:
I think this is why so much of this frustration and anger over the move to an Electron app has hit 1Password in particular.
Marco:
Because they already had these other factors going that were giving them a lot of resentment among certain groups of the community.
Marco:
And I think that's not to be overlooked.
Marco:
I also think, despite what Casey says, I would not call 1Password, the previous version, a, you know, quote, Mac-asked Mac app.
Marco:
It does use native frameworks, but it has a ton of custom UI.
Marco:
And it always has.
Marco:
And I actually think it works pretty well, but I can see why they are going in an Electron direction because from their point of view, it was already super custom.
Marco:
And I don't even necessarily care that much for the reasons why most people don't like Electron apps.
Marco:
most of the reasons are things like well it doesn't resize smoothly well you know what i don't resize my windows that often i don't care uh or like it doesn't use the full native ui it's like well look at this app this is not native ui or this is not i mean standard i would say standard ui so already you know we're we're already out of that that realm here um what i care about with electron apps now okay we're gonna slice this conversation right here this is
Marco:
Chapter change.
Marco:
All right.
Marco:
That was one password.
Marco:
Now we're going to talk about UI frameworks and the challenges there.
Marco:
What I care a lot about with Electron apps is not that they don't resize smoothly.
Marco:
It's not that their preferences window is a weird overlay inside the main window.
Marco:
I honestly don't care much about that at all because those things don't get in my way very often.
Marco:
What gets in my way very often is two things.
Marco:
How incredibly bloated they are, especially at launch time, and how they tend to deviate from system standard behaviors, especially around things like keyboard navigation, shortcuts, things like that.
Marco:
Accessibility.
Marco:
Yeah, that's a big one.
Marco:
That doesn't affect me personally at this moment very much, but that affects a ton of people in huge ways.
Marco:
So that's a huge one.
Marco:
So
Marco:
Electron apps in general, because they are this, you know, basically web views with fancy stuff around them or, you know, within them, but basically all this, you know, custom web stuff, they tend to have a lot of just little paper cuts in use.
Marco:
Just little things that don't work the way the system works, little behaviors that are a little bit different as you navigate or as you work through the app or as you use keyboards or big things as, you know, assistive technologies.
Marco:
So...
Marco:
there's all sorts of little ways that Electron apps make the customer experience worse.
Marco:
And two of the biggest ones are memory usage, disk space, and I guess long time, too.
Marco:
And counting.
Marco:
And counting.
Marco:
And to me, the move to Electron
Marco:
It has these externalities.
Marco:
It's kind of like our Bitcoin discussion, but on a much smaller level.
Marco:
It has these externalities of, we're going to waste significantly more memory, significantly more disk space, more time to launch the app, etc.
Marco:
We're going to really bloat up the app's technical resource needs.
Marco:
in a way that doesn't really help our customers at all.
Marco:
And we are actually foisting the externality of that onto our customers, onto all their devices.
Marco:
So we're going to take up all this disk space around the world, all this extra RAM around the world on all these computers.
Marco:
We're going to make everyone's experience a little bit worse in order to save us some time and money.
Marco:
I think that's one of the reasons why this rubbed people the wrong way.
Marco:
But I think that ultimately gets down to like, that's the biggest problem I have with Electron apps.
Marco:
Again, it's not the animations and stuff.
Marco:
Honestly, that's fine.
Marco:
My password manager has always looked totally weird compared to other apps.
Marco:
I still like it because it worked well.
Marco:
But if this move is going to make it work with as much mediocrity as every other electron I've ever seen, including things, you know, Slack.
Marco:
I've used it enough now.
Marco:
I've seen enough.
Marco:
I know how this is likely to go.
Marco:
And even if they take all the care on the world to try to do their best, it's not going to be the same.
Marco:
It's not going to be like a native app.
Marco:
It's going to be full of all those paper cuts, maybe fewer of them than if they hadn't cared at all to fix any of them.
Marco:
But there's going to be all those paper cuts all throughout it.
Marco:
And for a company that has about 475 employees –
Marco:
I know these aren't all engineers.
Marco:
I know engineering and scaling, engineering resources, these are not simple things.
Marco:
But I just – ooh, I fell back into my password.
Marco:
Whoops.
Marco:
I just don't think this was a good decision of resource allocation.
Marco:
Because it's not like they're starting from scratch.
Marco:
They already had native apps.
Marco:
So it's like they're throwing that away or throwing much of that away.
Marco:
And I just, it seems like many common engineering foibles have happened here.
Marco:
They tried something new.
Marco:
It didn't work out.
Marco:
We'll get to that in a moment.
Marco:
Don't worry, John.
Marco:
They tried something new.
Marco:
It didn't work out.
Marco:
And so they didn't even seem to consider, well, why don't we just do what we were doing before?
John:
Well, I mean, the reason they didn't do what they were doing before, they explained in the blog post, because what they were doing before they knew for a fact had these certain problems in terms of coordination and time to market and synchronizing features between things.
John:
And like, like, that's why they didn't just say, why don't we just go back to what we're doing before?
John:
Like, so I kind of understand where they're coming from.
John:
Like they had a status quo and the status quo was not meeting the needs of the business.
John:
So they need to do something.
Marco:
I mean, yeah, that's – I get that argument.
Marco:
I don't necessarily know if I agree with the conclusions that companies come to sometimes with that argument, which often leads to things like Electron because there's – it's very much it's a grass is always greener situation to a large degree.
Marco:
Electron is not free and it has its own downsides.
Marco:
I mean this is true.
Marco:
Like anytime a large engineering decision is made to switch to some massive new framework – like for instance –
Marco:
I think even trying SwiftUI for a company of this size, for a company that the Mac app is so important, I think they should never even try SwiftUI.
Marco:
One engineer should have tried it for a weekend and realized it's not ready and stopped.
Marco:
So the fact that they had invested very heavily into it, I think that was a misdirection, I think.
Marco:
Anyway, so again, I don't want to spend too much time on them specifically on this because I think it's much more about the general electron in general
Marco:
My problem with it is that externalizing the downsides to your user base to save yourself a couple engineers when you're a big company.
Marco:
That, to me, I don't appreciate that as a user of these things.
Marco:
And as a 1Password user in particular, it's... God, I fell back into it again.
Marco:
I see why people are mad because they've taken the same path as Dropbox and many other companies where it starts out as this consumer thing that we all love.
Marco:
And then it turns out the consumer thing can't really have this massive explosive growth business or it's hard when the platform makers move into it or whatever.
Marco:
There's major reasons why they want to explode into the business world.
Marco:
So the company balloons in size and in financing and they explode into the business world and do all these business features.
Marco:
And it leaves behind –
Marco:
people like us who are like, well, we didn't really want any of that.
Marco:
And now this thing that we like and have come to rely on and that doesn't have a lot of good alternatives is now going in this massive direction that is actively against the things that we like or that we value or that we need.
Marco:
We are sponsored this week by Linode, my favorite place to run servers.
Marco:
Visit linode.com slash ATP and see why Linode has been voted the top infrastructure as a service provider by both G2 and TrustRadius.
Marco:
From their award-winning support, which is offered 24-7 through 65, and that's regardless of your plan size, from that $5 a month plan all the way up to many servers you can put there, everyone gets that same amazing level of support.
Marco:
So from that,
Marco:
to their ease of use, their great setup, it's clear why developers, like me, have been trusting Linode for projects both big and small since 2003.
Marco:
You can deploy your entire application stack with Linode's one-click app marketplace, or build it off from scratch and manage everything yourself with supported centralized tools like Terraform.
Marco:
Linode offers the best price-to-performance ratio for all compute instances, including GPU compute instances, as well as block storage, Kubernetes, and their upcoming bare metal release.
Marco:
Quite frankly, this is what drew me to Linode in the first place.
Marco:
Years ago when I started there, way before they were a sponsor or anything, I pay for it all myself.
Marco:
It's wonderful.
Marco:
It's a great value.
Marco:
And I care about that value.
Marco:
I care about what I'm getting for my money.
Marco:
And in hosting, sometimes you get a place that's a good value for a year or two, and then it's not anymore.
Marco:
linode has been an amazing value the entire time i've been a customer they always give you more for your money as technology moves forward they give you more for the buck it's fantastic linode makes cloud computing fast simple and affordable allowing you to focus on your projects not your servers visit linode.com slash atp create a free account with your google or github account or just your email address and you get a hundred dollars in free credit once again linode.com slash atp
Marco:
Create your free account to get $100 in credit.
Marco:
I love Linode.
Marco:
If you've got to run servers somewhere, I strongly recommend Linode.
Marco:
Thank you so much to Linode for sponsoring our show and hosting all my stuff.
Marco:
Electron.
John:
Go ahead, John.
John:
All right, so the framework question.
John:
This is tangentially related to 1Password, but it's actually more of an Apple problem that they have to deal with, right?
John:
So the reason 1Password looked at SwiftUI is because in theory, and as pitched by Apple, SwiftUI is a framework where you can write an application and you can use a lot of that same code, if not the exact same application, depending on how you want to try to do it,
John:
on the Mac, on the phone, on the iPad, on the watch.
John:
It's Apple's cross-platform UI framework to the extent that it exists.
John:
So if part of the deal of this thing is, hey, we've got a problem, we've got all these native apps, the coordination is a big problem for us,
John:
let's try to unify, right?
John:
Step one in the unification that we haven't talked too much about is sort of doing the core and Rust in a cross-platform way.
John:
And I think that's a great idea.
John:
When we talk about the core, we're talking about like the part that doesn't have a user interface, just the guts of the machine.
John:
Using Rust, which is a language that has lots of rules about memory ownership and type safety and everything, is a great idea for a security-conscious application rather than, say, writing it in C or some other language that has lots of security problems.
John:
Great, make your core in that, right?
John:
Like that's our new sort of new generation.
John:
We used to have the core, but it was different on different platforms and it was kind of a pain.
John:
Let's write a new core in Rust.
John:
Then you have this core with no interface and you have to decide, how do I put an interface on this?
John:
And 1Password didn't immediately jump to, let's just do Electron everywhere.
John:
We use the Rust core and then we'll do Electron for our UI.
John:
That wasn't their first thing.
John:
They thought of, okay, on Apple's platform, Apple actually has a new-ish,
John:
native UI framework that can target more than one Apple platform.
John:
So no, you can't use Swift UI across all of our platforms, Linux, Android, Windows, but we can get pretty much all the Apple platforms we care about with this one framework.
John:
So let's consider a bifurcated strategy, which is like Electron everywhere, except for on Apple platforms, we'll try using Swift UI.
John:
Which in itself is, you know, and Jason Snell wrote the story recently saying how the Mac just wasn't important enough for 1Password to do this.
John:
In the end, that is true.
John:
But the idea that they looked at SwiftUI at all shows that 1Password kind of knows where its bread is buttered.
John:
I don't know what their financials are, but 1Password with his roots as a Mac company, right?
John:
I think they were Mac first, right, for years before they even branched out.
John:
I don't know if that's true, but I've always thought of them as a Mac company, was considering doing a totally different framework just for Apple's platforms.
John:
Maybe that makes financial sense.
John:
I don't know what percentage of 1Password's customers are on Apple platforms versus not, but that was a thing that they considered, which I think shows that either financially it makes some sense for them to do that or just emotionally because they feel the roots in the Apple platform that they were considering doing that, right?
John:
That didn't work out for reasons that, you know, anyone who has tried to use SwiftUI in the past several years understands.
John:
SwiftUI is young.
John:
It has lots of limitations.
John:
I don't think it's impossible to pull off a 1Password application on a SwiftUI, but you would then have to decide what to mix it with because there are things that SwiftUI can't do or can't do easily or can't do feasibly, and you have to, like, mix it with something.
John:
So you can mix SwiftUI with AppKit like I do in my apps.
John:
You can mix SwiftUI with UIKit and a Catalyst app.
John:
What are the other options you have?
John:
I mean, you can do pure Swift UI, but that's probably not going to fly.
John:
And then once you're doing that, now you're losing a lot of the cross-platform part of it, depending on how you look at it.
John:
If you do it in Catalyst, you can say, well, if we're going to do it in Catalyst, why do we need Swift UI at all?
John:
Why don't we just use Catalyst app for our Mac and then use that same UI kit code for the phone and the iPad?
John:
And you have a whole bunch of different options on the various Apple platforms.
John:
But they didn't have time to run all those experiments.
John:
So they said, well, when the SwiftUI one didn't work out, let's just do Electron everywhere because Electron runs on the Mac.
John:
But that whole soup that I just explained is part of Apple's problem.
John:
SwiftUI is Apple's newest framework, and it is the one that has the potential to run on the most platforms.
John:
but it's young and it's not really up to maybe the task of an app like uh one password at this point catalyst also exists uh and it's a way if you are coming from a ui kit and you either have an existing ui kit application on the ipad or the iphone or you just know ui kit because you've been developing on those platforms but you want to write a mac app now you can write a mac app in ui kit sneaking into app kit every once in a while to do stuff and then of course there's app kit the old the old api that that is
John:
superseded maybe by catalyst and or swift ui this is not a great situation for the mac because like the reason you see among the little circles that we travel and lots of discussions of all these these different words catalyst app kit and swift ui
John:
is that there is no obvious answer for all situations on how to develop a native Mac app.
John:
Setting aside Electron, what should I use?
John:
And there's a whole, it's like a flow chart of like, well, do you have an existing UI kit app?
John:
Are you writing from scratch?
John:
Do you have an existing app kit app?
John:
Are you gonna target the watch?
John:
Are you gonna target the iPhone?
John:
Like, you know, how complicated is your application?
John:
What is your tolerance for bugs and immaturity?
John:
Apple has been in this place before, many, many times over the years.
John:
I'm just going to go back to the most recent one, but if you keep going back in time, there's more and more ones for even older people.
John:
The most recent time Apple found itself in this scenario is the dawn of Mac OS X. Before Mac OS X, Apple tried to do an OS called Rhapsody, which is basically the same as Mac OS X, but without the ability to
John:
easily port classic mac os maps apps to it and that os strategy didn't fly mostly because the companies that had existing mac apps said yeah no we're not going to rewrite our apps like microsoft said no we're not rewriting office for the next step apis and adobe said no we're not rewriting photoshop for the next step apis right so apple had to come up with mac os 10 which was basically rhapsody plus a new api called carbon which was essentially the
John:
the parts of the old classic Mac API that they could port in a safe way to a modern operating system, right?
John:
And then Microsoft ported its apps to Carbon and Adobe ported its apps to Carbon.
John:
And then all the next developers ported their apps to Coco.
John:
Not ported, but they were already basically... They renamed a bunch of stuff and got their AppKit apps to run in Coco.
John:
And for years, for many, many years, it seemed like a longer time than it actually was, but for many years in the beginning of Mac OS X,
John:
there were two ways to write a native mac os 10 app you could write in carbon and you can or you could write in coco and people would ask questions i want to write a mac app which api should i use and you'd go through the flow chart do you have an existing mac app if you do you should probably use carbon because you can easily port it to that do you have an existing next step app if you do you shouldn't use coco because it's basically the same api and it just renames and stuff and it'll be fine what if i'm starting from scratch
John:
Well, do you know Objective-C?
John:
What's Objective-C?
John:
How do you feel about square brackets?
John:
Like, what language do you know?
John:
What APIs?
John:
Have you ever made another Mac app before?
John:
What APIs are you familiar with, right?
John:
And, like, aside from the obvious ones, which is like, hey, I've got Adobe Photoshop.
John:
I should obviously go with Carbon because I'm not rewriting it next step.
John:
Or I've got, like, OmniWeb.
John:
I should obviously use AppKit because that's the one.
John:
There was no obvious answer, and Apple wouldn't tell you, like, what you should do.
John:
They would just say, well, you know, like, use the one that you prefer.
John:
We try to give them feature parity, and as the years went on, sometimes a feature would appear in AppKit first, sometimes a feature would appear.
John:
in carbon first some features were only available in carbon like a bunch of stuff having to do with classic mac os and the quick time stuff or whatever and then eventually some features are only available in coco and apple had a bunch of wwdc's where they do these sessions where like we're going to do feature parody and we're not going to do that anymore and every new thing that we come out with is going to be in in carbon and coco at the same time and you can see how
John:
Like in one way, this is a necessary strategy because you can't have an OS unless you can bring along all the apps.
John:
You need Microsoft Office, you need Internet Explorer, whatever the hell, right?
John:
And all these new Cocoa apps are new and exciting.
John:
They'll let people, individuals make applications on their own that then become popular, like NetNewsWire written by one person.
John:
Through the magic of Cocoa, like these are both good things.
John:
I don't want to give either one of them up.
John:
I can't give up Carbon.
John:
And matter of fact, major parts of the operating system are Carbon only.
John:
And Cocoa apps end up needing to call into Carbon to do those things.
John:
But I can't give up Cocoa because there's so much excitement happening there.
John:
And people are writing apps that, you know, very quickly and writing these feature filled apps because Cocoa is this amazing framework and they're learning Objective-C and blah, blah, blah.
John:
During that time, a lot of developers really wished, Apple, just tell us which one we should use.
John:
Like, which one should we use?
John:
Is it going to be carbon forever and ever?
John:
Or is it going to be cocoa forever?
John:
Because you can't have both because it's just too confusing.
John:
And Apple would say, well, we need to have both right now.
John:
But developers, if you're on the cocoa side, you were saying, we should just get rid of this carbon garbage.
John:
It's terrible.
John:
Objective C is the future.
John:
Everything should be AppKit.
John:
And if you're Carbon, you'd be like, what the hell is this Objective-C stuff?
John:
Like, no one uses that language.
John:
It makes no sense.
John:
It's so ugly.
John:
The API is stupid.
John:
All the real features are in Carbon.
John:
Why don't we just forget about that, just like we forgot about the Java interface to it, and just go with Carbon forever?
John:
Eventually, after what seemed like way, way too long, Apple made a decision.
John:
And the decision was, Carbon, you're out.
John:
And it's Coco from here on.
John:
And that was incredibly clarifying for there was a period of time where you said, if you want to make a native application, Mac application, how do I do it?
John:
The answer was AppKit, Cocoa, period.
John:
That was it because Carbon didn't come to 64-bit.
John:
And once the OS was 64-bit only, which also took a long time,
John:
Your only option was AppKit.
John:
And yeah, there's, you know, other models of building applications.
John:
You can make a Java app, like a native Java app with all those widgets and web technologies and all sorts of stuff like that.
John:
But eventually they made the call.
John:
We are back now in a situation that's even worse, where we have Catalyst, which is good for UIKit things.
John:
We have SwiftUI, which is kind of like the new Cocoa.
John:
It's like the new hotness, although, you know, obviously Cocoa was a decade-old technology when Apple bought it, unlike SwiftUI.
John:
And then we have AppKit still lurking back there.
John:
All three of those things work today to make a Mac application.
John:
And Apple will not tell you which one of those is the real future.
John:
Maybe because they don't know.
John:
But right now they're doing the thing they did for years with Carbon and Cocoa was like, they're all pretty good.
John:
Just pick the one that's best for you.
John:
I don't think that's a good strategy.
John:
But on the other hand, I don't think it's a good strategy to like ditch one at this point because I mean, Catalyst debatably, you know, when Catalyst came out, we didn't know about SwiftUI.
John:
So Catalyst seemed like the future of the Mac.
John:
But then SwiftUI came out and it's like, no, what the hell is the future, right?
John:
And so if you're 1Password and you're trying to make a native Mac app,
John:
forget about electron it's not even clear what you should do the only thing that's clear is that app kit is probably not the future but it's also the most full featured api in the platform and it can do all the things and you can make amazing apps with it but you're doing it you feel like this is just not the future because this is not like apple has introduced two new frameworks since then they both have a lot to say for them right
John:
catalyst is great and it's shared with ui kit and has great benefits as me as a developer but swift ui is the new hotness but then there's app kit that has all the features and if i use swift ui or catalyst i also have to go back to the app kit to get those features so maybe app kits the new carbon and is app kit not going to be reported to 128k or 128 bit that's a joke that's not coming don't worry like it's it's super confusing so i understand apple's situation i understand why apple doesn't come out and say swift ui number one that's the future everyone should go for it
John:
Catalyst, weird stopgap.
John:
Don't worry about it.
John:
It's cool if you're going to port apps.
John:
AppKit, forget it.
John:
Screw it.
John:
It's dead.
John:
They don't say that.
John:
Every Mac developer has this
John:
difficult choice to make that's like make or break your app right i i almost feel worse for the people who have picked one who have said i'm going i'm all in on catalyst because what if catalyst is the one that doesn't make it i mean i guess you get a few good years out of it you got to not reuse a lot of your work that you did with ui kit reuse your knowledge or whatever it's great but then five years from now catalyst is like sunset over the course of a few os releases but
John:
You're going to have to rewrite your app in SwiftUI or AppKit if AppKit is still around, right?
John:
And same thing is true.
John:
If SwiftUI just doesn't work out and ends up like fizzling and Catalyst is the true future and you really bought in on SwiftUI, what are you going to do then?
John:
So I feel for 1Password in this situation.
John:
It is almost like...
John:
The safest bet in terms of future-proofing is to defer this decision and say, we're just going to go with Electron for now.
John:
Because they tried SwiftUI and it wasn't ready, and I totally believe them on that, right?
John:
Oh, yeah.
John:
Absolutely believe them.
John:
And they probably didn't have time to go back on Catalyst, and it's like, well, we don't know which horse to bet on.
John:
So if we just do Electron and don't bet on any horse and go with a donkey, right, then...
John:
We can just wait this out.
John:
And if it turns out our Mac customers really hate this and their Apple customers want us to do native, maybe by the time we revisit the decision in a year or two, it'll become more clear what we're supposed to do.
John:
But I really, really feel like Apple's current strategy of supporting both Catalyst and SwiftUI as the modern options on the Mac is untenable in the medium term.
John:
Within the next five years, Apple needs to make a call, I think, because there's just no way to support
John:
three major ui frameworks plus all the shared underlying stuff on the mac and then complain when people choose electron instead because like well what was my alternative one of this you know alphabet soup of vaguely inter-compatible apis none of which i can use in isolation to make a quote-unquote full-featured native mac app because at this point you can't even use like well i don't know you can you can probably still use app kit to make a full-featured app is there anything you need to go into catalyst or swift ui for
Marco:
Right now, whatever you want to do on the Mac, AppKit does it.
Marco:
And AppKit is... The parallel on iOS is obviously UIKit.
Marco:
That's the main framework that the other frameworks seem to be implemented in on the underlying levels, or at least in part.
Marco:
And AppKit is the one that will be supported and maintained probably the longest on the Mac.
Marco:
In this case, I think SwiftUI...
Marco:
And it's a whole discussion probably for another day.
Marco:
But SwiftUI started as a watch framework.
Marco:
And then the other OSs kind of snatched it up and made it their own as well.
Marco:
But it started on the watch...
Marco:
And if you use SwiftUI on all these platforms, that will make a lot of sense to know that.
Marco:
Because on the watch, it's pretty good.
Marco:
And it was very badly needed compared to old WatchKit UI stuff.
Marco:
That was terrible.
Marco:
And so it was badly needed and...
Marco:
SwiftUI does well in simple contexts where the scope of what you're trying to do with the UI is fairly low.
Marco:
It's not that complicated.
Marco:
You're using mostly default behaviors and appearances of things.
Marco:
You're not doing a lot of customization.
Marco:
And you have relatively simple views and relatively simple needs and simple data models.
Marco:
Watch apps tend to have that because watch apps have to be simplified for lots of other reasons.
Marco:
So it makes tons of sense on the watch, which is why it was born there.
Marco:
And it also has less problem area to cover, and it's most mature there.
Marco:
So on the watch, SwiftUI is a no-brainer.
Marco:
Yeah, if you're making an app on the watch, use SwiftUI, period.
Marco:
As you move up to the, quote, larger, I guess, by screen size or by complexity, certainly, as you move to the larger platforms, on the phone, SwiftUI is, well, it's a little less usable than on the watch.
Marco:
There's more rough edges.
Marco:
There's more bugs.
Marco:
there's more walls that you hit trying to do common customizations or common behaviors that UIKit apps have been doing forever.
Marco:
You hit more of those walls on iOS than you do on watchOS, for sure.
Marco:
You can tell that it's a little less tested, it's a few more rough edges, and there are more ways, once you go from watchOS to iOS in SwiftUI, there are more ways in which the SwiftUI model of doing things kind of breaks down
Marco:
or starts having a lot of really ugly, you know, things you have to be doing and jumping through hoops to get it to work right.
Marco:
Well, then take that onto the Mac, and you scale it up even further onto this.
Marco:
The Mac is now even further than the watch, like in scope and everything.
Marco:
Mac apps tend to be significantly more complicated than iOS apps in their UIs and their behaviors and what they have to accommodate, what they have to do, what's important.
Marco:
And also, the Mac, unlike iOS, is a way lower priority.
Marco:
It gets way less engineering attention in software terms.
Marco:
Swift UI and the Mac doesn't seem like it's getting a lot of attention from anybody.
Marco:
Because what a surprise.
Marco:
Look at macOS software quality over the last decade.
Marco:
It's not as high of a priority as iOS.
Marco:
And so you have this framework that's been... It's pretty...
Marco:
opinionated and still pretty young and has a lot of really rough edges and it's so you know it's it's pretty good on the platform that it was made for but as you get bigger and more complicated and then in the case of the mac as you get you know seemingly a lot less resources devoted to it that's
Marco:
I don't think SwiftUI on the Mac is ever going to be great.
Marco:
I suspect SwiftUI on the Mac to always be this kind of experimental thing that a lot of people try to use, doesn't work out very well, and they go to something else.
Marco:
And then the problem there is, what John was saying, well, what do you go to?
Marco:
And AppKit is actually the right answer.
Marco:
Unfortunately, it doesn't feel good to go to AppKit for a brand new app in 2021.
Marco:
It feels like that's probably a bad decision, but with the realities of
Marco:
mac os engineering priorities and quality priorities i don't think swift ui is ever going to be the right move on mac and catalyst i i think has been has proven to be kind of like kind of like electron there's a lot of downsides to to usability
John:
It's more like carbon because it's saying, hey, we have a bunch of customers who have existing apps who would like to reuse that code and that skills on a different platform.
John:
So, you know, a catalyst is just carbon for UIKit, right?
John:
That's essentially what it is.
John:
It's even better than carbon because you don't even have to change as much code and they didn't have to.
John:
But that's, you know...
John:
We have to bring along these developers, because this is where all our developers know UIKit.
John:
Very few of them know Mac stuff.
John:
If you want more Mac apps, we need a way for our UIKit on here.
John:
But it doesn't feel... It feels like Carbon.
John:
It feels like, all right, well, these people need to be able to bring their stuff along.
John:
And it feels like early Carbon, where there's not parity between the UIs, and they're very different, right?
John:
So it's not clear... Again, before SwiftUI...
John:
Catalyst is I think we this is the name of the episode extinction level event when it's like well That's it for app kit then because once you bring catalyst over here like all those Why would anyone ever learn app kit again?
John:
Because if you don't need to learn it and you already know UI kit and you have a way to run those apps on here Why wouldn't just everybody do that?
John:
But now Swift UI is in the mix and it's even more confusing and I don't want to say about Swift UI or the fact that it started on the watch and
John:
I think I agree with you.
John:
I would say it remains an open question as to whether the sort of API paradigm, declarative interfaces, as defined by SwiftUI, is sufficient or a good way to make very complicated Mac apps.
John:
The reason we don't know that yet is because SwiftUI currently lacks tons of features.
John:
It just doesn't have the features.
John:
And that's why people bang their head against the wall trying to make SwiftUI do a thing that it doesn't have features for yet.
John:
Once they add the feature to SwiftUI, sometimes it's easy to do whatever the thing that you were trying to do.
John:
But if it doesn't have that feature at all, like first responder or controlling focus...
Marco:
trying to work and trying to get that to work in some weird way feels terrible but if and when they add that feature it's like oh now it's easy right uh but still i don't honestly i disagree with you on this i think the biggest pain points of swift ui in my experience again i haven't tried making a mac app with it i have you know a lot of experience on the watch some experience on ios so far my experience with swift ui is not running into missing features it's
Marco:
It's running into capabilities or behaviors that are really easy in UIKit, you know, in procedural programming that are just really hard because of SwiftUI's model.
Marco:
That just like this declarative model, the things that it makes easy or easier, it's like magic when you use it and you can make something so fast.
Marco:
I love SwiftUI when I'm working within the things it's good at.
Marco:
And then I hit some little thing.
Marco:
It's like, wait a minute.
Marco:
i i can't ship this like this i have to have it you know like when you you know it has to like deselect the cell correctly when i go back here or whatever and you know i run into some little behavioral detail like that and oh i just can't do that like it's not it isn't that it's hard i feel i feel like that's a missing feature though because if you had the the you know on defocused uh unselect that would take you two seconds worth of typing if that feature existed
Marco:
well some so sometimes it's a missing feature or but sometimes it's just like i can't do this thing i'm trying to do and i understand why i can't do it because the way like the procedural nature or the declarative nature of this yeah that would be really hard to model in this kind of thing or i can do it but it requires all this ugly crap hack work around uh because that's just not a thing that declarative uis is are are well representing you know
John:
That's why I say it's an open question, though, because the flip side is also true.
John:
There are things that are a super pain in the butt to do in an imperative language that are trivial to do in a declarative one.
John:
And the open question is, what does that ratio break down as?
John:
Like the things that SwiftUI is good at versus the things that a non-declarative API is good at.
John:
What is the ratio of those in a typical app?
John:
And it's modified by like you not having experience with this API, lots of people not having experience with an API like this, right?
John:
But that's why I feel like more people, you need more features to be able to build bigger apps.
John:
And then when you build the bigger apps, you need to figure out are the things that SwiftUI is good at
John:
enough to offset the things it's bad at because you you know i think it's it's basically it's pretty non-overlapping set of like the things that app kit is good at and the thing that it's bad at like it's a complementary you know set with swift ui there's not a lot of overlap just because the models are so different right but what i wanted to get at with the what with this having origins on the watch is that one thing in swift ui's favor is it does well there's two sides to it does a lot of things to be efficient part one of the advantages of
John:
of being a declarative API is it's harder for you to add code that slows the system down because it takes your whole model, turns it into a structure, you know, figures out like all the view combining and crap that you would have to do in like AppKit apps manually to improve your performance problems after watching 50 WWDC sessions.
John:
SwiftUI is doing that for you internally.
John:
Like you don't have to do that.
John:
The framework does it.
John:
The framework will, in theory, figure out how to make your thing fast, figure out how to combine your views.
John:
Like, don't worry about making tons of little views in Swift UI.
John:
It's not actually making NS views for every single one of those things.
John:
The system will figure it out, right?
John:
Because it has to be efficient because it has to run the watch.
John:
The other side of that is, yeah, but the watch doesn't have much crap going on in it.
John:
So really, has this actually been tested?
John:
Yes, it's efficient enough to run the watch.
John:
But honestly, how many SwiftUI views can you fit on the watch screen?
John:
There's not that many of them.
John:
Whereas a Mac app can have a ton of them.
John:
So this supposed system that's going to turn everything into a data structure and run it through this machine and make views to be an efficient way.
John:
Does that actually work when I have a table with like millions of cells and stuff?
John:
Or does it fall over because AppKit has had multiple decades of optimization and actually, you know, NSTableView or even how UI CollectionView actually do this much better because they've been forged in the crucible of years and years and years of making this faster and having a WWDC session telling you how to make it faster and then repeating that cycle, right?
Yeah.
John:
So that's why SwiftUI is a question mark, but there is a bunch of stuff in favor of it.
John:
It is good at things that other frameworks are not good at.
John:
It does have lots of technical things that in theory can make it very fast and efficient without much developer effort.
John:
It does have the potential, as Apple keeps pushing,
John:
to be less bug prone because you don't have to worry about as many states of, you know, the interface and, you know, having things be immutable versus mutable and declarative versus imperative.
John:
Like Apple really pushes the benefits and they are real and they do make sense and they could all work out.
John:
But we don't know if that's the case yet.
John:
Right.
John:
All we know is that right now it's young.
John:
It's got bugs.
John:
It doesn't have all the features we need.
John:
Some parts of it are, in fact, slow when you try to do big things, but it's too early to make a call.
John:
Right.
John:
And then Catalyst is kind of the same thing.
John:
Catalyst is a known quantity.
John:
We know about UIKit, but there's a bunch of crap you can't do without falling down to AppKit.
John:
And until very recently, it's been very difficult to make an app that can fool a, you know, actual experienced Mac user into thinking it's not a Catalyst app.
John:
Right.
John:
The scaling thing helps a lot, but there are other sort of telltale signs.
John:
And especially if you're bringing an app from the iPad or the iPhone, it's very easy to tell that it's not a native Mac app because no one would ever make a Mac app like that because that's not how Mac apps work.
John:
So the Mac as a platform is in a difficult situation.
John:
Part of that situation is just, you know, Apple in terms of like, well, how important is the Mac to any one person?
John:
But part of it is Apple's own doing and that they don't have a clear message on what should I be doing instead of Electron.
John:
So Electron really starts to feel like a safe, wise and reasonable choice until Apple gets his crap together.
Casey:
It's such a crummy state of the Mac, right?
Casey:
And to bring this briefly back to 1Password, I'm still not convinced that Catalyst wouldn't have been an acceptable answer.
Casey:
So it would be straight UIKit on iOS and iPad.
Casey:
And then, you know, 90% UI kit wherever possible on macOS and then dropping back to AppKit or something like that if necessary.
Casey:
I mean, if the backend really and truly is Rust and if it really and truly does 90% of the heavy lifting, then I got to imagine 90% of 10% is still not too much code.
Casey:
You know what I mean?
Casey:
Like it shouldn't have been that thick a shim over their Rust backend.
Casey:
But be that as it may, again, I can armchair quarterback all the time.
Marco:
I mean, honestly, I think they should have used AppKit.
Marco:
They already knew how to use it.
Marco:
They already had a giant existing app.
Marco:
AppKit is the right answer here.
Marco:
I know it doesn't feel good from an engineering standpoint, but that is the right answer right now.
John:
I mean, they would have had to throw away the existing AppKit app, but getting back to the core thing being in Rust, like, granted, you're going to need to put something new on top of it, because we all know, despite everyone's attempts to be disciplined...
John:
your back end is tied to your front end in ways that are difficult.
John:
So I totally understand that you've got to throw away your existing AppKit app, probably all of it, right?
John:
You've got a new core, right?
John:
But on top of that new core, how thick would the layer of AppKit UIKit or SwiftUI have to be?
John:
They tried to do SwiftUI, didn't work out for whatever reasons, if they had tried to do an AppKit layer on top.
John:
Certainly, you know, more work than Electron because Electron is shared across all the platforms and you just do it once, great.
John:
But how complicated would that be?
John:
I've used 1Password.
John:
The last 1Password version I had was 3, I think.
John:
I think I just deleted it actually a couple months ago because I realized I hadn't launched it in a while or maybe it had the circle with a line through it saying it doesn't run on this OS anymore.
John:
But I don't know how complicated 1Password is.
John:
How much UI does 1Password have?
John:
But pick any API and it's plausible...
John:
that would have been a similar amount of work to use AppKit, Catalyst, or SwiftUI on top of that core.
John:
All of those options are obviously way more work than doing zero work and just using Electron everywhere, right?
John:
So again, I can kind of understand why the company went with what they went with.
John:
But I also mostly agree with Marco that if you had done it with AppKit, that's a...
John:
In terms of customer experience, currently that's a no compromise solution.
John:
Like I was trying to think of, is there anything you can't do in AppKit?
John:
I think maybe with some of the stuff they're adding to SwiftUI, some things are actually a little bit more difficult in AppKit.
John:
Like some of the SwiftUI views would be difficult to synthesize in AppKit.
John:
But in general, I don't think there's anything you literally can't do in AppKit.
John:
So from a customer's perspective, they don't need to know your car is in Rust.
John:
Who cares?
John:
Your UI is in AppKit.
John:
They don't need to know you rewrote it all, especially if you change it and it looks a little bit different for the version 8 or whatever.
John:
And that's fine.
John:
If you did it in Catalyst, I do wonder if we would be having this exact same podcast, only instead of us complaining about them going to Electron, we'd be complaining that they went to Catalyst.
John:
Because Catalyst apps also have their own kind of, especially if your goal is to share that code with iPad and the iPhone.
John:
he'd be like oh why don't the menu why is these menu items weird why don't the keyboard shortcuts work like there's tons of reasons to complain about cap because it's all so young right and then swift ui like you know they would still be writing it because there's like three things they needed to do that it doesn't currently do and good luck trying to wedge that in right
Marco:
And SwiftUI is buggy, too.
Marco:
If you look at the way SwiftUI does even certain transitions, like navigation controller transitions, certain animations, SwiftUI actually does a lot of things in different ways than the native UI frameworks on its own platform does them.
Marco:
If you write certain things in UIKit or AppKit versus SwiftUI, they actually sometimes behave in small different ways.
Marco:
This is why I think the idea of cross-platform design and having a shared framework between very different kinds of platforms.
Marco:
How long has our industry been trying to do this?
Marco:
When has it ever worked with the sole exception of the web browser?
Marco:
The web browser is the greatest cross-platform, cross-UI, everything.
Marco:
But
Marco:
Once you get into apps, native apps, the platforms are so different in big and small ways.
Marco:
You know, a few big ways and a thousand small ways that I don't think it's even possible to expect any cross-platform toolkit to ever really make great UI experiences.
Marco:
I think whatever you write for a phone,
Marco:
or for a watch, or for the Mac, or for the PC, or for the web browser.
Marco:
Those are all very different targets.
Marco:
And they all have different UI conventions, different expected behaviors by users, entirely different environments and needs and priorities.
Marco:
And so you're right.
Marco:
Catalyst apps do suck.
Marco:
And the reason they suck is not because they're both on web technologies.
Marco:
It's not because they don't have all of the same implementation details or almost any of the same implementation details as something like Electron.
Marco:
They suck because they're running iPad code on the Mac and it doesn't feel right and it doesn't behave right in lots of little tiny ways.
Marco:
And that's native code.
Marco:
It's not being interpreted or emulated.
Marco:
That's native code running in what is kind of a native framework, but it's kind of for the wrong platform.
Marco:
I don't think this dream of having cross-platform, we're just going to write one app and it's going to be the same and it's going to be great everywhere.
Marco:
I don't think that's ever achievable because platforms aren't the same.
Marco:
And to be great on a platform requires it to adopt to all the platforms' little behaviors and priorities and things, which are all going to be different.
Marco:
So that's why I think a company like 1Password
Marco:
They have the resources, they have the engineering, they have the staff.
Marco:
They got to where they are today in part because they made native apps on multiple platforms that were good.
Marco:
And the idea of transitioning that to one shared app
Marco:
no matter what framework they're using, is not going to be good.
Marco:
It's not going to be as good as what they had before.
Marco:
It's not going to feel right.
Marco:
Everything's going to feel like a web view because that's what it is.
Marco:
But even if they wrote it all in native code, if they still had the exact same UI behavior and layout and everything across all platforms, it would also still feel and work poorly.
Marco:
Different platforms are different for reasons, and they're always going to be.
Marco:
And so if you're going to have an app on multiple platforms and you care a lot about the experience being good, I think you have to write it natively on each platform.
John:
That's another argument.
John:
What you just said is kind of another argument for Electron, unfortunately, because of all the things you listed, like it feeling needed or whatever, the web, as you noted, is a sort of common interface across all platforms that...
John:
It has its own conventions and language, blue underline words, click on, you take your places, there's an address bar, back and forward, reload.
John:
Like there's this whole other miniature world of UI conventions that exist within the web.
John:
And obviously it's not as consistent as a single OS, what people are familiar with.
John:
And the second thing the web has going for it is good web browser engines
John:
essentially embed native controls like the text fields when you hit control you know hit control a in a text field which is like an emacs key binding that works because the ns text field from next was written by a bunch of emacs users so control a works in text fields on the mac os 10 as long as you're using a coco api right
John:
Does that work in web browsers?
John:
I'm pretty sure it does.
John:
Casey, you need to go test this for me.
John:
Beginning of line?
Casey:
It does.
John:
Same thing with buttons.
John:
They may not look like native buttons, but they were historically native buttons now because of CSS stuff.
John:
They may be a little bit weird or whatever.
John:
Pop-up menus, scrolling regions, text editing regions.
John:
Most web browser engines, most good ones these days, try to use native controls within them.
John:
Right.
John:
Catalyst uses quote unquote native UI controls, which do not behave like Mac controls.
John:
They behave like iPad and iPhone controls.
John:
And the iPad and iPhone until recently didn't even have a cursor.
John:
Right.
John:
And so it's a totally different interface paradigm.
John:
And, you know, an Electron app, the two things that I was going for is, one, it might actually feel more native, and two, the parts that don't feel native feel like web, which at least is an interface that people look at and say, oh, I kind of, you know, they code switch, they mode switch, whatever.
John:
They're like, oh, this is like a web UI.
John:
Like, I feel like I do that when I use Slack.
John:
Like, when I'm using Slack, it's not like I feel like I'm using a web browser, but I, like, I'm in web app mode.
John:
Like, and I think a lot of Mac users...
John:
We've been used to that since we have, because basically, you know, maybe 50% of the windows on our computer are web windows, right?
John:
Where the whole world inside those windows is the webpage language, right?
John:
And then the Mac stuff is outside of it.
John:
And so when I go to Slack, I'm into the web mode.
John:
If a Catalyst app lands on here, and it doesn't respond to any of my keyboard commands or focus commands in the text fields, and I can't tab from text fields, and the date picker is some weird Wheel of Fortune thing that I don't even understand, that's not web, that's not Mac, and it feels worse.
John:
I don't want that at all, right?
John:
Again, Electron is not giving you the best experience.
John:
I agree with Marco.
John:
You're one of the best experience.
John:
You write it in AppKit and, you know, or hell, AppKit was SwiftUI inflected, which I think is also, I feel like that's the second choice.
John:
If we had to rank these, AppKit will feel the most native because it is the most native.
John:
But of course, everyone thinks that API is dead or dying.
John:
app kit with swift ui views i think is the best technical solution because every place you can't use swift ui just use app kit you're fine but the places where you can get swift ui it i can tell you it integrates really well with app kit and the places where you get benefit from it big win as you all know use it in the places where it's a big win saves you tons of time and by the way those use happen to be reviews reusable if you want to use them elsewhere um right and then i would say a distant third is catalyst
John:
this is all based on the fact that apple hasn't really given any guidance about which one of these three is dying which one of these three is going to lose like what is the ranking which one is going to get the boot which one is going to die from slow neglect which one is going to win we don't know but just on the technical merits app kit with swift ui number one uh you know swift ui alone did not finish uh catalyst third place
John:
and and then that soup though i feel like electron the choice of electron which is make the user the user experience worse for users and get everyone to complain but potentially get everyone over the hump and eventually people just stop complaining and if you actually if this actually does work the way you say where oh now we can do features more quickly well then prove it by rolling out features more quickly and maybe people start to get happy or maybe they still grumble uh and then you buy yourself a year or two where you can have your you know
John:
your mea culpa post and say we heard you and now that it's clear that we shouldn't be using Electron on the Mac it's also become more clear that insert framework here is the future of APIs on the Mac and so we've rewritten the Mac client using that API
Casey:
before we go, I, I hear what you guys are saying and I, and I agree with you, but I don't know.
Casey:
I feel like my, my gut tells me having never used it, that catalyst is a more viable solution here than, than I think, especially John, you're giving it credit for.
Casey:
And,
Casey:
I am quite possibly wrong there, but my call to action for the listeners is if you have an app that you're fairly confident is Catalyst that you use or write that you think is a really and truly good platform citizen, let me know on Twitter.
Casey:
I'd be curious to hear what that is because I don't know what the plate of Catalyst apps is.
Casey:
Like I know the ones that we all hate on the Mac that Apple ships like Home, which honestly is garbage on iOS too, but do you think
Casey:
That's neither there nor there.
Marco:
Home is terrible everywhere.
Casey:
Bad example.
Casey:
But that's exactly my point.
Casey:
Home, and I'm sure there's a couple others that I'm not thinking of off the top of my head.
Marco:
Well, Messages is probably the most used Catalyst app, if I had to guess.
Casey:
That's true.
Casey:
And that still has a couple of quirks in Big Sur, but for the most part, I think it's pretty good.
Casey:
But yeah, if there's a Catalyst app that you use or write that you genuinely believe is really and truly awesome, I'd be curious to hear about that on Twitter.
Casey:
So please let me know.
John:
yeah catalyst catalyst has like there's no reason catalyst can't be eventually made to be as good as app kit with all the features it's just not there yet because it's only been a few years since it's been on the mac platform and like stuff doesn't work yet drag and drop or the cursor doesn't work right the right way or the menu bar stuff's on the same like all of these it's swift ui is the youngest obviously and it's got the farthest to go but there's nothing technically stopping either catalyst or swift ui from eventually being the api on
John:
the mac platforms just neither one of them is right now right and so we're faced with the reality you know and and i i you know i gave swift ui did not finish but i just feel like it's it's too young and too ready but i rank catalyst below app kit with swift ui mixed in like that's one of the one of the beauty i mean one of the beauties of swift ui is it's really easy to mix in with app kit you can also mix in swift ui obviously in a catalyst app and you can mix app kit in with the catalyst app too but i feel like three apis is too many
John:
in a single app.
John:
So if you have to mix them, AppKit with SwiftUI just makes so much sense because you can just smell when this is going to be a place where SwiftUI is going to be awesome.
John:
And where it's not, you're in AppKit and you can literally do anything and you're fine, right?
John:
But Catalyst, it's a much more difficult balancing act.
John:
So I feel like we just have to wait to see how this all shakes out.
John:
Right now, Catalyst is in the lead, technically, because it has more features and you can make a more convincing, more complicated application
John:
mac app with catalyst than you can with swift ui but app kit you know obviously can do everything and is you know hugely mature and has good performance and eventually microsoft and adobe did rewrite their crap using this api uh so yeah it's probably going to be around for a while so that's why i just keep looking at swift ui and catalyst and wondering
John:
Wondering how that's going to shake out.
John:
But in the meantime, like, again, I don't use one password.
John:
You know, I bought it a couple of times, decided it wasn't for me.
John:
I just use iCloud Keychain for a variety of reasons.
John:
And I'm glad that iCloud Keychain is getting better.
John:
But I will say that every day I use Slack and other Electron apps that I consider good Electron apps.
John:
And I have to say a good Electron app doesn't bother me too much, but it should definitely bother Apple.
Marco:
And I'll say, I'm still using 1Password even throughout all this because iCloud Keychain would be the obvious thing that I would go to instead.
Marco:
But I don't trust Apple yet to have the functionality I need consistently in that product yet.
Marco:
Right now, I use iCloud Keychain as a convenience.
Marco:
If I fill in a password on a web form from 1Password and Apple offers to save it, I say yes.
Marco:
And the next time I go to that site, it might fill it in.
Marco:
Sometimes.
Marco:
It might not.
Marco:
It also seems broken on my phone forever for some reason.
Marco:
iCloud Keychain just never works properly on my phone.
Marco:
It works great on all my other devices except my phone.
Casey:
It's because it's too small.
Marco:
Yeah, maybe.
Marco:
My battery life is getting bad fast.
John:
It's because it knows you have 1Password installed and it's angry.
Marco:
Yeah, right.
Marco:
I don't like iCloud Keychain yet.
Marco:
I think it might eventually get good, but it's not good enough and stable enough and consistent enough for me yet.
Marco:
It still doesn't have a lot of features I like with 1Password.
Marco:
And of course, there is the cross-platform thing that is always going to be kind of an afterthought for Apple if it exists at all.
Marco:
So...
Marco:
I want to keep using this product and I probably will keep using this product.
Marco:
I'm just going to have more paper cuts now.
Marco:
And that's unfortunate.
Marco:
And I hope they can find a way not to do that or at least to reduce or eliminate those paper cuts.
Marco:
But
Marco:
i think some degree of that is inevitable with all electron apps and and if not electron as i was saying a minute ago with all cross-platform apps like if you don't have native uis that were really written like with the platform they're running on in mind with a significant amount of native code on each platform i don't think you can make great experiences i think you can make okay you can make acceptable experiences it's hard to make great experiences
Marco:
The most common Electron app I use is Slack.
Marco:
I use it all day, every day.
Marco:
It's not a great experience.
Marco:
It's fine, but it's not great.
Marco:
Slack, I feel like, is even more excusable as an Electron app because it has such a much larger amount of UI.
Marco:
There's so much UI in Slack.
Marco:
So many different kinds of screens, so many different modes the UI can be in, so many different levels and threads.
Marco:
There's so much UI in Slack.
Marco:
That is more excusable to me to be an Electron app.
Marco:
And it's a server-side app.
John:
Everything you do talks to a server.
John:
So it being web-based technology, it's like, okay, I can see that.
Marco:
right yes but uh but one password i i think the the conception of it that i have is that the the amount of ui in this app is significantly smaller than slack now that being said in all the different directions they're going as their focus on you know business enterprise kind of features maybe that's all changing for a bunch of stuff i'll never use and that's why it's extra frustrating would you like to save your screenshots in one password
John:
one password can now back up your entire computer i just got that prompt today i'm like from dropbox dialogue yeah because i was on i was on some like one of the kids accounts on a computer that they don't use normally i'm like would i like to save my screen i'm like wow this is a dropbox dialogue what the heck is i've long since like dismissed it and told dropbox to shop on all my computers yeah please one password do not offer to save all our screenshots
Marco:
dropbox needs your root password to enable certain features oh yeah yeah anyway yeah let's let's hope one password doesn't go the way of dropbox but unfortunately i look just looking at you know the direction they're going as a company for you know focusing a lot on the business market and everything i think it's it's gonna be an uphill battle to not go that direction and and so i hope they don't but yeah anyway
Casey:
But as a final note, I mean, at least Mark and I, we spent a lot of this time talking about 1Password because it's a product and company we love so darn much.
Casey:
And in the defense of 1Password, you know, this is the first public beta of 1Password 8.
Casey:
And three 1Password employees have been hanging out in the chat, including both founders this entire, or certainly this entire segment, if not the entire episode.
Casey:
So, you know, they obviously care.
Casey:
And I don't think...
Casey:
I don't get the feeling that they're just in here trying to do some sort of damage control.
Casey:
I really genuinely believe that they care, and that's why we care.
Casey:
And I hope that continues to be the case, because I agree that I fear that that 1Password's heading for a Dropbox fall into irrelevance, and I really hope that that's not the case.
Marco:
I wouldn't even say irrelevance.
Marco:
I would just say just very different priorities than what all the consumers who started using it really want out of it.
Casey:
That's true.
Casey:
That's fair.
Casey:
That's fair.
Marco:
Thanks to our sponsors this week.
Marco:
One password.
Marco:
No, actually, it was Linode, Mack Weldon, and Squarespace.
Marco:
And thanks to our members who support us directly.
Marco:
You can join atp.fm slash join.
Marco:
We will talk to you next week.
Marco:
Now the show is over They didn't even mean to begin Cause it was accidental Oh it was accidental John didn't do any research Marco and Casey wouldn't let him Cause it was accidental Oh it was accidental And you can find the show notes At ATP.FM
Marco:
And if you're into Twitter, you can follow them at C-A-S-E-Y-L-I-S-S.
Marco:
So that's Casey Liss, M-A-R-C-O-A-R-M-N-T-M-A-R-C-O-R-M-N-T-M-A-R-C-O-R-M-N-S-I-R-A-C-U-S-A-C-R-A-C-U-S-A-C-U-S-A-C-U-S-A-C-U-S-A-C-U-S-A-C-U-S-A-C-U-S-A-C-U-S-A-C-U-S-A-C-U-S-A-C-U-S-A-C-U-S-A-C-U-S-A-C-U-S-A
Casey:
So long.
Marco:
So my bike was stolen a few days ago.
Casey:
Well, it's all coming up Milhouse for you this week, huh?
Marco:
Good thing you had an AirTag on it, though.
Casey:
Right?
Casey:
Right?
Casey:
Oh, wow.
Casey:
Oh, wait.
Casey:
Is this real?
Casey:
Oh, now I'm really excited.
Marco:
So this was incredible.
Marco:
So Tiff was showing at an art show here in town, which was great.
Marco:
It was a big deal.
Marco:
It was huge.
Marco:
I'm very proud of how it went for her.
Marco:
She was great, and stuff went well.
Marco:
It was great.
Marco:
Anyway, Tiff was doing this art show.
Marco:
I was sitting at the booth with her for the second half of this day, and
Marco:
And I was riding my bike back and forth occasionally back to the house to let hops out or do other pickup stuff, whatever.
Marco:
I was parking my bike 15 feet from where I was sitting.
Marco:
It was in eyeshot.
Marco:
Did we figure out if that's a word?
Marco:
Is eyeshot a word?
Marco:
This is a new one.
Marco:
This is not like heartened.
Marco:
I guess within view.
Marco:
So it was within eyeshot.
Marco:
And I don't usually lock my bike in town because it's a beach town.
Marco:
You can't bring bikes on the ferry.
Marco:
So there's nowhere for a bike to really go.
Marco:
And so bikes don't usually get stolen for profit.
Marco:
They get stolen usually by drunk idiots who are about to miss the last ferry of the night.
Marco:
And so they rush to grab whatever bike they can find.
Marco:
They ride to the ferry and they dump it somewhere near the ferry.
Marco:
And so then the next morning, everyone goes in the town Facebook group and posts like, hey, there's this bike in front of my house.
Marco:
Whose is this?
Marco:
And then like someone else would be like, oh, I know that's Bob's bike, you know, because everyone knows it's a small town.
Marco:
So so these are this is like the the environment that we operate in here.
Marco:
So normally I don't even lock my bike if I'm just like going out to, you know, a grocery store or something because it's there's not a real theft problem for like in the way that you would usually think of one.
Marco:
So I thought AirTags would be perfect for this because, again, the problem is not professional bike thieves coming up with an angle grinder and cutting your U-lock to steal your bike for profit.
Marco:
All you need to know is, okay, my bike is not where I left it.
Marco:
It's probably somewhere stupid.
Marco:
Where is it?
Marco:
That's all you need to know.
Marco:
So I thought AirTags were great.
Marco:
So when I got my first AirTags earlier in the summer, I put one in discrete locations on many common objects, including my bike, and figuring that, hey, this could be good for a passive environment like this.
Marco:
And also, the lack of true GPS or cellular in them wasn't a big problem because...
Marco:
I don't think there's anywhere in this entire island that an object is likely to be more than 20 feet from an iPhone for very long.
Marco:
Uh, it's, we have like very tightly packed houses and tons of people walking around all the time.
Marco:
So, you know, the iPhone location basis of them is also going to be, I think pretty accurate.
Marco:
So anyway, so at this art fair with Tiff, my bike is parked 15 feet away within I shot.
Marco:
And I,
Marco:
i within an hour and a half period like between 3 30 and 5 on this day we finish up the art fair tips packing up i go to get my bike i'm like where's my bike did i parked it here right i'm looking around like where is it and this was in a bike rack full of other bikes like i'm like where where did my bike go i said somebody steal my bike in front of me and i didn't notice
Marco:
Yes.
Marco:
Yes, they did.
Marco:
So at some point, someone in this art fair, there's a lot of foot traffic.
Marco:
Someone at some point walked up to my bike and just took it out of the rack.
Marco:
That's bananas.
Marco:
So I'm like, all right, well...
Marco:
let's see so um i uh i looked open up the find my app and find my bike it instantly showed a point of the map that was a few blocks away by the ferry so i was like i was like okay but it's like okay it's this happened between 3 30 and 5 p.m could somebody have really been that bombed at like four o'clock in the
Marco:
but also i'm like this wasn't even the last ferry they like you know this was like four o'clock the ferries run till like midnight like this it's not anyway so i i'm like i walked over like this will be amazing if my bike is actually where this says it is i walk you know towards on the map and sure enough the air tag had exactly located my bike which was parked in front of a storefront and next to a
Marco:
I have no idea how this happened in front of me without me noticing.
Marco:
It doesn't even make sense because in the context of this art fair, there were so little – it was hard to even walk down the sidewalk.
Marco:
let alone bike down it like because there's so much traffic it's like walking through times square like that you but on a much smaller scale obviously like i don't know why somebody did this but the fact is my bike was indeed stolen in the stupid way that bikes get stolen here the air tag worked perfectly and it let me find it in 10 seconds after i started looking like wait where's my bike it's not here okay find my boom it's a few blocks that way okay
Marco:
Walk right to it.
Marco:
It's exactly where it says it is.
Marco:
So here is my success story with AirTags.
Marco:
If you happen to have the very strange needs and priorities that I do for bikes here, they work really well for that.
John:
Keep an eye on your bike, too.
John:
Why?
John:
Yeah, that might be a good idea.