The Talk Show

351: ‘Here You Go, Cheapskate’, With Rene Ritchie


00:00:00   I still have lots of WWDC stuff to talk about.

00:00:02   And I was thinking one thing I didn't talk about

00:00:04   was what was the plan B if it had rained in Cupertino?

00:00:09   And I actually asked some people from Apple.

00:00:11   I got to speak to a couple of people

00:00:14   who were involved in setting up the big day

00:00:17   or whatever, the special day.

00:00:19   And what if it rained?

00:00:23   The plan was more or less a shrug.

00:00:25   It was, let's hope it doesn't rain.

00:00:29   And apparently it did rain just a couple of days

00:00:32   before the keynote.

00:00:33   - So there's a running joke that whenever I come

00:00:36   to Cupertino it rains, and they always say

00:00:38   it's because of the Canadian low pressure system

00:00:39   that I'm bringing with me.

00:00:41   But I woke up in Cupertino and it was raining that morning.

00:00:44   It had been raining.

00:00:45   - Yeah, what day did you get there?

00:00:47   Was it Saturday?

00:00:48   - Yeah, I got there Saturday.

00:00:49   - See, I got there Saturday but very, very late

00:00:52   so I didn't see the remnants of it.

00:00:53   But yeah, that's what I heard, that it was,

00:00:55   within 48 hours it would have been blah.

00:00:58   I don't know if that would have been,

00:00:59   I guess that would have been worse,

00:01:00   but they would have made me leave.

00:01:01   - That's what would have happened.

00:01:02   - I did see you there and it was good to see you

00:01:04   and I'll say the same thing I said to Jason.

00:01:05   My God, it was good to see you.

00:01:07   Now, with you it is a little bit of a cheat move

00:01:09   because I did see you just a couple months ago

00:01:12   in New York briefly.

00:01:14   We had like what, a cup of coffee or something like that?

00:01:16   - Yeah, a cocktail or two.

00:01:17   - But still, good to see you.

00:01:19   Did you have a seat in the sun for that,

00:01:21   for the big show, for the keynote?

00:01:23   - No, so I'm usually very, again, Canadian, follow orders,

00:01:26   but I looked and I said, I just asked one of our

00:01:29   mutual friends, can I go sit in the back in the shade?

00:01:31   They said yes, and then I started moving

00:01:33   and then props to him, Neeley was like,

00:01:35   that's the pro move, and just like went right behind me

00:01:38   into the shade.

00:01:39   - We sat in the shade, Panzareno and Ben Thompson and I,

00:01:42   just because we were hot and it was 'cause we weren't late,

00:01:45   but we had to walk from, we took the visitor center tour

00:01:49   and it was across the street and it's, you know,

00:01:52   just a bit of walking in the sun and then we, you know,

00:01:55   we got some coffee and water and stuff,

00:01:58   and so we had just been walking for 15 minutes

00:02:01   in the hot sun, so we were a little hot,

00:02:02   and we're like, eh, let's sit in the shade, cool off,

00:02:04   and then we realized what a stroke of inadvertent genius

00:02:08   it was because it really wasn't about the temperature,

00:02:11   it was people, people actually took a bad sunburn.

00:02:14   - Sam, one of the YouTubers who was there,

00:02:16   very, very fair-skinned, looked fluorescent product red

00:02:19   at the end of that session.

00:02:21   - It was a nice day, I don't know what they could do about it

00:02:24   and it was unusually, the sun was unusually fierce

00:02:27   for Cupertino, I mean, it's, as everybody knows,

00:02:30   it is a running joke that as much as Apple's weather app

00:02:34   has always been interesting and overall very good,

00:02:38   anything weather-related from Apple tends to have

00:02:40   a severe Silicon Valley bias where the assumption is

00:02:45   it's probably, no matter what day of the calendar,

00:02:48   speaking of matching temperatures,

00:02:50   it's probably around 71 degrees and partly sunny.

00:02:54   - Yeah, with a very close--

00:02:56   - To their credit though, they did put sunscreen

00:02:58   and a hat in every bag.

00:02:59   - Keels! - So as not to use them.

00:03:01   - It was keels, which is very expensive premium sunscreen

00:03:04   and I was only packing a carry-on and it was big,

00:03:08   it was like, I don't know, like eight ounces,

00:03:11   so way too big to take in a carry-on,

00:03:12   so I had to give it away to a,

00:03:14   actually forget who I gave it to,

00:03:16   but I found a fair-skinned friend who was like,

00:03:17   yes, I will take it, and I was like, enjoy.

00:03:21   - Absolutely, at least they thought of it,

00:03:23   I thought that was nice.

00:03:25   - Anyway, we got lots to talk about still from WWDC.

00:03:28   - But the weirdest thing for me, if I could just interject,

00:03:30   the weirdest thing for me is that they said

00:03:32   that you had to test negative every day to get in,

00:03:35   but they didn't, like, I couldn't find

00:03:37   an established protocol, so I ended up just taking a selfie

00:03:39   of me with my negative test result

00:03:41   and then sending them all the information every morning,

00:03:45   so some poor jerk at Apple or Health had to look

00:03:49   at a dumb picture of me every morning with my desk.

00:03:51   - Didn't you have the, for the media pass,

00:03:53   didn't you have like a, it was like a portal

00:03:55   you had to go through. - Yes, yeah.

00:03:57   - Yeah, so, but that wasn't-- - I just uploaded that.

00:04:00   - Yeah, it was flaky, though, it didn't work for me

00:04:02   on Sunday night, which worried me,

00:04:06   because the keynote was Monday morning,

00:04:08   and so what I did, I think I told you this

00:04:11   when we got into each other, I wasn't sure what to do,

00:04:15   it kept saying my picture, it was like,

00:04:18   Apple gave us in the media, like, here, click this link

00:04:21   and submit a photo of your test, and I think the,

00:04:26   it's a little bit more than the honor system, I guess,

00:04:29   I actually don't know how this portal works,

00:04:31   but if you ever take a COVID test, you'll notice,

00:04:35   I get, you know, just a consumer, buy it in the drug store,

00:04:38   take it at home COVID test, they all have little QR codes

00:04:41   on them, and so each test has a unique identifier,

00:04:44   so I, you know, I think it's some kind of checking,

00:04:47   like, hey, is this a test that has ever been entered

00:04:50   into one of these systems before, to prevent somebody

00:04:53   from just loading a rando negative test from the internet

00:04:58   or sharing it or reusing the same test from the day before

00:05:01   and uploading it, presumably they're actually looking

00:05:05   at the QR code and checking that it's a unique test

00:05:08   that's never been submitted as negative before, I don't know.

00:05:11   But whatever, mine was a unique test

00:05:14   that no one had ever used, it was a legit negative test

00:05:16   that I had a photo of, and the system just kept saying,

00:05:19   it's, the error message could not have been less helpful,

00:05:23   it was, it didn't say what was wrong with it,

00:05:26   it just said this can't be accepted.

00:05:28   So what I did on Monday morning to go to the keynote,

00:05:31   it actually, I tried it from my phone instead of my Mac,

00:05:34   number one, Monday morning, and it did go through,

00:05:37   but I didn't get a green check mark, I got a yellow one

00:05:40   that said, okay, we accepted your photo,

00:05:43   but it didn't mean that they put me in the green lights.

00:05:47   So what I did is I just took my test with me,

00:05:49   I put it in my laptop bag, and it's the, what's the brand?

00:05:53   Binax, I don't know, do you guys have

00:05:55   the same brand in Canada?

00:05:56   - No, I don't know what mine is.

00:05:59   - It's the one from Abbott's, people in the US know it,

00:06:02   it's like a purple box.

00:06:04   - Yeah, mine's the same.

00:06:05   - But the way that they work, and I bet a lot of people

00:06:08   listening have taken these, 'cause I mean,

00:06:09   it seems like that's part of our 2022 shared experience

00:06:13   is taking a lot of these COVID tests.

00:06:15   With the Binax one, you have this long swab

00:06:20   that you run around inside your nostrils.

00:06:22   All right, gross, right?

00:06:23   But then you put it in the cardboard test, fold it shut,

00:06:28   and there's a bit of adhesive, so the gross part

00:06:30   that's been up your nose is at least sort of

00:06:33   locked into a little cardboard thing.

00:06:35   So I didn't feel too gross about carrying around

00:06:38   a cotton swab that had been up both my nostrils

00:06:41   for 30 seconds, but it ended up not needing it.

00:06:44   My only issue is that you had to wait

00:06:46   till after 24 hours each time, so it got later in the day.

00:06:49   - Yeah, yeah. - Every day, it was there.

00:06:51   - Yeah, and it sounds to me, again, I don't blame Apple

00:06:55   at all for requiring a negative test and for partnering

00:06:58   with this, you know, somebody to do it.

00:07:00   I think overall, everything they did to make it

00:07:04   as COVID safe as they could, you know, with as much stuff

00:07:09   being outside as possible, the whole cafeteria

00:07:11   having the doors open and the mask requirement.

00:07:15   I mean, I roll my eyes at the mask requirement, frankly,

00:07:17   but I realize, though, if they're gonna err

00:07:19   on one side or the other, I can't blame Apple for doing it,

00:07:22   especially outside with masks.

00:07:24   It's like, I'm like, what's the point?

00:07:28   But anyway, I don't blame 'em, but I know from talking

00:07:30   to people that Apple was not happy with the functionality

00:07:32   of the site, and the 24-hour thing was definitely weird.

00:07:35   I get it that you wanna take it once a day,

00:07:37   but if you submitted it at 8 a.m. the day before,

00:07:40   submitting it at 759 a.m. the next day should work.

00:07:44   - I mean, like, to their credit, I didn't see anyone

00:07:48   get sick at WWDC, and I saw everyone get sick at VidCon,

00:07:52   so Apple did something right.

00:07:53   - Yeah, that's interesting.

00:07:55   What I've noticed, and again, I just think it is such

00:07:58   a weird disease, and I know that these current variants

00:08:00   are super contagious, and luckily, everybody who's fully

00:08:03   vaxxed and boosted seems to just, you know, suffer like

00:08:06   a mid to, you know, low to mid cold symptoms for a couple

00:08:10   of days, but it doesn't, I don't know, I know a lot of people

00:08:15   who went to WWDC, I don't know anybody who got COVID there,

00:08:18   so that's great, but I do know lots of people,

00:08:22   especially like people over Twitter and stuff,

00:08:24   who've gotten COVID in the last 10 to 12 weeks,

00:08:28   and all the people I know who got it didn't do anything

00:08:32   risky, you know, they didn't, it wasn't like, oh, I went

00:08:34   to Vegas, or I went to, I don't know, a convention,

00:08:39   or something like that, it's all people who were like,

00:08:42   yeah, I was kind of mostly just staying home,

00:08:45   somehow I got it.

00:08:47   - So for me, it's the people who went to like the YouTuber

00:08:48   boxing event in Florida, or now VidCon, so it's like,

00:08:51   just avoid groups of wild YouTubers, and you'll probably

00:08:54   be fine.

00:08:55   - Yeah, boxing, anything where people are screaming inside

00:08:58   seems like a bad, you know, from what I know about how

00:09:00   it spreads, I would say screaming or yelling indoors

00:09:03   would probably stay away.

00:09:05   - Yep, but anyway, I don't know, somehow I've avoided it,

00:09:07   I don't attribute this to anything other than really

00:09:11   dumb luck and whatever advantage being fully vaxed gets,

00:09:15   but--

00:09:15   - Same, but except the funny thing for me was that at VidCon

00:09:18   nobody wore a mask except for the Canadians,

00:09:19   whenever I was, like I was wearing one because,

00:09:22   like it's like Transport Canada still mandates them,

00:09:24   so the minute you get into the airport you're wearing

00:09:25   a mask, and then I just continued it through the indoor

00:09:27   activities and I saw someone else like, yep, Canadian, ha!

00:09:31   And we all left fine.

00:09:32   - Yeah, it's--

00:09:33   (laughing)

00:09:35   - What kind of a, VidCon's huge, right?

00:09:37   I mean, so it's like--

00:09:39   - The Anaheim Convention Center.

00:09:40   - And that's just like a typical big, super big--

00:09:43   - Like a Moscone event basically.

00:09:45   - Yeah, like a Moscone type thing.

00:09:47   - Yeah, I mean, and you know, there's, I'm sure, you know,

00:09:50   and again, I don't wanna--

00:09:51   - But with fans, like it's a fan event, so like,

00:09:52   maybe more like Macworld, like back in the day.

00:09:55   - Yeah, that's probably a good analogy, but you know,

00:09:57   not surprised that people got it, but it's, you know,

00:10:00   it's gonna happen, but yeah.

00:10:01   - I'm gonna go down swinging though, Jon.

00:10:02   I'm gonna go down swinging.

00:10:04   - I would probably, I would wear a mask

00:10:06   in a convention center.

00:10:08   - Yeah, with a, but yeah, well, it was just jam packed.

00:10:10   I was just, whatever, I'm happy, I'm safe,

00:10:13   and I'll just keep, I'll keep trying to stay that way.

00:10:16   - All right, let me just take a break

00:10:18   before we get into the show and I'll knock one

00:10:19   of the sponsors out of the way,

00:10:20   and that's our good friends at Squarespace.

00:10:23   Oh man, the all-in-one platform for building your brand

00:10:27   and website online.

00:10:29   You can stand out with your own beautiful website,

00:10:32   customized to look just the way you like it with your brand,

00:10:35   engage with your audience, and sell anything.

00:10:39   Your products, the content you create, even your time.

00:10:41   Squarespace truly has all of these things.

00:10:44   They have great built-in analytics, absolutely great,

00:10:48   just super clear, all the information you could need

00:10:51   to know about who's coming to your website from where,

00:10:54   what are they looking at, what parts of your website

00:10:57   are high traffic, which parts are low traffic,

00:10:59   which things are getting clicked, which things aren't.

00:11:02   You can see it all in our analytics.

00:11:04   Online stores, you need an online store.

00:11:06   Squarespace has it all built in.

00:11:08   You can sell your products.

00:11:09   Whether you sell physical goods or digital products,

00:11:12   Squarespace has everything you need to start selling online,

00:11:16   right up to the point where it takes the credit cards

00:11:18   and stuff like that, everything.

00:11:20   One more thing, email campaigns.

00:11:22   You can stand out in any inbox

00:11:24   with Squarespace's email campaigns.

00:11:27   You can collect email subscribers,

00:11:29   convert them into loyal customers.

00:11:30   You start with an email template, customize it

00:11:33   by applying your brand, site colors, logo, stuff like that,

00:11:37   and you get analytics for that too,

00:11:38   to measure the impact of every email you send.

00:11:42   Head to squarespace.com/talkshow, just slash talk show.

00:11:46   You get a free trial at that URL, 30 days,

00:11:49   no questions asked, no limits, no watermark

00:11:53   on the site you set up.

00:11:54   It's the real deal for 30 days,

00:11:56   and then when you're ready to launch,

00:11:58   use that same offer code, talk show, T-I-L-K-S-H-O-W,

00:12:01   and by doing that, you will save 10%

00:12:04   off your first purchase.

00:12:05   My thanks to Squarespace.

00:12:06   Go to squarespace.com/talkshow.

00:12:08   Before we go back to WWDC, I've been writing about,

00:12:12   more or less prompted by last week's news

00:12:14   here in the United States

00:12:15   that the Supreme Court overturned Roe v. Wade,

00:12:17   and as all of a sudden, in up to 26 states here,

00:12:21   abortion is criminalized or severely limited,

00:12:26   and a lot of women and other people are deeply concerned

00:12:30   about the sort of tracking that can happen

00:12:34   with their phones with regard to reproductive healthcare

00:12:37   and stuff like that.

00:12:38   And it's just general, something good to know in general,

00:12:41   so I posted the other day,

00:12:42   I reiterated something I've posted before,

00:12:44   but never quite as the main thrust of a post to sort of,

00:12:49   I mean, honestly, I know SEO can be a dirty word,

00:12:52   but it's sort of my attempt at SEO at Daring Fireball,

00:12:54   like, let me write the post with the headline

00:12:58   that people can, if they're searching for it on Google

00:13:01   or DuckDuckGo or whatever else they search the web for,

00:13:04   we'll hopefully lead them there.

00:13:06   How to hard lock your iOS device,

00:13:10   meaning how to put your,

00:13:14   that's just, I'll just say iPhone,

00:13:16   but everything here definitely applies to iPad

00:13:18   and iPod touches, but that's a past tense product.

00:13:22   But how do you put your iPhone into a state

00:13:24   where Face ID or Touch ID no longer lets you into the phone

00:13:28   and you have to put your passcode in?

00:13:32   And one way everybody knows to do this

00:13:34   is if your device restarts,

00:13:35   like you turn it all the way off, turn it back on,

00:13:38   or a lot of people run into it,

00:13:41   maybe only run into it when they do a software update,

00:13:43   which of course necessitates a restart,

00:13:45   and everybody knows when you restart your phone,

00:13:48   you have to enter the code.

00:13:50   You can't just log in with Touch ID or Face ID.

00:13:53   Why would you wanna do this to secure your device?

00:13:55   Because, and bizarrely, coincidental with me writing this

00:14:00   in the light of people's concerns about privacy,

00:14:05   device privacy, health data privacy

00:14:08   regarding the abortion ruling here in the US,

00:14:11   in an unrelated thing, one of Trump's lawyers

00:14:16   was out to eat one of these inserts,

00:14:18   this John Eastman who promoted a bunch of, I think,

00:14:22   which is why the FBI greeted him after dinner,

00:14:26   a lot of illegal legal advice to Trump

00:14:29   about what he could do about the 2020 election.

00:14:32   And they took his phone from his belt holster

00:14:37   and required him, I guess, I think it was,

00:14:40   they said it was an iPhone 12,

00:14:42   so it would have been Face ID,

00:14:44   and then they used Face ID to get into his phone

00:14:46   and access his email.

00:14:47   For whatever reason, this is legal in the United States,

00:14:51   that law enforcement with a warrant or whatever,

00:14:54   I don't wanna get into the legal weeds on it,

00:14:56   but legally, law enforcement,

00:14:58   if they legally have the right to take your phone,

00:15:01   can legally require you to use Face ID

00:15:04   to unlock it biometrically,

00:15:06   and they can, if it's a Touch ID device,

00:15:10   can require you to provide your fingerprint.

00:15:13   - But even if they don't, like if you're incapacitated

00:15:15   or you're, people on airplanes are falling asleep

00:15:17   and other people have unlocked their phones

00:15:18   in with their fingers,

00:15:19   so it's always something to be careful about.

00:15:21   - Yeah, I've never, I've seen some stories about,

00:15:22   what I've seen is, one of those things,

00:15:25   like when they first announced Face ID

00:15:27   and people were like, "Well, what if blank blank?"

00:15:29   And one thing that, right as soon as they announced it,

00:15:32   where people were like, "What if you fall asleep

00:15:34   "and your kids know you have Face ID

00:15:36   "and they come up and try to unlock your phone

00:15:38   "while you're sleeping?"

00:15:39   And I've heard--

00:15:40   - It's harder 'cause you need your eyes,

00:15:41   but Touch ID works every time.

00:15:43   - Yeah, Touch ID works, but if you turn off attention,

00:15:47   I think it might work with your eyes closed.

00:15:49   So it's one reason that if,

00:15:52   unless you have some sort of accessibility need

00:15:55   to turn off the attention feature, you probably--

00:15:57   - Or those damn kids stick googly eyes on you

00:15:59   before they do it.

00:15:59   - I used to turn off the attention feature

00:16:01   'cause for a while I had sunglasses that didn't work

00:16:04   Face ID and turning off the attention feature would do it,

00:16:06   and I only have one kid and I trust him.

00:16:09   But anyway, again, it is an interesting legal distinction,

00:16:12   but also though, they are not allowed to compel you

00:16:17   to provide a password or passcode or passphrase,

00:16:20   whatever you want to do, which would be tricky anyway,

00:16:24   because if you imagine it, let's say they take your phone

00:16:26   and you have Face ID and you don't wanna let them in,

00:16:31   you can sit there and struggle,

00:16:32   but they can physically hold you down

00:16:35   and hold the phone in front of you.

00:16:36   You can keep your eyes closed,

00:16:37   but eventually you're gonna open them.

00:16:39   It's whereas--

00:16:41   - Hashtag not legal advice,

00:16:42   but they have physical rights to you.

00:16:44   They can fingerprint you, they can photograph you,

00:16:46   but they can't, you have the right not,

00:16:48   again, self-incrimination,

00:16:49   so they can't force you to say anything.

00:16:50   - Right, stuff that's in your brain,

00:16:53   you have the right to keep,

00:16:54   and things on your physical body you don't.

00:16:56   I think that's, as a legal argument or a moral,

00:17:00   what should the law be?

00:17:01   I think that's a whole separate discussion,

00:17:02   and I'm such a civil libertarian

00:17:06   that I would come down on the side of

00:17:08   that your biometrics should be as protected

00:17:11   as your passwords.

00:17:13   - I believe your phone should have the same protection

00:17:14   as a spouse because they contain everything about you

00:17:17   at this point.

00:17:17   They should have full spousal non-incrimination protection,

00:17:19   but that's how I roll, John.

00:17:21   - But regardless, that is the way the law is here in the US,

00:17:26   so it's worth knowing,

00:17:27   and even if the law were different,

00:17:30   you could certainly argue that if you thought your phone

00:17:34   were going to be in the hands of someone

00:17:36   you don't want it to be in,

00:17:37   you still might want it,

00:17:38   even if the law protected your biometrics,

00:17:40   you still might want to put it in a hard lock situation

00:17:44   just to prevent somebody who, an adversary,

00:17:47   whether it's a police officer or whether it's--

00:17:50   - You're crossing a border.

00:17:51   - Right, or it could be a thief, you know,

00:17:54   could be anybody, but if you, in theory,

00:17:56   I think it makes sense that an iPhone that is in a state

00:18:00   that requires your passkey is more secure

00:18:04   than one that requires your passkey or face ID or touch ID.

00:18:08   So how do you do it?

00:18:09   It's really easy on a modern iPhone.

00:18:12   You just squeeze the power button,

00:18:14   they call it the side button,

00:18:16   with either of the volume buttons,

00:18:18   or I guess both if you squeeze all three.

00:18:21   I actually didn't try that.

00:18:22   Yep, that'll work too.

00:18:23   So just remember that.

00:18:27   Squeeze the phone, side button, either volume button,

00:18:31   hold it, it takes, I said two seconds,

00:18:33   I actually think it's a little less than two seconds,

00:18:35   but call it two seconds.

00:18:36   You get a little bit of haptic feedback.

00:18:39   If, this is a weird thing, I didn't note this,

00:18:41   I have a follow-up to write,

00:18:42   but you don't get, a couple of people have said,

00:18:45   I don't get any haptic feedback.

00:18:47   Did, have you, do you know about this?

00:18:49   - No, I get it all the time, I hadn't even thought about it.

00:18:51   - So the haptic feedback for when you hard lock your phone

00:18:55   only occurs if you have, in settings,

00:19:02   sound and haptics, here is where I'm going through this,

00:19:06   sound and haptics vibrate on ring.

00:19:10   Not the, the vibrate on silent doesn't,

00:19:14   switch doesn't matter, but it's the top thing.

00:19:17   I would have never guessed that vibrate on ring

00:19:21   would affect the haptic feedback for locking your phone.

00:19:24   Not in a million years, but it,

00:19:25   I tracked it down with a couple of readers who,

00:19:29   you know, were like, I don't know why I'm getting haptics.

00:19:31   - That seems very strange to me.

00:19:32   I think you should always get haptic feedback

00:19:34   for this, did this thing.

00:19:37   One of the things that is really neat about this feature,

00:19:39   and I know for a fact it is deliberately designed this way,

00:19:43   is that you can do it while your phone is in your pocket,

00:19:46   without looking at it or your purse and--

00:19:49   - Behind your back, any of those things.

00:19:50   - Any of those things, if it's just in your hand,

00:19:53   down by your leg, you can do it

00:19:56   without looking at the screen,

00:19:57   so you don't draw attention to it.

00:19:59   And any, let's just say, copper, TSA agent,

00:20:02   who might consider it suspicious

00:20:05   that you're doing something at your phone

00:20:07   right before you're supposed to hand it over

00:20:09   or something like that, you can do it very surreptitiously.

00:20:12   - Yep.

00:20:12   - And then at that point, it is in a state

00:20:14   where it requires your passcode.

00:20:16   - For the nerdy reference,

00:20:17   most of us exist in Springboard,

00:20:19   where it just has all of our normal applications,

00:20:21   and when you do that, when you squeeze it like that,

00:20:23   it basically throws away the hardware encryption keys

00:20:26   and puts you back into pre-board.

00:20:27   And there is literally, that's why phone numbers

00:20:29   won't show where the person calling is.

00:20:31   It has no access to any of your information

00:20:33   until you put in the passcode or password,

00:20:35   which gets you out of pre-board

00:20:38   and back into the springboard, the unlocked springboard world.

00:20:40   - Yeah, and I know you had a video, like, two years ago,

00:20:44   something like that, where you--

00:20:44   - Yeah, the last time we went through this.

00:20:46   - So that's one of the reasons I'm so happy

00:20:48   to have you on the show, 'cause I know you know more

00:20:50   about this than I do, I think.

00:20:51   But every time I post about this,

00:20:53   I get lots and lots of comments like,

00:20:54   "Hey, I didn't know this, good to know."

00:20:56   And it's exactly why I've posted this multiple times,

00:21:00   why I'm talking about it now.

00:21:02   It is, like I wrote, I think I wrote the other day,

00:21:05   even if you're the sort of person who doesn't typically

00:21:08   share iPhone tips and tricks

00:21:11   with your extended friends and family,

00:21:12   this is one you should make an exception for.

00:21:16   And share it with your friends and family

00:21:18   as wide as you can.

00:21:20   A, the police can force you to use Face ID and Touch ID,

00:21:23   but cannot force you to reveal your passcode

00:21:25   and B, if you know this tip, you can very quickly,

00:21:29   surreptitiously put your iPhone

00:21:32   into a requires a passcode state.

00:21:34   - And even if it's not the police, if it's a bad actor

00:21:35   and you know they're gonna take your phone,

00:21:37   try to get into your accounts or something,

00:21:38   you can still lock it, like it's great.

00:21:40   Or you're going through a market, a public market

00:21:42   where you know there's a lot of pickpockets

00:21:44   and things around, it protects you everywhere.

00:21:46   - And I've heard stories about that too,

00:21:48   like where a pickpocket will take a phone

00:21:50   and then it's like you're in a moment,

00:21:51   you don't even know it happened

00:21:53   and they hold it up to your face or something like that.

00:21:55   I've heard about that, you know?

00:21:57   And it is, you know, it does seem,

00:21:58   and I don't know how apocryphal

00:22:00   some of those stories might be,

00:22:02   but it passes the sniff test, right?

00:22:05   Like it seems like something that could happen

00:22:07   and it would be easier than getting you to,

00:22:09   somehow getting your index finger on a Touch ID button.

00:22:12   So it's good to know.

00:22:13   - It's way easier than getting a long passcode

00:22:15   or like alphanumeric password put into the device.

00:22:17   - Yeah, if you have a Touch ID iPhone

00:22:20   and I think it's all a little different,

00:22:22   I think that you can, I think like with an iPhone SE,

00:22:25   the current SE, you could just hold the side button

00:22:28   for a couple seconds, that's all you have to do.

00:22:30   Anything, anything that brings up

00:22:32   the slide to power down screen will do it.

00:22:35   However you get to there on your iPhone,

00:22:38   I believe will do it.

00:22:40   There's also an older shortcut

00:22:41   where you quickly tap the side button five times.

00:22:46   - Yes.

00:22:47   - Which used to immediately, they've,

00:22:51   I know the word quietly gets overused,

00:22:54   not just in stories about Apple,

00:22:55   but in the media overall, right?

00:22:58   Anything that doesn't come with a press relief

00:23:00   can somehow get described as this company quietly did mic.

00:23:05   But it seems like Apple quietly changed

00:23:08   the way that feature worked,

00:23:09   where years ago at some point,

00:23:13   if you did the, quickly pressed the power button,

00:23:17   side button, whatever you wanna call it, five times,

00:23:20   it would immediately start playing like a,

00:23:22   for lack of a better term,

00:23:23   like a klaxon or a siren from your iPhone.

00:23:27   - Yeah, it goes into SOS mode.

00:23:28   - And within like three or four seconds

00:23:31   would place an emergency SOS phone call,

00:23:34   which in the US is 911.

00:23:36   What do you guys have in Canada?

00:23:37   What's-- - Same thing.

00:23:38   - 911, okay.

00:23:39   But I know around the world, the numbers are different,

00:23:40   but it'll, wherever you are, whatever locale you're in,

00:23:43   it will immediately do that.

00:23:45   It doesn't seem to do that anymore.

00:23:46   Like when I press mine five times,

00:23:48   it just does the same thing that holding the side button

00:23:53   and the volume button for a few seconds does.

00:23:55   It just puts me in to slide to power off.

00:23:57   - Now you just squeeze.

00:23:58   If you keep holding the squeeze down

00:24:00   for an extended period of time,

00:24:01   it'll do the alarm and then the 911.

00:24:02   - Yeah, and it doesn't place the phone call automatically

00:24:06   and I just did it right here.

00:24:08   And as you can tell from my audio,

00:24:10   it does not play a siren sound.

00:24:12   I feel like maybe that was deemed too,

00:24:15   people did it accidentally and all of a sudden,

00:24:17   all of a sudden their phone is making a terrible siren noise

00:24:20   and they're talking to someone on 911

00:24:23   and they didn't mean to do it.

00:24:25   I think this is-- - I heard about people in cars

00:24:27   when they had it in the car holder and it would slip down

00:24:29   and it'd suddenly be pressing,

00:24:30   then they're in the car and it scares the hell out of them.

00:24:32   - Yeah, and it could like, if it jiggles five times,

00:24:35   if it's slightly loose enough to push the button.

00:24:37   But anyway, it is easy to make the emergency SOS.

00:24:40   The other good thing about knowing this tip,

00:24:41   I didn't write about this,

00:24:42   but the other good thing about knowing this tip

00:24:45   of how to put your phone into this, there's four options,

00:24:49   slide to power off, medical ID, emergency SOS,

00:24:53   and then cancel.

00:24:54   But it's also good to know if you ever encounter somebody

00:24:57   who passes out or takes a bad fall, needs help,

00:25:00   and they have an iPhone, do the same thing on their iPhone

00:25:05   and you will get to the screen

00:25:06   and you can slide the medical ID thing over.

00:25:10   And if they've set up a medical ID,

00:25:14   here's what mine says, says I'm 49 years old,

00:25:16   I'm an organ donor, I have some drug allergies,

00:25:19   my blood type, my height and weight,

00:25:20   I don't know why they'd need that, but you know, it's there.

00:25:23   And it has also-- - And it has medication

00:25:24   they wanna-- - But it also has

00:25:26   the emergency contact of my wife.

00:25:28   So it's a good thing to know if you ever encounter

00:25:31   a complete stranger or somebody who's not a stranger,

00:25:33   a friend or a family member and they're incapacitated,

00:25:37   they have an iPhone, do the same thing.

00:25:39   Press and hold the side button and a volume button

00:25:41   on their iPhone and you'll get access to their medical ID.

00:25:46   Everybody who works in emergency services,

00:25:48   of course, knows this, so like paramedics

00:25:51   who come from an ambulance will know to do this,

00:25:53   but before they get there, you could do it yourself,

00:25:56   so it's good to know.

00:25:57   All right, so far, so good.

00:25:58   Here's some questions that have come up since I wrote this.

00:26:01   Here's the first one, and it's a big one.

00:26:03   What's the equivalent for a MacBook?

00:26:05   - Yeah, you just hold down the power button

00:26:08   for five seconds and kill it, and then it has to,

00:26:09   it goes into its equivalent of safe mode or private mode.

00:26:13   - Right, that's the short answer,

00:26:15   and the best thing I can come up with

00:26:17   is if you have a touch ID,

00:26:18   if your MacBook doesn't have touch ID, you're good,

00:26:22   because then if, as long as the lid is closed,

00:26:24   you're, it requires a password,

00:26:26   so you're in a, requires a password state.

00:26:29   But if your MacBook has touch ID, which at this point,

00:26:33   just about anybody who bought one

00:26:35   in the last couple of years does,

00:26:38   how do you put your Mac into a state

00:26:40   where it requires the password,

00:26:42   passphrase, whatever you wanna call it,

00:26:45   and doesn't unlock with touch ID?

00:26:48   If you press and hold that, the touch ID/power button,

00:26:52   for, I guess it is longer, 'cause it's so--

00:26:56   - I think it's five seconds.

00:26:57   - Yeah, but it's so detrimental to the overall experience.

00:27:01   You definitely don't want it to happen by accident,

00:27:02   but it affects, it shuts down the whole system.

00:27:06   - Yep.

00:27:08   - Which is very disruptive, right?

00:27:10   So part of my advice is that you should do this

00:27:13   with your phone, like just going through airport security,

00:27:17   or like here in the US now, they,

00:27:20   I know Major League Baseball requires it,

00:27:23   I think football does too, but lots of sporting events

00:27:26   and concerts require you to go through a magnetometer,

00:27:30   and you have to take your keys

00:27:32   and anything metal out of your pockets,

00:27:34   you have to take your phone out.

00:27:35   When you get separated from your phone,

00:27:37   even if it's just the rent-a-cops at a stadium,

00:27:40   I do this with my phone, you should do it with your phone.

00:27:43   - Same.

00:27:44   - But if you're going through the airport,

00:27:46   and you wanna do this with all of your devices you've packed

00:27:50   shutting down your Mac completely is a pain in the ass.

00:27:54   And as fast as even the Apple Silicon MacBooks are now,

00:27:58   and they really are fast, and they do boot up quicker,

00:28:01   the part that isn't quick and can't be made quicker

00:28:04   is restoring all of the state, right?

00:28:08   I've got tons of browser tabs open,

00:28:10   I've got easily a dozen apps open at a time,

00:28:14   and anybody who's listening to the show

00:28:16   knows what I'm talking about.

00:28:17   If you have to restart your Mac,

00:28:18   like to install a software update or whatever reason,

00:28:22   it's great, it is one of the great additions to macOS

00:28:26   over the last decade, the way that state restoration

00:28:30   is so seamless system-wide, and it's,

00:28:34   'cause I remember when it wasn't like this,

00:28:36   and it was such a, you had to manually restore everything.

00:28:40   If you wanted to shut down your Mac, you had to,

00:28:43   nothing came back, every time you logged back in,

00:28:46   you had nothing open, none of your documents,

00:28:48   none of your browser tabs, all of this stuff for me,

00:28:51   every app I use on a regular basis

00:28:52   just comes back to where it was,

00:28:54   even with untitled, unsaved changes to documents,

00:28:58   which is great, right?

00:29:00   Like the old way of doing it 10 or more years ago

00:29:03   was you'd go to restart and be like,

00:29:05   "Oh, do you wanna save the changes to this?"

00:29:07   "Save, don't save," whatever, and it's like, "Ah."

00:29:09   And then the other, every single app you have open,

00:29:12   anything unsaved is asking you,

00:29:13   "What do you wanna do with these unsaved changes?"

00:29:15   Took minutes.

00:29:17   Going through the airport, I don't want to go through

00:29:20   security with my Mac shut down,

00:29:22   and then if I have half an hour to burn

00:29:25   before boarding the flight,

00:29:27   and I wanna do something on my Mac,

00:29:28   I don't wanna wait five minutes for my Mac

00:29:31   to fully come back.

00:29:34   But I don't know what the better answer is.

00:29:36   - So I do it anyway, I put it in that state anyway,

00:29:38   and with Apple Silicon Macs, it comes back way faster.

00:29:41   I'm not like mutual friend Alex Lindsay level,

00:29:43   I don't do the kind of work he does,

00:29:44   so if his devices leave his physical eyeline,

00:29:48   he just abandons them and figures they're compromised.

00:29:50   Like someone has taken them to do something to them

00:29:52   and he can never touch them again.

00:29:54   I'm not that extreme, but I don't have the same clients,

00:29:56   so I don't have to be.

00:29:57   - Well, that is hardcore,

00:30:00   but I don't necessarily blame him, right?

00:30:02   - Yes.

00:30:03   Yes, well, 'cause you don't know what they put on it

00:30:06   or what they've done to it,

00:30:07   or if they've pulled everything off the phone at that point,

00:30:09   and you can't ever verify that it's safe again, so.

00:30:11   I get it, I'm just in the middle of paranoia.

00:30:13   - But what did, so what does he, I mean,

00:30:16   but to what degree does he mean lose sight?

00:30:19   The stuff does have to pass through the X-ray machine.

00:30:22   - Oh, if someone, if a state agent picks it up

00:30:24   and walks out of the room with it.

00:30:26   - Yeah, well, that's never happened to me,

00:30:28   but I would find it very suspicious if they did.

00:30:30   I do keep an eye on the conveyor belt

00:30:33   coming out of the X-ray machine.

00:30:34   And I'm not worried about the TSA agent so much

00:30:37   as somebody just in a, you know,

00:30:39   either a thief or somebody accidentally

00:30:41   just taking the wrong tray or whatever.

00:30:43   It always, it's always very, even with TSA pre-check,

00:30:47   it is so chaotic, and I'm always super stressed,

00:30:50   like, what do I need?

00:30:51   What do I, do I need my belt?

00:30:53   What the hell's missing?

00:30:54   What am I missing?

00:30:55   I find it very stressful, but.

00:30:56   - And like, we're not the kind of people

00:30:58   that a state agent would burn a million dollar undisclosed

00:31:00   zero-day vulnerability on, so I don't worry that much.

00:31:03   - The other thing I can think of for a MacBook is,

00:31:07   with Touch ID, is if you use the wrong finger,

00:31:12   I don't know, I'm not quite sure how many times,

00:31:14   I think it's like three or four.

00:31:16   If you do three or four fingerprints that don't take,

00:31:19   it puts it in that state.

00:31:21   - Yeah.

00:31:22   - And I think that's, I have never done this,

00:31:25   but I think that's what I'm going to do henceforth,

00:31:27   but that's the sort of thing that, unlike the phone,

00:31:31   you can't do it at the last second, right?

00:31:34   Like, you're in the TSA security line,

00:31:37   you're snaking through it, you've got a laptop bag

00:31:41   on your shoulder or your backpack,

00:31:43   you've got a carry-on, you're hauling behind you,

00:31:46   you've got your wallet and keys and your phone

00:31:50   in your pocket, and you've got to do something with them,

00:31:53   and for me, it's always like,

00:31:54   as I'm snaking through the line, it's like,

00:31:56   well, I don't want to put all this stuff

00:31:57   into one of their little trays.

00:31:59   I take my wallet and stuff out of my pockets,

00:32:03   put them in my laptop bag into little pockets inside the bag

00:32:07   so that all I have to do is remember to take the bag

00:32:10   and all my pocket stuff is in the bag.

00:32:12   That's a good time to squeeze your phone,

00:32:14   to put it in a locked state, put the phone somewhere

00:32:17   where, you know, I like to put it in my bag again

00:32:19   so that it's not just sitting out in a tray.

00:32:21   - Yeah, I do the same thing.

00:32:22   - One last thing that I have to remember is a separate,

00:32:25   pick it up on the other side of the X-ray machine,

00:32:27   but doing it with your Mac seems inconvenient, right?

00:32:30   What are you going to do?

00:32:31   Just take your entire MacBook out of your bag,

00:32:34   in line, open it, and start squeezing the power button?

00:32:38   I mean, you could do it.

00:32:39   It's not that, it just--

00:32:41   - Just before I leave, 'cause I'm not going to use,

00:32:42   from the time I leave my home to the time I go

00:32:44   through security, I'm not going to use it.

00:32:46   And also, ever since 2016, when they got the T2 chip,

00:32:49   which was just an S, an Apple, sorry, the T1 chip,

00:32:51   that's an Apple S2 watch chip,

00:32:53   and then the later version, the T2 chip, was an A10.

00:32:57   Now they have, whatever they like,

00:32:58   the M1 is the equivalent to the secure enclave on the A14,

00:33:01   and M2 is the one on the A15.

00:33:02   They work the same way as iOS devices.

00:33:05   So as long as you can get them

00:33:06   to throw out those hardware keys,

00:33:07   like your idea is even better.

00:33:08   Just do the touch ID wrong.

00:33:10   It's much less destructive.

00:33:11   You're safe.

00:33:12   There's no way to get into that.

00:33:13   - Right, that's what I think I'm going to do.

00:33:15   But what you said is what I'm going to add it to my,

00:33:19   before I leave home, checklist.

00:33:21   I keep, I just call it my pack list in Apple Notes

00:33:24   with everything I want to pack for any trip.

00:33:27   And then at the bottom is my things to remember

00:33:31   right as I go out the door.

00:33:33   And I'm going to add that to it,

00:33:35   which is to put my MacBook into this state.

00:33:38   And I think that's what I'm going to start doing

00:33:40   until further notice, is just use a pinky finger

00:33:44   that I know-- - Just give it the finger.

00:33:45   The wrong finger. - Yeah, give it the finger.

00:33:47   I think it's three or four times,

00:33:49   and then it requires a passcode.

00:33:51   Shut the lid, put it in my backpack,

00:33:53   and then don't enter the passcode

00:33:56   until I'm through security and back to that state.

00:33:59   But then I don't have to worry about

00:34:01   rebooting the entire machine and restoring the whole state.

00:34:04   - Yeah, yeah, that's way better.

00:34:05   - But it does, unlike the phone,

00:34:06   it is something I think is best done

00:34:08   before you leave for the airport

00:34:10   rather than doing it right as you approach

00:34:12   the magnetometer in the security line.

00:34:14   I do think Apple should consider this and come,

00:34:17   I don't know what the solution would be,

00:34:19   'cause I know that it seems like that touch ID/power button

00:34:24   is really the only button that could be used.

00:34:28   - Yeah, there's no external button.

00:34:30   Like, once it's shut, you can't do anything.

00:34:31   - Right, and I get it that the,

00:34:34   just press and hold it for five seconds, and it will,

00:34:38   I forget what happens.

00:34:39   Does it restart automatically or just shut down?

00:34:42   I think it just shuts down. - It just shuts down.

00:34:43   - Right, and then you-- - Maybe when you do it

00:34:44   on your iPhone, they should propagate that

00:34:45   to all your iCloud devices.

00:34:47   - That's an idea that people have had,

00:34:49   and that sounds like a great idea.

00:34:52   I suspect that if you start war gaming it,

00:34:57   there might be some either technical issues

00:35:00   that would keep it from working or downsides,

00:35:04   but as a general spitball idea, it's worth considering.

00:35:09   Should, when you do this to one of your devices,

00:35:13   should all of the devices on the same iCloud account

00:35:16   go to the same state where touch ID and face ID are disabled

00:35:20   and every device needs a passcode?

00:35:23   Maybe? - Or at least,

00:35:24   maybe it's just proximity.

00:35:25   Maybe it's, like, continuity is really good.

00:35:26   One of the ways that you use Bluetooth

00:35:28   is to determine how close you are to your stuff,

00:35:30   so maybe it's just the stuff in your vicinity.

00:35:31   - Right, but would a closed MacBook that's on your person

00:35:36   but in a bag, does continuity work?

00:35:38   I don't know that it does, right?

00:35:40   - Yeah, you'd probably have to leave a signal

00:35:42   that says when it's open.

00:35:44   - Right. - When you do,

00:35:45   remember the Power Nap thing

00:35:46   where it starts doing something when it's closed?

00:35:48   - And that's what I mean about that this is surely

00:35:50   more complicated than the spitball idea

00:35:53   sounds at first thought, but it still, it seems pretty,

00:35:56   seems like some-- - That's the rule, right?

00:35:57   Like, anything you're not personally in charge

00:35:59   of implementing, shipping, and supporting

00:36:00   is trivial by nature, by definition.

00:36:03   - Oh, the other, I wanted to mention this,

00:36:04   the other downside that I can imagine,

00:36:07   while I was playing around pretending to do this,

00:36:14   the other problem with just using on your MacBook

00:36:18   a couple times is you have to be conscious of

00:36:23   are you wearing your Apple Watch

00:36:24   and do you have the unlock, you know,

00:36:28   log in with Apple Watch feature on your MacBook?

00:36:31   And I do, it's one of my very favorite Apple Watch features,

00:36:34   but that could defeat the point too,

00:36:36   where you think, okay, I've put the wrong finger

00:36:38   in four times, it's asking me for a passcode,

00:36:40   I close the lid, you go to the airport and TSA guy opens it

00:36:45   and your Apple Watch is right there,

00:36:46   and then your Apple Watch taps and says,

00:36:49   unlocked your MacBook with your Apple Watch,

00:36:51   and you're like, oh, well, shit, I didn't mean that tap.

00:36:53   - You have to put your Apple Watch into secure mode too,

00:36:55   like the whole thing just keeps tumbling.

00:36:57   - Yeah, and that's one that I think definitely

00:37:00   should work with continuity, right?

00:37:02   Where if you put your, squeeze your phone

00:37:05   to put it in lock mode, I think your watch

00:37:07   should go into it, if you're wearing your Apple Watch,

00:37:09   it should go in the same mode at the same time.

00:37:12   So I'm gonna do a follow-up article,

00:37:15   but I wanted to talk it through with you.

00:37:17   That's one of my ideas that I think your watch

00:37:19   should automatically go into that mode too.

00:37:21   'Cause it's, I don't really, I laugh.

00:37:25   I'm sure some people use it and it's very useful.

00:37:28   Every once in a while I'll get an email notification

00:37:31   on my watch and I will tap it and look at it

00:37:34   right on the watch 'cause I'm at dinner or something.

00:37:36   But for the most part, I don't read my email

00:37:38   on my Apple Watch, but your email is there,

00:37:42   for most of us, your messages are there.

00:37:44   So your watch is another device to think about.

00:37:47   So it's another thing to put on the checklist.

00:37:49   - And just depending again on what your threat model is,

00:37:51   a lot of, like your phone and your watch

00:37:53   also sometimes have your location history

00:37:56   from a running app or from a game or something.

00:37:59   And someone can very quickly look and see

00:38:01   where you were for the last two hours.

00:38:02   - Yeah, yeah, so something to think about.

00:38:04   I mean, one thing I'm, and I don't wear

00:38:07   my Apple Watch all the time, I have actual

00:38:09   mechanical watches and I'm thinking, you know,

00:38:11   should I make up my policy that every time I fly,

00:38:13   I'm not wearing my Apple Watch, you know,

00:38:15   just to take it out of the, you know,

00:38:17   make sure my Apple Watch is packed rather than on my wrist

00:38:20   for travel for that reason, maybe?

00:38:22   - Because it's so convenient, like you go in,

00:38:24   I remember when the Apple Watch first came out,

00:38:26   it took about a year and then I went through the airport

00:38:28   without anything else, like I tapped for my coffee,

00:38:31   for my ticket, for everything with my Apple Watch,

00:38:34   including the hotel door, and it was just wild.

00:38:36   But then you realize that the convenience

00:38:38   comes with a security penalty.

00:38:39   - Right, that's one of the reasons I often, you know,

00:38:41   even though I do mix and match my watches a lot,

00:38:43   I generally travel, do the actual traveling part

00:38:46   with the Apple Watch on because it is convenient, right?

00:38:49   You can put your boarding pass on it or,

00:38:51   but again, something to think about.

00:38:52   It's a, once you start peeling the onion,

00:38:55   it's like you get past the basic idea of are you aware

00:38:58   that you squeezed these two buttons on your phone

00:39:00   to hard lock it? - Yes.

00:39:01   - And everybody's like, yes, this is great.

00:39:03   And now you're 85% of the way there,

00:39:05   and the other 15% of the story is a lot of nuance, right?

00:39:09   Apple Watch, something to think about.

00:39:10   - If it wasn't for humans, all this stuff would be fantastic,

00:39:12   but humans keep making, ruining all the good internet fun.

00:39:15   - Your Touch ID MacBook, I think that the no questions

00:39:20   asked solution is to shut it down

00:39:21   before you go through a checkpoint.

00:39:24   In an emergency situation, if you're unexpectedly pulled over

00:39:29   or something like that and you have your MacBook

00:39:31   and you can access it, you can still do that, right?

00:39:35   The safest thing to do is just squeeze the button

00:39:38   for five seconds and just shut it down.

00:39:40   I wouldn't wanna, if I felt like time was of the essence

00:39:43   and I was under duress, jerking around with my pinky finger

00:39:48   a couple of times doesn't seem like a good idea.

00:39:50   Just squeeze the button. - And the watch can't unlock

00:39:52   it in that state anyway. - Right.

00:39:53   So just squeeze the button until the screen goes off,

00:39:56   and that's the best thing to remember.

00:39:59   Just turn it off.

00:40:00   Oh, and then the other topic on this thing,

00:40:03   I'm so glad I remember it.

00:40:04   I'm looking at, I'm so glad I have notes.

00:40:06   - Yeah. - Using Siri to do it.

00:40:08   - Yep.

00:40:09   - So you can tell Siri, and I hope that,

00:40:14   I'll switch the call on a dingus soon

00:40:17   without using the hey word,

00:40:18   but to avoid triggering people's actual devices,

00:40:21   but you can use Siri to lock your iPhone.

00:40:26   Like if you say, hey, dingus, lock this device,

00:40:29   it does turn the screen off and lock it,

00:40:31   but it's not a hard lock, it's a soft lock.

00:40:34   So I'm not quite sure why Siri even lets you do it.

00:40:36   So touch ID and face ID still work in that state.

00:40:41   And as far as I was aware, there's no way to say,

00:40:45   like I call this hard locking, that's not an Apple term.

00:40:49   They don't really talk about that,

00:40:51   but I feel like it's useful to have a term

00:40:53   and hard locking describes it as well.

00:40:57   I can't think of a better term.

00:40:58   - Putting it into pre-board makes no sense to anybody.

00:41:00   - Right, right.

00:41:01   Well, it makes sense, it makes a lot of sense to some people.

00:41:04   - Yes.

00:41:06   - And no sense at all to 99.99% of people.

00:41:09   But for one out of every-- - The nerds.

00:41:12   - One out of the nerds and certainly some engineers

00:41:15   who work in the Cupertino area, it makes a lot of sense.

00:41:18   But yeah, putting it into pre-board

00:41:20   is definitely not going to do it.

00:41:22   But anyway, what I did find via a tweet is if you say,

00:41:27   hey Dingus, who do you belong to?

00:41:30   Or hey Dingus, who does this device belong to?

00:41:34   Or who does this iPhone belong to?

00:41:36   And thankfully, unsurprisingly,

00:41:38   this seems like something Siri can handle.

00:41:40   You could use the more grammatically pedantic formulation

00:41:45   of to whom do you belong?

00:41:48   But if you more or less ask any sort of plain English,

00:41:52   who or whom do you or does this device belong to?

00:41:57   Siri will answer, I believe I belong to John,

00:42:01   or I believe I belong to Renee.

00:42:03   And they just, Siri just uses your first name,

00:42:07   'cause there's, if you think about it,

00:42:09   there's a lot of privacy angles on this.

00:42:12   It's just your first name.

00:42:13   But at that point, the device is hard-locked.

00:42:17   Once you've asked Siri who the device

00:42:22   Siri is running on belongs to,

00:42:25   you need to enter your passcode to unlock the phone.

00:42:28   Now, this only works if the phone is already locked.

00:42:31   So if you're playing at home and you're paused this podcast

00:42:35   and you look at your phone and your phone is unlocked

00:42:38   and you ask Siri that question,

00:42:40   it will not lock the phone.

00:42:43   And you'll be like, oh, the group is wrong.

00:42:45   No, no, lock the phone and ask Siri

00:42:48   while the phone is locked who the device belongs to.

00:42:51   It will hard-lock the phone.

00:42:53   I would have never figured this out in a million years.

00:42:56   I just would not have guessed that that would happen.

00:42:58   It's a nice feature, it's good to know,

00:43:00   and that's why I'm sharing it.

00:43:02   But I feel like there should be a better way

00:43:05   to do it with Siri, right?

00:43:07   And it's truly one of those examples

00:43:10   of accessibility helping everybody, right?

00:43:13   Literally going back to the example

00:43:17   of Trump's criminal lawyer, John Eastman,

00:43:20   who had his phone cap taken over the weekend,

00:43:22   I guess it was his wife, somebody who was with for dinner,

00:43:26   videotaped a lot of, or at least the tail end

00:43:29   of his confrontation with the FBI agents.

00:43:32   And they had told him,

00:43:33   it starts with him with his hands on his head.

00:43:37   I presume his hands are on his head

00:43:39   because the FBI agents who were confronting him

00:43:42   in the parking lot told him to put his hands on the head,

00:43:46   although perhaps he did it preemptively, I don't know.

00:43:49   But if somebody tells you to put your hands on your head

00:43:52   and they're in a position of authority and you do it,

00:43:55   and they take your phone out of your pocket,

00:43:57   if you could direct a Siri command to the phone,

00:44:00   that would be helpful.

00:44:02   So it is good to know that you could do that,

00:44:06   and if you're in a position where your hands are

00:44:09   on your head and somebody takes your phone

00:44:11   out of your pocket, you might be able to get it to work

00:44:14   by saying, hey, dingus, who do you belong to?

00:44:19   And that should hard lock your phone.

00:44:22   Again, that is such a weird formulation.

00:44:26   I get it, why asking that hard locks the phone,

00:44:29   but if your goal is to hard lock the phone,

00:44:31   I don't think anybody would come up with that, right?

00:44:34   I feel like there should be a way to do it with Siri.

00:44:38   And also, to go back to what we were talking

00:44:41   about five minutes ago, to lock all of your devices,

00:44:44   wouldn't it be a neat feature if you could say,

00:44:46   hey, dingus, lock all my devices,

00:44:49   and just saying lock all my devices would send a signal

00:44:53   to iCloud that any device, Mac, iPad, watch, whatever,

00:44:58   would go into a require the passcode state

00:45:01   as soon as it connects to iCloud again.

00:45:03   - It's funny because I've set up HomeKit

00:45:06   to where if I say crash the West Wing,

00:45:07   it just turns everything off,

00:45:09   and I would love that similar feature.

00:45:10   - So anyway, I would love to have a better solution,

00:45:13   but there is a way to do it with Siri.

00:45:15   It is nonintuitive, and I feel like Apple

00:45:19   has the potential here to improve that greatly, right?

00:45:23   And then you don't have to, if you could do that,

00:45:26   and I think that if you just ask Siri to lock your device,

00:45:31   it should lock all of them,

00:45:33   because it's not really locking you out.

00:45:35   All it does is it's just making you enter your password

00:45:37   on all of them.

00:45:38   Just say lock my device or devices,

00:45:41   and it should somehow trigger a thing

00:45:44   through continuity and/or iCloud

00:45:46   to lock as many of them as it can,

00:45:48   or lock them when they next wake up.

00:45:51   - Yeah, no, I think that's brilliant.

00:45:54   That would be, that's fantastic.

00:45:56   I think just like for operational security point of view,

00:45:59   I turn on, I disable Siri whenever I'm in anywhere

00:46:03   approaching an uncontrolled environment

00:46:04   just because Siri can leak a ton of information,

00:46:07   so I never want them asking Siri about contact questions

00:46:09   or call people or stuff like that,

00:46:11   which would make this harder, but I think that's--

00:46:13   - How do you do that? - A very good solution.

00:46:14   I just go in and turn off,

00:46:15   I turn off access to everything on the lock screen,

00:46:17   notifications, Siri, everything that's,

00:46:20   like I'm gonna say leaks through the lock screen.

00:46:22   Usually it's really convenient,

00:46:23   but again, when I'm in an uncontrolled environment,

00:46:25   I don't want any of that stuff on,

00:46:28   like I don't want them to pick up my phone

00:46:29   and just see a bunch of notifications, anything like that.

00:46:31   - So you go to settings and--

00:46:34   - Yeah, there's a lock screen section of settings,

00:46:36   and there's a Siri section of the settings.

00:46:38   - So you have to go to both?

00:46:40   - Yeah, to get everything,

00:46:41   to turn everything off on the lock screen.

00:46:42   I believe you still have to go to both.

00:46:44   - I wonder if you could do it with a shortcut.

00:46:46   - Probably.

00:46:48   I don't know if they got rid of the lock screen section.

00:46:50   Maybe it's just all in-- - Yeah, yeah.

00:46:52   I'm looking, I'm on iPad OS 16 on this iPad,

00:46:55   and I'm looking, and I don't see the lock screen thing.

00:46:59   - Yeah, no, me too, but I turn off the Hey Dingus thing,

00:47:02   and I turn off all of that kind of stuff.

00:47:04   I just have a little routine.

00:47:06   - Yeah, well, it's worth thinking about.

00:47:07   - Yeah, so you could turn off Listen for Hey Dingus,

00:47:09   and you could turn off Allow Dingus When Locked.

00:47:11   - Right, so that's sort of--

00:47:14   - Again, it depends on what your threat model is,

00:47:17   and what your paranoia level is.

00:47:19   - Right, on the one hand, I'm thinking about ways

00:47:22   that Siri could help you in this situation,

00:47:24   but on the other hand, I don't disagree with you

00:47:26   that maybe the best thing is to just turn it off completely.

00:47:29   And it's funny too, 'cause I don't really know how,

00:47:34   'cause again, I'm doing this all

00:47:36   from a hypothetical situation,

00:47:38   where I don't recall ever having personally been

00:47:40   in a situation where I needed this to happen,

00:47:43   but you wanna be prepared for it before you do, obviously.

00:47:47   I don't know how well Siri actually is these days

00:47:51   at knowing my voice from others.

00:47:54   What's the likelihood that a random police officer

00:47:59   or security agent at the TSA could talk to my phone

00:48:03   and get information out of it?

00:48:04   I don't even know.

00:48:05   - Yeah, it's probably a degree of differentiation

00:48:10   in the voice, is that it needs to be able to,

00:48:12   like if your voice is slightly coughy,

00:48:14   or if your voice is in the morning, come here tonight,

00:48:16   it probably has to cover a range.

00:48:17   - But anyway, things to think about,

00:48:19   and I do think in general, regardless of what

00:48:22   anybody listening's personal concerns are,

00:48:24   it's all good to know, and at the very least,

00:48:26   that squeeze your phone to lock the passcode

00:48:29   is something you should share with others.

00:48:31   Anything else you wanna add before we move on?

00:48:34   - No, just to your point,

00:48:35   make yourself a little personal safety list.

00:48:37   And you may never need it, but if you do travel,

00:48:40   if you do go to protests or anything like that,

00:48:41   just make sure you go through it.

00:48:42   - Right, I forget his name, but he's a medical doctor

00:48:45   at The New Yorker, but he's even,

00:48:47   I think he even has a book, The Checklist Manifesto,

00:48:50   and that making a checklist and having a check,

00:48:54   you know, like speaking of airlines,

00:48:55   pilots go through this, they have an actual checklist

00:48:58   that they go through every time they get into cockpit,

00:49:01   and they go through every single item

00:49:02   on the checklist every time, and it doesn't matter

00:49:05   if they do it twice a day, every day,

00:49:06   five days a week for 20 years,

00:49:08   they still use the actual checklist,

00:49:10   as opposed to just doing it from memory,

00:49:13   because it actually helps to avoid ever forgetting a step.

00:49:17   And the, the anecdotal data about it,

00:49:20   we're not, not even anecdotal, like actual data,

00:49:23   is that in surgical situations in hospitals,

00:49:26   having an actual checklist to go through

00:49:29   for every single procedure actually reduces mistakes,

00:49:32   it, to a statistically significant degree.

00:49:35   I'll try to find that and put it in the show notes.

00:49:38   But anyway, you should have one for travel,

00:49:40   I recommend it wholeheartedly,

00:49:41   because the only things you forget

00:49:43   are the things you forget, and if you have a checklist,

00:49:45   you won't forget 'em.

00:49:46   - Absolutely.

00:49:47   - Let me thank our next sponsor, oh, I love this company,

00:49:50   this is great, Collide.

00:49:52   Collide is the new take on endpoint management,

00:49:55   and they ask a simple question,

00:49:57   how can we get end users more involved?

00:50:00   Collide, the whole system is in direct contrast

00:50:04   to old school device management tools like MDM.

00:50:07   MDM typically locks down your employees' devices

00:50:11   without considering their needs,

00:50:13   or even attempting to educate them

00:50:15   about the security issues on their laptops,

00:50:18   why, you know, what are the reasons why

00:50:21   you're installing some kind of security management

00:50:23   on their laptops?

00:50:24   MDM doesn't even consider that.

00:50:25   Collide is built by like-minded security practitioners

00:50:28   who saw all the flaws in traditional MDM structures,

00:50:32   and how disruptive it was to end users,

00:50:34   and often how it frustrated them so badly

00:50:37   that they would just take their work laptops,

00:50:39   keep 'em aside, and just do their work

00:50:41   on their personal laptops

00:50:42   with no security software on it whatsoever,

00:50:45   which defeats the whole point,

00:50:46   but they did it just to get work done,

00:50:47   because the tools that were being used

00:50:50   were so disruptive to actually just, you know,

00:50:52   doing their work.

00:50:53   In that scenario, everyone loses.

00:50:55   Collide, K-O-L-I-D-E, Collide with a K,

00:50:59   on the other hand, is different.

00:51:00   Instead of locking down a device,

00:51:01   they take a user-focused approach

00:51:03   that communicates security recommendations

00:51:05   directly to employees on Slack.

00:51:08   If you're already on Slack,

00:51:10   you're not even asking them to turn on something else

00:51:13   to get notifications and messages about new changes,

00:51:16   or recommendations, or notices about something

00:51:19   that's misconfigured on their system.

00:51:21   They get it all, they do it all directly through Slack,

00:51:24   which you're already using.

00:51:25   You're not even asking your employees

00:51:27   to use another communication tool.

00:51:30   It's Slack, which you're already using.

00:51:32   It'll educate your employees about the company's policies,

00:51:35   and give them recommendations and direct steps

00:51:38   to keep their devices secure using real tangible examples,

00:51:42   not theoretical scenarios.

00:51:44   That's Collide, cross-platform endpoint management

00:51:47   for Linux, Mac, and Windows devices

00:51:50   that puts end users first for teams that Slack.

00:51:53   Visit Collide.com, K-O-L-I-D-E, Collide.com/the-talk-show

00:51:58   to learn more.

00:52:01   You get, with that URL, you get a free 14-day trial.

00:52:04   Enter your email when prompted,

00:52:06   and you'll receive a free Collide GIF bundle

00:52:08   after your trial activation with no credit card required.

00:52:12   Once again, that's Collide.com/the-talk-show.

00:52:17   Speaking of security, Rene, I was,

00:52:20   have you heard of Instagram?

00:52:22   It's, it used to be like a photo sharing app.

00:52:26   It was pretty cool and really simple,

00:52:29   and they've added-

00:52:29   - For like phones, right?

00:52:31   Like that's all you wanted to post was like your phone stuff.

00:52:33   - Yeah, they've added some features in recent years.

00:52:36   I was flipping through the Instagram yesterday,

00:52:40   and I came across a reel from a guy named Rene Ritchie

00:52:44   explaining the new PassKey feature in iOS,

00:52:48   or all of Apple's, it was talked about at WWDC,

00:52:52   coming to all their platforms.

00:52:53   - Yeah.

00:52:54   - I, this is,

00:52:55   let's explain PassKey.

00:53:01   - Okay, so like in a traditional world,

00:53:03   you would go to create an account for like Megacorp,

00:53:06   and you'd give them an email address,

00:53:08   and you'd create a password,

00:53:09   and the password would be stored on your machine,

00:53:11   and then a hashed and salted version of it

00:53:13   would be stored on the server.

00:53:15   And when you go to log in, they would compare the two,

00:53:17   and if they matched, they would let you in.

00:53:19   But the downside to that is that

00:53:21   because you have a copy of your password,

00:53:23   and you probably know it,

00:53:24   and, or at least, you know, in the early days,

00:53:26   everybody knew their passwords,

00:53:27   and often used the same passwords,

00:53:28   and the server had a copy,

00:53:30   even though it was hashed and salted,

00:53:31   that made two targets that people could get to.

00:53:34   They could hack them, they could crack them,

00:53:36   they could shoulder surf you typing it in,

00:53:38   they could call up and pretend to be tech support,

00:53:40   and ask you for the password.

00:53:41   There's just so many ways that it could be exploited.

00:53:44   So what, the way PassKeys work is,

00:53:46   there's no more passwords in that sense.

00:53:49   When you create an account,

00:53:50   it creates a public and a private key,

00:53:53   and people will know this formula from SSH.

00:53:55   It's not a new formula, it's just a new implementation.

00:53:57   And then the private key is stored on your device,

00:54:00   only in your device, locked down behind biometrics,

00:54:03   or a password, or a passcode,

00:54:05   and the public key is stored on the server.

00:54:07   And because a public key has no special information,

00:54:10   it's no better than a username,

00:54:12   if somebody goes and steals it, it doesn't matter.

00:54:14   Again, it's public information.

00:54:16   And because your private key is only on your device,

00:54:18   you don't know what it is,

00:54:19   so it's much harder to socially engineer it from you.

00:54:22   When you go to log in, the server issues a challenge,

00:54:26   and it sends that to your device,

00:54:28   and then your private key is used to generate a response,

00:54:32   a solution to that challenge, in the form of a signature,

00:54:35   and then that signature is sent back to the server.

00:54:37   So at no point does your private key ever leave your device.

00:54:41   It's never in transit, and it's never on the other server,

00:54:44   and that makes it really, really hard

00:54:46   for any of the traditional, you know,

00:54:48   phaser set to kill style attacks to work on you.

00:54:51   - So there's a lot to unpack there.

00:54:54   That was wonderful, though,

00:54:55   especially since I sort of sprung it on you.

00:54:57   (laughing)

00:54:58   - That was a wonderful synopsis.

00:54:59   There's a couple of things about it

00:55:01   that I think is hard to get one's head wrapped around.

00:55:05   So part of it is that,

00:55:09   and let's go back to the way passwords traditionally work.

00:55:12   If you go back far enough, and this was actually was,

00:55:18   I would say it was never a best practice,

00:55:20   but it was just the way things always were done,

00:55:23   is that passwords were just stored as plain text passwords

00:55:28   on the system that you were logging into.

00:55:30   You'd have to go back a long time before, you know,

00:55:32   but we're talking, you know,

00:55:33   people have been using passwords

00:55:34   in network situations for decades.

00:55:37   You know, you go back to the '80s or '90s,

00:55:40   this was common, and people just didn't, you know,

00:55:43   the advice was basically pick a good password

00:55:46   and a unique password for every account you create.

00:55:51   So never reuse a password and pick a good one,

00:55:55   you know, with lots of letters and punctuation, whatever.

00:55:58   And if the server or the service,

00:56:02   whatever you wanna call it, just stored it as plain text,

00:56:06   so your password is password, right?

00:56:09   It's just the dumbest password of all time.

00:56:12   And it would just be in a file,

00:56:15   and it would say the account name is Gruber,

00:56:18   and the password is password,

00:56:20   and then you would log in and say,

00:56:21   my account name is Gruber, and my password is password,

00:56:25   and then it would check those two things

00:56:27   and say, okay, you're in.

00:56:29   Now, the security downside of this is obvious,

00:56:31   which is that anybody with access to the server

00:56:34   could just see everybody's passwords.

00:56:36   And whether that's a rogue employee

00:56:41   or just a hack, right,

00:56:46   somebody who breaks into the server

00:56:48   and steals the password file, it's all just there.

00:56:53   Obviously, bad news.

00:56:54   Everybody's known for quite a long time.

00:56:56   This is a terrible practice.

00:56:59   It seems like we're at a point in 2022

00:57:02   where I don't see very many stories anymore

00:57:05   about such and such service got hacked

00:57:08   and they stored the passwords as plain text.

00:57:10   Like, you know, it's one of those things

00:57:13   where it takes years and years to shake out

00:57:15   all the legacy systems that were never updated,

00:57:20   but that doesn't seem to happen anymore.

00:57:23   What you described as salted passwords

00:57:27   is typically the way it works.

00:57:29   And without turning this into a programming podcast,

00:57:33   the way that typically works is at some point

00:57:38   you have to send the service your password, right,

00:57:42   and you send it, but what the service would do

00:57:45   is they have a secret string.

00:57:48   That's the salt.

00:57:49   And you don't know it.

00:57:50   Like, you're logging into example.com.

00:57:55   Example.com has a salt, and the salt might be

00:57:58   just a 32-character string of random letters, totally random.

00:58:03   Every single password, it takes your password,

00:58:10   password, combines it with the salt,

00:58:12   which is a secret to the server,

00:58:15   and then gives it to a function

00:58:18   that creates a hash key out of it.

00:58:22   And without going into those functions,

00:58:24   there's lots of them, you know,

00:58:26   but it's like SSH, S-H-A is one of them.

00:58:31   MD5 is an old one that is more or less frowned upon

00:58:35   at this point because it's not quite

00:58:37   as cryptographically secure.

00:58:38   But basically these are functions

00:58:40   that you can give any string of characters to,

00:58:43   give it to the function, and it'll create a new string

00:58:46   that looks totally random, and you can't take backwards

00:58:51   to produce the password and the salt.

00:58:56   You take two strings, it could just be Renee and Richie,

00:59:00   and you give them to this function,

00:59:02   and if you give it to the same function on any system,

00:59:05   you'll get the same random string

00:59:07   of, let's say, 64 characters out.

00:59:10   That's what gets stored, and then every time you log in,

00:59:13   you give it your password,

00:59:15   they combine it with the secret salt,

00:59:18   pass it to the function, and then see if that product

00:59:22   of that matches what's stored.

00:59:24   Far more secure, but one of the reasons it's more secure

00:59:29   is anybody who captures the list on the server

00:59:34   just has those hash values, and those can't be,

00:59:37   literally cannot be backwards engineered

00:59:40   to get the passwords out of them.

00:59:41   But one of the weaknesses is that the salt somewhere

00:59:47   has to be readable, right?

00:59:49   And so if somebody gets the source code

00:59:51   that contains the salt, you still can't get the passwords,

00:59:58   knowing only half, right?

01:00:00   You still don't know the passwords.

01:00:01   It's the password plus the salt

01:00:03   plus the cryptographic function equals the hash key.

01:00:07   But at that point, you can start brute forcing

01:00:10   with a common list of passwords, right?

01:00:14   And there are lots and lots of these lists everywhere,

01:00:16   where it's like, and with how fast computers are today,

01:00:20   it doesn't have to be like the top 100 common passwords.

01:00:23   It could be the top 50,000 common passwords that people use,

01:00:28   and you can mow through those relatively quickly,

01:00:32   and all of a sudden, you're getting,

01:00:34   then you can start getting passwords out of it

01:00:37   by guessing 50,000 common passwords

01:00:40   against the known salt that you've stolen

01:00:43   from the source code,

01:00:46   and knowing which cryptographic function they use,

01:00:48   now all of a sudden, your password is out in the open.

01:00:50   And that has happened.

01:00:52   That does not-

01:00:53   - You'll see like the Home Depot was compromised,

01:00:55   and suddenly the dark web has like a list of passwords

01:00:57   and user accounts.

01:00:58   - That is not a hypothetical scenario.

01:01:00   That is an actual weakness.

01:01:02   The other weakness is just passwords themselves, right?

01:01:05   The fact that human beings typically just reuse passwords

01:01:10   as opposed to creating unique ones for each account.

01:01:12   They often have picked,

01:01:15   especially for accounts that have been around

01:01:17   for a longer time before more modern systems have started,

01:01:22   like Safari, et cetera,

01:01:24   offering very secure passwords for you

01:01:27   that they will store for you in your key chain,

01:01:29   or if you use one password, it will do the same thing,

01:01:32   suggest a unique, secure, strong password.

01:01:36   And if you accept it,

01:01:37   immediately store it in your password manager

01:01:42   so that you don't have to take a manual step afterwards

01:01:45   of writing it down, storing it somewhere.

01:01:47   It still isn't great because anybody who gets,

01:01:50   you have passwords that can be stolen,

01:01:53   and that's an intractable problem and cannot be solved.

01:01:57   Whereas with these pass keys, there is no password.

01:02:01   And I know that's hard to understand,

01:02:03   but basically it's because these keys

01:02:06   never leave your device.

01:02:07   So they're never, for lack of a better way of putting it,

01:02:10   they're never in your brain.

01:02:12   There is nothing for you to memorize.

01:02:13   Even if you could,

01:02:15   if you're so good at memorizing random strings

01:02:17   of characters and letters,

01:02:19   that you could memorize a 32 character

01:02:22   or 64 character string of random letters and numbers.

01:02:25   - It's a random blob.

01:02:27   - Right.

01:02:29   You never see it.

01:02:30   You can't see it.

01:02:31   It never leaves, in Apple's world,

01:02:33   never leaves the secure enclave of your devices, I believe.

01:02:36   - You can airdrop it to a loved one,

01:02:39   and conceivably somebody could trick you

01:02:40   into airdropping it to them,

01:02:41   but that's an incredibly specific use case.

01:02:44   - Right, so yeah, you can obviously get them out

01:02:46   of the secure storage because they have to be used,

01:02:50   but it's, you know.

01:02:51   - They never leave the secure storage,

01:02:52   but like, for example, if Amy Jane was like,

01:02:55   she's on a different device, like a different account,

01:02:57   but you wanna use the same, a different device,

01:02:58   she's on a different device

01:02:59   and wants to use the same service

01:03:00   that you subscribe to, you can airdrop her the key for it.

01:03:04   - Right, like something, you know,

01:03:05   which is not even wink, wink, nudge, nudge,

01:03:08   you're allowed to do like a shared Netflix account

01:03:10   for a family or something like that.

01:03:12   - The other thing that's really cool,

01:03:13   just in general about this,

01:03:14   is it removes the need for two-factor,

01:03:16   which we've seen can also be a weakness,

01:03:18   not just because people can do a SIM swap attack,

01:03:20   like they can call up your cell company and say,

01:03:23   "Oh, I lost my phone, this is my new number,

01:03:25   my new SIM card, can you sign the number to that SIM card?"

01:03:27   And then they get your token that,

01:03:29   'cause so many companies still either use or fall back on SMS

01:03:33   as a way to deliver tokens.

01:03:35   You don't need the token, so this totally eliminates that.

01:03:38   - Yeah, good point.

01:03:39   I guess, and the other thing to remember

01:03:42   is this is not a Apple invention,

01:03:45   this is a industry-wide consortium,

01:03:49   and as far, I can't think of a big company

01:03:52   who you'd wish would be involved who isn't, right?

01:03:55   Google and Microsoft and, you know,

01:03:58   'cause this is one of those areas

01:03:59   where there's really no,

01:04:00   you're not even depending on the goodwill of these companies,

01:04:05   there is no downside to them collaborating

01:04:08   to make this work, right?

01:04:09   None of these major companies have any interest whatsoever

01:04:13   in anybody, I mean, I guess the hypothetical scenario

01:04:18   would be if, let's say, company A,

01:04:23   let's say Apple and Google,

01:04:25   and Apple thinks they've invented this thing

01:04:27   that's more secure, would they like to be able

01:04:30   to use it as a competitive advantage

01:04:32   in marketing against Google and Android?

01:04:36   That's, you know, you can construe a scenario

01:04:40   where they'd want to do it on their own,

01:04:41   but working together is clearly in the interest

01:04:44   of all these companies.

01:04:46   And what it means is that you can use this passkey system

01:04:50   that Apple's announced is gonna be built

01:04:51   into all their systems.

01:04:53   It's not just for stuff within the Apple ecosystem

01:04:58   of apps on your iOS and Macs that come through the App Store

01:05:03   and use Apple's APIs, it will be able to be used

01:05:08   for stuff over the web that has nothing to do

01:05:11   with Apple in particular.

01:05:13   - Yeah, and the exciting thing is like 1Password,

01:05:15   LastPass, Dashlane, they've all announced support

01:05:17   for it as well, so theoretically,

01:05:19   if you don't wanna tie your keys to an iPhone

01:05:22   or to a Windows machine or to an Android phone,

01:05:24   you'd be able to tie them to a 1Password

01:05:27   or LastPass account, and then you can choose horizontal

01:05:31   or vertical lock-in, you don't have to use one or the other.

01:05:33   - Right, which is a great, it's key.

01:05:35   I know that there are people who listen to my show

01:05:40   and watch your YouTube channel and love Apple stuff the best

01:05:43   but who live in a cross-platform world professionally

01:05:47   or by choice, because they have a gaming PC or whatever,

01:05:50   whether it's for work or for gaming or for whatever,

01:05:54   they need cross-platform solutions to something like this

01:05:57   and PassKey absolutely is as cross-platform as it could be.

01:06:02   Just one example from history, it's not like Steve Jobs'

01:06:10   promise that FaceTime would become an open standard.

01:06:13   No, this really is an open standard

01:06:14   and that's where this work has come from.

01:06:17   - There is a bit of a downside, like some people will say

01:06:18   they like simple passwords they can remember

01:06:21   because if anything ever happens,

01:06:22   they can go to their friend's computer

01:06:23   and just type in the word password and log in,

01:06:26   and as scary as that is for us, it's comforting to them

01:06:29   and this does remove that because you don't know

01:06:31   what the PassKey is, so if you lose your phone,

01:06:33   you can't just go to your friend's computer and type it in.

01:06:35   It's basically like if you lost your phone

01:06:37   that has your two-factor authentication on it now.

01:06:40   Like you should make sure, Apple is letting you set up,

01:06:43   like I could set you up as my friend contact

01:06:46   and then you'd get a code and you could send it to me

01:06:48   or also you might have a recovery account

01:06:50   as a separate email account with a random name

01:06:52   that nobody knows that's authorized to,

01:06:55   that stores this kind of stuff for you.

01:06:57   So recovery is gonna be a little more complicated.

01:06:59   Everyone is making much better systems to handle it

01:07:02   but it's no more complicated than recovery

01:07:04   if you had two-factor going anyway.

01:07:05   - Yeah, but that's basically, that's where I was going

01:07:08   is the okay, this sounds great but what's the catch?

01:07:11   There has to be a catch and that sort of is the catch

01:07:15   where, and I've mentioned this before

01:07:19   and I know Bruce Schneier himself

01:07:21   who's a terrific security expert

01:07:24   has said this before too that a lot of people frown

01:07:29   upon the idea that some people just keep their passwords

01:07:32   in like a notebook, like a paper and pen notebook.

01:07:35   My parents do this with some of their stuff

01:07:37   and they're like oh my God,

01:07:39   'cause there's no encryption obviously

01:07:41   and it's totally insecure

01:07:44   and I'm totally stealing this from Bruce Schneier

01:07:47   but human beings are actually very good

01:07:49   at keeping physical things secret.

01:07:52   Obviously somebody who breaks into your home,

01:07:55   you're in a lot of trouble already

01:07:56   if a thief is broken into your home.

01:07:59   - Right, like what's in your desk,

01:08:00   what's in your bedroom?

01:08:02   - Right, but so yes, there is a theoretical risk

01:08:06   to just writing down stuff on paper

01:08:08   and keeping it in a known secure location

01:08:11   or not even secure, just a known,

01:08:13   I know that I keep it in this drawer

01:08:15   and this desk where my iMac is set up.

01:08:19   That's actually very secure and it can't leak online.

01:08:23   There's all sorts of things that have happened

01:08:24   that happened to digital stuff

01:08:26   and you don't, people are good at that.

01:08:28   That's not as insecure as you think.

01:08:31   - There's a mutual friend, Dave Nainian,

01:08:33   who does SuperDuper. - SuperDuper.

01:08:35   - Amazing, amazing app.

01:08:36   I was doing a story on encryption and security

01:08:41   and I talked to Will Chronic on Twitter,

01:08:44   brilliant info sec guy, talked to a bunch of them

01:08:46   and everyone was telling me how to lock down everything.

01:08:48   Then I talked to Dave and he's like,

01:08:49   "Yes, but you have to remember that most people,

01:08:53   "their biggest threat isn't someone stealing their stuff,

01:08:56   "it's them losing access to their stuff."

01:08:58   And that's why a lot of fail-safe

01:09:00   has to be balanced with fail-secure.

01:09:02   We see now, we're in a world

01:09:04   where we want to lock down everything,

01:09:06   but still to your point about that list of passwords,

01:09:08   if anything is more important to you

01:09:11   or so important to you that it is better

01:09:12   that it is stolen than it is lost,

01:09:15   like for example, for some people it's baby pictures.

01:09:17   They have very little value to anybody else.

01:09:19   Wedding pictures, some documents

01:09:21   that have no financial or health thing,

01:09:23   but they're just family memories or artifacts.

01:09:25   Any of that stuff, it is far less likely

01:09:28   that they'll be stolen and far more likely

01:09:30   that you'll lose access to them.

01:09:31   So that's the kind of stuff

01:09:32   that you don't need to be so security paranoid about.

01:09:35   You just want to have,

01:09:36   make sure that you never lose the access to them.

01:09:38   So it's better to have a balanced approach.

01:09:40   - Right, and that sort of seems to be the weakness here,

01:09:43   is what happens, and a house fire

01:09:47   or other natural disaster is the,

01:09:51   obviously and thankfully rare,

01:09:54   but it certainly happens, right?

01:09:57   There's now annual wildfires in California.

01:10:01   A lot of people around the world

01:10:02   live places where hurricanes hit every decade

01:10:06   and tornadoes might hit or something like that.

01:10:08   It is possible for something to happen

01:10:13   and every device in your house is destroyed.

01:10:17   What happens, like if you just,

01:10:18   you have one Mac, one iPad, one iPhone,

01:10:21   and they're all destroyed, how do you get back in?

01:10:25   And the answer is it's complicated, right?

01:10:30   Now of course, if all your passwords

01:10:32   were written in a paper notebook and your house burns down,

01:10:35   that notebook is probably gone too.

01:10:37   So it's not like the password world was a panacea

01:10:41   for what happens if a tornado destroys your house.

01:10:45   - But I put a copy in my safety deposit box,

01:10:48   oh, but the key was in the house and it melted,

01:10:49   like you can just drive yourself nuts on all this stuff.

01:10:51   - Right, but there is,

01:10:53   so one of the answers to this is that you can set up,

01:10:58   what does Apple call them?

01:10:59   Not necessarily emergency contacts, but like--

01:11:02   - Oh yeah, I just mentioned it

01:11:04   and now it's gone out of my head again.

01:11:06   Is a legacy contact then does something contact?

01:11:09   - Right, and the legacy contact thing too,

01:11:12   and again, we as human beings tend to--

01:11:15   - Recovery contact.

01:11:16   - Yeah, recovery contact.

01:11:17   So you can set that up.

01:11:19   Now, it doesn't help if your recovery contact

01:11:22   is your spouse or somebody else who lives with you

01:11:26   and all of their stuff gets destroyed in the same disaster,

01:11:30   but it is something that could happen.

01:11:32   So for example, if you're traveling

01:11:34   and all of your devices are in one bag

01:11:37   and the bag gets stolen, a recovery contact

01:11:40   whose devices are still in their possession

01:11:44   could definitely help you.

01:11:45   What else?

01:11:46   What else can you do for the situation of,

01:11:48   okay, I'm all in on PassKey,

01:11:50   I'm gonna move as many of my accounts to this as possible,

01:11:53   and I'm in the Apple ecosystem,

01:11:56   I'll do it through the keychain and iCloud.

01:11:59   What happens if you lose all your devices?

01:12:00   I mean, what else is there?

01:12:03   - You can still go to, like right now,

01:12:04   if you lose your two-factor for your Apple account,

01:12:06   you can go, and as long as you can prove ownership,

01:12:08   it's a long and laborious process because it has to be,

01:12:11   because the chance of social engineering is so high,

01:12:13   but you can go to AppleCare, an Apple store,

01:12:16   a place like that, prove ownership,

01:12:18   and then they'll do account recovery for you.

01:12:20   - So there's that.

01:12:21   So there are, and I think if you balance this all out,

01:12:25   it's worth being aware of what happens

01:12:29   in the worst-case scenario or a near worst-case scenario,

01:12:33   and being aware of what you should do.

01:12:35   It's like figuring out, hey, you should know what to do

01:12:39   with your homeowner's insurance before you need it,

01:12:42   and have an idea--

01:12:42   - Oh, and by the way, this is the reason Apple moved

01:12:44   to the new forum, like before everything was completely

01:12:46   locked and you got a recovery key for your iCloud account,

01:12:49   but people just lost those all the time.

01:12:51   Apple literally could not get their,

01:12:53   they don't know people complain that iCloud backups

01:12:54   aren't as secure as they want them to be,

01:12:56   like they're not zero-knowledge, Apple can unlock them,

01:12:59   but that's the reason, is that when Apple looked

01:13:00   at the support requests they were getting in,

01:13:02   the harm wasn't subpoenas, the harm was people losing access

01:13:06   by like exponentially more people just lost

01:13:09   their recovery keys and they never had legal demands

01:13:12   on that stuff and it just wasn't worth it for them.

01:13:14   - Right.

01:13:14   - So they created the new system where they could help

01:13:15   you recover.

01:13:16   - Right, and this is a recurring topic between me and you.

01:13:20   Either both on the show and in our personal iChat,

01:13:24   or I call it iChat, iMessage, over the years,

01:13:27   but something that you and I have talked about

01:13:30   at great length is this topic of, you know,

01:13:35   and again, it circles back to the law enforcement angle

01:13:38   we talked about earlier in the show of your iCloud backup

01:13:43   is not end-to-end encrypted.

01:13:48   - It's encrypted, but Apple has the key.

01:13:50   - Right.

01:13:50   - I think people get upset when they think it's not end-to-end.

01:13:51   It is encrypted, it's just Apple can unencrypt it.

01:13:54   - Right, it is, for lack of a better analogy,

01:14:00   if you can imagine a secure envelope and in transit

01:14:05   from your device to iCloud, it is in a secure envelope

01:14:10   that is cryptographically secure.

01:14:11   Almost everything we do on the internet these days

01:14:14   is encrypted over the wire.

01:14:17   You know, there are very few websites I visit anymore

01:14:20   that are HTTP without the S, and our email,

01:14:24   when your mail client talks to your IMAP server,

01:14:29   that's all over SSL in almost all cases these days.

01:14:32   So everything over the wire tends to be encrypted.

01:14:35   It's in a secure envelope, but in most cases,

01:14:38   if it's not end-to-end encrypted, it gets to the server.

01:14:41   The server can obviously decrypt it to be useful.

01:14:44   Now it's not encrypted anymore, and then--

01:14:47   - Yeah, like to show you your photos

01:14:48   on a web browser, for example.

01:14:49   - But when they write whatever it is to disk,

01:14:52   now email's different, so let's forget about email,

01:14:54   but your iCloud backup, your iCloud backup goes

01:14:58   from your device to iCloud encrypted,

01:15:01   the server gets it, decrypts it, and then writes it

01:15:05   to their disks in the cloud in an encrypted format.

01:15:09   - Yep.

01:15:10   - But they obviously can decrypt it,

01:15:13   because when the backup comes back to you,

01:15:16   you're like, I would like to restore this device

01:15:18   to a backup.

01:15:19   They take the backup, they decrypt it,

01:15:22   then they send it, you know.

01:15:24   - Well, I think that one, technically,

01:15:26   that's using your key to decrypt it,

01:15:27   'cause it's coming to your device,

01:15:28   and you've logged into that device,

01:15:29   and I think that's using your key.

01:15:30   - Oh, maybe.

01:15:31   - But they have, like, the way my understanding is,

01:15:33   it's almost like you live in a secure building

01:15:34   in New York City, or you're in a hotel,

01:15:36   and if you lose your door dingus,

01:15:39   they can come and unlock it for you,

01:15:41   but then also, like, the cops can force them to unlock it.

01:15:44   But they don't get your current activity,

01:15:46   like, they don't get anything that is dynamic,

01:15:48   they only get what's at rest,

01:15:49   they only guess what's in the room at that time.

01:15:51   - Right, encrypted in transit and encrypted in storage

01:15:55   is good, but that's not end-to-end encrypted.

01:15:58   End-to-end encrypted, E2E, is a way of talking

01:16:01   about something where the only keys that can decrypt it

01:16:06   are at the endpoints, meaning your devices,

01:16:10   and there's literally nothing that can be done

01:16:13   in the middle to decrypt it, other than the brute force

01:16:16   and the mathematics behind the brute force of decrypting it,

01:16:20   and the current state of computing is, you know,

01:16:24   thousands to millions or longer of years

01:16:27   of compute time to do it, so effectively,

01:16:30   un-decryptable.

01:16:34   That's end-to-end encryption, and iCloud backups

01:16:37   are not end-to-end decrypted, and there's a lot of people

01:16:41   who think that's solely because of pressure

01:16:43   from law enforcement, and law enforcement, to be clear,

01:16:46   is very happy about the current state of affairs.

01:16:49   Maybe they'd, you know, like, even easier access,

01:16:52   but the fact that they can go to Apple

01:16:55   or all sorts of other providers with a warrant

01:16:58   and have it looked at and say, okay, yes,

01:17:00   this is a legit law enforcement request,

01:17:03   and they can turn over the contents of your iCloud backup

01:17:07   to law enforcement, because they also do have keys.

01:17:10   It's a point of contention, it's something to be aware of,

01:17:12   right, and, but my understanding,

01:17:15   and I think your understanding from informed little birdies,

01:17:20   for lack of a better word, is that this is not as much about,

01:17:25   yes, law enforcement does like the way things are

01:17:28   and would not like Apple to switch to end-to-end

01:17:31   encrypted iCloud backups that cannot be unlocked by Apple

01:17:36   for law enforcement purposes, where, you know,

01:17:40   the only thing that Apple could turn over

01:17:41   is an encrypted blob that they do not have the key to,

01:17:44   not that by policy they refuse to use the key,

01:17:47   but they literally don't have it.

01:17:49   Law enforcement would not like that,

01:17:51   but it's worth mentioning, it is a reason,

01:17:55   but that the primary reason iCloud backups

01:17:58   are not end-to-end encrypted is that they,

01:18:01   yes, exactly what you said a couple minutes ago,

01:18:02   that Apple looked at the actual support load

01:18:05   that their tech support, AppleCare and stores face,

01:18:09   and it is just, every single day,

01:18:13   thousands and thousands of Apple customers come in

01:18:16   and say, I'm locked out of my stuff,

01:18:18   I cannot get in, what do I do?

01:18:20   We've talked about this, I know, on the show before.

01:18:22   - Yep.

01:18:23   - I, what I would like to see, I guess, is,

01:18:27   but I also realize the downside of this,

01:18:29   it's complexity, where all of a sudden,

01:18:32   everybody's iCloud backup is the same,

01:18:34   has weaknesses in the current world

01:18:37   because it's not end-to-end encrypted,

01:18:39   but at least it's a simple story,

01:18:41   whereas making it optional to make your iCloud backup

01:18:45   end-to-end encrypted so that Apple cannot decrypt it,

01:18:50   it cannot turn it over to law enforcement,

01:18:52   even in the face of a warrant, has nothing to do it,

01:18:55   but also, therefore, inherently cannot help you

01:18:59   if you lock yourself out and forget

01:19:02   all of the ways to get in.

01:19:04   - You know, they literally can't.

01:19:06   You just gotta, like, by pressing that button,

01:19:08   you say, I'm a grown-ass adult,

01:19:09   and I value encryption over recoverability,

01:19:12   and I'm doing this to myself.

01:19:14   - Right, you know, that scenario would have to have

01:19:18   some outs in some way, right?

01:19:20   Like, you know, would it be that your recovery contact

01:19:24   could do it?

01:19:25   But then that opens up the scenario where law enforcement

01:19:29   could go to your recovery contact and say,

01:19:32   okay, here's our warrant, please, you know,

01:19:35   use your recovery contact powers to give us access

01:19:39   to, you know, this criminal suspect,

01:19:41   Renee Ritchie's iCloud account.

01:19:43   - Yeah.

01:19:44   The whole thing is, like, it really depends,

01:19:46   again, it depends on your threat model.

01:19:47   For the vast majority of people,

01:19:49   it's not even a consideration.

01:19:50   Like, the chance of loss is just so much more massive

01:19:53   than the chance of subpoena, or even, like, of hacking,

01:19:56   or, like, criminal activity.

01:19:57   It's the reason why, like, my laptops are,

01:19:59   like, I encrypt the drive, I use FileVault on my laptops,

01:20:02   just because it's a laptop and it could get stolen

01:20:04   or it could leave.

01:20:05   But anything that I have, like, my family photos,

01:20:07   they're on a drive that's not encrypted at all,

01:20:09   because, you know, drives fail,

01:20:11   and if a drive is encrypted and it fails,

01:20:13   you can't even pay those exorbitant recovery companies

01:20:15   to get them back for you.

01:20:16   That stuff is just gone.

01:20:17   - Well, they could get back the ones and zeros

01:20:20   of the encrypted blob.

01:20:22   - But it would be, yeah, it would be useless.

01:20:24   - Right, it just--

01:20:24   - So, like, yeah, you have to, like,

01:20:27   part of this is, like, I think that people fetishized

01:20:29   encryption and fetishized security,

01:20:31   and because we live in a world that has a bunch

01:20:32   of terrible stories in the media,

01:20:34   that everybody thought everything,

01:20:35   and infosec people really do believe

01:20:37   everything should be encrypted all the time,

01:20:38   and backup people think that you're out of your mind

01:20:41   if you encrypt anything important to you at all, ever,

01:20:43   and I think there's, like, a middle ground,

01:20:44   and maybe Apple can find that.

01:20:46   Like, PassKey works great.

01:20:47   PGP never took off for email,

01:20:49   because it was just too damn hard

01:20:50   for anybody to manage a system very similar to this,

01:20:53   and they figured out a way to make, basically,

01:20:55   SSH-style private public key system easy to work,

01:20:59   and I'm hoping they can figure out a way

01:21:01   where you can classify things as, like,

01:21:03   please encrypt this, and please make this recoverable.

01:21:06   (laughs)

01:21:07   I somehow managed to graduate from a reputable university

01:21:12   with a computer science degree,

01:21:13   and was, I think, one course short

01:21:17   of graduating with a math minor.

01:21:19   I think it was, I used to have it memorized.

01:21:22   It was probability and statistic two,

01:21:25   and there was another, I think there were two classes,

01:21:27   but ProbStat one was so hard for me

01:21:30   that I was like, forget it, I don't need a math minor.

01:21:32   I don't care if it's one class.

01:21:33   I'm never taking this again.

01:21:35   And I care about privacy and security,

01:21:39   and I did have and use PGP for my email for a while.

01:21:43   I never encrypted every message,

01:21:45   'cause it never was necessary,

01:21:46   but even with that background of somewhat technical

01:21:50   expertise, it was still so convoluted and confusing

01:21:53   that I'd go so far between actually using it

01:21:56   where somebody would then send me an encrypted email,

01:21:59   and it would be like starting all over from scratch.

01:22:01   Like, how the hell do I decrypt this?

01:22:03   What do I do?

01:22:04   It's just not a good match.

01:22:06   It's better to just treat,

01:22:07   better to treat email like postcards.

01:22:11   They're not even in an envelope.

01:22:13   There's no envelope to steam open.

01:22:15   Just assume every email you send and receive

01:22:19   is like a postcard going through the mail

01:22:22   where the message is just written on the back of the card

01:22:24   and any, you know, you can use it.

01:22:27   I use email every day, thousands of messages,

01:22:30   every month probably.

01:22:31   Just assume it has the security of a postcard

01:22:34   and be done with it.

01:22:35   - Let's go and be like Panzorino

01:22:36   and post your damn PGP key in all your social bodies.

01:22:40   - I do not use it anymore.

01:22:42   I used to publicly advertise my PGP key

01:22:45   for daring Fireball readers to contact me securely.

01:22:47   And now what I tell them to do is use Signal.

01:22:50   And it's a much better, 'cause Signal,

01:22:52   it's like the opposite of email,

01:22:54   where Signal is only and can only be cryptographically secure.

01:22:59   On this point though, this is great,

01:23:01   it leads to another point that I wrote about

01:23:04   just the other day is your health data, right?

01:23:07   Where again, circling back to this Supreme Court decision

01:23:10   in the United States that removes,

01:23:13   overturns the Roe v. Wade that considered

01:23:16   reproductive rights and abortion

01:23:18   a constitutional right in the United States.

01:23:20   And now it's literally overnight.

01:23:22   There were states here that had laws set up

01:23:24   to take up trigger laws that took effect

01:23:27   as soon as it was overturned to criminalize abortion.

01:23:31   Now people are worried, and this is again,

01:23:33   not a hypothetical scenario, the state of Texas,

01:23:36   which my understanding from having spoken to people

01:23:39   in Texas is it's a large state,

01:23:41   has a law that it allows people to collect $10,000 bounties

01:23:46   for reporting people they know of to get abortions

01:23:50   that are now illegal in the state.

01:23:52   It's very serious, high stakes.

01:23:54   People are concerned about their,

01:23:55   women are concerned about period tracking

01:23:58   menstrual cycle data that they store

01:24:01   in their computer devices for very good reason.

01:24:05   Again, anybody who was concerned about this a year ago,

01:24:08   two years ago before this decision in the United States

01:24:12   maybe was more on the hypothetical side,

01:24:14   but the way that state laws have been going here,

01:24:17   it's not, it hasn't been hypothetical for a while.

01:24:19   Now it is, it's the law of the land.

01:24:24   People, women are rightly concerned.

01:24:26   What do you do?

01:24:27   What do you worry about?

01:24:28   And one of the things I mentioned,

01:24:30   and I think, I really think it's worth mentioning

01:24:32   in articles that bring this up is that your health data

01:24:36   from Apple, your iCloud health data,

01:24:38   whatever you wanna call it,

01:24:39   but using the health app on your iPhone is,

01:24:43   if the apps you use or that,

01:24:46   menstrual cycle tracking is now a built-in feature of health

01:24:49   you can do it just using the health app.

01:24:52   You don't need a third party app,

01:24:53   but if the app only stores the data in health,

01:24:56   your data is end-to-end encrypted,

01:25:00   but here's the important clause

01:25:02   that I had to add to my article after posting it.

01:25:05   If your iCloud account

01:25:08   has two-factor authentication turned on.

01:25:11   - Yep.

01:25:12   - So if your iCloud account is two-factor authentication,

01:25:16   which it should be, in my opinion,

01:25:18   I don't think there's anybody who shouldn't be using

01:25:19   two-factor authentication for their iCloud account,

01:25:22   but it's not mandatory yet.

01:25:25   I don't know what, I'd love to know the percentage

01:25:27   because there's so many features now

01:25:29   and Apple is very gently steering everybody

01:25:32   who doesn't have it on to enable it,

01:25:35   but it is important to mention it.

01:25:37   If you have two-factor on your iCloud,

01:25:39   your health data is only decrypted on your devices

01:25:44   and yes, it does go through iCloud

01:25:47   to sync to your other devices,

01:25:50   but that data on iCloud in Apple servers

01:25:55   is end-to-end encrypted and Apple itself cannot see it,

01:25:59   could never turn it over at the request of law enforcement,

01:26:03   but only if your iCloud account

01:26:04   is using two-factor authentication.

01:26:06   If your iCloud account is not using two-factor authentication

01:26:09   your health data still syncs,

01:26:11   but it's part of your regular iCloud backup,

01:26:14   which we just got done saying is not end-to-end encrypted

01:26:17   and therefore could be turned over to law enforcement

01:26:21   and a faceable warrant.

01:26:23   - Yeah, I think for a while

01:26:24   you couldn't sync health data at all.

01:26:26   Apple just left it on device and people would get angry

01:26:28   'cause they'd get a new watch or they'd get a new phone

01:26:29   and they wouldn't bring their health data with them

01:26:31   and they ended up building,

01:26:32   the same thing for a lot of the other more personal data,

01:26:34   they built that whole secure cloud kit system

01:26:37   to move it in a way that was more locked down

01:26:40   than all of your standard data

01:26:42   and they've been slowly building out that process as well

01:26:44   'til they felt comfortable not only syncing it,

01:26:46   providing new features like share your health data

01:26:48   and things like that.

01:26:50   - Right, but that stuff is from the ground up

01:26:54   designed to be secure in this way.

01:26:57   - And it has to be 'cause there's all sorts

01:26:59   of HIPAA requirements around a lot of it as well.

01:27:01   - There are period tracking apps that don't use health

01:27:05   whether because they're web-based or they're cross-platform

01:27:08   and you have Android components or siblings,

01:27:11   whatever you wanna call them too,

01:27:12   or just for the way the developer chose to do it,

01:27:15   store the information on their own

01:27:17   and you should, like anything health related,

01:27:20   you should make yourself as aware as possible

01:27:22   of the company or provider's privacy policies

01:27:26   regarding that data.

01:27:27   But if the answer is they're doing it

01:27:30   through the health app on iOS,

01:27:33   it is secure if your account uses two-factor authentication.

01:27:37   I would like to see,

01:27:39   if Apple never makes all of iCloud backups

01:27:44   two-factor or end-to-end encrypted as an option,

01:27:48   if they start moving other things,

01:27:52   I would like to see them do with iMessage

01:27:56   what they've done with health,

01:27:57   where, okay, take iMessage out of your regular iCloud backup

01:28:02   and only sync to iCloud through iMessage in the cloud

01:28:08   as a separate feature and make all of that two-factor

01:28:12   or end-to-end encrypted so that everything in iCloud

01:28:16   that's related to iMessage is only decryptable

01:28:21   on the device.

01:28:23   And the downside to that would be somebody

01:28:27   who needs Apple's help to recover their stuff

01:28:29   would not recover their iMessage history.

01:28:31   To me, that's a trade-off that would be worth making.

01:28:35   - So again, I used to have to deal with that

01:28:38   a long time ago at iMore because people

01:28:39   would always be writing in saying they lost access

01:28:41   to their text.

01:28:43   So for a lot of people, it is secure communication,

01:28:45   but for a lot of other people,

01:28:46   it's all the text they sent in a relationship,

01:28:49   you know, when they got engaged,

01:28:50   when they were talking about their kids,

01:28:52   their history with people.

01:28:53   And for a lot of people, that's the same as a photograph

01:28:56   where it has almost no value to somebody else

01:28:59   but has tremendous sentimental value to them.

01:29:01   And they used to have to get,

01:29:02   like Ecamm used to make a utility

01:29:03   where you could go and copy it off one phone

01:29:05   and transfer it to another phone.

01:29:07   So it's one of those things where they weigh it

01:29:08   and they still see, like, yes, for the nerdy people

01:29:11   on Twitter and people who have threat levels,

01:29:14   totally make it encrypted all the time.

01:29:17   But for the vast majority of people,

01:29:18   they are far more concerned about losing their messages

01:29:21   than somebody else seeing them.

01:29:22   - Yeah, so I don't know.

01:29:24   So you'd think, you know, I--

01:29:27   - I would like the option for all of it.

01:29:28   Like, I would turn it on in an instant

01:29:29   and people would tell me I'm dumb for doing it

01:29:30   'cause I would lose stuff, and I know I would,

01:29:32   but I just have, I'm paranoid, so I would do it.

01:29:35   - Yeah, I would like to turn it on

01:29:36   for all of iCloud backup, but--

01:29:38   - Yeah, same.

01:29:39   If not that, I would like to do it

01:29:41   for iMessage specifically.

01:29:43   But the downside of, the thing about iMessage

01:29:46   is it's not just your data.

01:29:47   It matters who you're communicating with, right?

01:29:51   - Yeah, same with Gmail.

01:29:52   Like, people are like, I would never use Gmail,

01:29:53   but half the people you email on the internet

01:29:55   are using Gmail.

01:29:56   - Right, so let's just say you and I get involved

01:29:59   in a criminal conspiracy or a suspected criminal conspiracy,

01:30:04   and I turn on, or let's just say you turn it on

01:30:09   'cause you're more security conscious than me,

01:30:11   and you turn on, only store all of my iMessage history

01:30:15   using end-to-end encryption and take it out

01:30:17   of my regular iCloud backup.

01:30:19   If I don't have that turned on,

01:30:21   or I'm using an old version of iOS,

01:30:24   where this feature that's, at the moment,

01:30:26   as I discussed it, hypothetical,

01:30:28   my device isn't even on it,

01:30:29   so I don't even have the option,

01:30:31   and it's, you're in my conspiracy,

01:30:33   even if law enforcement, even with a warrant,

01:30:36   cannot access any of your iMessage data,

01:30:38   they can just come to me and get my iCloud backup,

01:30:41   and then here's the whole iMessage history

01:30:43   between me and you.

01:30:44   Basically--

01:30:45   - It's not that, like, I don't wanna be one of those people,

01:30:46   but it goes back to the need for fundamental regulation

01:30:49   and legislation around this,

01:30:50   and unfortunately, almost every government

01:30:51   is on the wrong side of it,

01:30:53   but there's longstanding policies about, like,

01:30:55   law enforcement would love to be able to get

01:30:57   everybody's DNA and fingerprints at birth,

01:30:59   and we chose, as a society, not to allow that.

01:31:01   They would love unfettered access

01:31:02   to all of our data and communications,

01:31:04   but we have to choose, as a society,

01:31:05   to understand that these devices hold so much of our life

01:31:08   that they're essentially external cybernetics at this point,

01:31:11   and they'll be internal one day,

01:31:12   and does the chip in your head have a right

01:31:15   to not, like, be forced to testify against you?

01:31:17   And we're gonna have to wrestle, as a society,

01:31:20   with these laws, and it would be great

01:31:21   if more forward-thinking, less dinosaur-like politicians

01:31:25   came to realize that a lot of this stuff

01:31:27   shouldn't have to be our burden.

01:31:28   They should make laws that are as respectful of our privacy

01:31:32   as fingerprint and DNA laws have been historically.

01:31:35   - Yeah, and a lot of this really comes down

01:31:37   to the, how, because people don't understand

01:31:42   how the technology works, and they shouldn't,

01:31:45   it's not that everybody should have a computer science

01:31:48   degree, it's obviously never going to be the case,

01:31:50   and there's no reason to argue that they should,

01:31:52   but it means that common sense understanding

01:31:55   of the matter just isn't there.

01:31:57   So if anybody proposed that everybody in the US

01:32:02   or Canada, Mexico, wherever you live, right,

01:32:05   doesn't matter, but everybody in the country

01:32:07   should make a copy of their house key

01:32:09   and mail it to the FBI so that if ever needed,

01:32:12   the FBI has a key to your house.

01:32:15   That wouldn't go anywhere.

01:32:17   Immediately, whoever, before they even finished

01:32:19   making the proposal, they'd be laughed off the podium,

01:32:21   right, 'cause people are like--

01:32:22   - They're even doing that with face ID,

01:32:23   like they're starting to pass laws about how face ID,

01:32:25   like facial recognition, I should say, sorry,

01:32:27   like random cameras and who's allowed to track us

01:32:30   and who's not and where they can be used.

01:32:31   But for some reason, it's like open season

01:32:33   on phones all the time.

01:32:35   - People understand, you know, intuitively understand

01:32:38   that a physical key that goes in a physical lock

01:32:40   is not something that you should be sending copies of

01:32:43   to the government or, you know, you shouldn't do it

01:32:45   willfully and you certainly shouldn't be required to.

01:32:47   But once it comes down to this stuff that's all just

01:32:50   ones and zeros and stuff like that, it's a lot easier

01:32:53   to conflate the arguments, right, and yeah,

01:32:56   and the law enforcement people are like,

01:32:59   this is all about fighting child pornography, you know.

01:33:02   - And terrorism, that's the two things

01:33:03   that every time. - Terrorism.

01:33:04   - And, you know, they're not lying that it has relationship

01:33:09   to those cases and would make it easier to pursue

01:33:12   those cases, you know, which in and of itself is good,

01:33:16   but on the whole, considering all of the balances,

01:33:21   it is not worth it, but they make those arguments.

01:33:23   Whereas when you're talking about actual physical stuff,

01:33:26   like giving, keeping a key on file with your local police

01:33:31   of, to your house, people just know, no, that's,

01:33:33   I don't need that, you need to get in my house,

01:33:35   break the door down, you know.

01:33:37   - Yeah, it's, again, like law enforcement is doing their job.

01:33:40   Their job is to want to do this stuff as quickly

01:33:42   and easily as possible and it would absolutely help them.

01:33:45   So would enhanced interrogation, so would like,

01:33:47   lack of a fifth amendment, so would all of these things.

01:33:50   But again, as a society, as a civilization,

01:33:52   we've decided that their job should be hard,

01:33:54   that it is the benefit of society, that one in,

01:33:57   like, what is the saying, you know, five guilty people

01:33:59   should go free rather than one innocent person go to jail.

01:34:01   We've made those decisions, we just haven't taken them

01:34:03   to their logical conclusion with digital devices.

01:34:05   - Yeah, well, it's a lot more than five, I would think.

01:34:09   I don't know, but, you know, at some point,

01:34:10   there is a number, right?

01:34:11   What is the number of how many guilty people

01:34:13   should go free before one innocent person?

01:34:15   You know, there is, there's some number, right?

01:34:18   I don't know. - Yeah.

01:34:19   - But it's obviously the, you know, it requires nuance

01:34:24   and we as a civilization and society still, you know,

01:34:29   have some work to do on nuanced arguments.

01:34:31   - Yeah, yeah, yeah.

01:34:32   - All across the world. - People who are so performative,

01:34:34   they just want their soundbite,

01:34:35   they don't care about the actual job anymore.

01:34:37   - All right, let me take a break here.

01:34:38   Thank our third sponsor of the show

01:34:40   and it's our good friends at Memberful.

01:34:42   You can monetize your passion

01:34:44   and your audience with memberships.

01:34:46   Memberful allows you, a creator,

01:34:49   to build a sustainable recurring revenue

01:34:50   and it is the easiest way to sell memberships

01:34:53   to your audience and it is used

01:34:55   by some of the biggest creators on the internet.

01:34:58   Memberful has everything you need

01:35:00   to run a membership program, including custom branding,

01:35:02   gift subscriptions, Apple Pay support, free trials,

01:35:05   private podcasts, tons more, and it seamlessly integrates

01:35:09   with the tools and systems you already use,

01:35:12   like WordPress and mailing list managers

01:35:14   and all sorts of other features.

01:35:17   They have a world-class support team

01:35:18   that is ready to help you simplify your memberships

01:35:21   and grow your revenue.

01:35:22   They're passionate about your success

01:35:25   because they only make money when you make money

01:35:28   and you only make money when you're selling memberships

01:35:31   to your audience that provide your audience

01:35:33   with things they want access to.

01:35:35   It is like a virtuous cycle, happy audience,

01:35:39   paying for things they're happy to pay for.

01:35:42   You are a happy creator, making money through the membership

01:35:45   and Memberful is a happy company providing you

01:35:47   with the tools to do it by taking their small cut

01:35:51   of your membership.

01:35:52   They do it all with keeping your brand in front,

01:35:56   not Memberful, you're building a relationship

01:35:58   with your brand and your audience, not your audience

01:36:02   and Memberful, and they make everything something

01:36:05   you can take with you, your entire subscriber list,

01:36:08   everything, if you would choose to move

01:36:10   to a different service or system,

01:36:12   you can take everything with you.

01:36:14   That's how confident they are that you won't want

01:36:16   to leave Memberful.

01:36:18   There's no lock-in and no branding that sits

01:36:21   atop your brand, it's all your brand.

01:36:23   It is a great service.

01:36:24   I subscribe to a slew of Memberful's six colors,

01:36:28   Relay FM, the list goes on and on.

01:36:30   I spend a ton every month on it and I'm happy to do so

01:36:32   because it's all creators who I'm happy to support

01:36:35   and happy to get the members only stuff that I get.

01:36:38   Where do you go to find out more?

01:36:40   Go to memberful.com/talkshow, memberful.com/talkshow

01:36:45   and you can get started for free with no credit card

01:36:48   required, check 'em out if you have any sort of audience

01:36:51   you're looking to monetize with memberships.

01:36:53   What's left?

01:36:54   I think we had something else, right?

01:36:55   - Yeah, the controversy, maybe controversy about

01:36:58   the single NAND flash version of the--

01:37:00   - Ah, yes, yes, this is great.

01:37:04   The M2 13-inch MacBook Pros are out.

01:37:09   You can order them, the reviews are out,

01:37:12   they're in people's hands.

01:37:14   We're waiting, it's still, as we record,

01:37:16   this is still technically June and Apple did promise us,

01:37:19   quote, next month for the M2 MacBook Airs,

01:37:22   so we don't have them.

01:37:23   But people with the new 13-inch MacBook Pros with the M2

01:37:27   have seen that, well, you summarized the situation.

01:37:31   - Yeah, so I didn't know this because the editorial loans

01:37:33   this time were the one terabyte models.

01:37:36   Apple doesn't always give you the maxed out version,

01:37:38   but they usually give you more than the baseline.

01:37:40   But no, I should clarify that.

01:37:42   Previous administration at Apple used to love to give me

01:37:44   the lowest version of a product just so I could show,

01:37:46   'cause they thought that I was good at showing

01:37:47   what you could still do on the lowest version,

01:37:49   but I usually get the middle level products now.

01:37:51   Marques will get the highest end

01:37:53   because 8K, six, whatever, 8K 30 video.

01:37:55   So I got the one terabyte model and it turned out

01:37:59   when people started getting the 256 gigabyte model

01:38:02   that Apple had switched from using two 128 gigabyte chips

01:38:05   for the NAND flash, 'cause it's not drives anymore

01:38:07   in these devices, they're just raw chips on the board,

01:38:11   to using a single 256 gigabyte chip.

01:38:14   And what that did is it means the chips

01:38:16   are no longer working in parallel.

01:38:18   So the higher models are because they have multiple 256

01:38:21   or 512 or whatever chips, but the single 256 gigabyte chip

01:38:26   is working serially now, so if you plug it in

01:38:29   to do a file transfer or if you're writing to drive,

01:38:32   it's getting about half the performance of the previous M1,

01:38:35   which had two 128 gigabyte chips in it.

01:38:38   And the reason for that is just it's manufacturing

01:38:40   at a certain point, companies stop making smaller stuff,

01:38:43   that's why Apple has to move up the memory

01:38:45   and move up the storage on devices over time,

01:38:47   because whatever the most mainstream version of the chip is,

01:38:51   not only does there much more volume about it,

01:38:53   but the prices go down because of the economies of scale.

01:38:56   So my guess is, because of a combination of 2020

01:38:58   and just the progress in fabrication,

01:39:02   that this is the most common module now,

01:39:04   so Apple went to the 256, and I should digress for a minute,

01:39:08   the way Apple handles a lot of this stuff

01:39:09   is that they have a minimum spec

01:39:11   to deliver the experience they want for a device.

01:39:13   And a good way of thinking about it is like,

01:39:15   if you have to make the Olympic team,

01:39:17   and making the Olympic team means you've gotta run

01:39:19   100 meters in under 10 seconds,

01:39:21   that's all you need to make the Olympic team.

01:39:23   Like Apple will say what the spec the supplier has to meet,

01:39:26   and if they over-perform, Apple doesn't care.

01:39:28   If they under-perform, they're finished,

01:39:30   but if they over-perform, Apple doesn't care.

01:39:31   So if it's 9.9 seconds, 9.8 seconds, 9.7, they don't care.

01:39:36   And that's resulted in some controversies,

01:39:38   like when the A9 was dual-sourced between Samsung and TSMC,

01:39:42   and TSMC's process was better,

01:39:44   so you got longer battery life on that model,

01:39:47   or like the LG versus the Samsung display on some MacBooks,

01:39:50   the Samsung one was better,

01:39:51   or the LG one, I think, back then was better,

01:39:53   so people tried to figure out which one they were buying.

01:39:55   Even more recently, like, you know,

01:39:57   sometimes there have been like models of iPads

01:39:58   that have had more RAM in them

01:39:59   that Apple doesn't talk about.

01:40:01   There's always been cases like this,

01:40:03   and mutual friends of ours have gone nuts

01:40:05   trying to find the versions that have the better stuff in it.

01:40:07   This isn't exactly that, it's just,

01:40:09   this was the component that Apple could fit

01:40:11   within getting enough supply to release it,

01:40:13   and within the budget for the product,

01:40:15   and it meets their minimum spec for the product.

01:40:18   So yes, the old version was twice as fast,

01:40:20   and that has like some benefit

01:40:22   for people who really care about transfer speed,

01:40:24   like if you're doing file transfers.

01:40:26   It shouldn't be a huge impediment

01:40:27   if you're doing anything else,

01:40:28   because that's sort of written into

01:40:31   to what they designed the product for.

01:40:32   But people on YouTube do a ton of tests now,

01:40:34   and they find the stuff, and more power to them,

01:40:36   because I don't think that pros

01:40:38   would really get the 256 version.

01:40:39   I would argue Apple shouldn't even make it anymore.

01:40:41   I think it's far too small,

01:40:43   and I think they hint they can't get those,

01:40:45   they can't get those chips in parallel anymore to do it

01:40:47   was probably a big indicator they shouldn't have done it.

01:40:49   But that's basically what's happening right now.

01:40:51   - Yeah, and the disingenuous thing that I've seen,

01:40:55   and I don't have anybody to throw into the bus handy,

01:40:58   but I saw headlines when this came out,

01:41:00   that in the headline, and headlines matter so much,

01:41:04   it is impossible to overstate,

01:41:06   because so many people only read the headline.

01:41:09   But if the headline and the subhead,

01:41:11   more or less saying the M2 13-inch MacBook Pro

01:41:15   gets half the IO performance of the M1,

01:41:19   and end of headline, end of summary,

01:41:22   and then you'd have to read the story

01:41:24   to see that it only applies to the 256 configuration,

01:41:29   and that it's not true for the 512 or one terabyte.

01:41:33   Does it max out at one terabyte?

01:41:35   I don't even know.

01:41:36   - Two terabytes, two terabytes.

01:41:37   - Or there's a two terabyte.

01:41:38   So you can get 256, 512, one terabyte, or two terabytes.

01:41:43   Only the 256 terabyte, or gigabyte version

01:41:46   has this decreased IO, and it is exactly

01:41:50   for the reason you said, where with all of the M1 systems,

01:41:53   no matter what level of storage,

01:41:56   underneath the hood, literally, literally underneath

01:41:59   the hood, the storage, the built-in storage on the M1 chip

01:42:06   consisted of two SSD components.

01:42:09   No matter if it was the lowest end or the highest end,

01:42:12   there were two, and so even the lowest end configuration

01:42:15   got the benefits of parallel read/write to the storage.

01:42:20   You never see it as a user.

01:42:22   Like, there's no reason for you to.

01:42:24   This is completely an implementation detail

01:42:26   of Apple's systems on a chip.

01:42:28   - Yeah.

01:42:29   - It's, you know, you open up your brand new MacBook,

01:42:32   and it's a 256 gigabyte configuration,

01:42:35   and you see a startup disk, a Macintosh HD,

01:42:40   with the system, so you know, you don't have all 256

01:42:43   available, 'cause the system is there,

01:42:44   but it looks like one 256 gigabyte drive, you know,

01:42:49   for, I don't know, what do we call 'em?

01:42:51   SSDs, the D still stands for drive, right?

01:42:54   It's not a spinning, it's not a disk.

01:42:57   - Colloquially, you can still call it an SSD.

01:42:58   It's like, it's just a NAND flash chip,

01:43:00   but that sounds dumb.

01:43:01   - Right, but it's, you know, this flash,

01:43:03   the long-term storage in the device

01:43:05   technically consisted on all configurations

01:43:09   of two, or at least two, I don't even know.

01:43:11   I don't even know if the two terabyte was more than two,

01:43:15   but whatever the thing, you didn't have to worry about it,

01:43:18   and now with the M2, the low-end one

01:43:20   is a single 256 gigabyte chip on the system on a chip,

01:43:25   and therefore performance, now,

01:43:27   is read/write performance slow?

01:43:31   No, it still is very fast in the grand scheme of things.

01:43:35   Is it worth knowing?

01:43:36   - It's just not ridiculously fast.

01:43:37   - It is absolutely an interesting thing to know,

01:43:40   and if you were tempted to buy the 256 gigabyte one,

01:43:45   you should definitely know about it.

01:43:47   Is it a controversy?

01:43:48   I don't think so, and again--

01:43:50   - I would just maintain that if, like,

01:43:52   it is, 256 gigabytes is not usable

01:43:55   for anybody who is doing any work

01:43:57   that they would see the difference

01:43:58   in the read/write speeds.

01:43:59   - Right.

01:44:00   - You're gonna be doing a lot of heavy rendering

01:44:02   and a lot of other things.

01:44:03   If you're using an external drive,

01:44:05   the external drive is never as fast

01:44:06   as internal storage anyway.

01:44:07   - Right.

01:44:08   - Because it's going through the Thunderbolt bus.

01:44:09   It's, yeah.

01:44:10   In my comments, the thing is exactly what you said.

01:44:12   My comments, I did a review on the product,

01:44:14   and I didn't know about this

01:44:15   because I had the one terabyte version,

01:44:17   so I tested the SSD, it was roughly the same for me,

01:44:20   but my comments are now filled with people

01:44:22   who are saying this machine is DOA,

01:44:24   that the whole thing is broken,

01:44:26   and they believe it's every model.

01:44:27   They have no idea that it's just one,

01:44:29   and that is, I have this issue at large,

01:44:32   is that a lot of the tech coverage

01:44:34   has become so cynical and so sensational and so gotcha,

01:44:37   and I understand everybody needs page views,

01:44:38   everybody needs headlines, everybody wants attention,

01:44:42   but the two costs of that are, one, it's a sliding scale,

01:44:46   so what got you attention last time,

01:44:47   you gotta escalate over that every time,

01:44:49   but two, at a certain point,

01:44:50   it becomes malware for the readers,

01:44:52   and it becomes bad for the customers

01:44:54   because they don't get that context.

01:44:56   They only get the gotcha conversation around it.

01:44:58   - Yeah, totally, and that's what I mean

01:44:59   about the headline mattering, right?

01:45:01   And you start looking at these headlines

01:45:03   floating around Twitter and wherever else

01:45:05   you're just browsing the news,

01:45:07   and that's the way it was posed,

01:45:09   that the M2 MacBooks have half the storage I/O speed

01:45:14   as the M1 versions, which sounds terrible and inexplicable,

01:45:19   and if it were true across the board,

01:45:23   would definitely be cause for, if not outrage,

01:45:26   at least genuine concern for

01:45:29   what the hell is Apple thinking, right?

01:45:31   It would be calamitous.

01:45:33   This is not the way things should work,

01:45:35   but when the entire reason

01:45:37   that the 256 gigabyte configuration exists

01:45:41   is for price-conscious buyers,

01:45:44   I don't think it's controversial at all.

01:45:49   - It's mostly institutional buyers

01:45:50   who wanna use them as thin clients

01:45:52   for web apps and custom apps.

01:45:53   - And the reduction in I/O performance is fine.

01:45:58   It is still so much faster

01:46:00   than just about anything else on the market

01:46:02   in that price range, it's fine.

01:46:05   It does, unless I'm missing something

01:46:07   looking at the pricing, the 13-inch starts at,

01:46:12   I'm gonna go with $1,300.

01:46:14   It's technically $1,299, but the 99 pricing always,

01:46:18   to me it's a little disingenuous.

01:46:20   It's $1,300 to get the exact same configuration,

01:46:25   but only upgrade to 512.

01:46:28   And if you're concerned about I/O speed,

01:46:30   you don't need the actual extra 256 gigabytes.

01:46:34   256 gigabytes is all you think you'll need,

01:46:37   but you want the performance.

01:46:39   It is a $200 upgrade.

01:46:41   It goes to $1,500.

01:46:42   So I can see why if,

01:46:45   I would, it would be shocking if Apple didn't think,

01:46:48   if the matrix of decisions came down

01:46:52   of either we can't get the 128 chips

01:46:56   to make a 256-gigabyte combined storage out of--

01:47:01   - Enough of them, yeah.

01:47:02   - Or-- - And a cheap enough price.

01:47:03   - Or would be more expensive

01:47:05   or otherwise wouldn't fit in the design,

01:47:08   you know, at a silicon level in the M2.

01:47:11   Who knows what, you know, but let's just say,

01:47:14   let's just give them the benefit of the doubt

01:47:16   and assume it's good reasons,

01:47:17   whether those reasons are cost, whether they're technical,

01:47:20   whether they're actual, just pure availability,

01:47:23   or a combination of all three.

01:47:25   Let's just assume that they made a rational decision

01:47:28   that for a two, if we do a 256-gigabyte config

01:47:32   of these machines, it would have to be one 256-gigabyte chip

01:47:36   and therefore I/O will be slower compared to the M1.

01:47:40   Should we still make this 256-gigabyte configuration?

01:47:46   - I'm with you, especially for the 13-inch Pro,

01:47:51   which it has the word Pro in the name.

01:47:54   - Yes.

01:47:54   - Would it be disastrous if it started at $1,500?

01:47:58   I mean, but I also see the counterargument on Apple's point,

01:48:02   which might be that they know the sales data

01:48:04   and know that the lots and lots of people coming in

01:48:07   by the $1,300 version with the M1,

01:48:11   and therefore if they got rid

01:48:12   of the 256-gigabyte configuration, effectively,

01:48:16   it would be a $200 increase in price

01:48:18   for the low-end model of the 13-inch MacBook Pro.

01:48:22   - Yeah, and again, it's the institutional buyers

01:48:24   who buy like 1,000, 2,000, 8,000 of them at a time

01:48:27   and really don't care about the storage.

01:48:29   - Right.

01:48:30   - And it does get to a point,

01:48:31   like a lot of people would just say Apple should eat it,

01:48:32   and we're all very good at spending Tim Cook's money

01:48:34   on everything all at once, always,

01:48:36   and they do sometimes,

01:48:37   like sometimes the Mac announcements are only,

01:48:39   it's got a new processor

01:48:40   and double the storage at the same price,

01:48:41   and that's when it's cost-effective enough

01:48:43   for them to do that.

01:48:45   - Yeah, and presumably it's not actually,

01:48:47   the $200 is not entirely component cost.

01:48:51   There's some sort of profit margin built into that,

01:48:55   but at a percentage level, $100 out of $1,300 is still 7.7%,

01:49:00   or no, about 8%, rounding up.

01:49:07   - The only other thing I think is important to add here

01:49:09   is that I don't think anybody should go easy on Apple.

01:49:11   I love that people do these testing,

01:49:12   I love that we get these stories,

01:49:13   I wish the context was better,

01:49:15   but one of the things that I think is bad

01:49:17   is that they're not often done

01:49:18   for other companies besides Apple,

01:49:20   and I get that Apple is like a huge headline,

01:49:22   it gets a lot of attention,

01:49:24   but it creates two problems.

01:49:25   One is that people who don't like Apple

01:49:27   and are buying other stuff

01:49:28   don't have the same amount of information

01:49:30   about what they're buying,

01:49:32   but two, it also makes Apple seem abnormal.

01:49:34   Like if you go and look at a bunch of HP and Dell

01:49:36   and other laptops, you will find incredible disparity

01:49:40   in all of the components in those,

01:49:41   but no one even looks for it.

01:49:43   Even reporters at the same big tech publications

01:49:46   don't do the same kinds of tests on other products

01:49:49   that they do on Apple products, not all the time,

01:49:51   not always, and certainly YouTubers

01:49:54   don't often look for the same kind of things

01:49:55   that we see on Apple review days,

01:49:57   and they should.

01:49:59   I'm saying don't go easy on Apple,

01:50:00   go just as hard on everybody,

01:50:01   like Pixel phones, Samsung phones, Dell laptops, HP, whatever,

01:50:06   one, so that those customers,

01:50:08   with people who are interested in buying it,

01:50:09   benefit from the same type of deep testing,

01:50:12   but especially now that AnandTech

01:50:13   has been basically defunded,

01:50:15   but also because then you would see,

01:50:16   like, is Apple normal here or abnormal here,

01:50:19   and if they're doing something abnormal,

01:50:20   that's an even bigger story.

01:50:22   - Yeah, I think that's true.

01:50:24   I like to call those sort of,

01:50:27   what do I like to call it, grading on a curve.

01:50:29   - Grading on a curve, yeah.

01:50:30   - Where Apple is held accountable for not just A, B, and C,

01:50:35   but down the list X, Y, and Z,

01:50:37   and other companies are only held accountable for A, B, and C,

01:50:40   and they never look at X, Y, and Z,

01:50:42   and part of it is Apple is Apple,

01:50:44   and Apple in the headline gets attention,

01:50:48   that Dell or whoever else who wants to HP,

01:50:51   or whoever else does not,

01:50:52   and that's the nature of being on top,

01:50:53   and it's like the Jean-Louis Gasset saying

01:50:57   that it's the monkey who's climbed highest up the pole,

01:50:59   who everybody else gets to see their asshole.

01:51:02   I'm sure it sounds better in French,

01:51:04   but you get the point,

01:51:06   that when you're on top, you get more attention

01:51:08   than when you're not.

01:51:10   But it's exacerbating, though,

01:51:13   that now it's just out in the air,

01:51:15   and people quote, unquote, know that the M2 Macs

01:51:20   are slower at disk I/O than the M1 Macs

01:51:23   by a significant factor, which is not true,

01:51:26   and it's not that hard to explain it.

01:51:28   It's the lowest end model,

01:51:29   and it's for a very good technical reason

01:51:34   that it only has one chip,

01:51:35   and so it can't read, write, and parallel.

01:51:37   Presumably--

01:51:40   - And it's totally fair to dig 'em for that.

01:51:41   Just make sure you give the context.

01:51:42   - Right, you have to give the context,

01:51:44   and the context, it's not like you're asking

01:51:45   for a book-length footnote.

01:51:47   It's very easy to explain.

01:51:49   The MacBook Airs are not available for purchase yet,

01:51:52   and I can say, it's like a canary test,

01:51:55   I don't, review units are not in my hand yet,

01:52:00   so I don't know.

01:52:01   We don't know if this is true for the MacBook Air,

01:52:04   but it almost certainly will be,

01:52:06   because it is the M2, right?

01:52:09   And so when they make an M2 with 256 gigabytes of storage,

01:52:14   it's almost certainly the exact same,

01:52:17   or with an exception I'll mention in a second,

01:52:20   it's the same chip that's going to be in the MacBook Air,

01:52:24   so it's almost certainly going to have

01:52:26   the exact same performance characteristics,

01:52:28   where the 256 gigabyte SSD one

01:52:31   is going to have the same performance characteristics

01:52:34   as the 13-inch MacBook Pro.

01:52:35   Now the difference, I think,

01:52:37   I'm only looking at the MacBook Air page right now,

01:52:41   the MacBook Air, the new one with the M2,

01:52:43   starts at $1200, and you have to go to the exact same price,

01:52:48   $1500 to upgrade to one with 512 SSD,

01:52:52   which will have the two 256 gigabyte chips, presumably,

01:52:57   and will have the faster I/O than the M1 models.

01:53:00   The difference is, with the MacBook Air,

01:53:04   they're binning the GPUs,

01:53:07   and you only get an eight-core GPU

01:53:11   on that $1200 MacBook Air config,

01:53:14   whereas I believe all of the 13-inch MacBook Pros,

01:53:18   including the $1300 model with 256 gigs of storage,

01:53:22   still has a 10-core GPU.

01:53:25   Let me double-check that before I...

01:53:27   But I think that's true.

01:53:30   So there is--

01:53:30   - Yeah, I believe there's just no binned-down MacBook Air

01:53:33   is what it comes down to.

01:53:34   MacBook Pro, I mean, I'm sorry.

01:53:35   - MacBook Pro.

01:53:35   So there is some aspect of the 13-inch new MacBook Pro

01:53:38   that is Pro.

01:53:40   It doesn't, yes, it's still, all the MacBook Pros,

01:53:43   the 13-inch, all have 10-core GPUs.

01:53:46   I just checked, so I was correct.

01:53:48   Again, if you're thinking,

01:53:51   if you're looking at this as a consumer,

01:53:53   and you're looking at the actual storage,

01:53:56   your current laptop, whether it's a Mac or whatever,

01:53:59   if you're moving from Windows,

01:54:01   and you know that you don't need more than 256 gigabytes

01:54:05   of storage, and so you're looking at this $1200 new MacBook

01:54:09   Air with the M2 and thinking,

01:54:12   I don't see why I would spend an extra $200

01:54:15   for 512 gigabytes of storage.

01:54:17   I don't need it.

01:54:18   Will this disk I/O ruin your experience?

01:54:21   No, you will not notice.

01:54:22   I guarantee it.

01:54:25   Is it possible that there's somebody

01:54:26   whose budget is constrained,

01:54:28   and they want to do things where disk I/O matters,

01:54:32   but they don't have the $200?

01:54:35   Yes, in theory, but even then,

01:54:37   the performance is not going to be so much slower

01:54:41   that you're really going to adversely affect your life.

01:54:44   There's also, if the $200 is so meaningful

01:54:47   to you budget-wise, I've been there when I was younger,

01:54:50   trust me, the disk I/O is the least of your problems.

01:54:53   - And it's like, again, I'm not taking it,

01:54:55   like I know some people are gonna be bothered,

01:54:57   some people will be hurt by this,

01:54:58   but if you can afford the kind of storage

01:54:59   where you'd notice the file transfer speeds anyway,

01:55:02   you could probably afford the higher,

01:55:04   like the fast NVMe storage,

01:55:06   like whether it's a thumb drive or an SSD drive

01:55:08   or whatever is expensive.

01:55:10   - Yeah, I think it's best in general.

01:55:13   I mean, I don't blame Apple.

01:55:14   I'm sure that they look at the sales

01:55:18   and they know that these low-end configurations,

01:55:22   the $1,200 MacBook Air and the $1,300 13-inch

01:55:26   new MacBook Pro sell in quantities

01:55:30   that is worth keeping them in the lineup,

01:55:32   and slash or the fact that they can say

01:55:36   this is the price they start at gets people in the door,

01:55:40   even if they wind up buying the $1,500 configurations

01:55:45   with 512, it is a psychological thing with pricing

01:55:49   that knowing that you're buying

01:55:51   as not the bottom-of-the-line model, it matters.

01:55:56   I don't blame Apple for offering these configurations.

01:55:58   I think for people who are buying this $1,200 MacBook Air

01:56:02   coming out next month, quote, unquote,

01:56:04   they're getting a great, I think it'll be a great computer.

01:56:08   Again, I haven't tested it yet.

01:56:09   I don't have it in hand, but knowing what we know

01:56:11   about Apple Silicon Macs, and it'll be fine,

01:56:14   but you are getting the bottom-of-the-line new MacBook Air.

01:56:19   - Yeah, and the new MacBook Air, I mean,

01:56:23   just beyond that, it doesn't have active cooling,

01:56:26   and we don't know how the new chassis profiles,

01:56:28   so we don't know what the saturation point is yet,

01:56:30   so it's gonna have, it's not gonna sustain performance

01:56:33   as long as the MacBook Pro either way,

01:56:35   so it's gonna be an interesting thing to look at.

01:56:36   - You know what's one of the interesting things

01:56:38   is I look at the MacBook Air side by side

01:56:40   with the $1,200 base config, and it's, again,

01:56:44   it's a $300 upgrade to go to the next one up,

01:56:48   which gets you two more GPU cores

01:56:51   and 512 gigabytes of storage instead of 256.

01:56:56   The other little difference that you get

01:56:59   is the $1,200 config ships with Apple's,

01:57:02   I believe, existing 30-watt USB-C power adapter.

01:57:06   When you upgrade to the $1,500 version,

01:57:09   you get the new 35-watt dual-port USB compact power adapter,

01:57:14   and I don't think that was clear in the keynote at all.

01:57:18   I'm sure they said something or put a footnote or something,

01:57:21   but it sounded to me watching the keynote live

01:57:24   that this is the new 30-ish-watt power adapter

01:57:28   Apple is shipping.

01:57:29   That, to me, is a little bit of a nickel and dime move.

01:57:31   I don't know.

01:57:32   And again, again, it's spending Tim Cook's money.

01:57:36   - But it's such a weird company.

01:57:38   They'll spend billions of dollars

01:57:39   to chamfer the edge on the phone,

01:57:40   and maybe that does sell enough units

01:57:42   that it makes up for it, but then they'll not include

01:57:45   the better cable or the better charger.

01:57:47   - I think that having a dual-port charger,

01:57:50   a 35-watt, and again, that's not the fastest,

01:57:53   but most people don't need to fast-charge their MacBooks.

01:57:55   It's nice, it's small, it'll fit into open,

01:57:59   if you plug it in the top of the thing in the wall,

01:58:02   it won't cover the bottom one, so it fits places.

01:58:04   Having two USB-C ports on that charger is so nice,

01:58:09   because then you can just plug another thing in,

01:58:11   and it's a really convenient way to have two charging cables

01:58:17   from one power adapter that fits in the wall,

01:58:20   and third parties like Anker and all sorts of other companies

01:58:23   have been selling multiple-port,

01:58:26   small wall chargers for years.

01:58:29   It's great that Apple is making one now, too.

01:58:31   It really seems nickel and dimey

01:58:33   that they're not supplying it with the $1,200 MacBook Air.

01:58:37   That just--

01:58:37   - Yeah, yeah, their margins, of course,

01:58:41   they have a fiduciary duty to provide value

01:58:43   to their shareholders and make as much money as possible.

01:58:45   All of those things understood.

01:58:47   They spend so much money for things that are experiential,

01:58:51   that don't make a huge difference

01:58:52   in the functionality of the product,

01:58:53   that make it look nicer, or the unboxing experiences,

01:58:56   they could throw it in a dumb box

01:58:57   like every other manufacturer,

01:58:58   but a lot of the boxes they make,

01:59:00   especially in the higher-end products,

01:59:01   are ludicrously origami-designed,

01:59:04   and then to have these little things,

01:59:06   like you call nickel and dime things,

01:59:07   ruin the overall experience,

01:59:09   because they stand out so much as an Apple-like.

01:59:12   I just don't understand that.

01:59:14   - It would be, I mean, there's all sorts of things

01:59:16   that would be funny, and you'd know they wouldn't do it,

01:59:19   but if you bought the $1,200 MacBook Air,

01:59:22   they don't put it in lesser packaging, right?

01:59:25   - Yes, yes, like I'm getting in her brown bag.

01:59:28   - You know how when you send something to a friend,

01:59:30   I just sent, or our mutual friend, Guy English, a thing?

01:59:33   Long story short, I wound up with two play dates,

01:59:36   and I'd sent him one of them,

01:59:38   and I just, when you send something to a friend,

01:59:39   you just pick up, what I do is I just find an Amazon box

01:59:44   that I just got something from the last day,

01:59:46   scratch off all the stuff that was sent to me,

01:59:48   and put a new sticker on top with the address of the person,

01:59:51   and wrap up some used bubble,

01:59:54   imagine if that's how you got your $1,200 MacBook Air,

01:59:57   just from the shit that--

01:59:58   - Like your peasant packaging.

02:00:00   - Boxes that were in the back of the Apple store

02:00:02   from their delivery of paper towels or something like that

02:00:05   for the restroom, and they just stick your MacBook Air

02:00:07   in that with some craft paper,

02:00:09   and say, "Here you go, cheapskate."

02:00:11   No, they don't do that, they give you a box

02:00:13   that looks every bit as nice

02:00:14   as the highest end configuration MacBook Air.

02:00:16   Not giving you the new charger, it just seems, argh.

02:00:22   It really, I don't know.

02:00:24   I would like to think that that was a very close decision

02:00:26   within Apple, and that somebody

02:00:28   is being appropriately shamed for it.

02:00:31   - They're like, $5 a unit over a million units,

02:00:34   $5 million.

02:00:35   - It can't be $5, I refuse to believe.

02:00:38   - No, it's probably, yeah, it's probably pennies.

02:00:40   - I refuse, you know, maybe, I don't know,

02:00:42   but even if it is $5, for God's sake, it's a $1200 computer,

02:00:45   and you're so proud of this new charger

02:00:48   that you put it in the keynote, you know?

02:00:51   If it's nice enough to be in the keynote,

02:00:52   it's nice enough to give to everybody

02:00:53   who buys the new machine.

02:00:54   - It's like putting an ugly staircase in an Apple store,

02:00:56   to get that point why.

02:00:57   - Anyway, that's all I've got, thank you.

02:01:00   It's always good to talk to you, it was so good to see you.

02:01:02   - You too, you too.

02:01:03   - Thank you, and everybody, of course,

02:01:05   should be checking out your YouTube channel

02:01:06   at youtube.com/reneritchie.

02:01:09   You're also doing lots of work.

02:01:10   I actually watch most of your videos on Nebula these days.

02:01:14   - Oh, thank you.

02:01:15   - So where, tell me about Nebula real quick.

02:01:18   - Nebula, again, mutual friend Dave Whiskus and I--

02:01:21   - Never heard of him. - And a bunch of other.

02:01:22   - Never heard of him. - Never heard of him, yeah.

02:01:23   He's the guy with the fancy Tony Stark sunglasses.

02:01:25   - Ah, okay.

02:01:26   - Yeah, so a bunch of educational,

02:01:28   mostly educational creators got together

02:01:29   and made a platform for streaming video

02:01:31   for stuff that wasn't always the best fit for YouTube,

02:01:34   but also no ads, no sponsors,

02:01:37   and it lets us fund a lot of amazing originals,

02:01:40   like Patrick Williams just did Night of the Coconut,

02:01:42   an original movie, like a 90-minute long movie

02:01:44   about an extra-dimensional coconut

02:01:46   who wanted to destroy humanity

02:01:47   through the attainment of clout, and it's hilarious.

02:01:51   So I'm always startled and surprised

02:01:53   by the creativity of the people there.

02:01:55   - Yeah, it's a great service, and it's, again,

02:01:57   it is just, you subscribe, and it goes,

02:02:00   the money goes to the actual creators making the thing,

02:02:03   and there's no ads, and it's really

02:02:06   just a pleasant viewing experience.

02:02:07   You can see Renee's stuff there.

02:02:09   I will also thank our sponsors for the show.

02:02:12   In reverse order, we had Memberful,

02:02:15   and we had, that's where you go

02:02:16   to monetize your membership, and Collide,

02:02:18   where you can do endpoint security

02:02:20   for your Mac, Windows, and Linux laptops in a better way,

02:02:24   and Squarespace, where you can build a website.

02:02:26   My thanks to them.

02:02:27   Thanks, Renee.