The Talk Show

257: ‘A Beautiful Sandwich’ With Daniel Jalkut


00:00:00   It's been too long. It really has. I don't know why. It's like some of my favorite people to have on the show are the ones that I put off putting them back on the show because I want it to be special.

00:00:10   And then it gets to the point where I'm like, you know what? I can't wait any longer. I gotta have jalapeno on the show.

00:00:17   I'm just curious what the sandwich is going to be. You should get Adam Lizagor on a sandwich sandwich.

00:00:27   Then it'd be a sandwich sandwich right last episode was

00:00:29   Ben Thompson, that was my emergency

00:00:33   Johnny Ive has retired episode. Yes, and that was good

00:00:38   It was good Ben Thompson always good Ben Thompson very insightful on stuff like that

00:00:44   But it was also I was saving it up. See, you know me, you know me very well. That's it

00:00:49   It's you know, I think you've got me down cold

00:00:54   Gotcha, I don't I don't celebrate stuff like episode 200. You know, I mean like when episode 200 rolls around

00:01:01   I don't do anything special. I don't even mention it last episode though was episode 256 and as a nerd

00:01:07   256 hits me harder than something like an episode 200. Are you the same way?

00:01:14   Yeah, except for I would have to you know, I this excitement's over by 256. It's all 255

00:01:21   It's all it's all the party is like 255 and 256 is the hangover see because the thing is

00:01:27   The thing is as you know as well as I do that if if there's intelligent life elsewhere in the universe

00:01:34   Maybe and if they're even vaguely

00:01:37   Hominid type

00:01:41   Life forms, you know if they even look vaguely like us, maybe they have eight fingers. Maybe they have 12 fingers

00:01:47   Maybe they only have six fingers

00:01:49   But the fact that we have a decimal

00:01:52   mathematical system is

00:01:55   clearly and

00:01:56   unambiguously the fact that we have ten figures

00:01:59   right, so these numbers like a hundred and two hundred are

00:02:03   Completely arbitrary based on the number of fingers we have I'm not saying I don't notice

00:02:09   I notice when I'm publishing episode 200 or you know a

00:02:13   Couple weeks from now or months from now when I episode when I do episode 300

00:02:18   I'll notice but it doesn't hit me the way like 255 or 256 does because I

00:02:23   realized that no matter where you are in the universe even if you've got you know

00:02:29   you're a species with eight fingers maybe you're a species with 12 maybe

00:02:33   you're a species that doesn't have hands I don't know what the hell yeah but if

00:02:37   you've invented computers you're gonna know that 256 is a magic number who

00:02:42   knows what representation you're gonna put it in but it's gonna be a magic

00:02:46   number because binary is magic. That's a good point, good observation.

00:02:53   Well, but now you're 257 so... I'm gonna be a part of a

00:03:02   beautiful sandwich though. That's all I have. How's your summer going? It's freaking hot.

00:03:11   You're in Philly, right? So, or have you been in Philly through the heat wave?

00:03:17   Well, we were in Florida earlier in the month and it was actually less hot and humid than it is right now.

00:03:24   Right now, they say, I'm looking at the Dark Sky app, 91 feels like 99, but yesterday it was

00:03:34   six o'clock at night and it was 94 degrees but it felt like I guess that's

00:03:40   the heat index 106 which is insane like plus 12 on the heat index is absolutely

00:03:47   insane yeah that's nuts we we just went actually for a quick weekend to get away

00:03:54   up to Vermont we don't have any particular tie to Vermont it's just you

00:03:58   know as you know you lived in Massachusetts for a while suddenly

00:04:00   you're close when you're in Massachusetts to all these great northeastern states and Vermont is one

00:04:06   of them. What's great about a place like Vermont is it's relatively unspoiled compared to the rest

00:04:13   of the country/world. And so we went up to Vermont and it was freaking hot there as well, but it's

00:04:22   the kind of place where you can just like walk over to the nearest river and sit down in a river.

00:04:28   You wouldn't want to do that in Philly.

00:04:30   - One of the things I love about Vermont,

00:04:32   and I don't know if it's statewide,

00:04:34   I don't know if it's only the roads I've been on

00:04:36   the handful of times I've been there,

00:04:38   but I have been there.

00:04:39   One of the things I love is that when I've been there,

00:04:41   and it might be statewide, I don't know,

00:04:43   but there's no billboard advertisements at all.

00:04:46   It's illegal, it is against the law, they just preserve it.

00:04:50   So you're driving on these roads,

00:04:52   and the only thing interrupting the natural woods

00:04:57   Woods and and the mountains is the road you're on, you know

00:05:01   like the actual macadam you're driving on is the only interruption and there's no advertisements for

00:05:08   Coca-cola or movies or what whatever you have and and it's truly a beautiful beautiful state it is

00:05:16   Yeah, and I didn't know that about Vermont, but I'm not surprised if that's true at the but the place I had consciously

00:05:22   Noticed that is also true about before is Maine. Yeah, which is also huge and it's also beautiful

00:05:27   And one of the funny things I noticed is there's no billboards

00:05:32   But apparently the state just thinks you get too bored or something if you don't see something every once in a while

00:05:37   So occasionally there's like an advertisement for the state itself. Oh

00:05:40   State they just keep driving along. It's like hey, Maine. How about that? You know, I like it. There's also

00:05:47   Signs that we don't have in Pennsylvania like a moose crossing

00:05:51   Right? Yeah. We don't have moose in Pennsylvania. No, no, no. You got a problem

00:05:56   if you got a moose in Pennsylvania. Yeah, we've got deer but they just let you hit

00:06:00   them. They don't even warn you when you when you're crossing. They're just like

00:06:03   just just drive right through them. Just get it over with? Yeah, just get it

00:06:06   over with. Take your car into the shop. Get the dents taken out. Somebody will

00:06:10   pick up the cars. Oh my god. You know what? What do you want to talk about? You got

00:06:17   anything on your mind? Well, I actually just, as luck would have it, I just kind

00:06:25   of like maybe even kind of rushed out a blog post, so I hope I didn't screw

00:06:28   anything up, but I wanted to publish something that was on my mind and you

00:06:34   invited me on the show today and I thought well I'm gonna get this out

00:06:36   because I want to talk to John about it. And so it's gonna be one of these things

00:06:41   I think it's gonna be either really interesting or somebody will point out

00:06:45   some reason I got it all wrong, or both.

00:06:49   But the key takeaway from this blog post I just published is sort of a consequence that

00:06:57   I observed with the whole new app notarization thing on the Mac.

00:07:02   You know about this.

00:07:04   And it's the next level of all of these mounting restrictions/security enhancements that Mac

00:07:13   developers have been facing over the past 10 years plus.

00:07:18   And the notarization system is new last year and it essentially is a process where you,

00:07:23   before shipping an app, you send it to Apple and they scan it for, I guess they say known

00:07:30   malware, but then they also sort of verify that it's using, it's not a very restrictive

00:07:36   set of APIs, but like there's certain APIs and certain like library loading behaviors

00:07:40   that you're not allowed to use.

00:07:44   - Things that they know are bad news.

00:07:47   - Yeah, mostly, or things, and then there's some things--

00:07:50   - Or that they think are bad news, without being judged.

00:07:51   - They think are bad news, yeah, exactly.

00:07:53   Some of them, I think most people would agree are bad news,

00:07:55   so that's good, and they're scanning for that.

00:07:57   And then some of it's kind of middle of the road,

00:07:58   and then there's this kind of opt-in system

00:08:00   where you just say, "Okay, I'm doing this thing."

00:08:02   Like, for instance, you can say,

00:08:05   "I want to be able to load libraries

00:08:09   signed by entities that are not myself or Apple.

00:08:13   By default, with this new notarization system,

00:08:17   it's called the hardened runtime goes with it,

00:08:19   and by default, you're only allowed to load shared libraries

00:08:22   by, signed by the company that also signed the app,

00:08:26   or by Apple itself.

00:08:28   So that's an example of something where you can opt out

00:08:30   of it because Apple realizes there are companies out there

00:08:33   that load plugins from diverse developers, for example.

00:08:38   For instance, recently I've been working for another company on some plugins for Apple's

00:08:44   logic.

00:08:45   And those plugins will not work if it can't load this way.

00:08:49   Anyway, kind of going off on a tangent here, but the key takeaway from this blog post is

00:08:56   something I noticed while working on the notarization process, which is...

00:09:00   And to emphasize this, notarization is a new thing that is different than App Store.

00:09:08   It has nothing to do with the App Store, really.

00:09:12   The stuff that gets notarized can go right from the developer's website to your computer

00:09:17   without ever going through the App Store.

00:09:19   It's a different form of verification.

00:09:23   And I think that's worth emphasizing.

00:09:26   It is worth emphasizing especially because it shines the light on the one peculiar implementation

00:09:33   detail which is that all of the notarization happens through App Store servers.

00:09:41   So you submit your binary using this tool called AL tool. If you do it from the command

00:09:48   line, Apple has stuff to let you do it automatically through Xcode. But most like, I think most

00:09:53   companies of a certain size and then most companies that just kind of have things automated

00:09:57   in a certain way, myself included.

00:10:00   Do the things you build and submit whatever from the command line.

00:10:03   Anyway, I noticed that...

00:10:06   So the rough outline is you build your app, you submit it to Apple in binary form, you

00:10:10   don't have to give them source code or anything.

00:10:12   They scan it and then they basically keep like a dictionary of, you know, a look up

00:10:17   table of hashes from binaries that exist that have been, you know, in the world that have

00:10:22   been notarized. And then at runtime, when the OS is about to launch your app, I think

00:10:27   just for the first time still, it goes and actually checks in with Apple and says, "Hey,

00:10:32   this is the hash. What do you got?" And then Apple says, "Yes" or "No." Like, "This is scanned"

00:10:37   or not. That's kind of the rough outline. Anyway, when I was going to notarize one of

00:10:42   my apps, I got an error back that said the error wasn't like your app is messed up or

00:10:49   It wasn't like Apple's servers were messed up.

00:10:52   You have not signed the latest versions of the contracts at App Store Connect.

00:11:01   As I said in this blog post I wrote, I sort of just flew right over.

00:11:04   I didn't even think about it.

00:11:06   This is kind of like that same criticism many people have for all these new dialogues that

00:11:12   say "Do you want to allow this?

00:11:13   Do you want to allow that?"

00:11:15   classic like we criticized Windows for this and now Apple's doing it.

00:11:19   Whatever it is, you get so used to approving things, you just do it almost automatically.

00:11:26   And I think a lot of developers are like that with the App Store contracts.

00:11:30   We're not lawyers.

00:11:31   We're also not prepared to say, well, that's it.

00:11:35   I guess this is my last day being an Apple App Store developer.

00:11:38   >> Yeah, I'm out.

00:11:39   >> Yeah, I'm out.

00:11:41   You got me there.

00:11:42   But what's interesting about this is,

00:11:45   if I'm understanding everything correctly,

00:11:47   I literally had to go agree to App Store developer contracts

00:11:52   in order to notarize my app to ship directly to customers.

00:11:57   - Right, in other words, you have to agree

00:11:59   to App Store terms to distribute a non-App Store app

00:12:03   if you're going to comply with this notarization,

00:12:06   which in theory, on the surface, is a good idea,

00:12:11   at least the spirit is good.

00:12:13   There's no malfeasance on Apple's part to encourage this.

00:12:18   But there are very reasonable reasons

00:12:25   why some developers for certain apps

00:12:28   do not want to agree to App Store terms.

00:12:30   - Yeah, that's one aspect of it.

00:12:33   And then the other aspect to me is just the granularity

00:12:37   of how this has the potential to inter,

00:12:40   so even if you're just like me

00:12:41   you kind of blindly agree to the contracts every day.

00:12:43   Whatever, not every day, but however often they come out.

00:12:47   This is still a situation now where it's like,

00:12:49   hmm, you just tried to ship an app,

00:12:51   but uh-uh-uh, you haven't agreed to the latest contract.

00:12:55   And that's a substantial difference from,

00:13:01   people complained about developer ID when it came out,

00:13:04   but with the developer ID,

00:13:05   you essentially went through this process

00:13:07   of getting a certificate that was then good for years

00:13:11   of uninterrupted software distribution on the Mac.

00:13:14   So I guess you could say, well, you had to agree

00:13:17   to the terms to get a developer ID.

00:13:20   But this feels different to me because of the granularity

00:13:25   of it and the fact that you could at any time,

00:13:28   theoretically there's companies out there

00:13:31   that might actually look at the new contract and say no.

00:13:35   I know that a lot of companies have lawyers who they at least have review every iteration

00:13:40   of the contract.

00:13:42   So you're looking at a situation now where you could face a situation where you're trying

00:13:49   to ship an important bug fix and…

00:13:51   Well, and it's very clear that if we're not there already, we're clearly heading towards

00:13:57   a world where a non-notarized app is going to be a second-class citizen.

00:14:03   Yes.

00:14:04   Yes, well, I mean, this is--

00:14:06   I think we're probably there already, right?

00:14:09   It's come to a head in Catalina,

00:14:11   in the Mac OS Catalina public beta,

00:14:13   because, I mean, we are already there

00:14:16   because right now, as it stands,

00:14:17   if you are not developer ID signed,

00:14:20   then by default, you know, the system just says,

00:14:22   "You can't open this, sorry. It's not trustworthy."

00:14:25   And you have to kind of know that you can do this whole dance

00:14:27   of right-clicking it and selecting open.

00:14:29   Right, or selecting it,

00:14:31   and the other way to get around it

00:14:33   it would be to select the icon in the finder and then in that if you have the

00:14:39   toolbar in your finder window you can go up to the gear gear menu in the window

00:14:45   and select open but there's something you know it's it's a it's equivalent it's

00:14:51   the single click way of getting around the the control click or right click way

00:14:56   of you know selecting an icon and hitting open because if you just double

00:15:02   click the icon, you're never going to get there, right? It

00:15:04   just, it only gives you the option to quit.

00:15:07   Yep, that's right. And the behavior as of Catalina is it's

00:15:12   intensified, because I think previously said, you know,

00:15:15   something like, sorry, I can't open this because it's from an

00:15:18   unknown developer. And now it says something like, can't open

00:15:22   this because it's dangerous, and we can't scan it for

00:15:26   vulnerabilities or whatever, you know, something a little bit

00:15:28   more. So that's sort of the premise of my blog post is you have to start with the assumption

00:15:37   that every reasonable developer who is shipping Mac software for, you know, for either for

00:15:43   a living or because they want to have a broad reach, you have to start with the assumption

00:15:47   that they acknowledge that they have to sign things with developer ID and that now we have

00:15:54   to notarize our software.

00:15:58   Starting with that premise, of course you can still ship software and people can right-click

00:16:02   it or whatever, but it's an interesting new world.

00:16:07   Starting in 1015, there's an interesting barrier now that could potentially be significant

00:16:17   if, I don't know, some companies, like I said, they have to have lawyers review these contracts

00:16:22   before they agreed to them.

00:16:23   And that's going to slow some releases down.

00:16:27   One thing I mentioned to you before we started recording,

00:16:32   just when we were texting, setting this up, but for years,

00:16:37   we, meaning Mac experts, Mac nerds, Mac aficionados,

00:16:43   Mac developers, people who really, really care deeply

00:16:48   about the Macintosh as a platform,

00:16:50   have been worried for years that Apple is going to force.

00:16:56   IOS style restrictions on Mac OS, meaning, hey,

00:17:01   the they're going to issue an update, they're going to have a WWDC

00:17:05   where they say everything outside the app store is deprecated next year.

00:17:09   You know, and they never say next year.

00:17:11   But you know, when they mean next year, they'll they'll be like in quotes,

00:17:15   you know, next year it's going to be App Store only.

00:17:19   and everything you're going to run on your Mac has to go through the App Store.

00:17:23   That's the thing that we've been worried about.

00:17:24   We don't want I don't want that.

00:17:26   I really don't. I think that would be very bad for the platform.

00:17:29   I don't think it'd be the death of the platform.

00:17:32   But I really do think that part of what makes the Mac, the Mac

00:17:35   is that you can run arbitrary software.

00:17:37   And and I've been worried about it

00:17:41   just because it seems like something Apple might do.

00:17:43   And and, you know, you and I have a slew of friends

00:17:47   who are all in the same racket, and we've all been vaguely worried about it.

00:17:51   And the truth is, like many things in life, it's like the simplistic thing you're worried

00:17:57   about isn't the thing to worry about.

00:17:59   It's not working out like that.

00:18:01   I don't think that's going to happen now because year after year as we see the screws tighten

00:18:07   on some of this security stuff, the Mac is evolving in very different ways.

00:18:13   It's not like, I wouldn't call it like iOS at all, but it is, in broad terms though,

00:18:20   it is definitely more and more under Apple's control.

00:18:26   And it's not in a simplistic way like the way that iOS is where any kind of broad-based

00:18:34   software you want to distribute has to go through the App Store or you have to cheat

00:18:38   like Facebook and Google did and abuse your beta certificate.

00:18:43   But to play by the rules on iOS, you need to go through the app store.

00:18:49   It's very simple.

00:18:50   And then your app needs to comply with all the various app store rules.

00:18:53   The Mac isn't like that at all. It still isn't.

00:18:56   I don't think it ever will.

00:18:58   But things like this notarization are

00:19:02   Apple is a is a gatekeeper on this.

00:19:08   Yeah, absolutely. And that's why it's so appropriate that the technology on the Mac is called Gatekeeper.

00:19:14   When it came out, I think people read a lot into that and was like, "Wait a minute, they're

00:19:18   not going to let certain software run." And you're right, everyone jumped to conclusions.

00:19:24   But yeah, I mean, I don't know. It's funny because I often have a take on these kinds

00:19:29   of things that is simultaneously a little bit worried and like a little bit, I guess

00:19:33   I guess you could say I'm kind of conservative in that sense

00:19:38   that I kind of want things to just stay as they are.

00:19:41   But then I think I'm also pretty pragmatic

00:19:43   about the security improvements.

00:19:45   Like if I look at my Mac today

00:19:48   and the world that we're living in

00:19:49   and the things that crap people are out there doing,

00:19:52   I frankly can't relate too well to people who are like,

00:19:58   it should just be the way it used to be

00:19:59   where you could download anything you want

00:20:01   everything has access to every file on your Mac more and more I'm like geez I'm

00:20:06   kind of glad I have this locked down Mac but well and I'm kind of glad I'm really

00:20:12   glad by my parents have it I'm really glad my wife has it yeah my son has it

00:20:17   you know like and I you know it's it sounds a little pretentious to say that

00:20:24   I'm special because I I understand I quote understand this stuff and so I

00:20:30   I want special privileges, but I do because I kind of do understand this, but I really

00:20:36   am.

00:20:37   And I feel like that's the line that Apple is walking is the line between what they do

00:20:43   for the typical 98% of Mac users versus what they allow for the expert slash developers

00:20:55   slash power users, however you want to describe them,

00:20:59   2% of Mac users who this stuff

00:21:03   is sort of getting in the way of.

00:21:04   And I do feel, I'm worried with 1015 Catalina

00:21:11   that they've sort of, they're crossing the line

00:21:16   and this is the version where they might start

00:21:19   really inconveniencing us.

00:21:21   - Yeah, yeah, I mean,

00:21:24   I imagine that depending on what your particular niche interest is there's been a release in the past three years or whatever four years

00:21:32   Maybe longer where that was the line, you know, I think I'm like scripters, right? I think really had it

00:21:37   tough in the past year I

00:21:40   Think because of that, you know, I mentioned that thing about only loading Apple or your own

00:21:46   Libraries and yes that basically I think in

00:21:50   1014

00:21:52   effectively just killed a bunch of,

00:21:55   like I don't think you can,

00:21:56   I should know more about this off the top of my head

00:21:58   probably because of my involvement with scripting utilities

00:22:01   but--

00:22:01   - You should.

00:22:03   - I should but I kind of just,

00:22:06   I'm not completely up over my head in that these days.

00:22:10   But I think effectively you can't load

00:22:13   like third party OSX anymore from,

00:22:17   like if you use Apple's script runner,

00:22:20   you can't do that and that's like whole workflows

00:22:22   that just got broken.

00:22:24   And yeah, you're right though,

00:22:25   there's a new thing every year,

00:22:27   and I think this is gonna be another one of those years

00:22:31   where it's like, oh well, there's a whole realm

00:22:33   of productivity things that you can't do anymore.

00:22:36   But getting back real quickly, what you were saying,

00:22:39   are we being maybe a little bit presumptuous

00:22:42   about thinking that we know how to be safe

00:22:45   when others don't?

00:22:46   I really feel myself gradually shifting over the years

00:22:51   where every time Apple comes out with another one

00:22:53   of these rounds of security improvements,

00:22:55   I have to say I understand less and less,

00:22:59   intrinsically, why they did it.

00:23:01   And then I start looking into it, I'm like, oh.

00:23:04   And they explain why they did it.

00:23:06   And I'm like, ah, geez, I have to be honest,

00:23:08   I would have never thought about that.

00:23:10   And so it's like, maybe kind of edge cases,

00:23:14   but I think they're doing these things

00:23:15   because they spot legitimate vulnerabilities.

00:23:19   And I guess I feel less and less competent myself

00:23:24   to manage all the different aspects of my computer security.

00:23:29   - Yeah, that's very true.

00:23:30   All right, let me take a break and thank our first sponsor.

00:23:32   And it is one of my best friends on the internet,

00:23:35   Squarespace.

00:23:36   Oh, I love Squarespace.

00:23:38   Look, you need a website,

00:23:41   maybe your friend needs a website,

00:23:42   maybe there's a company, a local restaurant,

00:23:45   a local business around the corner needs a new website.

00:23:49   They come to you because you're the neighborhood nerd.

00:23:52   They know you know what you're doing.

00:23:54   Don't build them a website from scratch.

00:23:57   And then you're on the hook for all the updates

00:24:00   and when things need to change,

00:24:02   and then they're calling you and calling you.

00:24:04   Send them to Squarespace

00:24:06   or get them started on Squarespace yourself, build it,

00:24:09   hand over the keys to them.

00:24:12   because Squarespace is so easy to keep going

00:24:17   and it's so easy to get started.

00:24:19   It is so easy.

00:24:20   It is a CMS, so you can add blog posts or podcast episodes

00:24:25   or whatever you want on a periodic basis.

00:24:28   Or if you just need to add new pages,

00:24:30   just new sections of the website, you can do that.

00:24:34   All of it very easy, but it's also a design tool.

00:24:38   All of the design stuff, all of the templates,

00:24:41   all of the tweaking of the design,

00:24:43   putting a logo at the top,

00:24:44   making sure everything is responsive.

00:24:46   So it looks great on a giant display,

00:24:49   looks great on an iPad, looks great on a phone.

00:24:52   All of it is built right into Squarespace,

00:24:54   super whizzy wig, whizzy wig.

00:24:56   That's a term that really has sort of fallen out of favor.

00:25:00   We don't really think about it anymore.

00:25:01   What you see is what you get,

00:25:02   but Squarespace is like the epitome of whizzy wig,

00:25:06   because when you're the owner of the website

00:25:10   or you're just a rando visitor to the website.

00:25:13   You're looking at the same thing,

00:25:15   but when you're the administrator,

00:25:17   you have edit buttons where you can change things,

00:25:20   move things around,

00:25:21   but you do it all directly right on the website.

00:25:24   It is so great, such a great place.

00:25:26   You can do everything from registering domain names

00:25:29   to updating the site, to designing the site,

00:25:32   all on Squarespace.

00:25:34   Here's what you do to get started.

00:25:36   Go to squarespace.com and remember this code, talk show.

00:25:40   No, the not the talk show, just talk show ta lk s h o w.

00:25:46   And when you check out, you'll save 10% off. And that counts,

00:25:49   including up to a year, you can just sign up for a year in

00:25:52   advance. That's like getting two months free. It's amazing. Go to

00:25:55   Squarespace calm, remember that code, talk show, go to

00:25:59   squarespace.com slash talk show, and you can get started. But

00:26:02   just remember that code talk show when you pay. So one of the

00:26:07   things I've been writing about lately, and I think it ties into

00:26:10   this and it's this term, it's like my obsession for the summer is non-consensual technology.

00:26:17   And it started with the Zoom thing, right? That wasn't this ridiculous? I'd never heard of Zoom

00:26:25   before. And this is one of those things where me working at home without any colleagues,

00:26:32   and every time I do talk to somebody, it's either FaceTime or when I do a podcast at Skype. Zoom is

00:26:39   is apparently a very popular sort of virtual meeting

00:26:44   software type thing.

00:26:47   It's got a webcam.

00:26:48   You can look in a--

00:26:50   and you can have a virtual meeting.

00:26:52   You could have eight people around the world.

00:26:55   And there you go.

00:26:57   You're all looking at each other in this thing.

00:27:00   And you can talk to each other and share notes

00:27:02   and whatever the hell else you do in a meeting.

00:27:06   You wouldn't know.

00:27:07   Right.

00:27:07   The way that Zoom had set this up is to me, absolutely criminal.

00:27:14   I mean this literally, I don't think that it is literally against any particular US federal law,

00:27:22   but it ought to be. It ought to be against the law. And in terms of computer ethics,

00:27:29   it is absolutely criminal. They set their software up such that when you install their software,

00:27:36   they'd ask for, you know, hey, can we have administrator privileges or whatever? And you say,

00:27:41   okay, because this is what I need to do to install this. And they installed a local host web server

00:27:48   that was set to launch whenever you logged in. And it was outside the app bundle. And the thing that

00:27:58   whatever mechanism, I don't know what mechanism they were using to make sure it launched whenever

00:28:03   you logged in. But whatever it was, it was all outside the app bundle. So even if you deleted

00:28:09   the Zoom app, you're like, I don't like this or I only installed it once because somebody told me

00:28:14   I needed to have a meeting. I don't really care for it. I'm going to delete it. You delete the

00:28:19   app, you hit empty trash, it's gone. You can even restart your Mac. Unbeknownst to you, innocent

00:28:29   user of Zoom even just one time, this invisible web server is still running on your Mac, which

00:28:36   is insane, absolutely insane, especially if you deleted the app.

00:28:41   And if you're ever on a web page and the web page sends your computer on any web browser

00:28:49   a URL like addressed with their custom Zoom URL scheme, it would go to the local host

00:28:57   running invisible web server that you didn't even know was there.

00:29:01   And it would download and reinstall the zoom client that you

00:29:07   purposefully deleted and then open it up,

00:29:10   which all of what I just described is exactly

00:29:16   what they designed it to do. None of that is out of spec.

00:29:21   None of that is a bug. None of that is, is, is, uh,

00:29:26   in error. And guess what? Turns out they did have at least one bug that would allow somebody

00:29:34   to completely denial of service your computer by sending an unending stream of requests

00:29:42   for the Zoom thing. So you could load a Web page just by going to a Web page. And if the

00:29:48   Web page decided to attack your computer, it would just send an unending number of requests

00:29:53   for this and it would completely lock up your computer, which it was clearly a bug.

00:29:59   And then there was some kind of way where they could turn the webcam on, which of course

00:30:03   is terrifying and is everybody's worst nightmare with webcams and ties into the whole Joanna

00:30:11   Stern piece from a couple of weeks ago about whether you should put a piece of tape over

00:30:14   your webcam or not. There was another bug where they could turn on your webcam without

00:30:20   you knowing or requesting it or allowing it, which is insane.

00:30:23   Absolutely insane.

00:30:26   But the whole thing that

00:30:29   the starting point of them doing something that you never permitted,

00:30:33   never would have permitted if they had asked for it is to me,

00:30:37   it gets to the bottom of what's wrong with the entire industry.

00:30:41   And it's kind of it.

00:30:43   It makes me feel like a gray beard.

00:30:47   You know, it's like I'm only 46.

00:30:49   I'm not that old, but I really feel like, oh my God,

00:30:54   when I got started really becoming

00:30:56   a serious computer enthusiast and thought,

00:30:58   this is what I wanna do with my life,

00:31:00   I wanna get into this industry,

00:31:02   nobody would have ever done anything so contrary

00:31:05   to the user's wishes or best interests.

00:31:09   - Well, not nobody maybe, but nobody who was--

00:31:13   (laughing)

00:31:15   Nobody who was--

00:31:17   - Selling a legitimate product.

00:31:18   - Right, right, right, this kind of gets back to the,

00:31:20   such a perfect segue from the whole question of like,

00:31:24   can we look out after ourselves or not, right?

00:31:26   Like this is a great example.

00:31:28   - Zoom is, again, I'm very contrary to them.

00:31:31   I could not be more critical of them,

00:31:33   but their fundamental product is a real product

00:31:35   that people use and seem to like.

00:31:36   - It's a product that people use and they love it.

00:31:39   And I didn't know this either.

00:31:40   I had never heard of the company.

00:31:42   And I was discussing it with some folks,

00:31:45   kind of like, well, there's this little,

00:31:46   you know, nobody heard of it, app that has this bug.

00:31:50   And everyone was like, everyone was like,

00:31:52   what do you mean nobody's heard of it?

00:31:54   Like everybody I want to teleconference with

00:31:56   uses this thing, and it's great.

00:31:58   - That's totally me, that is totally me.

00:32:00   - So I had the same experience,

00:32:02   but this is a perfect example.

00:32:04   Who the heck thought that you'd download

00:32:06   a teleconferencing app from a reputable, quote unquote,

00:32:09   seemingly, presumably I should say,

00:32:11   reputable software company,

00:32:14   and it would install a secret web server that makes you vulnerable to browser attacks.

00:32:20   And that's probably a perfect case in point for why we need...

00:32:26   Why is Apple doing all this security junk? Well, it's people doing stuff like this.

00:32:30   And I think your broader point there, though, is correct that there seems to be...

00:32:37   And this extends way beyond the Mac. This probably extends to judging the ethics of

00:32:43   of companies like Uber and people who have done things

00:32:47   where you take a step back and you say,

00:32:49   well, why the heck would anybody do that?

00:32:51   That's a violation of somebody's privacy

00:32:54   or their rights, whatever.

00:32:58   And it just seems like we're in one of these eras right now

00:33:01   where it's very,

00:33:04   I think people are making a lot of excuses

00:33:07   for doing things in the name of profit or--

00:33:11   - Yeah, or what they think is profitable.

00:33:13   - Yeah, or profit.

00:33:14   - Even if it isn't profitable, but they think it is, right?

00:33:16   - Yeah, and in this case, I mean, they had a,

00:33:19   they said, you know, they had a pretty good case

00:33:21   for making this, for defending this

00:33:23   as being driven by user experience, right?

00:33:27   They said, I think if I remember it correctly

00:33:30   with the Zoom thing, it was like, well,

00:33:31   this saves users a click so they could just

00:33:33   automatically get connected, and when that works,

00:33:36   customers are delighted because it saved them a click.

00:33:39   And if you can save customers a click

00:33:41   without making them suddenly exposed to new vulnerabilities,

00:33:46   then that is laudable,

00:33:48   and that's something you should be doing.

00:33:50   So it wasn't like in this case they were saying,

00:33:51   hey, if we install this secret web server,

00:33:53   we can make a dollar extra for every customer.

00:33:55   They were saying,

00:33:56   we can make a competitive advantage with this.

00:33:59   - It sort of ties into MarsEdit in a way,

00:34:03   because if I've read the story correctly,

00:34:07   when they came up with this scheme

00:34:10   to install the invisible web server behind the scenes so that you could click a button

00:34:17   in a web page to say, I want to talk to Daniel over Zoom and it would download the client

00:34:25   and install it and open it and then all of a sudden, you know, me and you are web chatting

00:34:30   or whatever you want to call it.

00:34:33   If I'm reading it correctly, it started when Safari was updated so that bookmarklets require

00:34:44   user interaction.

00:34:48   I forget the actual vulnerability, but there was a real vulnerability that that was in

00:34:53   response to.

00:34:54   In other words, does Mars Edit use a Mars Edit colon URL scheme?

00:35:03   Is that what it is?

00:35:04   It does have that, yeah.

00:35:06   So lots of apps have this sort of thing.

00:35:09   So for example, Daniel's app, Mars Edit, has a URL scheme.

00:35:13   And it starts, instead of HTTP colon URL, the rest of the URL goes here.

00:35:20   It's Mars Edit colon and then there's like a command and then parameters so that you

00:35:27   could open a new blog post with this as the title and this text as the body.

00:35:35   There's a whole bunch of things you can do with it and all sorts of apps, more apps than

00:35:41   we could name have schemes like this so that you can click a link and you can make links

00:35:48   in e-mail or text or wherever, and you can create a new to-do in things or other apps

00:35:58   and all sorts of neat things you can do. But the problem was that they were being abused.

00:36:03   And there were ways that certain Web sites were abusing this system.

00:36:08   And so Apple changed Safari so that whenever you open any URL

00:36:16   whose-- the resolution of the URL

00:36:18   is going to result in another app opening,

00:36:22   it would ask for confirmation in the Safari window.

00:36:26   And you have to click a button.

00:36:29   One button.

00:36:30   Yep.

00:36:31   Yeah, one button.

00:36:32   Isn't that bad.

00:36:36   But on the other hand, if you're used to clicking no buttons, it does seem like,

00:36:40   Oh, this is annoying.

00:36:41   But it, it there, there's sort of no middle ground where they,

00:36:47   they can't close the security hole that was opened by the fact that,

00:36:52   that it would automatically open these other apps without this.

00:36:56   And so in, in response to this is why they started this. But, uh,

00:37:02   that's really the wrong way to go.

00:37:05   Really, yeah, I mean, that's really the most. That's the most

00:37:08   damning thing I think about the zoom incident was that when

00:37:12   people broke it down, they basically discovered that, you

00:37:16   know, they're working around something that's specifically

00:37:21   designed to get user consent. And so it's back to what you

00:37:24   were saying, right? What was it? What did you call it the non

00:37:26   consensual technology?

00:37:28   Really love and it applies to so many things that we've, you

00:37:33   know, so many of the last couple of years of topics for podcasts and stuff. It's so

00:37:40   perfect. Nonconsensual technology. Nobody, maybe nobody said, nobody said, you know

00:37:46   what, I would like to have to make an extra click every time I start a zoom

00:37:50   call. Nobody said that nobody wants that everybody would like it. If, if everybody

00:37:55   played fair, and nobody did anything dishonest. Everybody would like it if you

00:38:01   didn't have to make the extra click to make your Zoom call. But...

00:38:05   Yep. I think what...

00:38:08   It's sort of like saying, wouldn't it be great if you could leave the doors of

00:38:11   your house unlocked all the time? And then even if you come home with two

00:38:15   hands full of groceries, you can just put your elbow on the doorknob and come in

00:38:19   the house. Wouldn't that be great? It would be great, but you can't leave your

00:38:23   doors unlocked all the time because who knows who's going to come and jigger the

00:38:28   door. Right? So you've got to lock the door and then once the door is locked, you have

00:38:33   to click the extra button to make a Zoom call. And they decided, "Well, wouldn't it be...

00:38:41   How about once you let us in your house, we'll unlock one of your windows without telling

00:38:45   you?"

00:38:46   Right. It'll be convenient. Trust us.

00:38:50   And then if you ever need to make a Zoom call, we'll crawl in the window and open the door

00:38:54   for you. Creepy. I don't think that's that much of a stretch as an analogy, that they

00:39:01   came in and unlocked window 80.

00:39:03   Right. They put some toilet paper in the door lock thing just in case they needed to get

00:39:09   in later. But I think what you're getting at also points to a problem with Apple's approach

00:39:16   to some of these security things is that I don't think Apple, either they don't think

00:39:22   through extensively enough what the usability implications are going to be, or they don't

00:39:28   consider them as important.

00:39:31   This whole thing with the... you click on a custom link and now it prompts you... the

00:39:38   consent is important, but I think most users agree that consent doesn't need to be... in

00:39:47   In a lot of situations in life, consent doesn't have to be granted explicitly every single

00:39:52   time.

00:39:53   Right?

00:39:54   Right.

00:39:55   And so you click the link once and it says, "Are you sure you want to open this Zoom thing?"

00:39:59   And then maybe if Apple had thought it through a little bit more, maybe they'd realize how

00:40:02   annoying this was going to be, not just for Zoom, but for all this other software that

00:40:06   uses this kind of solution, for my bookmarklet, for example.

00:40:09   And then maybe they are motivated then to engineer a solution that establishes a compromise

00:40:16   where it's like, "You know what? I pretty much know, I trust whatever Mars Edit URLs

00:40:21   are not dangerous to me." Or they say, "You know what? Zoom URLs, they seem like they

00:40:27   could be dangerous, so why don't you just only allow those to be opened from the zoom.com

00:40:31   or whatever."

00:40:34   And I say this because you and I, and you know this, I mean, I don't want to go too

00:40:37   far into the weeds here, but you and I have gone... It is absolutely my privilege that

00:40:45   I know you and you're my friend, but Mars Edit happens to be one of the very small handful

00:40:51   of apps that I most rely on, literally professionally. I mean, tens of thousands, the overwhelming

00:41:00   vast majority of posts to Daring Fireball over the last, the entire history of the site,

00:41:06   frankly, go through Mars Edit. Mars Edit is, I forget, how long, when did you take over

00:41:13   Mars Edit. It's 2006. 2007. Yeah, so it's been 12 years, believe it or not. But it is a... 12 years, Jesus.

00:41:22   It is a blog editing app that speaks to any app that uses any of the various

00:41:32   open blog editing APIs. WordPress would be by far and away the most prevalent. I

00:41:39   I still use movable type, but movable type uses,

00:41:43   has a remote API that Mars Edit can speak to.

00:41:47   That's what I use it through.

00:41:49   But almost everything I post to Daring Fireball

00:41:53   goes through Mars Edit.

00:41:55   And the only things that don't typically are like,

00:41:58   sometimes I'll make typo corrections from my phone

00:42:01   going through the web interface,

00:42:02   but it's truly an essential part of my workflow.

00:42:06   I don't know what I would do without it,

00:42:09   But I also have and have had for years a bookmarklet that I use in Safari.

00:42:16   And so if I'm reading a web page, you know, could be from Bloomberg, could be

00:42:20   a New York Times, doesn't matter what website it is, I can click a button in Safari, one button,

00:42:27   and then it jumps me into into Mars Edit. It pre-fills the title with the title of the page

00:42:33   that I was reading. I can tweak it if I want. It pre-fills the URL that I'm linking to.

00:42:40   And if I have a text selection in my browser window, it pre-fills it as a block quote in

00:42:46   the window. It's a really, really nice convenient way to start the process of linking to a website.

00:42:53   And at some point about two years ago, two, three years ago, when Apple changed this,

00:42:59   where you had to click an extra button, it would be like, "Are you sure you want to

00:43:03   I open this in Mars edit.

00:43:05   I mean, I do this a lot, especially when I'm in the flow.

00:43:07   You know what I mean?

00:43:08   Like on a good day, when I'm really, you know,

00:43:10   maybe I've got a couple of things queued up

00:43:12   to start the day and then I find a couple of more links

00:43:15   during the day and I might have like seven or eight links.

00:43:19   The extra click really annoyed me.

00:43:20   And so you and I work this out.

00:43:23   And I actually have a custom version of the app,

00:43:28   I have a post to Mars edit app that does it exactly the way I want to, but it's super

00:43:39   technical.

00:43:40   I mean, most people can never do that, right?

00:43:41   I mean, I've got like a weird combination of me being half nerdy and especially being

00:43:51   pals with you to get it set up just right.

00:43:55   I've got this custom app on my site that the app literally doesn't do anything except offer Safari this extension, which lets me get around the confirmation because I've okayed it once.

00:44:08   Whereas, and I think you're exactly right.

00:44:11   I kind of the whole thing would have been unnecessary if I could just tell Safari, hey, these Mars edit colon URLs.

00:44:20   I'm okay with them.

00:44:22   Do whatever they say.

00:44:24   or maybe being able to permit on a bookmarklet

00:44:29   by bookmarklet basis, right?

00:44:31   So you make a bookmarklet, you say,

00:44:33   you know, I wrote this, just trust me, this is mine.

00:44:36   Yeah, there's lots of ways they could have made it easier.

00:44:41   It's funny, I have to admit,

00:44:43   I didn't look into the Zoom thing that carefully,

00:44:44   but it makes me wonder why weren't they able,

00:44:48   they have a native app running, I assume.

00:44:50   - Well, I think where they really cross

00:44:54   the line was where they decided that they would like to be able

00:44:58   to reinstall themselves after being deleted. And at that point,

00:45:04   you're, you're in the dark world. You know what I mean?

00:45:07   Like, that's wrong. You know what I mean? Whereas I feel like

00:45:10   if they were like, as long as our app is still there, there

00:45:13   were a couple of ways that they could have gotten around this

00:45:16   and made this more convenient. I think the thing the the, you

00:45:22   know somewhere at some point they had a meeting where somebody wrote on a white

00:45:25   board reinstall after deleting the app and that's where they cross the line

00:45:29   right you have to admit though it's pretty convenient when they sneak back

00:45:33   into your house and make you coffee the next morning I I do I do I mean I'm very

00:45:41   offended by what they did but I kind of have to salute their like leaving behind

00:45:51   behind a web server that's always running on port 80, that is sort of insane. I have

00:45:58   to admit that's... I condemn them for the morality of it, or the ethics of it, whatever

00:46:06   you want to call it, but I kind of salute them for the balls.

00:46:12   Yeah, but no, it's one of these things where it's like, "Ugh, don't ever want..." I'm not

00:46:19   don't ever want like if somebody asked me now if I wanted to do a zoom

00:46:23   conference call like I'm glad I'm not a position where people yeah I would

00:46:28   actually say no you know yeah it's I don't trust it that makes me think of

00:46:33   Dropbox but let's hold that thought I'm gonna bring up this Dropbox stuff after

00:46:37   I tell you about our next sponsor and it's another one of my good friends

00:46:42   longtime sponsor of the show fracture look we all take hundreds probably

00:46:49   thousands. I don't know what the average is, but I probably average well over a thousand iPhone camera

00:46:54   shots a year. I've already taken hundreds of shots this summer from being on vacation. I love using

00:47:02   my iPhone as a camera. It is absolute every year they get better and better. But you know what?

00:47:08   It's not great only ever looking at your photos on a little five inch iPhone display.

00:47:16   Even if you look at them on your iPad, nice and big,

00:47:20   still not as great as actually printing the photos you really love.

00:47:25   The ones that are true keepers, the ones where you capture your friends,

00:47:30   your kids, your spouse, your parents, whoever you love, and they really look great.

00:47:36   Or maybe it's not even people, maybe it's just a sunset or something like that,

00:47:40   but just a great moment. Print it out and the best way to get your

00:47:46   very favorite pictures printed out is on fracture fracture. When you go there, you upload your

00:47:52   pictures, they print them. They don't put them on paper and then like tape them to a piece of glass.

00:47:57   They literally print the photos right on glass. I don't know how they do it. Black magic. I don't

00:48:04   know, but it really looks like they're printed right on the surface of the glass and they go

00:48:11   edge to edge. There is no corner. There's no frame. It's amazing. And when they ship them to you,

00:48:18   they come with everything you could possibly need to hang them on the wall, to prop them up on a

00:48:24   mantle or on your desk if it's smaller. Everything you need is all right there in the case. And they

00:48:32   do it all right in Gainesville, Florida with US source materials. It is absolutely phenomenal

00:48:40   print quality. Absolutely amazing when you look at them on your wall or on your desk. They're truly

00:48:47   the best way I know of to get your photos printed. And they make amazing gifts. They're the best

00:48:54   gifts I have ever given to people in my family ever. I just use them over and over and over and

00:49:00   over again for gifts because that's one of the great things. I'm a terrible gift giver because

00:49:05   every once in a while I'll think of a good gift for somebody and then you give them the gift and

00:49:09   And then what do you do next? What do you do next year?

00:49:12   If it's their birthday or it's Christmas or whatever fracture,

00:49:15   you can just keep giving it to them over and over and over again.

00:49:18   It never gets old because you never run out of new photos.

00:49:21   It's absolutely phenomenal gift. I love their product.

00:49:25   We have them all over our house. Here's where you do to find out more,

00:49:29   go to fracture me.com or no, just fractured dot me.

00:49:33   That's actually their domain name. Fracture dot me. And, uh,

00:49:39   Just remember the code talk show.

00:49:41   Uh, and when they ask you, where did you find out about fracture?

00:49:46   Just remember to tell them you found out about it on this podcast.

00:49:49   I love fracture.

00:49:50   Go check them out.

00:49:51   Absolutely a phenomenal product.

00:49:53   They're another example of a company that's Gruber proof.

00:49:57   They've Gruber proffed their domain names.

00:49:59   You can go to either one.

00:50:01   Fracture me.com fracture.me.

00:50:05   It doesn't matter.

00:50:07   You know my absolute favorite grouper proof company?

00:50:10   - I can guess it, I bet I can guess it.

00:50:12   - All right, what was it?

00:50:13   - BlackBlaze.com. - Yes!

00:50:15   (laughing)

00:50:18   So BackBlaze, wait, what's the real company?

00:50:21   BackBlaze. - BackBlaze.

00:50:23   - BackBlaze, long time sponsor,

00:50:25   not a sponsor of this episode,

00:50:26   so this is totally unsolicited.

00:50:29   Great online backup, but I said their domain

00:50:33   was BlackBlaze.com. - BlackBlaze.

00:50:36   And they went and rather than ask for a refund, like, "Hey, you screwed up our domain name,

00:50:43   you dumb shit."

00:50:44   And I would have had no excuse.

00:50:47   I would have said, "Here's your money back.

00:50:48   Take your money back, please.

00:50:50   I'm embarrassed."

00:50:51   Instead, they went and registered the domain, blackblaze.com.

00:50:56   It still works.

00:50:58   I just did it.

00:50:59   It still works.

00:51:00   It still works.

00:51:01   For life, they're going to have blackblaze.com thanks to John Gruber.

00:51:04   It's one of my favorite stories of all time. I screw up their domain

00:51:08   They register an additional domain name. They don't need and they're like, oh no, don't worry about it. We thought it was funny

00:51:15   I'm like you guys are the best. Yeah, that's a good sponsor

00:51:19   Dropbox, oh my god. How about these clowns?

00:51:23   Yeah, right we were talking about

00:51:26   Consent, right? Oh my god. There's another one where we're for years. I forget how long

00:51:33   Dropbox has been around, but it's at least 2009, 2010.

00:51:38   I know that Steve Jobs is still around,

00:51:40   because there's the famous story where Steve Jobs was talking

00:51:43   to one of their founders.

00:51:44   And there was, I guess, some sort of just putting feelers

00:51:49   out about whether they would be open to being acquired.

00:51:52   And Jobs' line was, hey, you're not an app, you're a feature.

00:51:58   And that was his way of sort of trying to put them in their

00:52:00   place, whatever. But that at least puts the timeline at 2010

00:52:07   or 2009 or so. I mean, it's at least 10 years of Dropbox.

00:52:11   Yep. And within the last week or two, they've issued an update

00:52:17   and a couple of things. Number one, their software, their app

00:52:23   on the Mac, updates itself on its own schedule. Without, you

00:52:28   know you you grant it permission when you first install it and then it's there

00:52:32   running in the background and it updates itself and they they've updated it to a

00:52:38   version that launches an app in your dock which a lot of I I've got enough

00:52:45   stuff in my dock where one more thing doesn't really annoy me but I'm totally

00:52:51   totally, 100% attuned to the dock perfectionists who don't want anything in their dock that

00:53:01   they don't want.

00:53:03   And I totally understand how an awful lot of third party utility Mac software specifically

00:53:11   has even however minimal their preferences are, they have a preference for show dock

00:53:16   icon. You know that some people really don't want stuff in the dock even if

00:53:21   it's running all the time they really don't want it there unless it's like an

00:53:25   app that they actually look at. Right? If it's not an app with windows that you

00:53:31   look at they don't want it in their dock. I totally get that. You know I don't want

00:53:36   I generally don't want extra things in my dock but now Dropbox has this icon in

00:53:42   the dock and you click it and it's ugly. What you do see when you click it is ugly.

00:53:49   Nobody who I know wants anything other than a folder that syncs with sharing. That's what

00:54:01   Dropbox is. The whole Steve Jobs, "Hey, you're a feature, not an app," or whatever, it's

00:54:09   like, yeah, but you're a feature I would pay for. A folder that

00:54:13   syncs with sharing, I would pay for that. I would happily pay

00:54:17   for that as long as it's super robust and super reliable, which

00:54:22   Dropbox syncing wise has always been. That was always the

00:54:26   miracle of Dropbox, right? That in an era when there were

00:54:32   multiple, I've always been multiple options of ways to try

00:54:36   to have a shared folder between computers, Dropbox was like the

00:54:40   first one who just said, just install this thing, give it

00:54:44   permissions, and let it go. And every computer you have this on

00:54:49   will have the exact same shit in the exact same folder. And that

00:54:55   was amazing. It was absolutely amazing. And it didn't matter.

00:54:59   Like if you like were temporarily offline, you're out

00:55:03   in the middle of a prairie.

00:55:08   You're 500 miles away from the nearest cell tower,

00:55:12   but you open your laptop and you do a little work,

00:55:15   and you hit Command-S, and you save a file,

00:55:18   and you close your laptop.

00:55:19   And at some point, your laptop reconnects to the internet,

00:55:23   and it syncs, and everything.

00:55:26   And then you go back home, and you open up your desktop iMac,

00:55:30   and there it is.

00:55:31   There's the file that you had saved in the middle of Kansas,

00:55:35   500 miles from the nearest cell tower,

00:55:38   and it's all there, right?

00:55:40   It really has been, sync-wise,

00:55:44   one of the great technology triumphs of the world.

00:55:46   And it sounds like something that should not be celebrated,

00:55:50   but anybody who's ever worked on anything that syncs, period,

00:55:55   realizes what a triumph Dropbox has always been

00:55:59   from the day one, technology-wise.

00:56:01   - Yeah, it's reminding me of the sort of famous

00:56:05   Quora question, you remember this?

00:56:08   It was like this answer to a Quora question

00:56:10   kind of got some traction.

00:56:12   I'm looking at it right now 'cause I was reminded of it

00:56:14   and it's from 2011.

00:56:17   But it's an answer to a question which is basically like,

00:56:20   why is Dropbox successful?

00:56:22   Like why, why, why is it successful?

00:56:26   And there's so many other tools

00:56:28   And this great response by Michael Wolff,

00:56:32   and if you don't remember it already

00:56:35   off the top of your head,

00:56:36   you probably remember it when I read it,

00:56:37   but he says, "Well, let's take a step back

00:56:41   "and think about the sync problem

00:56:42   "and what the ideal solution for it would do.

00:56:45   "One, there would be a folder.

00:56:47   "Two, you'd put your stuff in it.

00:56:49   "Three, it would sync."

00:56:52   And then he says, "They built that."

00:56:54   And he says, "Why didn't anyone else build that?

00:56:56   "I have no idea."

00:56:57   But that's the nut of what you're saying,

00:57:00   is the simplicity is what we've,

00:57:04   people who use Dropbox, I don't use Dropbox regularly

00:57:06   anymore, I think I kinda got the whiff of something up

00:57:10   a few years ago, and so I uninstalled

00:57:13   the Dropbox system level integration

00:57:17   a few years ago when they had, I don't remember,

00:57:19   it was something, they did something kinda silly

00:57:22   a few years ago.

00:57:23   - No, they started, I know exactly,

00:57:24   I guarantee you I know when you did it.

00:57:26   It was when they started asking for permission

00:57:30   that would allow them, they didn't tell you this,

00:57:33   but they were asking for permission

00:57:35   so that what they could do is install a kernel extension.

00:57:38   Which is fucked up, right?

00:57:40   I mean that is seriously, you know,

00:57:44   two, three, four years ago,

00:57:45   kernel extensions were already like,

00:57:49   hey, we don't live in the 90s anymore.

00:57:51   You don't just, apps don't get to install shit

00:57:54   that runs in kernel space.

00:57:55   Not for a file sync.

00:57:58   Not for something that we know could work without it, right?

00:58:01   That was the thing.

00:58:02   We know that everything I want out of Dropbox,

00:58:06   I know can run without it because I never

00:58:08   let you do it before.

00:58:09   And you're doing what I want you to do, which is give me

00:58:13   a folder and it syncs and it's perfect.

00:58:17   Why in the world should I give you kernel access?

00:58:19   So you are probably smart.

00:58:21   I still run it.

00:58:23   But now at this point, I'm, it's like on my summer list of to do's, I've got to get out of it because

00:58:29   the, I think it's coincidental timing, because I don't think I think that, you know, they're,

00:58:37   they're, their aspirations are high enough that it's not tied to the fact that 10 15 Catalina

00:58:45   is going to add shared folders to iCloud file sharing or file syncing, whatever. But the

00:58:52   Having a shared folder is the last thing keeping me on Dropbox. And specifically, I only share it

00:58:59   with one person. The only one that really matters to me. I guess I have one with my wife and we

00:59:04   update it every once in a while. But for the most part with my wife, we just send stuff by iMessage.

00:59:10   But the big one for me is for this show where I finish the show. I'm going to send you a link

00:59:17   and you'll upload your end of the audio.

00:59:20   I'm going to upload upload my end of the audio.

00:59:23   And then

00:59:25   Caleb Sexton, who edits the show, is also a member of the same shared folder.

00:59:30   He'll get both files and then he'll be able to edit them.

00:59:33   And when he's done editing,

00:59:35   he will put the final version of the show in the same folder and then I'll pull it

00:59:39   down so I have one shared folder that I really care about with Caleb.

00:59:44   I share it with everybody who's on my show.

00:59:47   once I can get rid of it, but I could do that without running Dropbox

00:59:53   locally. Like one of the things that's most appealing to me about

00:59:58   uninstalling Dropbox is that I could use like transit from panic and just give

01:00:05   transit my Dropbox credentials and just treat it the way I treat most remote

01:00:12   locations and do it through instead of through the finder and make it seem like

01:00:17   like it's a local folder that's on my file system.

01:00:20   I don't really need that.

01:00:21   I just need the shared folder with collaborators.

01:00:25   I could do that through an app and not

01:00:27   have it seem like it's part of my file system.

01:00:30   Right.

01:00:30   That's funny.

01:00:32   I know I used to run Dropbox, because I

01:00:34   used to-- since you mentioned that shared folder,

01:00:37   it's also evidence that I have, in fact,

01:00:39   been on the show before, because I just went to Dropbox.com,

01:00:42   and I'm in that shared folder for the talk show.

01:00:47   And I used to get these great notifications that would let me know in advance who I could

01:00:50   expect to see here on the show, because Mac OS would say, "Hey, so-and-so just uploaded

01:00:57   some files to this shared Dropbox folder."

01:01:00   So I guess I lost that feature when I uninstalled Dropbox.

01:01:04   Maybe that's a reason enough to get back into the Dropbox culture here.

01:01:10   But yeah, that's a mess.

01:01:14   It's a horrible thing for a company like Dropbox, which I think you would agree, Dropbox had

01:01:19   a lot of sort of, it's more than just brand equity.

01:01:23   They had sort of like, because of their simplicity and the fact that it just worked, they sort

01:01:29   of had like an engineering level nerd equity.

01:01:32   Yes, I know exactly what you mean, right?

01:01:35   Yeah.

01:01:36   It's like you kind of trust some companies, not just from a branding point of view, but

01:01:40   from like, they know how to do this right point of view.

01:01:43   And that people who knew their shit were like, oh, yeah, I use Dropbox. Yeah, I mean, you know

01:01:48   It's like back in the day when I was doing graphic design. It's like, you know

01:01:53   Illustrator and freehand were arch rivals and

01:01:59   People who knew their shit would have everybody had a strong preference as to which was your favorite vector

01:02:06   illustration tool but

01:02:09   Everybody who knew anything would acknowledge that both of them were completely credible tools

01:02:15   They just did it in different ways, right? You know, it's

01:02:19   You know, there's just a whole list of apps in various

01:02:24   You know you name the field and people who know their shit will be like hey I use blank

01:02:31   But I know that X Y & Z are also good. They're just not the ones I use but that's my shortlist

01:02:38   you know, X, Y, Z, and W.

01:02:40   They're the ones that I think are the ones

01:02:42   you should look at.

01:02:43   And Dropbox was absolutely a number one on that list of,

01:02:48   hey, if you want a folder that syncs,

01:02:51   you should install Dropbox.

01:02:52   And it's just a shame.

01:02:55   And I don't, it's like I get that their executive staff

01:03:00   right now is in a tough spot

01:03:03   because they raised a gazillion dollars in venture capital

01:03:07   with the idea that they would eventually be valued at $10 gazillion.

01:03:12   And to get from here to there,

01:03:17   they have to try to do something else, you know, that,

01:03:20   that just selling a utility that lets a folder sink for $5 a month,

01:03:26   whatever, isn't going to get them there. But it,

01:03:31   it could in theory be a good business, right?

01:03:35   It just wouldn't be a, you're up there with Microsoft

01:03:40   and Facebook and Apple and Google as one of the giant titans

01:03:44   of the stock market type business.

01:03:47   But they raised money thinking that that's what they would do

01:03:51   and I get it that now they're painted in a corner

01:03:55   because they've raised all this money on the idea

01:03:58   that they're going to be the next Microsoft Office 365

01:04:01   and so they've got to sell,

01:04:04   they're turning the client software into this thing

01:04:06   that does everything from document sharing

01:04:09   to video conferencing to whatever the fuck else it does.

01:04:14   I get that they're painted in a corner because they did it,

01:04:18   but nobody forced them to paint themselves in the corner.

01:04:21   And it could have been a very nice business.

01:04:24   It could have just been,

01:04:26   I don't know how many people it would support,

01:04:28   I don't know how big the company would be,

01:04:29   but in theory, with the technology they had

01:04:32   and the sync algorithm they had,

01:04:33   which clearly, truly, it sounds like something

01:04:38   that everybody should have and that it should be

01:04:41   like bubble sort, you know what I mean?

01:04:43   Like here's one of these algorithms that everybody knows

01:04:46   and it works with this performance

01:04:51   and everybody can use this algorithm to sync between things.

01:04:55   The truth is sync is incredibly hard.

01:04:58   It's incredibly hard, it's incredibly prone to bugs

01:05:03   And from day one, Dropbox Sync was fast and reliable.

01:05:08   And that's all you could ever ask for.

01:05:12   It was rare at the time.

01:05:14   They should have been able to build

01:05:15   some sort of business around it,

01:05:17   even if it was a million dollar business

01:05:20   instead of a billion dollar business.

01:05:21   But instead, because they were going

01:05:23   for a billion dollar business, now we've got shit.

01:05:26   We've got a big, big pile of dog shit, right?

01:05:29   Everybody's front door who runs Dropbox.

01:05:32   So interesting, the valuation.

01:05:34   As soon as you started talking about the size of the company and their ambitions, I punched

01:05:38   it into Yahoo stocks thing.

01:05:41   Dropbox as of today is a market cap $10 billion company, which is incredible.

01:05:47   A huge number unless you compare it to all these other companies.

01:05:53   So for instance, it's like half of a Lyft or one third of a Twitter.

01:06:02   I mean, Twitter seems small.

01:06:04   Its valuation seems small, 28.8 billion right now.

01:06:07   It seems small compared to its mind share, right?

01:06:12   - Right, right.

01:06:13   I actually think Twitter is undervalued, in my opinion,

01:06:16   just because they're, I don't wanna go too much

01:06:21   on a tangent on this, but they're still so much

01:06:24   in the shadow of Facebook and therefore still compared

01:06:27   on Facebook's terms, and Facebook is the one

01:06:30   who define monthly active users as this, like, that's the benchmark.

01:06:36   Yeah.

01:06:37   And it's such the wrong.

01:06:40   Yardstick for Twitter, right?

01:06:43   It's so, it is so inappropriate for Twitter, but it is in every single way.

01:06:49   It's it defines every single bad idea.

01:06:52   Twitter comes up with for the last six, seven years, because they know they're

01:06:57   being measured against Facebook's definition of terms.

01:07:02   And I think Facebook, I think Facebook, I hate them.

01:07:07   I've never signed up for Facebook.

01:07:09   I think they're genuinely a bad effect

01:07:14   on humanity overall planet wise.

01:07:17   But I do think that they are very,

01:07:20   I think they're from Zuckerberg down,

01:07:22   they're run by very smart people.

01:07:24   And I think that they not only set up that as their yardstick

01:07:31   because it would make them look good,

01:07:32   I think they very deliberately chose it

01:07:35   because they knew it would make their competitors look bad,

01:07:38   that no one would be able to--

01:07:40   once they took the mental real estate that they did

01:07:46   in people's lives, as this is where regular people share

01:07:52   photos and anecdotes about their lives, they knew that nobody else would be able to occupy

01:07:58   that and no one would be able to compare with them on monthly active users and they sort

01:08:03   of got this entrenched in the minds of investors as monthly active users equals a good measuring

01:08:11   stick.

01:08:13   It's part of the evil of Facebook is that they not only do bad things but they actually

01:08:19   entrench a bad measuring stick as the measuring for other social networks.

01:08:27   Yeah. 20 times. Twitter is 20 times smaller market cap than Facebook. But such a larger

01:08:37   mindshare. So much larger. And I don't watch a lot of cable news. I don't care what your

01:08:47   political persuasion is whether you're a conservative or liberal or in between or whatever cable news will rot your brain no matter which

01:08:54   Network, yes, it's not good now, but when I do watch because you know, there's some breaking news

01:09:01   I guess this week. I'll probably watch because

01:09:03   Robert Miller is gonna

01:09:06   You know testify before Congress, so I'll be watching some cable news this week

01:09:10   But whenever I do you can't go more than six or seven minutes before you see something about it a tweet

01:09:16   Yeah, whether it's right. It's family. Well, and it's not just the president, you know, it's it's people from Congress

01:09:22   It's you know AOC, you know, she's absolutely amazing on Twitter

01:09:27   She's you know, she's as much a master of Twitter as the president is and it's a fantastic way

01:09:33   to control her message it's

01:09:35   But the the the degree to which Twitter has become the platform

01:09:42   For people like that, you know who are the absolute, you know, truly the leaders of our country to to communicate with us

01:09:49   It's truly phenomenal and it's completely

01:09:52   completely

01:09:55   Non-valued in Twitter's right valuation. Absolutely and which is to me ridiculous. It's absolutely ridiculous

01:10:02   Yeah, it's fascinating. So anyway, I don't want to like you say let's not get on it

01:10:07   I'll sit here and look at stock prices all day and make analyses of what's valued right

01:10:13   and wrong.

01:10:14   But I just think that's just fascinating.

01:10:16   Dropbox clearly a huge company, but it is a transition.

01:10:20   Getting back to the topic at hand, Dropbox is a great example of one of these companies

01:10:26   that has gone from, like I said, that kind of nerd credibility to what's left.

01:10:34   Turn on any podcast.

01:10:35   They're all talking about--

01:10:36   Nerd warnings, right? Yeah. Yeah. It's gone from like nerd, like, hey, you should install Dropbox.

01:10:43   It's awesome to Hey, do you have Dropbox installed? You should maybe yeah, installing. Yeah.

01:10:47   Which is sad, very sad. Because the actual technology that made us fall in love with it

01:10:56   is still there. That's that's the tragedy. And it I, again, there's far worse tragedies in the

01:11:04   world. But to me, having great technology just get obfuscated with piles and piles of

01:11:12   crap in front of it is sort of heartbreaking.

01:11:16   Yep, sure is.

01:11:20   Looks like it's going to thunderstorm here. How's the weather up there?

01:11:23   I got my windows closed, and I have my AC off, so I'm moving in a little sealed vacuum

01:11:28   chamber here but looking out my window I think we're I don't think we have it

01:11:33   come in real soon but I think there's something on the forecast yeah are you

01:11:36   are you an ocean guy I know I've been listening to the ATP and yeah our friend

01:11:43   Marco Arment is right this one this summer and our other friend John

01:11:49   Sirkusa big big big fan of going to the beach long time you know I love yeah

01:11:55   Everybody's waiting for him to drop a camera in the ocean, right?

01:11:59   That's like the annual tradition.

01:12:01   He wades into the ocean with a handheld camera, takes pictures of his kids and his wife and

01:12:07   whoever else he's at the shore with.

01:12:09   Still hasn't lost one.

01:12:11   But our friend Marco is learning to swim, going to go deeper in the ocean.

01:12:15   Are you an ocean guy?

01:12:17   I grew up in Santa Cruz, California, which is funny because that's not an automatic qualifier

01:12:22   for being an ocean guy.

01:12:25   By stark contrast to what I'm about to say, I have never actually surfed, which you're

01:12:31   kind of supposed to do.

01:12:33   But I did spend plenty of time in the ocean so that the kinds of things they're talking

01:12:37   about on ATP I can relate to very well.

01:12:41   I know how to dive under a wave.

01:12:42   I know how to dive over a wave.

01:12:43   I know how to swim against the tide if you need to.

01:12:49   And it's fun.

01:12:50   listening to that conversation in part because I love John.

01:12:55   I love how much he always surprises me

01:12:58   with his extracurricular interests

01:13:02   that I would have never guessed.

01:13:03   And so the pictures--

01:13:05   - I would have never thought he was as much of a beach guy.

01:13:09   - Well, right, yeah, just a beach guy in general.

01:13:11   But then the particular thing that I've now got

01:13:14   like a picture in my mind of,

01:13:16   just enter this meditation with me everybody.

01:13:19   You're looking at this beautiful blue sky, the waves are crashing on the sand, you're

01:13:25   sitting cross-legged on a beach looking out at the horizon, and then a wave is coming

01:13:31   in.

01:13:32   What's that?

01:13:33   It's John Syracuse body surfing.

01:13:34   Body surfing, right.

01:13:35   And he's like, "Of course you can catch a wave.

01:13:39   Anybody can catch a wave.

01:13:40   You just got to try a few times."

01:13:42   And you're like, "Oh, okay."

01:13:45   I love the picture because I could also picture.

01:13:47   We've all seen, you know, John doesn't get excited about everything in this world, but

01:13:53   when he gets excited, you see that great big smile.

01:13:57   And I'm just picturing that great big John Syracuse smile coming in on a wave as I'm

01:14:02   sitting on the beach.

01:14:04   I never would have guessed that he was experienced and adept at body surfing.

01:14:10   So that's my ATP insight.

01:14:12   I can tell you the only time I've ever seen him happy.

01:14:16   It was the WWDC where they announced APFS.

01:14:21   And then afterwards, I met him, you know,

01:14:25   it was like, I don't know, 15 minutes

01:14:27   after the keynote ended and I was outside

01:14:31   and there he was and he truly looked happy.

01:14:35   - He's beaming, huh?

01:14:36   - Yeah.

01:14:37   Here's the thing.

01:14:40   I grew up, my family,

01:14:42   We used to always go to the Jersey Shore.

01:14:46   My parents are not really--

01:14:49   they're not world travelers.

01:14:51   My dad likes to go places he can drive.

01:14:54   So we were always Jersey Shore people.

01:14:56   I liked it, but my thing was never the daytime at the beach.

01:15:01   I was never a fan.

01:15:04   You get a little chafing.

01:15:06   Jersey Shore sand is a bit coarse.

01:15:10   I was always a fan of the boardwalk at night.

01:15:13   I like it at night when the lights are on.

01:15:16   You know, I like a casino.

01:15:18   I like to gamble.

01:15:20   I'm a late night person.

01:15:21   I was always a late night kid.

01:15:23   I like the action late at night.

01:15:24   I like the lights.

01:15:25   I like the dark.

01:15:26   I like the seediness.

01:15:27   And then now that I've traveled a bit

01:15:35   and I've been to the Caribbean a few times,

01:15:38   It's like, that's the fucking beach.

01:15:41   I mean, holy shit, man.

01:15:43   The sand, I mean, even just the sand is better.

01:15:46   The sand is better.

01:15:47   The ocean is clear.

01:15:49   You can actually see your feet at the bottom of the ocean.

01:15:52   The waves, instead of knocking you over, are just gentle.

01:15:56   They're just, you know, a little up, little down,

01:15:58   little up, little down.

01:16:00   The Atlantic Ocean in like New Jersey,

01:16:04   Long Island, New York, that type of area, it's brutal.

01:16:07   And it's ugly. It's, you know, it's dark brown water. You can't see six inches into it.

01:16:15   It's kind of filthy. If you turn your back on a wave, it'll knock you over.

01:16:20   You know what I mean? Like, you can't turn your back on a wave. You know, it's...

01:16:24   So I, you know, I'm kind of anti-Atlantic ocean, to be honest.

01:16:28   I like being in the ocean. I like a beach. But I'll tell you what,

01:16:34   I don't like the the eastern seaboard the eastern seaboard is shit

01:16:37   And I know and I'm a type of person who's biased in terms of the East Coast

01:16:42   I think the East Coast is the real time zone. I

01:16:45   Think you know, I have all sorts of biases in favor of the Eastern Standard time zone

01:16:51   But I'll tell you what in terms of going to the beach. It's the fucking worst

01:16:56   I think you can just expand that all your biases against the Eastern the Atlantic Eastern, you know coast of the US

01:17:03   I think you can just expand that to include the Western coast because it's just you know, you can't see through it

01:17:11   It's now cold. It's colder than the Atlantic and

01:17:14   It's more forceful and more violent. So

01:17:17   If it's in a way, I mean you really can't turn your back on the Pacific. I

01:17:22   Enjoy that I still I enjoy the big waves. I enjoy, you know, I related I think most to

01:17:29   actually John's advice to Marco because you know folks who haven't heard it you

01:17:34   should go listen to it but basically Marco's like I don't know what I want I

01:17:36   don't I don't know what to do in the water it doesn't doesn't seem fun to

01:17:40   just like frolic around in the water and John's saying basically well you know

01:17:44   it's like a video game of like you versus the waves and I relate to that

01:17:48   because that was one of my fun pastimes you never know what the next wave is

01:17:53   gonna be and especially on the in the Pacific Santa Cruz where I grew up you

01:17:59   can get some big waves and they will really knock you out.

01:18:04   One of the bits of advice also John had for Marco was to learn to hold his breath.

01:18:09   And I think it's hard to have a sense of time when you're trapped underwater from a wave,

01:18:14   but I think I've probably been trapped underwater for at least 30 seconds, which is terrifying

01:18:20   when you don't know how long you're going to be underwater.

01:18:24   But that's, you know, it's kind of one of these things, the ocean is one of these things,

01:18:29   I think, at its best, can kind of wake you up to the fact that the world is so big and

01:18:33   so powerful and so much bigger than any one of us.

01:18:37   I think that's probably kind of the high that surfers get, is kind of being part of this

01:18:42   system that's bigger than them.

01:18:45   But I don't know, it's interesting.

01:18:47   I definitely like the ocean, but these days,

01:18:51   my family and I, we usually go to Cape Cod.

01:18:54   The ocean's ruined in Cape Cod

01:18:56   because of all the great white sharks.

01:18:59   - That sounds exciting though.

01:19:02   - It's exciting, yeah, it is exciting for sure.

01:19:05   (laughing)

01:19:06   I shouldn't say it's ruined,

01:19:07   but I mean, it's getting more and more,

01:19:09   it seems like every year there's like a more--

01:19:14   - I would go in that water, I would go in.

01:19:16   - I cannot even imagine convincing either my son, Jonas,

01:19:20   or my wife Amy to go in the water

01:19:22   if there was even a 1% chance of a great white shark.

01:19:26   I can't even imagine getting them

01:19:28   to going up to their ankles.

01:19:30   - It's getting to the point where,

01:19:32   like the part of Cape Cod we go to,

01:19:34   they might as well film a Jaws sequel there

01:19:37   because it's like, it's ripe.

01:19:40   It's ready for blood on the beach, you know?

01:19:44   I mean, I don't want to trivialize it too, but it is kind of fun and exciting.

01:19:48   Obviously, it's not fun and exciting if anything happens, but it's scary.

01:19:55   I remember the first time I came out, because growing up on the West Coast, I didn't get

01:19:59   out to the East Coast at all until I was an adult.

01:20:02   Actually, the first time on the East Coast was an iconic moment in history, Macworld

01:20:08   1996.

01:20:09   Oh, wow.

01:20:10   Yeah.

01:20:11   And Apple, it was my first paid, was it '96 or '97?

01:20:16   It's the one with, where Bill Gates made the announcement.

01:20:21   - That's '97, that's '97.

01:20:22   - '97, yeah, that makes more sense,

01:20:24   'cause I was hired in '96, and then the next Macworld

01:20:27   in Boston, Apple sent me out, and that was also

01:20:31   my first experience going to an Atlantic beach.

01:20:35   'Cause this was great, this was back when, I don't know,

01:20:38   Apple gave me a rental car.

01:20:42   They said take a few extra days, whatever.

01:20:45   I went down to Cape Cod for the first time and I was just like, "This is like a playground

01:20:51   compared to the Pacific."

01:20:53   But at that time, there weren't a huge risk of sharks every day.

01:20:56   Well, the thing about the Atlantic is, and I have to admit, I've never been in the Pacific

01:21:03   Ocean.

01:21:04   I've obviously been to California many times, but I've never gone to the beach.

01:21:07   I mean, I've seen it.

01:21:08   But the thing about the Atlantic Ocean, especially on on on the New Jersey,

01:21:13   New York and you know, I've been to South Carolina and it's exactly the same.

01:21:19   So South Carolina to me, I don't know.

01:21:21   I'm just going to draw a line and say all the way from South Carolina to New York.

01:21:25   It's all the same.

01:21:26   It's dark water. It's dirty.

01:21:29   And the waves break really close to the shore.

01:21:33   So you can't surf.

01:21:35   There is, I know that there are people who surf in New Jersey.

01:21:39   Don't, don't, don't at me.

01:21:40   I get it.

01:21:41   But you have to hunt for it because for the most part, most beaches, the waves

01:21:47   all break like 20 feet from the shore.

01:21:50   It's, it, it, it's terrible.

01:21:52   Yeah.

01:21:53   I have been confused wondering where people surf because I see, I go to

01:21:57   Cape Cod and there's like surf shops and they have surfboards and I wonder

01:22:01   where the heck to use this.

01:22:02   When I was in high school, my best friend, his mom always rented a house for a week or two on Long Beach Island in New Jersey.

01:22:13   And Long Beach Island is really nice. If I were ever going to spend more than a week at the shore, that's probably where I would go.

01:22:26   It's really nice.

01:22:27   It's a very narrow town.

01:22:30   So the furthest you can get from the beach

01:22:32   is like two blocks from the beach.

01:22:34   And it's a very short beach.

01:22:37   So once you're on the beach, you're almost in the water.

01:22:40   Very nice.

01:22:41   And you could surf there.

01:22:43   And I could see guys surfing there.

01:22:45   But even so, it really seemed constrained.

01:22:51   The guys who were surfing were clearly--

01:22:55   It was hard to surf, you know what I mean?

01:22:57   'Cause the waves broke too close to the shore.

01:23:00   You could do it, but it didn't look anything

01:23:04   like when you watch real surfers, pro surfers on ESPN

01:23:08   and they're in Hawaii or somewhere cool in California.

01:23:13   And they're way off the coast and they can ride this wave

01:23:17   for a minute or something like that.

01:23:19   No way, you get two seconds on a fucking wave in New Jersey.

01:23:22   It's crazy. - Right.

01:23:23   serious waves in California and Hawaii they have people like and they have

01:23:27   those contests competitions they have jet skis to like shuttle the surfers out

01:23:32   it's like that's how far out they have to get to actually catch those waves do

01:23:36   you ever think about the stupid stuff you did as a kid did you die when I did

01:23:40   a lot of stupid stuff that if I found out my kid was doing I I would want to

01:23:44   strangle him did you just dumb stuff like that I did all the dumb stuff and

01:23:50   It's just too sad that I'm never going to let my kids get away with it.

01:23:54   Right.

01:23:55   So when I was in high school, my best friend, like I said, his mom would rent a house for

01:24:00   two weeks in Long Beach Island.

01:24:01   And then for a couple of years, he invited me out.

01:24:06   And then by my senior year, we had a couple of friends who would come out and spend a

01:24:11   week there.

01:24:12   And it was really cool.

01:24:13   And it was a lot of fun.

01:24:17   Just be on your own in a beach town.

01:24:19   His mom was very cool, very nice.

01:24:22   But the one year, I think it was the year

01:24:24   before my senior year of high school,

01:24:26   a hurricane came through and it didn't really hit

01:24:29   the Jersey shore very hard.

01:24:32   Somebody can Google this up.

01:24:35   Summer of '91 it would have been,

01:24:38   there was a hurricane and it must have hit

01:24:41   one of the Carolinas real hard,

01:24:43   but then it came up the eastern seaboard

01:24:45   and it was just like a tropical storm

01:24:46   by the time it hit New Jersey.

01:24:48   But the other thing we were obsessed with at the time

01:24:51   was playing poker.

01:24:52   We played poker and we played all night long

01:24:56   and we watched the storm just blow

01:24:59   and it was just random shit.

01:25:00   Just you'd look out, we were playing on the porch

01:25:03   and it was like an enclosed porch.

01:25:05   And it was just the most amazing thing

01:25:10   'cause you would see things

01:25:11   that you wouldn't think the wind could blow

01:25:13   just blowing down the street.

01:25:15   like a big heavy metal wrought iron bench blowing down the street.

01:25:20   We stayed up all night playing poker, uh, crazy storm,

01:25:26   got a couple hours of sleep, woke up and we went down to the beach and it,

01:25:31   the beach, it wasn't raining, but it was overcast.

01:25:34   It was the day after the storm had come through, but because it was overcast,

01:25:38   like the, uh, the lifeguards were not on duty and nobody was on the beach.

01:25:43   There was nobody on the beach.

01:25:44   It was just like me and like three friends.

01:25:46   And it was the middle of summer.

01:25:51   It wasn't cold, but the water was a little cold,

01:25:53   but we decided to go in.

01:25:54   And the day after this storm,

01:25:57   I mean, the waves were like epic.

01:26:00   I mean, they were like, I mean, they were just,

01:26:02   I've never ever in my life seen waves like this.

01:26:05   Maybe in the Pacific, you see waves like this all the time,

01:26:08   but they were just humongous.

01:26:10   But my friend Todd just like went way out in the ocean.

01:26:15   I mean, like so far out, it was crazy.

01:26:18   - Oh boy.

01:26:19   - And these waves were like 20 to 30 foot swells.

01:26:22   And you would see him at the top of one

01:26:24   and just see his head sticking out

01:26:26   and then he would go down and then just disappear.

01:26:29   And we're yelling.

01:26:30   And even us as idiot 17 year old boys

01:26:34   who thought we were gonna live forever,

01:26:36   even we were yelling at him like,

01:26:38   Hey, dude, you might want to come in.

01:26:40   There's literally no lifeguards on duty, no lifeguards, nobody else.

01:26:44   Of course, it's, you know, 1991. It's all pre cell phone.

01:26:48   So he had like washed out to see we I mean, he'd be dead.

01:26:51   And we were just vaguely concerned.

01:26:54   We were just like.

01:26:55   And meanwhile, we were all probably way too far out. Right.

01:26:59   Like because the waves, it was just so much fun going up and down.

01:27:02   If I found out my kid went in the ocean the day after a hurricane

01:27:06   or tropical storm came by without lifeguards, I would strangle him.

01:27:10   Oh my God.

01:27:12   But at the time, I thought that was normal.

01:27:13   I was like, "Well, at least I'm not Todd.

01:27:16   I'm not the one who's 40 yards out."

01:27:19   I keep telling my kids about my childhood experiences.

01:27:22   I have to say, "Well, I'm not going to let you do this."

01:27:26   It's similar to that.

01:27:28   Like I said, I was up in Vermont and sitting in this river.

01:27:33   It was a very calm tepid river, but I told my kids about how I used to ride the inner

01:27:39   tubes down the Sacramento River in California.

01:27:43   This is a river that has some rapids.

01:27:49   The key though is I used to ride this inner tube down the river in the town I lived in

01:27:54   as a seven-year-old with my seven-year-old friend and no adults.

01:28:01   We just go get these inner tubes and we'd take a hike a mile up the river and then hop

01:28:07   in the river.

01:28:09   I just can't fathom it.

01:28:10   My seven-year-old doesn't even walk across the street without me.

01:28:16   I know exactly what you mean.

01:28:21   I kind of fear that I'm going to make these kids that don't have the independence and

01:28:28   adventure spirit that in some ways I have but I don't want to be like one of those people who's like

01:28:34   Confirmation bias just because I survived every other kid is gonna survive the same freedom

01:28:40   Like I think it's one of those things where because I did end up surviving and things turned out

01:28:45   Okay, it kind of makes a great story and it makes me have some attributes that I value

01:28:51   But that doesn't mean I should take the same chance with my kids. Well, here's my favorite my favorite was

01:28:58   my parents house isn't right across the street from the elementary school that I

01:29:02   went to literally right across the street and it it's on a hill so you

01:29:09   could go down the hill and you know I used to ride a skateboard you could go

01:29:13   down the hill on the skateboard right in front of the school and then you you'd

01:29:16   make a right into the parking lot of the school and then you you know you could

01:29:20   smooth out the downhill thing you did and they also had a pavilion now the

01:29:26   The pavilion is gone now, but I think they expanded the school

01:29:31   to cover it.

01:29:33   But next to this covered pavilion,

01:29:36   there was just a little hump, maybe like six inches,

01:29:39   like where they just--

01:29:41   they didn't know what to do with the end of the macadam,

01:29:43   so they just curled it up.

01:29:45   But if you hit it on your bike, it was a nice little jump.

01:29:49   You could easily get three, four feet up in the air.

01:29:52   We used to call it the hump jump.

01:29:54   And the one time I was there and I had no friends with me,

01:29:57   I was all by myself and I hit the hump jump

01:29:59   and I really hit it fast and I was going for distance.

01:30:03   Well, there happened to be a tree

01:30:05   about 15 feet away from it.

01:30:07   - Oh my.

01:30:10   - I hit the tree like with my bike,

01:30:14   it's so hard that it turned the handlebars of my bike

01:30:16   completely perpendicular so that the handlebars

01:30:19   were like aligned with the tire, you know what I mean?

01:30:22   - Right. - Like sideways.

01:30:24   And I hit my head.

01:30:26   - Of course, no helmet of course.

01:30:29   - No, of course.

01:30:29   - Because we didn't do helmets back then.

01:30:30   - Well, we didn't do helmets and I knocked myself out.

01:30:33   - Oh my God.

01:30:34   - So it was about 5.30 in the afternoon.

01:30:38   And the next thing I know,

01:30:40   there was a cleaning lady from the school

01:30:44   and she was Latino, she didn't speak,

01:30:47   I don't think she spoke English as her first language

01:30:49   and she was shaking me.

01:30:52   And she said she saw me hit it.

01:30:55   She saw me hit the tree and she wanted to know if I was okay.

01:30:59   And I had like a giant goose egg

01:31:01   on the right side of my forehead.

01:31:02   I mean, just like a big goose egg.

01:31:04   But all I could think was that my parents would be mad at me

01:31:07   if they found out that I was making this jump.

01:31:10   And I said, "I'm okay."

01:31:12   And she's like, "No, no, let me, where do you live?

01:31:16   Let me take you home."

01:31:17   And I'm like, "I'm okay, I'm okay."

01:31:19   And then I looked at my bike

01:31:20   and the steering wheel was sideways.

01:31:22   And I was like, oh my God, my parents are gonna kill me.

01:31:25   They're gonna know it.

01:31:25   And I like put the tire between my knees

01:31:28   and like I screwed up my bike enough

01:31:31   that like it was easy to straighten the handlebars.

01:31:35   You know what I mean?

01:31:36   - Yep.

01:31:37   - And I was like, I'm okay.

01:31:38   And I was definitely not okay.

01:31:40   I had been knocked out.

01:31:42   I had been out for like five minutes.

01:31:45   I had a giant goose egg on my head

01:31:47   and this very, very kind, sweet cleaning lady

01:31:50   was just trying to make sure I was okay.

01:31:52   And I'm walking away with this bike

01:31:54   with crooked handlebars, thinking like,

01:31:57   I gotta get home and figure out a story.

01:32:00   If I found out my kid did that, I would be furious.

01:32:02   - Yep.

01:32:04   Well, so did you get away with it?

01:32:05   - Yeah, I totally got away with it.

01:32:06   My parents have no idea.

01:32:07   And they don't listen to my podcast, but they still won't.

01:32:09   - So we're not gonna tell them.

01:32:11   - No, don't.

01:32:11   (laughing)

01:32:12   Nevermind.

01:32:14   Let me take a break here and thank our third and final sponsor of the episode.

01:32:19   And this is a trifecta. It's a trifecta of great sponsors.

01:32:24   I love this company. It's Linode. I used to call it Linode because that's what it looks like.

01:32:30   But it's Linode because it's Lin like Linux.

01:32:34   Linux is the operating system that most servers on the internet run.

01:32:41   Linode is absolutely great hosting service for your own server.

01:32:48   And they've just opened a new data center in Toronto, Canada.

01:32:52   That's a big deal because in addition to wanting a server location that's closest to you,

01:33:01   or maybe closest to your users for legal reasons, some people, depending on your business,

01:33:06   might need for compliance a server that is hosted in a certain country.

01:33:11   Well, now they have one in Toronto, Canada.

01:33:13   It is absolutely as good as all of their other hosting locations.

01:33:17   They have let me just start this off.

01:33:20   I'll just tell you right now, they have a twenty dollar credit for all new customers.

01:33:25   And they only charge at the starting point, five dollars a month,

01:33:30   so you can get four months for free just by waiting until the end of this sponsor

01:33:36   read and for me to tell you what to do.

01:33:38   You can get four months for free on Linode

01:33:40   with an absolutely world-class server.

01:33:44   Anything you want to do online, you can do on Linode.

01:33:47   Dedicated CPU, they have distributed applications.

01:33:50   Everything they do, native SSD storage.

01:33:57   They have 40 gigabit network, super fast.

01:34:01   Pick from any of their 10 worldwide data centers

01:34:04   where you want yours hosted and they're opening another one in Mumbai, India by the end of

01:34:12   2019 in case you need to be over there. Pay what you use with hourly billing across all

01:34:18   of their plans and add-on services. Deploy and maintain your infrastructure simply and

01:34:24   cost-effectively their tools. Make it easy to provision, secure and monitor and backup,

01:34:30   which is super important, your personal cloud, your service,

01:34:35   your server, really great stuff.

01:34:39   They have a brand new version 4 of their API.

01:34:43   It's a RESTful API.

01:34:44   So anything you want to do, customize.

01:34:46   If you're a super advanced user and you

01:34:48   want to program stuff, you want to customize stuff,

01:34:51   you want to have scripts that run,

01:34:53   they have a great API for doing almost anything

01:34:56   you could possibly want.

01:34:58   And like I said, use this promo code.

01:35:00   talk show 2019 ta lk sh o w 2019 and you get $20 credit at linode l i n o d e.com slash

01:35:13   the talk show go to linode.com slash the talk show remember this promo code talk show 2019

01:35:22   You save 20 bucks and amazingly you can get a great account for just 5 bucks a month.

01:35:30   That's 4 months free.

01:35:32   An entire third of the year.

01:35:35   For God's sake it will be freezing cold by the time your period is up.

01:35:39   I cannot thank them enough.

01:35:41   They are a great, great hosting service.

01:35:44   So go try them out at linode.com/thetalkshow.

01:35:50   What do you think about this stuff with Facebook getting fined by the FTC?

01:35:54   I think this is…

01:35:55   Oh, this is $5 billion?

01:35:57   Yeah.

01:35:58   I get it because it's like a record-breaking fine and so it seems like that's significant.

01:36:04   And I really do feel…

01:36:06   I can't emphasize enough how good Kara Swisher's New York Times column on this was a couple

01:36:12   of weeks ago where she was just like, "Add a zero and then we're talking," because

01:36:18   Other than that, they've just chalked this up

01:36:20   as the cost of doing business.

01:36:22   And the fact that when this quote unquote record-breaking

01:36:27   FTC fine was announced, Facebook stock went up,

01:36:32   it tells you everything you need to know.

01:36:35   Where they've managed this.

01:36:38   And again, it is a record-breaking, so I get it.

01:36:41   But I feel like we're in new territory on some of this.

01:36:45   You know what I mean?

01:36:46   Yeah, I mean that's kind of the scale problem.

01:36:49   Like we were talking earlier about Dropbox's value and Twitter's value and Facebook's value.

01:36:53   I don't know how to grapple with these numbers.

01:36:56   So like Facebook's value, to remind folks, is $577 billion.

01:37:01   So in that context, $5 billion seems kind of small.

01:37:07   But if you just gave me a number, does it seem like a good idea to find Facebook $5

01:37:12   billion?

01:37:13   If I check my mail tomorrow and I got a $5 billion fine, I would break into a sweat.

01:37:20   I would be a little nervous because I got to put this on a finance plan.

01:37:25   You know what I mean?

01:37:26   I'm going to have to pay this off over time.

01:37:29   Or anybody who's listening, you can kind of do the rough math.

01:37:32   What would you have to do to be charged a fine that is one-hundredth of your net worth?

01:37:40   Right.

01:37:41   Right.

01:37:42   Right and all of a sudden you peg it at one one hundredth of my net worth and you know

01:37:46   And right so so is what Facebook did

01:37:52   Bad enough that it should be more than one one one hundredth of their net worth or you know

01:37:59   I guess I just have to admit. I don't really know how these things should be

01:38:02   Tabulated

01:38:06   Seems like there should be a punitive

01:38:08   and there should be an aspect of it

01:38:10   that sort of sets an example for other companies.

01:38:13   And I guess what you're saying,

01:38:16   it seems compelling to me that Facebook

01:38:19   is able to just sort of shrug this off,

01:38:21   so it doesn't seem either that punitive

01:38:25   or that sort of demonstrative of the seriousness

01:38:30   that other companies will face

01:38:33   if they try the same things, right?

01:38:35   - Right.

01:38:38   The other thing-- and again, it gets back

01:38:40   to this non-consensual technology.

01:38:43   I've been meaning to write about it.

01:38:44   I have a blog post that is mostly written,

01:38:47   but I was on vacation, so it's not completely written.

01:38:49   But my friend Mike Davidson, at the beginning of July,

01:38:54   wrote a post about Superhuman, which is a invitation only,

01:39:01   at least for the moment, $30 a month front end to Gmail.

01:39:05   So in other words, if you if you know somebody and they can get you in or you're on their list and they say you're in.

01:39:12   OK, now you sign up, you pay thirty dollars a month and you get their interface to Gmail.

01:39:19   So it's an email client. You do it through a Web browser.

01:39:23   People seem to love it. I cannot for the life of me imagine doing my email through a Web browser, Gmail or otherwise.

01:39:32   So I mean, it's not for me.

01:39:34   But the thing that my friend Mike Davidson pointed out

01:39:41   was that they have a red receipt feature that's on by default.

01:39:50   And it uses single one by one pixel GIFs.

01:39:57   And so every email you send has a little invisible GIF.

01:40:01   And when anybody, whoever you send your email to,

01:40:06   maybe I just send an email to my friend Daniel,

01:40:09   and it just says, "Hey Daniel,

01:40:10   "you wanna be on my podcast this Monday?"

01:40:14   And then if you use their client,

01:40:17   it'll tell you Daniel read the email

01:40:20   at 11 o'clock a.m. Monday morning,

01:40:24   and then he read it again at one,

01:40:26   and it used to until Mike pointed this out,

01:40:31   out it would even do geolocation based on your IP and would say like you know

01:40:37   from Boston Massachusetts he read it at 10 a.m. but then at 2 in the afternoon

01:40:43   he read it from you know the coast of Maine or wherever you are which is creepy

01:40:51   And after he posted this, I get how it works.

01:40:56   I get how most, if not every modern email client, the message viewer pane is effectively a web browser.

01:41:06   And whether it's mail.app on Mac or iOS, certainly if you're reading your email in a web browser,

01:41:18   like, you know, if you just go to gmail.com and whatever your favorite browser is, clearly

01:41:24   the message renderer is part of a web browser and it loads the message and it loads this invisible pixel and then they use

01:41:33   reverse geo tracking on the IP. But I asked, you know, I asked my wife,

01:41:39   I asked a couple other people who are totally non-technical,

01:41:42   "Do you realize that this would be possible that every time you look at a specific message,

01:41:47   The person who sent it would be able to tell hey this, you know, Amy read this message at 11 a.m

01:41:54   She read it at 1 and then she read it the next day again at 2 p.m

01:41:59   And here's where she was and they were like every single person I asked was like no, that's not possible

01:42:04   Is it and I was like, yeah, actually that that is possible and he wrote this up and then the CEO of superhuman

01:42:11   Had a fairly, you know, it wasn't super defensive, you know

01:42:17   It was a fairly decent response except for the fact that it didn't acknowledge that the

01:42:23   fundamental idea to me is wrong.

01:42:28   This is interesting because I have to admit as a business owner I have used some of these

01:42:34   services like I've used in particular Campaign Monitor, one of these email services where

01:42:39   one of the responses I see Mike Davidson's post, he addresses like, "Well, one of the

01:42:46   Excuses is everybody does this.

01:42:48   Tracking pixels in emails are a thing.

01:42:50   - And MailChimp is a long time sponsor

01:42:52   during Fireball and this podcast.

01:42:54   MailChimp I think has the same feature.

01:42:56   - It's one of these things where it forces me

01:43:00   to really think carefully about my own ethical stance

01:43:03   on this because frankly, so this is one of these situations

01:43:07   where I'm like, I'm getting back to what we said earlier

01:43:10   about maybe you and I being examples of people

01:43:12   who are a little bit more tuned in

01:43:14   how to protect ourselves, slash maybe a little more paranoid sometimes, I have that feature

01:43:19   on in Mail on my Mac that doesn't load remote content by default.

01:43:26   So I think anybody who emailed me from Superhuman would not be tracking me unless I explicitly

01:43:33   click that load remote content button.

01:43:36   And then back to the confessional part, I have sent out...

01:43:39   How many people even know that option exists?

01:43:42   Not very many.

01:43:44   And I have sent emails, I'm not very good at sending emails from a company point of

01:43:48   view, but the times I have sent them, like a couple times over the last 15 years, I haven't

01:43:55   gone out of my way to disable that feature or anything.

01:43:58   I haven't said like, "Hey, campaign monitor, cool it on the tracking."

01:44:01   And then to be honest, when I see stuff like, "Well, whatever, 10% of the people have opened

01:44:07   this email since you sent it five minutes ago, let's say," I find that interesting.

01:44:13   So this is one of these things, again, it's like the theme, again, legitimate, bona fide

01:44:21   user experience improvement, but at what cost, right?

01:44:25   Right, and I get it, and I've talked to a, you know, you and I have a bunch of friends

01:44:31   who run independent software companies, and it's a good idea to have a mailing list, and

01:44:37   I know Ben Thompson, who runs a paid subscription mailing list for his main business, Stretecory,

01:44:48   you give him X dollars per year and then four days a week you get a custom email just for

01:44:55   subscribers to you.

01:44:57   And I don't know if he uses campaign monitor or MailChimp, I forget what he uses, but it

01:45:02   doesn't even matter.

01:45:03   that he's got a tracking pixel or tracking image in there and he can see

01:45:08   you know what percentage you know it's 78 percent of subscribers open this in

01:45:13   the last 24 hours well that's interesting to know because it's in the

01:45:17   aggregate and it's not wrong but when I send a message to my hypothetical yeah

01:45:24   ex-girlfriend or girlfriend and we're estranged and then I can see when and

01:45:31   where, how many times she opened it.

01:45:34   That's-- it's wrong on a personal--

01:45:36   I don't know that it's wrong in the aggregate for a mailing

01:45:39   list, but I know that it's wrong on a personal level.

01:45:42   And even if they've disabled the reverse geo-tracking,

01:45:47   which they apparently have in response to Mike Davidson's

01:45:51   thing, it's still wrong to let somebody

01:45:54   know that they've read it.

01:45:55   Like, the real read receipts, when

01:45:57   you use the official email protocol read receipt,

01:46:01   is opt in, right?

01:46:02   It's like, same thing with iMessage, like real, like,

01:46:05   and that's the thing that my in-draft post on this

01:46:10   is emphasizing is how corrupt we've let email get

01:46:16   over the last two decades.

01:46:19   Because it clearly was never meant for this, right?

01:46:22   Like email was never, ever, ever meant for something

01:46:27   where when you read a message,

01:46:29   the person who sent it to you could tell

01:46:31   when you did it without your compliance in any way.

01:46:36   That is absolutely not within the spec,

01:46:38   it's not within the design,

01:46:40   but it is technically possible now that we've allowed

01:46:43   the message body of emails to be web browsers effectively.

01:46:47   It's a total inadvertent thing.

01:46:51   And that to me is sort of the bottom line of this story.

01:46:54   It's like I kinda get, I'm glad that Superhuman

01:46:58   acknowledged Mike's post, and they've taken some actions,

01:47:03   and they disabled the geotracking.

01:47:05   But my bigger takeaway is that every single major email client

01:47:10   has sort of dropped the ball on even allowing this.

01:47:13   It shouldn't even be possible.

01:47:15   And I'm not quite sure--

01:47:17   and I've been thinking about it for weeks now,

01:47:19   because it's a couple of weeks old.

01:47:21   I'm convinced, though, that there's

01:47:23   a way that every email client could make this not possible.

01:47:28   I'm not quite sure what it would be like because the traditional way of sending an email like in the old days was that email was

01:47:35   Just text it was just it was just like

01:47:37   You know like I message you just send a string of characters and that's the message and that's it. So there is no metadata

01:47:45   but even with inline attachments and yet you could say

01:47:50   You know if I sent you a picture, you know an email with two photos from my vacation and those photos are in the email

01:47:58   They're on your, you get the whole email.

01:48:03   It's on your device, whether it's your Mac or your phone or whatever.

01:48:07   The whole email is there including the attachment so that when you

01:48:12   view it, nothing on my side gets pinged.

01:48:15   Even if I send you an email and I, you know, the barn doors are

01:48:22   already open.

01:48:22   We've lost the war on rich text email with the server side images

01:48:27   and stuff like that, we're not going to be able to undo that.

01:48:31   You can't make an email client today that refuses to load remote images.

01:48:38   But I feel like there's got to be a way that clients can load those remote images in an

01:48:45   anonymous way.

01:48:47   Well, real quick, Jon, before you get a bunch of emails, I think I want to just point out

01:48:52   that in case it's not obvious,

01:48:55   the deal with those email companies

01:48:58   like MailChimp and Campaign Monitor,

01:49:00   it's not strictly aggregate.

01:49:02   They do let you go in and say--

01:49:04   - Yeah, yeah.

01:49:05   - So the--

01:49:06   - But I think that's what most people do though.

01:49:09   I do think, like wouldn't you say that,

01:49:11   like as you, as the red sweater software guy,

01:49:14   wouldn't you say your interest is mostly in the aggregate?

01:49:17   Again--

01:49:18   - Yes, but that's just like,

01:49:19   That just happens to be my personal attitude.

01:49:22   I don't give everybody that much credit.

01:49:25   In fact, I think that the mailing services,

01:49:28   it's part of their business proposition

01:49:32   that you can identify on a subscriber by subscriber basis.

01:49:37   You go into the consoles of these services

01:49:39   and they show you on a map where the person was

01:49:42   when they opened the email.

01:49:43   I mean, let's just not, it's just,

01:49:45   we can't really dance around it, it's creepy.

01:49:49   And so I think one of the interesting things about this

01:49:52   mail app doing it is that it makes all of these individuals

01:49:58   who use the app agents of this kind of creepiness,

01:50:02   whereas what we're used to is that

01:50:03   companies are creepy sometimes.

01:50:05   - Right.

01:50:06   - Right, and then suddenly now this app

01:50:08   has made individuals creepy.

01:50:10   And I think that's a good example.

01:50:11   Like you say, should you be able to email your ex-girlfriend

01:50:14   and then see when they open the email?

01:50:18   So anyway, I just want to get that out of the way,

01:50:20   make sure people know we know

01:50:22   that this is not strictly aggregate.

01:50:24   And I think-- - No, that's a good point.

01:50:28   - I think you're right though that

01:50:29   male clients could be doing something about this.

01:50:34   Let's give Apple a tiny bit of credit,

01:50:37   the fact that there is this feature

01:50:38   that you can turn off loading the remote content is good.

01:50:43   But getting back to all these things

01:50:46   that have been changing over the years

01:50:47   with Safari, for example,

01:50:48   we talked about not being able to click on a bookmarklet

01:50:51   anymore without a prompt coming up.

01:50:52   - Right.

01:50:53   - Where is all the attention?

01:50:55   Like what if they put as much attention into email security

01:50:59   as they did into Safari security?

01:51:01   - That is exactly what I think they should do.

01:51:05   I really do.

01:51:06   And I think the Safari team literally leads the industry

01:51:11   in protecting browser users' personal privacy.

01:51:15   But I really think that the mail.app team

01:51:18   needs either the same dose of privacy first vitamins,

01:51:26   or they should borrow people from the Safari team.

01:51:29   Because literally, the way that email privacy is being

01:51:33   violated is through web views.

01:51:37   Right.

01:51:38   Yeah.

01:51:39   And I really hope that it's sort of an eye opener.

01:51:43   That's the gist of the post that I've mostly done writing.

01:51:47   But I really, I think it's overdue and I don't blame them for overlooking it because I feel

01:51:54   like they're mostly comprised of people like me who just, you just don't think of that.

01:52:02   You don't think of how are people violating your privacy through email, right?

01:52:08   You just, you know, you're thinking, how do I reliably and efficiently download and sync

01:52:17   these IMAP mailboxes between devices?

01:52:22   You're not really thinking about that because you're not a shit bird who's trying to violate

01:52:27   people's privacy.

01:52:28   But the truth is people are using email to violate privacy.

01:52:33   And so, to me, that's the bottom line is it doesn't even matter what superhuman does

01:52:38   or says they're going to do.

01:52:39   The bottom line is that the major email client makers

01:52:42   should make it impossible for that to happen.

01:52:45   And they should just cut it off,

01:52:46   just make it so that nobody can tell

01:52:50   when or if you've ever opened an email.

01:52:53   And I'm telling you, when I talk to people in my family,

01:52:58   my wife and a couple of other people,

01:53:01   and ask them if they thought it was possible

01:53:03   that somebody, when they sent you an email,

01:53:05   could tell when or if you read it,

01:53:08   You know, they're like, no, of course not.

01:53:11   And I'm like, yeah, actually, depending on how they'd said it, yeah, they could totally

01:53:14   do it with an invisible tracking pixel.

01:53:16   And they're appalled.

01:53:17   They are absolutely shocked.

01:53:19   And the other really big tell to me is that every major messaging platform in the last

01:53:26   20 years after email, nobody has ever made that possible.

01:53:31   Like that's not possible in iMessage.

01:53:33   It's not possible in WhatsApp.

01:53:35   It's not possible and these other things, you know, like iMessage has read receipts,

01:53:42   but it is a total opt.

01:53:43   It's off by default and you have to turn it on and therefore you're allowing people to

01:53:48   say, okay, they can tell that you read it, but it doesn't say when, it doesn't say where,

01:53:54   it just says read and that's and it's opt in.

01:53:58   The fact that with the email that they've built this system where you have no opt in

01:54:05   and it reveals all this information about you, it's absolutely appalling. And any kind

01:54:10   of defense of it is, to me, dishonest because everybody knows that is not how email was

01:54:17   designed. The clear design of the system from the early 90s or late 80s, whenever email,

01:54:25   as we know it, was invented, clearly did not involve involuntary read receipts.

01:54:30   No. I'd say it's an interesting example because you can almost imagine Apple trying to wait

01:54:35   out this being an issue. Like if you imagined at one point 10 years ago that iMessage is

01:54:42   going to prevail or something, people aren't going to be using email anymore, then you

01:54:47   might just say, "Well, that's just a legacy technology." But it's clearly not... It doesn't

01:54:52   show any sign of just disappearing. And it does seem like it would be such a great WWDC

01:55:00   keynote message to be like,

01:55:03   also we made mail finally respect your privacy.

01:55:07   And an example that came to mind,

01:55:10   it's kind of along the lines of this whole system

01:55:12   they have in place where you can do things like send,

01:55:15   you can send large files to people

01:55:17   and Apple basically hosts it temporarily.

01:55:19   So imagine if Apple had a system where

01:55:23   they could securely send a hash of a URL

01:55:28   to Apple servers or something, and then, I don't know,

01:55:32   something, something, and they can decide,

01:55:34   does this look like a unique URL or not, right?

01:55:38   Like imagine if there's a feature in Mail where you say,

01:55:41   like right now I have this load remote content thing

01:55:43   I have to click for every Mail message,

01:55:45   but if I could just say,

01:55:46   Mail, it's okay for you to load any resource

01:55:50   that doesn't look like it has a tracking ID in it for me,

01:55:54   and then furthermore, it could like,

01:55:58   it could load that resource from Apple's servers.

01:56:01   You know, 'cause I kinda sorta like

01:56:02   trampoline it through Apple.

01:56:04   And so then I could get that,

01:56:05   that satisfied the promise of email

01:56:08   as a conveyance of text and images and layout information,

01:56:13   but the distributor of that information

01:56:16   doesn't have any idea who asked for it.

01:56:19   - I've been thinking about this a lot, all month long,

01:56:23   ever since Mike started writing about it.

01:56:25   Because my first thought Mike wrote to me--

01:56:28   and he's a longtime friend, and he sent me

01:56:30   an early draft of his first post.

01:56:32   And he was like, I'm not even sure I'm going to publish this.

01:56:35   And I read it, and I sent him a couple of typos,

01:56:38   like just copy editing things.

01:56:40   But I was like, overall, I was like,

01:56:41   you've got to publish this, because this is dynamite.

01:56:44   This is going to blow up.

01:56:45   And I don't want to say I was right, but I was right.

01:56:50   It blew up, and it was huge.

01:56:54   But the second thought, the first thought I had was, you know what, when you put it

01:56:59   in these terms, like I always, I knew this was possible, but when you put it in these

01:57:04   terms and you show me like screenshots of what superhuman shows people about like where

01:57:10   and when people see these emails, I was like, this is explosive.

01:57:14   People are gonna, people are gonna be irate.

01:57:16   But the second thought I had was email clients should defend against this.

01:57:21   It's it, this, we could beat this.

01:57:24   I know that there's a way to do it.

01:57:26   But the thing I've been thinking about all month

01:57:28   is I'm not 100% sure whether it should be at the email client

01:57:33   end or at the email provider end.

01:57:36   In other words, if Apple was going to defend against this,

01:57:39   should it be in mail.app or should it be on iCloud

01:57:44   so that your Mac.com account does what you're saying?

01:57:49   Read the email, load all of the remote resources,

01:57:54   and store them on iCloud.com or Mac.com, whatever your domain is for your email,

01:58:02   and then let you download them once from there, but then you're not hitting them directly,

01:58:08   so they never really know whether you read it or not. And then if you read the email again,

01:58:14   it's all locally cached. On the one hand, I think it would be easier to do it.

01:58:22   I definitely think it would be easier to do it from the server side and have the

01:58:26   the your your imap provider do it on their side but on the other hand

01:58:34   if they don't do it at the client side you're not defended if you're not using their their email

01:58:42   service right and so in other words if daring fireball.net isn't hosted by somebody who supports

01:58:51   defending against this, should the client still help me out?

01:58:56   And, you know, and that's the way that that to me is the way

01:58:59   that Safari team has as tackled stuff to their credit,

01:59:03   is that the Safari team is like, we don't care what websites do,

01:59:07   what they comply with, if they comply with GDPR or best practices or whatever

01:59:11   we're going to if you use Safari as your Web browser,

01:59:15   we are going to protect your privacy.

01:59:17   And I kind of feel like that's what the mail that app team should do.

01:59:21   I think this is a great example of Apple having its sort of benevolent, user-focused protection

01:59:28   stuff as part of their DNA come up against now this whole, like, we keep seeing it again

01:59:35   and again, like, what's the next service Apple's going to provide?

01:59:38   If you think about it through that sort of lens, it's a natural if Apple said, "Okay,

01:59:43   now we have Mail Plus," or whatever.

01:59:44   Yes.

01:59:45   Yeah.

01:59:46   Totally.

01:59:47   It's a little bit of a situation where if Apple wasn't on this run of trying to add

01:59:51   new services all the time with the...

01:59:54   It plays well into the idea that your mail hosting would maybe eat into your iCloud quota

02:00:02   and all that stuff.

02:00:04   It definitely seems like there are some challenges to any kind of even temporary hosting of arbitrary

02:00:10   users' email images or whatever.

02:00:15   So I don't know, I think you're right that earlier when you were saying they should get

02:00:20   the same kind of attitude as the WebKit team or Safari team, it almost just seems like

02:00:26   literally the Safari team should take over the mail view component for the Web view version

02:00:35   of mail.

02:00:36   Right.

02:00:37   And again, the argument over whether email should be a Web view or not, that we've lost

02:00:41   that.

02:00:42   I mean, there's no use arguing over that anymore.

02:00:44   You can't ship a modern email client that only renders email as plain text.

02:00:49   I think that's the way it should have been.

02:00:51   I think it should have stayed that way, but that argument is decades old lost.

02:00:57   Let's be practical and admit that people get email, they want it to look the way the email

02:01:02   is supposed to look, which is a rich graphical view, but I think there's numerous ways that

02:01:08   it could be done anonymously.

02:01:12   I really think it's important.

02:01:13   I think that that's the thing that this superhuman thing has exposed to me.

02:01:17   It's nothing to do with superhuman in particular, but the fact that our modern view of email

02:01:24   as a web view really needs to be protected and tightened up and we're sort of doing it

02:01:30   open kimono style right now.

02:01:32   And just thinking about that a little bit more, actually, maybe if we step back, this

02:01:37   This problem applies to people who use Gmail, whatever, on the web, the web browser stuff.

02:01:42   Absolutely.

02:01:43   So if you look at it from that perspective, maybe it's not that mail needs to hand over

02:01:48   the mail view to the WebKit team, but maybe it's that Safari, the WebKit team, need to

02:01:54   solve this across the board.

02:01:57   Maybe there's some kind of proxying service that protects you regardless of where you

02:02:02   load your web content.

02:02:05   That's the kind of thing.

02:02:06   I could see Apple doing.

02:02:09   And I don't know how practical it is,

02:02:10   but wouldn't it be great if they could solve this,

02:02:13   not just in mail.app, but in all mail apps,

02:02:17   and on the web, just by some kind of clever web-based thing?

02:02:21   - Well, and it's the sort of thing

02:02:23   that I could definitely see Apple doing.

02:02:25   I can definitely see that I know that there are people

02:02:28   at Apple who would love to tackle the problem.

02:02:31   That's the thing.

02:02:32   Isn't that the best type of programming problem

02:02:35   is one that you want to tackle.

02:02:36   You know, you're like, oh, that mountain of shit,

02:02:40   I would love to get rid of that, right?

02:02:42   You know what I mean?

02:02:44   I would love, you know that there are people at Apple

02:02:47   who would love to fix this.

02:02:50   And so I really hope that it's opened their eyes to it,

02:02:53   like, hey, you know what?

02:02:54   We've kind of had our eyes closed to this

02:02:56   just because we never really thought about it,

02:02:58   but this is the sort of thing we could fix.

02:03:00   I can't even list.

02:03:03   I mean, it's an arm's length, the number of things

02:03:07   that the WebKit/Safari team has fixed over the last five years

02:03:12   since they've really, really gone nose to the grindstone

02:03:17   on these privacy issues.

02:03:19   And they're just amazing problems.

02:03:22   And they've fixed them one after another after another.

02:03:25   And they just keep coming.

02:03:26   And I really think, though, that this

02:03:29   This is the first one that really breaks out

02:03:34   of the web browser itself.

02:03:36   - Well yeah, it's a good example of a problem,

02:03:39   a set of problems that are technical challenges

02:03:41   and they are, so they have the gratification

02:03:44   of solving a technical challenge,

02:03:45   but also the gratification of providing a public good.

02:03:48   And that's I think-- - And doing, yeah.

02:03:50   Doing the right thing, right.

02:03:51   Daniel, I really appreciate your time.

02:03:55   I hope you enjoy the rest of the summer.

02:03:58   Everybody can hear the dulcet tones of your wonderful voice

02:04:02   on your regular podcast with our mutual friend,

02:04:06   Manton Reese, on Core Intuition,

02:04:09   which you could probably, right?

02:04:11   - Yeah, that's it, Core Intuition.

02:04:13   - Oh my God, I got it right.

02:04:14   - You got it right.

02:04:15   - You could just search for that

02:04:16   in whatever your favorite podcast app is,

02:04:19   it'll be the number one hit.

02:04:20   Manton is a fine individual.

02:04:23   - Yes, he is.

02:04:25   How often do you guys publish episodes of Core Intuition?

02:04:29   - We're pretty regular pretty much every week.

02:04:31   - Every week.

02:04:32   - Not so regular on the exact day of the week,

02:04:34   but pretty much 52, we probably do 50 episodes a year.

02:04:38   - Yeah, so do I.

02:04:39   - Yeah.

02:04:39   (laughing)

02:04:41   My give or take.

02:04:42   - Give or take 20 episodes.

02:04:45   Also, I mean I don't even know where to get to.

02:04:50   - I don't know.

02:04:51   - You got Bit Splitting.

02:04:53   - Yep.

02:04:54   great blog that you post with technical stuff. You've got, what's your

02:04:59   Twitter? Your Twitter is Daniel Punk ass. Three things that go great together.

02:05:06   Yeah, well no it's a very aptly named Twitter account. But that'll get people

02:05:13   started if they want more. They want to learn more. That's a great place

02:05:16   to find out. Basically as John mentioned, Red Sweater Software is my

02:05:21   main jam. Mars Edit is the app I have been mostly working on over the past 10

02:05:28   years and then... That's the blog editor. You've also got Black Ink, which

02:05:33   is your crossword app, which is a lot of fun. I've gotten more into crosswords as

02:05:38   I've gotten older, I have to say. That's good. Keeps your brain young. It does a

02:05:43   little bit and you know what? I feel like the older you are, the better you are

02:05:48   are at getting some obscure references. When I was young, I always found crosswords very

02:05:53   frustrating because they'd give me references and I was like, "How am I supposed to know

02:05:58   that? That's from the '70s."

02:06:00   Well, I'll tell you what. I think we have a little cheat, which is that particularly

02:06:03   if you're doing the New York Times crossword, it helps that the New York Times crossword

02:06:07   editor is also old.

02:06:09   Will Short.

02:06:10   Yeah, Will Short. One of these days, they're going to replace Will Short's and it's going

02:06:15   to be like...

02:06:16   With somebody young and we're all gonna be screwed.

02:06:19   - We're gonna be like, Mariah who?

02:06:21   - What?

02:06:22   (laughing)

02:06:24   Absolutely, yeah, I think that's absolutely,

02:06:26   I think that's the key to my increased

02:06:29   enjoyment of crosswords in recent years is that now,

02:06:33   I'm like prime demographic for all of the obscure clues.

02:06:38   But anyway, thank you Daniel, I really appreciate it

02:06:42   and have a good rest of your summer.

02:06:44   Thanks, you too. Try to keep cool down there. It's kind of cooling off now finally here.

02:06:49   It's only 80 degrees but hopefully we'll continue that trend. Thanks so much,

02:06:53   John, for having me on the show. I hope you built a nice sandwich for me.