512: Owned With a P


00:00:00   So I almost didn't make the show tonight.

00:00:03   - Oh no, stuck on the sand?

00:00:05   - No, because you forgot to fill up with gas.

00:00:07   (laughing)

00:00:09   - No, although I'll tell you one thing, man,

00:00:10   driving on the sand uses a lot of gas.

00:00:13   - Yeah, it's kind of like running on the sand.

00:00:16   - Yeah, and you know, 'cause like, you know,

00:00:17   A, I'm running on low tire pressure, right,

00:00:19   and then driving on sand is like, you know,

00:00:22   walking through maple syrup.

00:00:24   Like, you know, it's just,

00:00:25   it's a very inefficient way to move.

00:00:28   And so, yeah, I mean, that's,

00:00:30   I think my living here,

00:00:33   especially in a house that generates

00:00:35   a very large quantity of solar power

00:00:37   and not going to work every day,

00:00:39   I think overall my carbon footprint is probably not too bad,

00:00:44   but certainly when I do have to drive here,

00:00:48   oh my God, it's embarrassing.

00:00:53   You know, we recorded at 8 p.m.

00:00:56   At about 6.30 p.m., my son started a project

00:01:00   that required having to print things to a printer.

00:01:04   (laughing)

00:01:05   - Oh no.

00:01:06   - Everything that could have gone wrong did go wrong

00:01:09   along this process, so, you know,

00:01:12   first of all, we started out, oh, it's out of paper.

00:01:14   All right, go get paper.

00:01:15   And this is like, you know, because, like, okay.

00:01:19   This house was designed to be a summer house.

00:01:22   And so we don't have large storage, large closets.

00:01:27   My office here is very small.

00:01:31   And where this printer is is on a shelf in a closet.

00:01:36   The water shelf, well the one below the water shelf.

00:01:38   (laughing)

00:01:39   So it's-- - You got some nice

00:01:41   damp stacks of paper right next to it.

00:01:43   - Yeah, exactly, no actually it's the same shelf, yeah.

00:01:44   So getting to like the paper trays

00:01:47   and it's an ordeal with this printer.

00:01:49   You have to like, you know, take it out of the shelf it's on.

00:01:52   Oh, and the whole time to reach it,

00:01:53   you're like on a step stool anyway, like, you know.

00:01:56   So it's a whole thing.

00:01:58   - Stop putting electronics in closets.

00:01:59   Can we just stop that?

00:02:01   That should have stopped as soon as devices

00:02:02   required active cooling.

00:02:03   - We hardly ever use, it's an Epson all-in-one ink

00:02:07   whatever printer, it's an inkjet,

00:02:08   it's hardly ever even on.

00:02:10   So, okay, so number one to use this printer.

00:02:12   I have to pull out the step stool from the closet

00:02:14   that it's in, step up and turn it on.

00:02:17   Wait for it to make all of its noises.

00:02:18   Why not just leave it on?

00:02:20   - 'Cause if you leave Epson printers on all the time,

00:02:22   they keep their ink heads warm, allegedly,

00:02:24   and it basically makes them permaclog in less time.

00:02:28   If you have an Epson printer,

00:02:29   you will probably know that over time,

00:02:31   eventually, it gets so,

00:02:32   like the head gets so clogged or otherwise messed up

00:02:36   that you, like, that no cleaning cycle will fix it

00:02:38   and you have to replace the printer.

00:02:40   So I've learned a long time ago

00:02:42   that if you don't leave it powered on,

00:02:44   with Epson in particular,

00:02:46   you can make the printer last way longer

00:02:48   because it apparently lengthens that process.

00:02:50   So anyway, so we start printing,

00:02:53   get the stepladder out, turn the printer on.

00:02:55   Oh, no paper, oh, gotta get paper.

00:02:57   Oh, it's special photo paper.

00:02:58   Well, the photo paper package we have is empty.

00:03:00   We have to open a new package of photo paper,

00:03:02   find that, this whole thing.

00:03:04   First couple prints go through.

00:03:06   At one point, oh, out of ink.

00:03:08   All right, go get the box of spare ink.

00:03:11   Now again, a printer that lives in a shelf

00:03:15   replacing the ink on it.

00:03:16   You gotta like pull it out, like it's a whole thing.

00:03:19   - It shouldn't be in a closet.

00:03:20   - Yeah, seriously, I think the shelf here

00:03:22   might be the crux of the issue.

00:03:23   - There's nowhere else to put it.

00:03:25   So eventually, you know, I replace all of the colors

00:03:31   'cause one was out and this is the kind of printer

00:03:33   that if it thinks the ink is out,

00:03:35   which I know it's really not,

00:03:36   it's just based on page count or whatever,

00:03:37   but if it thinks the ink is out,

00:03:39   this printer will not print anything except black and white.

00:03:42   And these were printing photos,

00:03:43   so it's like, okay, that's not gonna work.

00:03:45   So replace all the cartridge, fine, get it back in there.

00:03:48   Print a couple more.

00:03:49   Then it starts complaining, hey, paper's not in tray one.

00:03:54   Well, yeah, I know it's in tray two,

00:03:57   but there's no option to tell it,

00:03:58   like, just load it from tray two.

00:04:01   All you can do is either put paper in tray one,

00:04:04   which is the CD printing tray, so you can't,

00:04:09   or cancel the print job.

00:04:11   Okay, so go through, all right, try this, try this setting.

00:04:14   Oh, and he's printing it from an iPad.

00:04:15   So good, find out is there something wrong there?

00:04:18   Reboot everything.

00:04:19   I even rebooted the router.

00:04:21   Like just reboot everything trying to get it to say,

00:04:23   it just would not draw from tray two no matter what I did.

00:04:26   Finally, we got it to print to tray two

00:04:29   and it comes out and it's tiny.

00:04:31   It's pretty tiny now.

00:04:33   Oh my God.

00:04:35   Eventually it took another like, you know,

00:04:36   half hour of troubleshooting and four or five, you know,

00:04:40   wrong prints that are now just garbage

00:04:43   before we finally realized that somewhere deep

00:04:44   in the setting, something had turned to four by six

00:04:47   size paper instead of letter size.

00:04:49   It just, it took so long.

00:04:52   It's like, printers, I hate printers so much.

00:04:55   This is why my giant HP tank that I have,

00:04:59   - Yes, yes, yes, yes.

00:05:00   - It's the only printer that's ever never let me down.

00:05:03   - Would it have been faster for you to print

00:05:05   to the other house and then drive and go get it?

00:05:07   - Maybe.

00:05:07   - By the time you got there, it would already be out.

00:05:09   - Yeah, I mean, it's a two hour drive,

00:05:11   but it might have been faster.

00:05:13   - So why is it an inkjet printer and not a color laser?

00:05:18   I thought you were at least a black and white laser fan,

00:05:21   hence the refrigerator printer at home,

00:05:23   but I thought you also enjoyed a color laser, no?

00:05:25   - I have both.

00:05:27   - Why would you use inkjet for anything in modern society?

00:05:30   - Inkjet printers are way better at photos

00:05:34   than even very good color lasers.

00:05:37   That's why, it's purely for photos.

00:05:39   - You bring that to like Costco or something,

00:05:41   or like you can't bring them to Costco anymore

00:05:42   'cause Costco photo center closed,

00:05:44   but you like have Costco print them

00:05:45   and mail them to you or whatever.

00:05:47   It's not that expensive.

00:05:47   - Yeah, see also the living on the island situation.

00:05:49   This is a good place to have like a little print shop

00:05:52   in your house basically.

00:05:53   - Basically past Marco made a bunch of really dubious choices

00:05:56   and today Marco really paid the price.

00:05:59   - For photo printing you can just send away

00:06:01   and get real prints from someplace nice

00:06:04   and even on the island you can get those.

00:06:07   But yeah, if you need a thing for a school assignment

00:06:09   tomorrow you gotta print it in your house.

00:06:11   - Well yeah, it's that kind of thing where

00:06:14   this is why living here you kinda have to,

00:06:18   because there's the situation with the ferries

00:06:21   in the summer that you might need something

00:06:24   that's past the last ferry departure time or something.

00:06:26   And so you kinda have to be a little more self-sufficient

00:06:29   here than you would in most places

00:06:30   'cause you can't just drive over to a Walmart real quick

00:06:33   and get what you need at all times of day.

00:06:35   It's more involved in that.

00:06:37   And so I have to be my own bike mechanic, for instance.

00:06:40   I've learned how to do all sorts of crazy maintenance

00:06:43   and upgrades and stuff on bikes because I had to,

00:06:46   because there's no one around.

00:06:48   Tiff has learned how to do certain plumbing operations

00:06:51   herself because she had to, because there was no one around.

00:06:55   It's an interesting place.

00:06:57   You kind of have to be independent in a lot of ways.

00:07:00   And one of those ways for us is we keep both kinds of printers,

00:07:04   because printing photos on color lasers sucks.

00:07:06   and I love lasers for anything else that isn't a photo.

00:07:10   They're way better for anything else,

00:07:12   but for photos, they are terrible.

00:07:13   - So Adam was printing photos?

00:07:16   - Yes, specifically he was printing art

00:07:19   that he drew in Procreate on the iPad for a school project.

00:07:23   It's a whole thing, but he was printing

00:07:26   like color illustrations he made.

00:07:27   - With utmost respect to both you and your child,

00:07:32   perhaps in this one scenario,

00:07:35   It might have been simpler and easier to simply print

00:07:37   on the color laser printer and be done with it.

00:07:39   - No, but these had to look nice.

00:07:41   It's for a thing.

00:07:42   They had to look, so I have like the glossy photo paper,

00:07:46   the Epson paper and the Epson printer,

00:07:48   like you know, all that stuff.

00:07:49   And you know, if you want like a nice glossy bright photo,

00:07:51   you're never getting out of a laser.

00:07:53   You just can't, like the way toner works,

00:07:54   it just doesn't work that way.

00:07:56   - Mm-hmm, all right, all right, all right, all out.

00:07:59   Yeah, well I'm glad you made the show.

00:08:00   That would have been quite funny.

00:08:02   Oh, I can't make the show.

00:08:03   Oh no, what's wrong?

00:08:04   Who's sick?

00:08:05   Well, printers. That's what happened.

00:08:08   Printers can make any 10-minute project take three hours.

00:08:11   That's what it means.

00:08:14   We need the OLED TV revolution but for printers

00:08:17   because all these things with physical realities

00:08:20   we're kind of like in the dark ages with printers still.

00:08:22   There is no printer technology that is just clearly better and more reliable.

00:08:26   I guess more like the LCD resolution.

00:08:29   When LCDs took over all displays, we found a display technology that's flat,

00:08:32   flat, low power, looks good, you know, setting aside the OLED debate, just plain old high-quality

00:08:37   LED backlit LCDs were such a revolution that kind of made screens not be made screens ubiquitous,

00:08:44   and you know, and basically work to do their job. And we don't have that with printers, we just have

00:08:49   pick a crappy technology from ages ago, depending on what trade offs you can handle and, and then

00:08:54   connect crappy electronics to all of them. Yeah, and and and take all of the profit margin out of

00:09:00   of it basically and so you have these mechanically,

00:09:05   so I think this is why,

00:09:06   this is mechanically very complicated.

00:09:09   There is no way to make a printer

00:09:10   that is not mechanically complicated

00:09:12   and that's the kind of thing that's very difficult

00:09:14   to make good and reliable and also super, super cheap.

00:09:18   - Yeah, there was one technology

00:09:19   that was mechanically not as complicated,

00:09:21   it was just crappy I think.

00:09:22   It was one of the past technologies,

00:09:24   instead of having a print head essentially,

00:09:27   well and laser printers do this too,

00:09:29   but laser printers--

00:09:29   Well, the LED ones, the OkiData LED ones,

00:09:33   they were kind of cool.

00:09:34   - But that's not up to modern standards.

00:09:36   Like, we need the LCD screen resolution,

00:09:38   something that with very few or no moving parts

00:09:40   that prints high resolution, in color,

00:09:43   that doesn't bleed when you get the paper wet,

00:09:44   that looks good, glossy, like, that doesn't exist yet.

00:09:47   But someday, once that happens,

00:09:49   I feel like we'll finally cross printers off the list

00:09:52   of technology that always sucks,

00:09:54   'cause it always sucks for reasons that are explicable,

00:09:57   like, because printing is complicated,

00:09:59   And because the business model is basically

00:10:01   make the cheapest thing and then get people

00:10:03   to buy your printer ink or whatever.

00:10:05   But with the right technology, we can get there.

00:10:09   Kind of like a fusion for energy.

00:10:11   We have two big projects.

00:10:12   One, breakeven fusion for energy--

00:10:15   better than breakeven fusion for energy production

00:10:17   to save the planet, and also printers.

00:10:20   It's funny.

00:10:22   You've got all these tech bros who start all these companies.

00:10:25   We're going to change the world.

00:10:27   None of them try to change the world for printers.

00:10:30   You can have your startups like,

00:10:31   we're gonna connect people's social graph

00:10:33   to their self-driving cars.

00:10:35   I don't care.

00:10:36   Fix printers, now I'm impressed.

00:10:37   - How about you put a camera in my toaster oven

00:10:39   so you can tell how brown the bread is?

00:10:41   - Yeah, right, right.

00:10:42   - Right, well that's, didn't the June oven do that?

00:10:44   - Yes, there's a whole class of products that do that now.

00:10:46   It's not just one.

00:10:47   - Still didn't fix printers.

00:10:49   - Yeah, you know, and I was listening

00:10:50   to the most recent upgrade, which we're gonna talk about,

00:10:52   or at least make passing reference to later,

00:10:54   and I was listening to you and Jason talk about

00:10:58   good products and the Breville,

00:11:00   and Breville is basically,

00:11:01   let's give a modicum of a crap about how our products are,

00:11:06   and that puts them light years ahead of everyone else,

00:11:09   and I feel like we need the Breville of printers.

00:11:11   Just care just the tiniest bit,

00:11:14   just the tiniest littlest bit,

00:11:16   care that much and we'll all love you.

00:11:18   - No, that's, 'cause like, that is such a thing,

00:11:20   like there are so many product categories now

00:11:22   where due to various globalization, market pressures,

00:11:26   whatever, consolidation, whatever it is,

00:11:28   due to lots of reasonable conditions that,

00:11:31   there's reasons why they are this way,

00:11:33   the entire category of product just sucks.

00:11:36   All the quality's been drained out of it,

00:11:39   and it's like, you can't get something good at any price

00:11:42   in a lot of categories.

00:11:44   And I think printers are not,

00:11:47   I wouldn't say they're all necessarily there,

00:11:49   but certainly what we're trying to do here

00:11:52   is get something that is super reliable

00:11:54   and also solves many different needs.

00:11:57   If you have just a basic laser printer,

00:12:00   especially black and white lasers,

00:12:02   they are so fast and simple.

00:12:05   But once you start involving either ink or dye,

00:12:09   like in the case of DyeSub,

00:12:10   or even, I once had a solid wax printer, that was fun.

00:12:12   The Xerox Phaser.

00:12:15   - The other thing that was the same problem

00:12:15   with inkjet though is that wax can melt.

00:12:17   That's how they get it out of the paper.

00:12:19   - Yeah, the wax was the worst of both worlds.

00:12:21   It was the dull photos of color lasers,

00:12:24   but with the non-permanence of ink.

00:12:26   (laughing)

00:12:28   Yeah, I don't know, that was not a good printer.

00:12:31   I didn't have it for very long.

00:12:32   It was not very good.

00:12:33   - I mean, you might say that the solution is,

00:12:35   you know, in the future, you know,

00:12:37   your child's assignment won't ever need to be printed

00:12:39   because it'll just be communicated electronically

00:12:41   to the teacher for display, but yeah, we're not there yet.

00:12:44   - Well, and I think that's ultimately, that's the problem.

00:12:47   Like, the reason, like, who would innovate

00:12:50   in the printer business today.

00:12:51   There's no growth in that category.

00:12:53   Who is using printers anymore except me?

00:12:55   Using a printer is like carrying around cash.

00:12:59   Where I do it, and in my life it seems

00:13:02   very necessary very frequently,

00:13:04   but when you talk to anybody under the age of 30,

00:13:06   like, what are you talking about?

00:13:08   You never need that.

00:13:09   And I'm like, well, I kind of frequently need these things,

00:13:12   but they're like, no, no one needs it.

00:13:14   And I've never even touched cash.

00:13:16   You know, it's like, and you get a lot of that

00:13:18   with printers too.

00:13:19   "Why would you have a printer?

00:13:20   "That's so antiquated, you might as well

00:13:21   "have a fax machine."

00:13:22   It's like, no, there's lots of reasons, but you know.

00:13:26   What are you gonna do?

00:13:27   The youths these days.

00:13:28   - The youths, what are we gonna do with them?

00:13:30   I don't know, I feel like I agree with what you're saying,

00:13:33   that printers are to some degree a dying breed,

00:13:36   but with that said, you would make money hand over fist.

00:13:39   Like you could charge $11 billion for a printer

00:13:42   that was reliable and worked every time

00:13:44   and the ink lasted more than four minutes.

00:13:46   Like, there are advantages, that's all I'm gonna say.

00:13:49   (upbeat music)

00:13:50   We are brought to you this week by Backblaze.

00:13:53   Unlimited cloud backup for Macs and PCs

00:13:56   for just $7 a month.

00:13:58   I love Backblaze.

00:14:00   So first of all, cloud backup as a concept

00:14:02   is something you really should have in your life

00:14:04   because if anything happens to your computer,

00:14:07   your office, your house, and any hard drives

00:14:10   or whatever that are attached to it,

00:14:11   if that's your only backup, you're out of luck.

00:14:14   And that can be lots of things, you know,

00:14:15   fire, flood, theft, lightning strikes, whatever.

00:14:18   And so Cloud Backup is great for peace of mind like that,

00:14:20   but then it can also offer incredible utility

00:14:23   above the peace of mind.

00:14:24   So for instance, if you're out somewhere,

00:14:26   you can just log into Backblaze and have access

00:14:29   to all of your files from your home computer.

00:14:32   So whether you're on your phone if you're out somewhere,

00:14:34   and you're, oh, I gotta look up that document

00:14:36   that I have on my desktop at home,

00:14:39   you can do that right from the Backblaze app on your phone.

00:14:41   Or if you're, say you're on vacation,

00:14:44   you have a laptop or something,

00:14:45   and you wanna download files off your home computer,

00:14:47   You can do that again from Backblaze.

00:14:49   You can pull whatever files you want right off.

00:14:51   And of course you can restore larger ones.

00:14:53   So if you actually have data loss,

00:14:55   you can restore your files from the web interface,

00:14:57   or if you have like a huge amount of data to recover,

00:15:00   you can have them mail you a hard drive or a flash key

00:15:03   with all your data right to your door.

00:15:06   And if you return it, you get a refund on the cost of it.

00:15:08   So it's just an incredible service at Backblaze.

00:15:10   You even have other features too, like version history.

00:15:13   And in fact, for an extra $2 a month,

00:15:15   you can increase your retention history to a year.

00:15:17   So I love Backblaze, it's a great backup service

00:15:20   for not only peace of mind,

00:15:21   but just really useful features as well.

00:15:24   See for yourself at backblaze.com/atp.

00:15:27   You can start a free trial there for 15 days

00:15:31   with no credit card required.

00:15:32   You can see how the whole thing works,

00:15:34   see if it works for you.

00:15:35   Backblaze.com/atp.

00:15:38   Go there now, get going.

00:15:40   Don't delay this until it's too late and you lose something.

00:15:43   Go get Backblaze today.

00:15:44   backblaze.com/atp.

00:15:47   Go there right now, you won't be sorry.

00:15:49   Thank you so much to Backblaze

00:15:50   for being an awesome backup service

00:15:52   and for sponsoring our show.

00:15:53   (upbeat music)

00:15:56   One of you put in here Mastodon instances

00:15:59   and an FYI that I'm not really sure

00:16:01   why we need to share this,

00:16:02   but somebody wanted to let you know, probably Jon,

00:16:05   that you don't need to be in the same instance

00:16:07   as someone in order to follow them or reply to them.

00:16:09   - I kept getting people asking me on Twitter mostly,

00:16:13   I heard you guys talk about Mastodon,

00:16:14   I really wanna try it, but mastodon.social says

00:16:17   they're not taking signups, so I guess I can't do it.

00:16:19   You don't need to be on mastodon.social.

00:16:22   I think I've got like seven people

00:16:24   who asked that same question.

00:16:25   You do not need to be on mastodon.social.

00:16:27   You can be on any, now this gets to our problem.

00:16:29   The next question is always, okay,

00:16:31   what instance should I use?

00:16:32   And what I have to say is, I don't know.

00:16:34   I just want people to know, if you pick an instance,

00:16:37   one, it's not the end of the world,

00:16:38   because you can always move to another instance, right?

00:16:41   And two, you do not need to be on the same instance

00:16:44   as people that you follow.

00:16:45   Like that's the point of federation.

00:16:46   And maybe we haven't made that point strongly enough.

00:16:49   Mastodon does not equal equal, as Merlin would say,

00:16:52   mastodon.social.

00:16:53   You can basically pick any instance.

00:16:55   And if you go to any kind of Mastodon thing,

00:16:57   it will show you a list of instances

00:16:59   and how do you pick among them?

00:17:00   I don't know.

00:17:01   Find one where somebody you know is, right?

00:17:04   I mean, I guess that's how people are finding out

00:17:06   about Mastodon.social because that's where we are.

00:17:08   But you don't have to be where we are.

00:17:09   All the people I follow aren't on the same instance as me.

00:17:12   That's the point of federation.

00:17:13   So don't feel like it's that big a deal.

00:17:15   Yes, this is a weakness of mass that we talked about it.

00:17:17   Every time we bring it up, how do I pick an instance?

00:17:20   I'm just kind of guessing, what if I pick the wrong instance?

00:17:24   It's a problem.

00:17:25   And I don't know what the solution is.

00:17:26   But at least it's not a dire problem.

00:17:28   Because if you do pick wrong or whatever,

00:17:30   you can switch instances.

00:17:31   Or you could be like me and get an account

00:17:33   on 50 different instances and use that as your hedge.

00:17:35   But don't worry if you're not on the same instance

00:17:38   as the host of your favorite podcast

00:17:41   because you will be able to follow them

00:17:42   no matter where you are,

00:17:43   unless you're on a server full of Nazis

00:17:46   that got defaturated, so don't pick those instances,

00:17:48   but other than that, you should be fine.

00:17:50   - There's multiple reasons.

00:17:52   Yeah, and overall, I would say,

00:17:54   every time I keep going back to,

00:17:56   what's the Masto, the good Friend Finder one,

00:17:59   what's it called?

00:18:00   - Move to Dawn.

00:18:00   - Move to Dawn, that's it, yeah.

00:18:01   I keep going back to Move to Dawn every couple of days.

00:18:04   I have the tab open on my phone in Safari,

00:18:06   and I just go back every couple days and refresh it,

00:18:08   and there's a few more people there.

00:18:09   And it's happening.

00:18:11   People are really moving there in large numbers.

00:18:14   And again, I don't think Twitter is gonna lose to Mastodon,

00:18:19   like in quotes, but certainly a lot of people

00:18:23   who I follow on Twitter are now on Mastodon

00:18:26   and are oftentimes posting more there.

00:18:29   And so if you are the kind of person

00:18:31   who might wanna follow nerdy people

00:18:33   or people who care about that kind of stuff, check it out.

00:18:36   I would also very strongly encourage everyone.

00:18:38   John mentioned this last week,

00:18:39   but the way Movtodon and Feta Finder work

00:18:43   is they look in your Twitter profile

00:18:46   for links to a Mastodon page.

00:18:49   So if you have a question on the format,

00:18:51   go look at my profile on Twitter.

00:18:53   You can see the format of the link.

00:18:54   It's just instance name, dot whatever,

00:18:56   slash at your username.

00:18:58   That format, they look for that format,

00:19:01   and so if you out there,

00:19:03   if you have created a Mastodon account

00:19:05   in your Twitter bio, go put that kind of link

00:19:08   somewhere in the bio.

00:19:09   It doesn't even have to be like the URL field,

00:19:10   it can be anywhere in the Twitter bio.

00:19:12   Put that link in there so these tools can find you

00:19:15   and then so that anybody who follows you

00:19:17   can automatically find you over at Mastodon

00:19:20   without having to ask and search and everything like that.

00:19:22   So everyone please do that.

00:19:24   And I think this is a big enough thing now

00:19:28   that even if you're not sure whether you'll use it,

00:19:30   you should probably go create an account somewhere.

00:19:32   Like again, as John was saying,

00:19:34   it doesn't really matter which instance you pick

00:19:36   for the most part, as long as it's going to keep existing

00:19:38   in all likelihood for now, that's fine.

00:19:41   But go create an account if you haven't yet

00:19:44   because it seems like there's a good amount

00:19:46   of traction happening here.

00:19:47   And frankly, I'm telling you, once I switched over

00:19:52   to the Ivory beta, the Tapos for Mastodon thing,

00:19:55   it's really, I will oftentimes be using either Tweetbot

00:19:59   or Ivory on my phone and forget which service I'm using.

00:20:03   Because unless you look really closely

00:20:05   at the design of the icons,

00:20:06   you actually can very easily forget that.

00:20:08   It really is like a drop-in replacement at this point.

00:20:12   And as soon as the Mac situation gets worked out,

00:20:14   again by Ivory probably, that's gonna be even better.

00:20:17   But again, stuff's happening and this is the time

00:20:21   if you haven't yet jumped into Mastodon,

00:20:23   go make an account.

00:20:24   Even if you don't wanna be using it,

00:20:25   at least you'll have a good username reserved somewhere.

00:20:28   And it's the worst case scenario.

00:20:29   Best case scenario, you actually might use it.

00:20:31   I have found that it is, in many ways,

00:20:35   like Twitter is, Twitter is like our favorite bar

00:20:39   that we hung out with, that we hung out in every single day

00:20:41   for 15 years, and now a bunch of jerks keep coming in,

00:20:45   and that's always been a bit of a problem,

00:20:47   but now even more jerks are coming in,

00:20:49   and the new owner now is encouraging the jerks

00:20:52   and letting them back in who have been previously kicked out

00:20:54   who were even the biggest jerks

00:20:56   and the most ridiculous, outrageous kind of jerks,

00:20:59   possible violent jerks.

00:21:01   So our favorite bar, it's going a little bit south

00:21:06   and it's not, you know.

00:21:08   Meanwhile, you can go down the street

00:21:10   and go to a nice, cozy, friendly bar

00:21:13   where all your friends are, basically,

00:21:15   or at least many of your friends.

00:21:17   And it's like, wait, this is just kind of nicer.

00:21:20   And that's the experience I've had so far in Mastodon

00:21:22   because it is smaller, and that's probably

00:21:24   the biggest reason, but also because it's a different vibe,

00:21:27   a little bit different scene.

00:21:29   But mostly because it's smaller,

00:21:31   it is just a nicer place to hang out

00:21:34   for a lot of people a lot of the time.

00:21:36   And it seems like it's kind of a nerd haven

00:21:39   in a lot of ways if you follow the nerdy scene like I do.

00:21:41   There's just a whole bunch of nerds there

00:21:42   posting good nerdy stuff and I love it.

00:21:44   So anyway, if you haven't made an account yet

00:21:47   on an mass on thing, please go do it.

00:21:49   Even if you don't end up using it,

00:21:50   you should at least try it.

00:21:52   - I just went to move to non while you're doing that

00:21:54   and I refreshed it, I had it open in a tab as well

00:21:56   and I found two new accounts

00:21:57   and I click the follow button on them.

00:21:59   I didn't even look to see what instance they're on.

00:22:01   It does say, but now that I look,

00:22:03   I see one of them was on hackaderm.io,

00:22:06   and one of them was on-- - Hackaderm, yeah.

00:22:07   - One of them was on mas.to.

00:22:10   But the point is, I didn't even have to look at that.

00:22:11   I just saw that they had a button that said follow,

00:22:13   because I wasn't already following them,

00:22:15   and I just said click, click, done and done.

00:22:16   - Yeah, if I was starting new right now,

00:22:19   I might go to hackaderm, because it seems like

00:22:21   it's a pretty cool group of nerds over there.

00:22:23   - I've got an account there.

00:22:25   - Yeah, of course.

00:22:26   (laughing)

00:22:27   - When I tried to go, that server seems super overwhelmed.

00:22:29   I don't know if it still is, but when I was trying

00:22:31   to create my account there to squad on my username,

00:22:33   it was super slow.

00:22:35   - The admin made a post a few days ago saying

00:22:37   they're doing upgrades and stuff,

00:22:39   because it's run by a bunch of nerves

00:22:41   to know what they're doing, so they're doing

00:22:42   a lot of server stuff over there.

00:22:44   And again, I do think the server scaling,

00:22:49   cost management side of things, there's a lot there

00:22:53   that could go south in the future,

00:22:55   but right now it's a cool place to hang out,

00:22:56   and I hope it stays that way.

00:22:57   So yeah, go pick a mass on instance.

00:23:00   Hackaderms are pretty cool one I think.

00:23:02   And go check it out because this is the time.

00:23:05   This is like the early fun days before it gets crazy

00:23:09   or turns south.

00:23:11   Like this is when everyone's still having fun.

00:23:12   And you know there's not a lot of places like that left

00:23:14   on the internet where new social networks

00:23:17   or people are still having fun.

00:23:18   Like that's not really a thing.

00:23:21   So anyway, yeah, check it out.

00:23:23   - I get it, it's supposed to be like packaderm hackaderm.

00:23:25   - Yeah, yeah.

00:23:26   I was not reading it that way.

00:23:28   - All right, the good news is if you don't like Mastodon,

00:23:32   you can go to Hive social, shoot, nevermind.

00:23:35   - Nope.

00:23:36   - So Hive social is that startup that allegedly

00:23:40   is being run by just two people.

00:23:42   And Ars Technica reports that it basically self terminated

00:23:46   or self suspended, I guess I should say,

00:23:49   because a security research group or whatever said,

00:23:53   hey, you guys have got a bunch of problems.

00:23:55   reading from the Ars Technica article,

00:23:57   "The issues we," this is a quote,

00:23:58   "The issues we reported allow any attacker

00:24:00   "to access all data, including private posts,

00:24:01   "private messages, shared media,

00:24:03   "and even deleted direct messages,"

00:24:05   the advisory published on Wednesday

00:24:06   by Berlin-based security collective Zurforschung claimed.

00:24:10   This also includes private email addresses

00:24:12   and phone numbers entered during login.

00:24:14   Cool.

00:24:15   - Oh my God.

00:24:16   - They got all their security flaws out of the way

00:24:19   and by just having one big one,

00:24:20   which is like all access to all data,

00:24:22   a complete access to do anything as anybody all the time.

00:24:25   That's the, pretty much, you don't need to ever have

00:24:28   any other security problems, 'cause you're like,

00:24:30   we did it, we covered everything.

00:24:31   - Oh, also, the things that should have been deleted

00:24:33   are, they don't actually get deleted, they're soft deleted.

00:24:35   - Yeah, right.

00:24:36   - Bonus content. - I mean, that's fun.

00:24:38   So the Hive social thing, I said a couple shows back

00:24:41   when I brought this up that I didn't understand

00:24:44   how it snowballed, like how I suddenly saw everyone

00:24:48   from the gaming community that I follow saying,

00:24:50   come over to Hive, everyone come over to Hive.

00:24:52   And then looking at the numbers,

00:24:53   like they crossed 1 million users,

00:24:55   and the next day they crossed 2 million users,

00:24:56   they were adding, you know,

00:24:58   500,000 users every 10 hours or something.

00:25:01   Like, and I was like, what is causing that?

00:25:03   What made it snowball?

00:25:04   What was the seed of this?

00:25:05   Did some super popular influencer go there and tell,

00:25:09   like, I still have no answer to that question.

00:25:11   All I know is they were experiencing insane growth.

00:25:14   And I don't blame the people who made the app for the growth.

00:25:16   I don't think they did anything

00:25:17   to make it happen in particular,

00:25:19   but it was like, yeah, like one developer

00:25:21   and two other people helping.

00:25:23   And then the first sign of things being terribly wrong,

00:25:25   other than just knowing the numbers I just told you,

00:25:27   was that after I had gone through all the stuff of me

00:25:30   trying to sign up with my email address

00:25:32   and it wouldn't let me,

00:25:33   so I did like sign in with Apple instead,

00:25:35   it was, I was like, I just need,

00:25:36   I wanted to get my username, right?

00:25:39   Someone pointed out at that point,

00:25:41   yeah, Hive doesn't enforce uniqueness of usernames.

00:25:44   And it showed like a screen saying,

00:25:45   hey, we search for @whatever.

00:25:47   There was like 17 @whatever.

00:25:49   I forgot what it was.

00:25:50   It was Genshin Impact, @GenshinImpact.

00:25:52   It was a screen full of people,

00:25:54   all of whom had @GenshinImpact as their handle.

00:25:57   So they weren't even enforcing uniqueness of handles,

00:26:00   which seems like to me a fairly fundamental feature of,

00:26:05   you know, and apparently I was like,

00:26:07   well, maybe that's like a decision they made

00:26:08   'cause they don't want that to be unique identifier,

00:26:11   but no, apparently that was a bug.

00:26:12   The other bug was that it's apparently trivially easy

00:26:16   to get access to everyone's messages everywhere,

00:26:20   to be able to tweet as them,

00:26:21   to be able to see the direct messages,

00:26:23   to be able to, like, their security problem that they had,

00:26:25   they were like 100% hacked.

00:26:27   Like, I don't know what the bug was,

00:26:28   but like, it apparently wasn't too difficult for people,

00:26:32   if you knew how, to just basically

00:26:34   completely own them with a P.

00:26:36   And so their response to that was,

00:26:40   their response to that was not great,

00:26:41   because they were aware of this bug

00:26:43   for like 72 hours or something,

00:26:46   before they did the only thing that was possible for them

00:26:48   to do, which was we have to stop this service and regroup.

00:26:53   Which again, I don't particularly blame them

00:26:54   for a three person company makes this iOS app

00:26:56   and then they have 2 million users within a few days.

00:26:59   They're obviously in over their head.

00:27:01   And so yeah, they shut down Hive.

00:27:03   Will it rise again?

00:27:04   We'll see.

00:27:05   But anyway, that is /was Hive.

00:27:08   - Oh my God, what a mess.

00:27:10   I mean, look, I don't wanna take too much joy

00:27:12   on other people's mistakes,

00:27:13   but those are some big mistakes.

00:27:15   That's really outrageous.

00:27:17   - Yeah, it's just like learning on hard mode for sure,

00:27:20   but I still don't understand or know

00:27:22   why they snowballed the way they did, right?

00:27:25   - Who knows?

00:27:26   I have good news and bad news.

00:27:28   I'm mostly talking to our friend Merlin Mann.

00:27:31   The good news is, Sharrow is a real thing.

00:27:34   Merlin is vindicated, baby!

00:27:36   Except it doesn't mean a box with an arrow coming out of it.

00:27:40   - Or does it?

00:27:41   - Or does it?

00:27:42   So we got a bunch of different feedback about this.

00:27:45   There was a great summary that was sent to us by Wes Davis.

00:27:47   Wes writes, "I'm sure you've gotten plenty of feedback

00:27:49   on this, but in the event that I'm the only bike nerd

00:27:51   listening," and I think at the time I read this,

00:27:53   this was the first piece of feedback about it, but anyway.

00:27:55   - The first of many.

00:27:57   - The first of many.

00:27:58   "I wanted to point out that Merlin

00:27:59   didn't invent the term 'sharrow.'

00:28:01   It's actually a term used by cyclists and city planners

00:28:03   to refer to the double chevron symbols

00:28:05   above a bicycle symbol you sometimes see on roads

00:28:07   lacking bike lanes to indicate to cars that A,

00:28:09   cyclists will be here and that's okay,

00:28:11   And B, this is the general area that they will exist.

00:28:15   It's a special kick in the face when a cyclist is on a road

00:28:17   with plenty of space for cars and bike lanes,

00:28:19   and they've painted a sharrow

00:28:22   near the right-hand side of the road

00:28:23   where, you know, a bike lane could be,

00:28:26   which I thought was quite funny.

00:28:27   - People do not like sharrows.

00:28:29   Bike riders don't like them.

00:28:30   It's basically like you did the minimum possible

00:28:33   instead of making a real protected bike lane,

00:28:36   and the studies have shown that it actually

00:28:37   makes it more dangerous for bike riders, not less.

00:28:40   So, Sharrows get a big thumb down from biking.

00:28:43   Here's the thing about this with respect to Merlin.

00:28:45   Merlin has recently been in a little bit of a rabbit hole

00:28:48   learning about like road design and urban design.

00:28:50   So he may have been exposed to this exact term

00:28:52   in that context, but.

00:28:54   - That's true, that's true.

00:28:55   From the first anonymous person,

00:28:57   "I'd like this to be kept anonymous,

00:28:59   "but I can confirm internally within Apple on Slack,

00:29:02   "I've absolutely seen Sharrow in use.

00:29:04   "Just thought you'd appreciate knowing."

00:29:06   So Merlin is vindicated from another anonymous person.

00:29:09   Regarding the word share-o,

00:29:10   I don't think Merlin invented it,

00:29:12   but regardless if he did or not,

00:29:13   I'm 95% sure I heard designers inside Apple

00:29:15   use it when I was there.

00:29:17   So it's at least spread that far by 2019 or so.

00:29:19   And then from our final anonymous birdie,

00:29:22   perhaps it will surprise you to know

00:29:23   that when I began working in Apple retail eight years ago,

00:29:26   the word share-o was already in use,

00:29:28   taught to me by a coworker,

00:29:29   and used regularly by our creative team

00:29:31   when teaching customers.

00:29:32   - Yeah, the people who talked about share-o

00:29:34   being used for the share-o often said that,

00:29:37   yeah, we used it in this context or whatever,

00:29:39   but like it hasn't, I mean, it hasn't seemed

00:29:43   to like have caught on.

00:29:44   Lots of things are used inside Apple and not outside Apple.

00:29:47   But if Apple retail is teaching it to people,

00:29:50   you'd think maybe it would catch on

00:29:51   in the wider community, anyway.

00:29:52   There's still a chance it can happen.

00:29:53   There's still a chance we could circle back a year from now

00:29:55   and everybody uses the term Sharrow.

00:29:57   We could be making it happen right now

00:29:58   just by talking about it unintentionally.

00:30:01   But yeah, it's not on Merlin to make it happen

00:30:04   is what I'm saying.

00:30:05   Apple has been apparently trying to make Sharrow

00:30:07   happen for years, it just hasn't broken through yet.

00:30:09   I like hive.

00:30:10   We are brought to you this week by Trade Coffee.

00:30:14   Now look, I'm a huge coffee nerd.

00:30:16   The secret to great coffee is very simple,

00:30:18   freshly roasted beans.

00:30:21   And anything you get in a grocery store

00:30:23   is not freshly roasted.

00:30:24   It's gone through the supply chain,

00:30:25   it's probably at least a few weeks old if you're lucky,

00:30:28   and probably much more than that.

00:30:29   Trade Coffee sends you freshly roasted coffee

00:30:33   right to your doorstep from local roasters

00:30:36   around the country.

00:30:37   It is a coffee subscription service

00:30:39   that makes it super easy to discover new coffees

00:30:42   and make the best coffee you can make

00:30:43   at home every single day.

00:30:45   So they partner with the nation's top rated

00:30:47   independent roasters.

00:30:48   They send you coffee that they know you'll love

00:30:50   fresh to your home on whatever your preferred schedule is.

00:30:54   And whether you're a coffee nerd like me

00:30:55   or you are new to this and need some help,

00:30:57   they make it easy and convenient to discover new coffees.

00:31:00   So they have all these different settings

00:31:02   and quizzes you can take so that you can really know

00:31:04   like that you're gonna be sent something

00:31:05   that you like a lot.

00:31:06   They'll ask you how you brew it, how you want it ground,

00:31:09   if you want it ground, all sorts of stuff like that.

00:31:10   Dark roast, light roast, different origins,

00:31:12   different flavors, you can do all that with Trade,

00:31:14   and it is just great, and it's a great gift now too.

00:31:18   This is awesome for, if you have somebody in your life

00:31:20   who's difficult to shop for, but they drink coffee,

00:31:23   go for Trade, it's fantastic, it's a great gift

00:31:26   for the holidays, great for last minute shoppers too.

00:31:28   You just quickly buy a gift subscription to Trade,

00:31:31   and it's just awesome.

00:31:32   So I love Trade, it's a great gift,

00:31:35   and it's great to use yourself too.

00:31:36   It's great for variety in your coffee.

00:31:38   You get tons of variety and it's all really, really great.

00:31:41   So treat yourself or the coffee lover in your life

00:31:44   with Trade Coffee.

00:31:45   Right now they're offering our listeners

00:31:46   a total of $30 off a subscription

00:31:48   and access to limited time holiday specials

00:31:50   at DrinkTrade.com/ATP.

00:31:53   That's DrinkTrade.com/ATP for $30 off.

00:31:57   DrinkTrade.com/ATP.

00:32:00   Thanks to Trade Coffee for sponsoring our show.

00:32:02   (upbeat music)

00:32:06   A couple of episodes ago, we were discussing a gift that Marco gave me and I thought that

00:32:11   was really fun.

00:32:12   And then I was looking around at this piece of code and this particular piece of code

00:32:16   I was looking at, it's a new open source thing.

00:32:20   It has unit tests just like the gift Marco gave me a couple of weeks ago.

00:32:24   It has combined publishers.

00:32:27   It has async await.

00:32:28   It has all sorts of delightful things.

00:32:31   I have almost fallen over.

00:32:33   I am so excited.

00:32:34   Even though this is code I don't think I'll ever use because it doesn't really do anything

00:32:36   for me personally.

00:32:37   The fact that these things exist is such a gift to me and I want to use all sort of vulgar

00:32:43   euphemisms about how happy I am about this but I will refrain and I will keep them to

00:32:47   myself.

00:32:48   But anyways, Blackbird has been open sourced and so you can check out Marco's in progress

00:32:54   sequel, what is it, ButtDB.

00:32:59   You can see his in progress SQLite wrapper.

00:33:02   And I have only taken but a few minutes

00:33:04   spelunking through the code.

00:33:06   But as much as I'm kind of being snarky about it,

00:33:09   for real, there's publishers, there's unit tests,

00:33:11   there's async await, it's all there, baby.

00:33:13   I'm so excited.

00:33:14   This is very cool.

00:33:16   - Thank you.

00:33:17   Yeah, and I even, yesterday,

00:33:18   I put a whole big Swift UI thing out

00:33:21   with some fancy property wrappers

00:33:24   for live updating instance groups and stuff like that.

00:33:26   Yeah, so it's, so far it's going along

00:33:29   I even had a friend of the friend of the show and the world guy English even already contributed a pretty substantial pull request for

00:33:36   Adding performance counters and stuff that it show up in instruments. So that's pretty cool

00:33:39   Did you also get something for like a what was it for the string literals with the inline interpolation thing?

00:33:45   That well, yeah, that wasn't a pull request

00:33:46   But that was it was a few people on Twitter who pointed that out including I think one of the authors of a project that

00:33:51   Did that I?

00:33:53   Don't know if I want to do that that feels a little bit like

00:33:57   expected magic from the call site end,

00:33:59   like I don't think I would expect that to happen

00:34:02   at the call site.

00:34:03   - It makes it look like you're making SQL injection bugs,

00:34:06   but you're not.

00:34:07   - Exactly, yeah, that's why I don't,

00:34:09   I see the advantage of it in terms of like,

00:34:12   you're putting the arguments right where they go,

00:34:13   like that, I see that value, but I think most people,

00:34:17   including my own future self, like at the call site,

00:34:20   would not expect that to be the behavior,

00:34:22   and so I don't think I wanna do that.

00:34:24   Unless custom string interpolation becomes

00:34:27   much more common pattern that's used a lot in Swift.

00:34:29   But I don't think it is or is going to be, so we'll see.

00:34:33   - I think the coolest thing about that is

00:34:34   if you were able to do it pervasively,

00:34:36   it essentially protects against people who don't know

00:34:40   how to avoid SQL injection attacks.

00:34:42   Like they think, you would look at the code

00:34:44   and it's like, oh no, this beginner

00:34:46   made a SQL injection attack.

00:34:47   They have no idea that that custom interpolation is there,

00:34:50   but that custom interpolation would in fact

00:34:52   be protecting them against that injection attack.

00:34:55   but I'm not sure you could ever get to that level

00:34:57   of a safety net where you could say,

00:34:59   you don't even need to know about this,

00:35:00   just write any old code and you'll always be protected

00:35:03   against injection.

00:35:04   - Yeah, yeah, I don't know.

00:35:06   Doesn't seem like it's a good idea.

00:35:08   I did also, I tried earlier today,

00:35:11   somebody submitted a pull request that turned on

00:35:14   the Swift concurrency warnings for all the sendable stuff

00:35:19   and I tried for a little while to get that

00:35:22   to not show 88 warnings when I compiled the app.

00:35:26   That's a bigger project.

00:35:29   I am gonna try to make that all correct,

00:35:32   just for future looking stuff,

00:35:33   but I tried doing it like today,

00:35:35   I'm like oh, this is way bigger than a one day project.

00:35:39   So I'll work on that.

00:35:40   But overall, I actually do intend to do stuff like that

00:35:43   because again, my plan is for this to be

00:35:47   what I write my apps against for the next X year

00:35:49   where X is however long I'm writing Swift apps.

00:35:52   And that's hopefully gonna be a long time.

00:35:55   And so I do intend for this to be very forward looking,

00:36:00   forward compatible, cover as many of my forward needs

00:36:06   as possible, I'm gonna possibly write a CloudKit adapter

00:36:10   for it, but I'm gonna see, long story short,

00:36:13   I haven't yet fully decided if I'm even going

00:36:15   to be using CloudKit for Overcast, but if I do,

00:36:18   then that's gonna be the next step here

00:36:19   I'm going to make a CloudKit wrapper for this probably.

00:36:21   But anyway, yeah, so Blackbird, yeah, it's going pretty well.

00:36:24   I don't think anyone's using it yet, and you shouldn't.

00:36:27   I tell you right in the FAQ, don't use it before I use it.

00:36:30   Because if I use it and it turns out something doesn't work

00:36:33   right or the API is clunky in some way,

00:36:35   I'm going to change it.

00:36:36   And that could break how you're using it.

00:36:39   So yeah, this is not ready for you.

00:36:41   It's open sourced only for people's curiosity

00:36:45   and possibly learning and me learning from you,

00:36:48   not actually intended to be used yet.

00:36:51   - Yep, now I am super pleased that you are using

00:36:54   all this new and fancy stuff,

00:36:56   in part because this is,

00:36:58   and this is gonna come out mean,

00:37:01   and I don't intend it to,

00:37:02   but that's not typically your MO.

00:37:04   You're typically a little more conservative,

00:37:06   and I'm excited that you're living more on the cutting edge

00:37:09   than you typically do.

00:37:10   And plus, I plan to dig through this

00:37:12   with a more fine-tooth comb for my own knowledge,

00:37:15   not because I wanna be that guy that's,

00:37:16   "Wow, did you consider that you should do this?"

00:37:18   But no, I feel like I could learn from this.

00:37:21   And so I'm very excited to dig into this

00:37:24   and see more of it.

00:37:25   - Thank you, it fits my usual pattern.

00:37:28   It's just a pattern that has a very long cycle time.

00:37:31   Like when I was first, when we were first doing Tumblr,

00:37:35   PHP 5, I believe, had just come out.

00:37:40   It was like 5.2, whichever one added late static binding.

00:37:44   That was like right in early Tumblr days.

00:37:46   I think it was like 2007-ish, maybe 2006,

00:37:50   but yeah, I think it was 5.2, the Adelaide static binding,

00:37:52   and that made a bunch of much more,

00:37:56   I mean, by today's standards, fairly primitive stuff,

00:37:58   but for PHP in 2006 standards,

00:38:02   some much more advanced object-oriented programming

00:38:04   was possible thanks to that update.

00:38:06   And it made such a big difference

00:38:08   in how you would write an app like that,

00:38:11   that we require that from all of our servers,

00:38:15   and we jumped in and made all of the most advanced

00:38:18   PHP stuff you could do at that time,

00:38:20   that was the basis for that.

00:38:22   I am still using that PHP framework today,

00:38:25   or at least a very, very, very distant derivative of it.

00:38:29   Still using many of those basic structures and stuff today

00:38:33   because I jumped in when it was super advanced

00:38:36   and it was very cutting edge at the time

00:38:38   and now I still have no reason to really change it.

00:38:42   So that's kinda how I see this.

00:38:44   I have a lot of ancient objective C code

00:38:47   that I wrote 10 years ago that I'm still using today

00:38:51   because I wrote it a long time ago to be cutting edge then

00:38:54   and it's still fine now.

00:38:56   Well, I hope this is gonna be one of those pieces

00:38:59   of Swift code for me, that I'm writing this all

00:39:02   to be cutting edge now so that 10 years from now

00:39:05   it's not out of date or broken, hopefully not.

00:39:10   And this is hopefully still a good way

00:39:11   to do things 10 years from now.

00:39:13   Now, before we leave this topic,

00:39:14   I wanted to call out one thing.

00:39:16   You put in your README,

00:39:18   wishlist for future Swift language capabilities.

00:39:21   And I know you didn't see it,

00:39:23   but I gave the following a standing friggin' ovation

00:39:26   because I could not agree with you more.

00:39:28   Type reflection for automatic or cleaner schema definitions.

00:39:31   Swift currently has no way to reflect a type's properties.

00:39:33   Mirror only reflects property names

00:39:35   and values of given instances.

00:39:37   If language adds type reflection in the future,

00:39:39   I'd love to add an optional automatic table definitions

00:39:41   that didn't require repeating the column names and types

00:39:44   in my static var table equals blah, blah, blah definition.

00:39:47   It could also be based on property wrappers,

00:39:48   e.g., you know, @column or @index column, et cetera.

00:39:52   Amen, brother.

00:39:54   - Thank you. - I could not agree

00:39:56   with you more. - I think there's a proposal

00:39:58   for that already for type reflection, isn't there?

00:40:01   - I feel like, I can't imagine there wouldn't be.

00:40:03   - Yeah. - It's like,

00:40:04   it's such an obvious thing.

00:40:05   - I think I read it recently.

00:40:06   I know, but I'm not just like, it's on a list,

00:40:08   but like someone already has a proposal for it, I think.

00:40:10   We'll try to find it for the show notes.

00:40:12   If not, someone will send it to us for next week.

00:40:14   But yeah, that's one of the things I've read recently

00:40:17   as an actual thing.

00:40:19   Yeah, I couldn't agree with you more.

00:40:20   Yeah, and this is another reason why

00:40:22   you shouldn't rely on this framework being stable

00:40:25   where it is now.

00:40:26   If that comes out next year, I'm moving this entire framework

00:40:29   to it.

00:40:30   I'm just going to do it, and I'll update my code,

00:40:32   and I hope yours works.

00:40:34   It might not be sufficient for all the things

00:40:36   that you want out of it.

00:40:37   Yeah, probably not.

00:40:38   But you'll see.

00:40:40   Plus those features like that tend to like,

00:40:42   Apple hoards them for each major Swift version.

00:40:45   You can see them in the, it's all in the open,

00:40:48   so it's not like it's a mystery,

00:40:49   but when they come out with like,

00:40:50   oh, here's the new version of Swift,

00:40:51   it'll be able to see,

00:40:52   you know everything that's gonna be in it.

00:40:54   But Apple does tend to wait for those yearly Xcode releases

00:40:57   to sort of package it all up and deliver it

00:40:59   to their developers in a way that it's safe to use

00:41:01   with App Store stuff.

00:41:02   - Yeah, right, yeah.

00:41:03   Even if they release that,

00:41:06   or somebody adds that to Swift in the spring,

00:41:08   there's no way we'd be able to ship code with it

00:41:11   until the fall.

00:41:11   And it would probably even then probably

00:41:14   require the latest releases to run, too.

00:41:17   Because that also involves some runtime.

00:41:18   That's one of the cool proposal things.

00:41:19   One of the things that actually is going in is-- I

00:41:22   think it's going in-- I'm assuming it will pass--

00:41:24   is a way to backport APIs to older things.

00:41:28   So you don't just say, oh, I added this new method,

00:41:30   but you only get it if you're on venture, right?

00:41:32   A way to basically backcompat things to previous versions.

00:41:36   I mean, it's another feature you're looking at.

00:41:37   like oh this is a feature Apple could use well yeah duh it's actually kind of

00:41:41   clever how they did it if you read the proposal it's built on a feature they

00:41:44   already had but just extending it a little bit making it so if you if you're

00:41:48   running on the older version of the OS you'll get the implementation copied

00:41:52   down into you but you don't have to get the entire library copied in anyway stuff

00:41:55   like that makes me think that you know features that are useful to Apple will

00:41:59   come sooner than features features that aren't and I think type reflection would

00:42:03   be useful for Apple so I think that a good shot of getting in for next year

00:42:06   - Yeah, 'cause we still don't really have

00:42:08   like Apple's core data solution for Swift.

00:42:12   Like core data is compatible with Swift,

00:42:14   but it's not a very Swift-y way to do things,

00:42:18   and I still don't think we have,

00:42:19   like what is Apple's answer to like the next generation

00:42:23   of core data designed with Swift in mind?

00:42:26   I don't think we have that yet,

00:42:27   and maybe they would use features like that

00:42:30   to make that happen.

00:42:31   - Yeah, we'll see.

00:42:32   I just would really like it.

00:42:34   When I was heavy in .NET and C#, this was when reflection was new to me, and man, there

00:42:40   was not a problem that could not be solved with reflection.

00:42:43   And obviously I've grown up since then, and I think I would use it far more sparingly,

00:42:48   but it is something very, very useful to have and something that I wish Swift had more than

00:42:52   a passing implementation of.

00:42:54   And even then, like you said in your readme, the implementation is half-butted, to use

00:42:59   your term, if anything.

00:43:01   So I'd really love a full butt implementation of Mirror.

00:43:04   Real time follow up, a one J. Seracusa in the chat room

00:43:08   seems to have found the, oh no,

00:43:10   this is function back deployment.

00:43:11   I was gonna say this is reflection,

00:43:12   but no, this is the function back deployment

00:43:14   you were talking about, which is cool stuff as well.

00:43:17   - It's Swift Illusion 0376, function back deployment.

00:43:21   Even if you don't know too much about programming,

00:43:23   the great thing about these proposals,

00:43:25   Swift Illusion proposals, they tend to explain things

00:43:28   more or less in first principles.

00:43:29   So you can just read it and kind of understand

00:43:31   what they're proposing, even if you have no idea

00:43:34   about Swift or language design or anything.

00:43:37   You have to know a little bit about programming,

00:43:38   but they're usually very clear.

00:43:40   - The other thing, though, like, I do have one,

00:43:43   I don't know if it's necessarily a concern or a complaint,

00:43:45   but one kind of effect to notice is,

00:43:50   as I'm diving into a lot of this,

00:43:51   a lot of kind of deeper Swift functionality

00:43:54   and Swift UI functionality as well,

00:43:57   there is just so much here.

00:43:58   It is a huge language and it keeps getting bigger.

00:44:02   Like there are so many ways you can write things.

00:44:06   There are so many capabilities down below everything.

00:44:09   There are so many weird little @ prefixes

00:44:10   you can stick on things that change behavior

00:44:13   in certain ways.

00:44:14   It is a massively complex language

00:44:17   and it's getting more and more complex every year.

00:44:20   And I do kind of worry about that from the point of view of,

00:44:24   just manageability of complexity.

00:44:27   I heard somewhere recently that the biggest challenge

00:44:30   in programming is managing complexity.

00:44:33   And that is, first of all, insanely correct and wise,

00:44:36   and that's so much bigger than cache validation

00:44:38   and naming things and all that stuff.

00:44:41   But managing complexity is by far our industry's

00:44:44   biggest challenge, always, from one coder

00:44:46   all the way up to big teams.

00:44:48   That's just software development in a nutshell,

00:44:50   is managing complexity in some kind of reasonable way.

00:44:53   and the language itself, like Swift makes

00:44:58   so much complexity possible that I'm concerned

00:45:02   that it's first of all not only extremely difficult

00:45:06   for people to really learn and get a good handle on

00:45:09   because all the stuff under the covers

00:45:11   and behind the scenes that you eventually

00:45:13   do have to deal with, but also I'm concerned

00:45:17   about just the language itself becoming so big

00:45:20   and bloated, like are developer tools gonna still be

00:45:24   fairly unreliable and bloated and slow forever

00:45:27   with this language?

00:45:28   How about documentation and the community forums

00:45:34   and stack overflow and stuff like that?

00:45:35   There's a lot of complexity in this language

00:45:37   and I think that's gonna ripple out

00:45:38   in pretty significant ways that are probably

00:45:41   already happening and some of the complexity

00:45:43   I guess is necessary to build what they wanna build

00:45:45   but I do think there's not,

00:45:48   maybe not enough prioritization on saying no

00:45:53   to certain features in the language.

00:45:55   But I don't know, I'm not a language designer,

00:45:57   so maybe I'm off base here,

00:45:59   but it is just a way, way bigger language

00:46:02   than anything we've used before.

00:46:05   - I think they're mostly going in the right direction.

00:46:06   Like the kind of proposals that I see a lot of

00:46:08   that make sense again being something useful for Apple,

00:46:11   you'll see a proposal and you'll be like,

00:46:12   "Huh, why do they care about this feature?"

00:46:15   And when you look at it and read it and start looking at some of the examples,

00:46:18   what you learn is basically like the Swift standard library, like the part,

00:46:21   you know,

00:46:22   the big part of Swift is the library that it comes with that has all the stuff

00:46:25   in that are not quote unquote part of the language there,

00:46:27   but they're in a library. If you look at the code for the Swift standard library,

00:46:30   some of it looks really awful. You're like, Oh, why do they have to do this?

00:46:34   It looks hacky and weird and there's some weird repetition of code and they have

00:46:38   to do things in weird ways. And you're like, boy,

00:46:40   I'm glad I don't have to maintain this code.

00:46:42   And then you look back at the proposal and you realize the proposal,

00:46:44   lets them delete all this code and replace it

00:46:46   with something simple and straightforward, right?

00:46:48   And so when you look at the feature,

00:46:49   why are they adding new features?

00:46:51   It's because they wanted to do a thing, a useful thing,

00:46:54   'cause the standard library's not magic.

00:46:56   It doesn't do anything that regular code doesn't do,

00:46:58   but it's super important, and they want it to be

00:47:00   high performance, safe, easy to use, have a nice API,

00:47:04   and by doing all that, they're like,

00:47:06   "Boy, to make a good standard library,

00:47:07   "we have to do this ugly crap.

00:47:09   "Why do we have to do this ugly crap?"

00:47:10   And it's like, oh, 'cause you can't do X, Y, and Z in Swift

00:47:13   because of some limitation.

00:47:15   So they add a feature that lets them basically

00:47:17   jump into the standard library and just delete pages of code

00:47:20   and condense it down to one concise paragraph.

00:47:23   And you on the outside think, oh, they're

00:47:25   adding more features to Swift.

00:47:26   But if you have a substantial Swift code base

00:47:29   that you try to write to be the best it can be,

00:47:31   you realize that by having this feature,

00:47:34   it simplifies the code so much.

00:47:36   Like you don't have to do this weird hack.

00:47:38   You don't have to repeat yourself.

00:47:39   You don't have to do a workaround because you're not

00:47:42   allowed to do this one thing that you wanted to do.

00:47:44   And a lot of the Swift proposals I see are like that.

00:47:47   For example, reflection with type data.

00:47:49   There are probably places in the standard library

00:47:51   where that would come in so handy

00:47:53   and save them a lot of time and energy

00:47:55   where now they're like, well, we can't do that,

00:47:57   so just repeat this code block 50 different times

00:48:00   with different parameters on it, because there's no way for us

00:48:02   to programmatically figure out the answer to this question.

00:48:06   We just have to bake our knowledge

00:48:07   into the standard library by repeating the code.

00:48:09   So there are boondoggles here and there,

00:48:12   but for the most part,

00:48:12   I like the direction I see most of the proposals

00:48:15   because I think that at the time of proposals,

00:48:17   they'll let somebody, usually Apple,

00:48:19   delete a lot of code and replace it with less.

00:48:22   - I think my favorite of this was the DSL stuff

00:48:25   that landed before SwiftUI did.

00:48:27   And so, you know, there's all this,

00:48:29   oh, how do we make like, you know,

00:48:31   a domain specific language for something?

00:48:34   I don't know what it could possibly be.

00:48:37   And a few of us were smart enough to put together

00:48:41   what this apparently would probably be and were right.

00:48:44   And then it got used for stuff like their

00:48:46   absolutely awesome Regex stuff, which is coming soon

00:48:49   and is so much better than Perl, we can all agree.

00:48:51   Right, so anyway, Apple has dropped a bunch of stuff

00:48:54   in our laps.

00:48:55   Thank you Apple for doing it on a Wednesday

00:48:57   and not a different day, we appreciate that.

00:48:59   They've announced three new quote,

00:49:01   advanced security features quote.

00:49:04   And we're gonna start with the things that are not

00:49:08   that dramatic and then move to the dramatic one.

00:49:11   First is iMessage Contact Key Verification.

00:49:14   This will be available globally in 2023.

00:49:17   And from the newsroom, their announcement says,

00:49:22   "Now with iMessage Contact Key Verification,

00:49:24   "users who face extraordinary digital threats

00:49:26   "such as journalists, human rights activists,

00:49:28   "and members of government, quick aside,

00:49:30   "it's pretty sick that human rights activists

00:49:33   are in the category of extraordinary digital threats,

00:49:36   but that's neither here nor there,

00:49:37   can choose to further verify that they are messaging

00:49:39   only with the people they intend.

00:49:41   Conversations between users

00:49:42   who have enabled iMessage Contact Key Verification

00:49:44   receive automatic alerts

00:49:45   of an exceptionally advanced adversary,

00:49:47   such as a state-sponsored attacker,

00:49:49   where efforts to succeed breaking cloud servers

00:49:52   and inserting their own device to eavesdrop

00:49:54   on these encrypted communications.

00:49:56   And for even higher security,

00:49:57   iMessage Contact Key Verification users

00:50:00   can compare a contact verification code

00:50:02   in person on FaceTime or through another secure call.

00:50:05   And they have a screenshot of this,

00:50:06   and in the screenshot it shows a little warning triangle,

00:50:09   and it says, this is within the context

00:50:10   of an iMessage thread,

00:50:12   an unrecognized device may have been added

00:50:14   to such and such account.

00:50:16   Options, and then you can click on options

00:50:18   or tap on options, and it's not clear what happens then.

00:50:20   But basically, I guess it, I'm unclear how this works.

00:50:25   I'm not sure if either of you two know,

00:50:26   but does it just alert you when a new device

00:50:29   is added to an existing thread?

00:50:30   'Cause that seems--

00:50:31   - Yeah, I think this is like a human factors

00:50:34   security enhancement rather than a sort of, you know,

00:50:38   data-driven one to zero security enhancement.

00:50:40   It's basically, seems to me, a combination

00:50:43   of heightened awareness when things have changed.

00:50:46   Because people get new devices all the time,

00:50:48   but like sort of communicating that is something

00:50:50   that good services have done for many years now.

00:50:52   Like, did you know that a new computer was authorized

00:50:56   to log into your iCloud account?

00:50:57   Did you know that this, you know, you just signed on

00:50:59   to Amazon.com from a device we've never seen before.

00:51:03   Those type of things where they would send you emails

00:51:05   and stuff, that sort of increases awareness

00:51:07   that someone couldn't be doing something behind your back

00:51:09   that you would have no way of knowing about.

00:51:12   And so this is adding that to iMessage.

00:51:14   Like, oh, you think you're messaging with this person

00:51:16   and it's not like we're telling you

00:51:17   that you're not messaging with that person

00:51:18   but it seems like they're using a device

00:51:20   they've never used before.

00:51:22   And so maybe you're not talking to them.

00:51:24   Maybe you're talking to someone else

00:51:26   who has figured out how to hack into their iCloud account

00:51:29   on, you know, and so they're using a new device,

00:51:31   but communicating with them.

00:51:31   So there's that, there's the heads up thing.

00:51:33   And then this other part is the key verification.

00:51:36   I guess the idea is underneath that options thing,

00:51:39   this is why I wish they'd shown a demo of this.

00:51:40   I guess it's not ready yet,

00:51:41   but underneath the options thing,

00:51:42   it would basically say, hey,

00:51:44   if you want to like validate that this person

00:51:46   is who they say they are,

00:51:47   like here's some kind of workflow

00:51:49   whereby out of band in someplace other than messages,

00:51:53   you have a way to communicate with that person

00:51:55   to exchange some information that only they would know,

00:51:59   I mean like honestly I guess you could like facetime them and if you recognize their face

00:52:02   And there's not a gun to their head that it's probably them or you could call them on the phone or you know whatever

00:52:06   But this is sort of facilitating that so it's a combination of something might be weird and Apple might have a way for you to

00:52:13   Check whether things are okay. You don't need Apple to to to check whether things are okay

00:52:18   You could just you know again call them on a phone number or something or walk over to where they live if you're nearby

00:52:23   You know there's other ways you can do that, but what you do need Apple to do is say

00:52:27   "Oh, we haven't seen this person use this device before."

00:52:31   So if you think you're just messaging with Doshimo

00:52:34   on their usual phone, you're not.

00:52:35   And what you want to do with that information is up to you.

00:52:38   - They also announced hardware two-factor authentication

00:52:41   with security keys.

00:52:41   This will be available globally in early 2023.

00:52:44   Apple writes, "Today, with more than 95%

00:52:47   "of active iCloud accounts using two-factor authentication,

00:52:50   "it is the most widely used two-factor account security

00:52:52   "system in the world that we're aware of."

00:52:54   I just thought that was kind of neat.

00:52:55   Now with security keys,

00:52:56   users will have the choice to make use of third-party hardware security keys in order

00:53:02   to enhance this protection. For users who opt-in, security keys strengthens Apple's two-factor auth

00:53:06   by requiring a hardware security key as one of the two factors. This takes our two-factor auth even

00:53:11   further, preventing even an advanced attacker from obtaining a user's second factor in a phishing

00:53:15   scam. And here again, they show a screenshot and there's a little like a pop-up or sheet

00:53:20   that says sign in and certain activate one of your security keys. If you have an NFC key,

00:53:24   bring it near the top of this iPhone.

00:53:25   All right, so I don't personally have

00:53:28   any of these hardware security keys.

00:53:29   I used to many, many, many jobs ago,

00:53:31   and it was a little clunky, but it worked okay at the time.

00:53:34   My understanding is they're very fancy now.

00:53:37   I mean, heck, it apparently you can get some

00:53:39   that have a lightning connector, which is kind of neat.

00:53:42   I don't know, Jon, you were the one

00:53:43   with the most recent real job.

00:53:45   Do you have, did you ever use one of these?

00:53:47   Do you have any interest in using one of these?

00:53:48   What's the story here?

00:53:49   - No, I mean, like, I think, well, obviously,

00:53:52   say we all have had, but Marco certainly hasn't.

00:53:55   Back in the day before authenticator apps

00:53:58   were very common on smartphones, the ones that

00:54:00   give you the set of numbers that roll over every minute

00:54:02   or whatever, back before those were common,

00:54:05   and certainly back before they were built into iOS and MacOS,

00:54:07   you'd get a little hardware dongle

00:54:09   that had those numbers on it with a little battery in it

00:54:12   or whatever.

00:54:13   This is not that.

00:54:14   What they've added is support for a hardware security key.

00:54:17   So basically, to log in successfully,

00:54:19   instead of-- it used to be like, oh, I'll enter my password,

00:54:21   and then I'll get a text message or enter my password

00:54:24   and then it will prompt me to enter one of those

00:54:25   six digit codes from like an authenticator app

00:54:28   or from this little dongle, right?

00:54:30   This says to log in you would need your password

00:54:34   or whatever and also a hardware thing that you own

00:54:38   that has a secret on it and you plug it in and say,

00:54:40   if you don't have that thing,

00:54:42   even if someone knows your password,

00:54:44   even if someone has somehow has access

00:54:46   to your like six digit rolling authentication thing,

00:54:49   like they somehow got access to that

00:54:51   'cause they stole the QR code or whatever, right?

00:54:53   They still need the little dongly thing,

00:54:56   the little YubiKey is the brand name,

00:54:57   but like, you know, they still need an actual hardware thing.

00:55:00   It's just like, it's like a physical key kind of, right?

00:55:02   But it's just, you know, a drive with some,

00:55:05   with a secret on it, right?

00:55:06   That's what this is.

00:55:08   And for people who want that,

00:55:09   it does add an extra layer of protection.

00:55:12   This is where we get into the territory

00:55:14   for this whole announcement.

00:55:15   It's like, when you're hearing all these things,

00:55:16   just because a security feature exists

00:55:18   does not mean you have to use it.

00:55:20   Think about the trade-offs you're making

00:55:23   before you decide to do this,

00:55:24   because having to plug in a physical thing

00:55:27   into your phone or computer

00:55:29   to get logged into your iCloud account

00:55:31   is a big step up in security

00:55:33   and a big step down in convenience, right?

00:55:36   So if you are not a reporter, a human rights activist,

00:55:40   an important politician, a celebrity,

00:55:42   think about whether you wanna do this, right?

00:55:44   And the other thing I'll say

00:55:45   about these increased security things is,

00:55:47   the people, well, not the people should do it the most,

00:55:49   but there are definitely large classes of people

00:55:51   who probably should do this, like for example,

00:55:54   celebrities who absolutely will not,

00:55:56   because it's too annoying.

00:55:57   Celebrities don't want to be annoyed by technology,

00:56:00   but people hacking celebrities' phones

00:56:02   to get their pictures is a thing that happens,

00:56:04   so they should do it, but they won't.

00:56:05   But tech nerds, on the other hand,

00:56:07   probably no one's hacking your phone

00:56:09   to get your photos of you, because they're not as valuable

00:56:12   as the photos of celebrities,

00:56:14   but tech nerds will do it, and inconvenience themselves,

00:56:16   and everyone else.

00:56:17   So, I'm not saying whether you particularly should

00:56:20   or shouldn't do this, but think about the trade-offs

00:56:22   because this is not a one-sided thing.

00:56:24   There is increased security,

00:56:26   and then the trade-off is decreased convenience.

00:56:29   So choose wisely.

00:56:30   And to that end, related to things about like,

00:56:33   trading off security for convenience

00:56:34   for protecting your account, Apple also has a way,

00:56:37   I don't know if this is new or not,

00:56:38   but it was in one of the same documents, I'm linked to it,

00:56:40   to make a recovery key.

00:56:43   And this may sound like the recovery codes

00:56:44   that you can send, but it's not quite the same.

00:56:46   If you get the recovery key,

00:56:48   it means it turns off the other recovery process.

00:56:51   Apple has an existing recovery process.

00:56:53   It's like, I forgot all my stuff.

00:56:54   My phone is at the bottom of the ocean.

00:56:57   I don't remember anything.

00:56:58   How can I get my account back?

00:56:59   Apple has this complicated process

00:57:01   where you try to prove who you are

00:57:02   to get back into your account.

00:57:04   That is exactly the venue that hackers

00:57:06   would try to social engineer their way into

00:57:08   because they may not know your password.

00:57:10   They may not have your phone.

00:57:12   They may not even be able to clone your SIM or whatever.

00:57:14   but if they haven't know enough about you,

00:57:16   they can initiate Apple's recovery protocol

00:57:19   to try to get into your account by claiming,

00:57:21   "Oh, I dropped my phone in the ocean,

00:57:22   "I don't remember my password," or whatever.

00:57:24   So that process is there to help save your butt

00:57:27   when you forget everything,

00:57:28   but that process is also a way that people get hacked.

00:57:31   So what they do is offer a thing that say,

00:57:32   "Hey, we can turn off recovery for you

00:57:35   "and instead give you this 28-character code

00:57:37   "that you can use to reset your password

00:57:39   "that is up to you to put in a save for something,

00:57:41   "but if you lose that 28-character code,

00:57:43   "You can't recover it the way we have for other people.

00:57:45   "We turn off recovery.

00:57:46   "We are securing your account by trusting you

00:57:50   "with a 28 character code.

00:57:51   "Don't lose it because if you lose it, you're out of luck."

00:57:54   And that is one of the more dangerous, I think, trade-offs

00:57:57   that a normal person can make.

00:57:58   It's the trade-off that you should make

00:58:00   if you're like a head of state or someone who's in danger

00:58:04   from an oppressive government or you should do it then.

00:58:06   But the average person who just think it's cool

00:58:09   to have super good security probably shouldn't do this

00:58:12   because the chances of you losing all of your iCloud photos,

00:58:15   and we'll get to that in a second,

00:58:16   because you lost your 28 character recovery code,

00:58:21   are probably higher than the chances

00:58:22   that China's gonna hack you.

00:58:25   - Yep, I think that's fair.

00:58:26   And then finally, and this is the real juicy stuff,

00:58:29   advanced data protection for iCloud.

00:58:32   It is available right now in beta for the rest of the US

00:58:36   by the end of the year and the rest of the world

00:58:37   in early 2023.

00:58:39   So the TLDR on this is end-to-end encryption on iCloud almost everywhere with some gotchas.

00:58:46   So from Apple's newsroom announcement, "For users who opt in, advanced data protection keeps most

00:58:51   iCloud data protected even in the case of a data breach in the cloud. iCloud already protects 14

00:58:57   sensitive data categories using end-to-end encryption by default. For users who enable

00:59:01   advanced data protection, the total number of data categories protected using end-to-end encryption

00:59:05   rises to 23, including iCloud backup, notes, and photos. Boom! There you go. So there's a

00:59:14   KBase article or whatever, a support article that we'll link in the show notes that shows a chart

00:59:19   that is very, very helpful. And it has several columns. It has data category is one of the

00:59:24   columns. So iCloud mail, contacts, calendars, et cetera. And then it shows for standard data

00:59:28   protection, where is it encrypted and who has the key? And then in advanced data protection,

00:59:35   Where is it encrypted, which generally speaking

00:59:37   is either the same or a little bit better,

00:59:40   and then who has the key, which generally speaking

00:59:43   is no longer Apple and is now you.

00:59:45   Again, there's some caveats and gotchas.

00:59:47   Do we wanna talk about the specifics about this?

00:59:51   Would you rather me continue with the overview?

00:59:53   - Yeah, well let's talk about, so what we just said,

00:59:55   oh, 14 categories of data, and now 23.

00:59:57   It sounds like it's a not a big deal.

01:00:00   Like who cares, what are those categories?

01:00:01   When we say categories of data, we're talking about

01:00:03   like things on your phone or on your Mac that are end-to-end encrypted, right?

01:00:08   And mostly what we care about is we talk about this in the past and we'd say,

01:00:11   "Oh, Apple has everything encrypted and everything's safe."

01:00:14   We'd say, "Oh, except for your photos and your messages,"

01:00:18   which is kind of two really big categories of things that people might want to protect, right?

01:00:23   Because if the government comes knocking and says, "Apple, please give us the contents

01:00:29   of this person's messages and the contents of this person's photos,"

01:00:32   Apple had the ability to do that because they had the keys.

01:00:35   And we said, oh, messages is end-to-end encrypted,

01:00:37   unless you enable iCloud backup,

01:00:39   because the backups aren't end-to-end encrypted

01:00:41   and Apple could just give them the backups.

01:00:43   And so we were always wondering,

01:00:45   when is Apple gonna finally get around

01:00:46   to end-to-end encrypting this?

01:00:47   And when they were doing the CSAM stuff,

01:00:50   the child sexual abuse material stuff

01:00:53   that we talked about many moons ago,

01:00:55   we saw in the plumbing for that feature,

01:00:58   that very controversial feature,

01:00:59   but we're more on it in a little bit,

01:01:01   We saw in the plumbing of that feature preparing

01:01:04   for the ability to do end-to-end encryption on photos.

01:01:06   And now that day has finally come.

01:01:08   The CSAM stuff is a different story.

01:01:10   We'll get to in a little bit.

01:01:11   But now finally, iCloud backups,

01:01:14   and why do you care about that?

01:01:15   Because that's where your messages are backed up.

01:01:16   iCloud backups are end-to-end encrypted.

01:01:18   Photos are end-to-end encrypted.

01:01:20   Notes are end-to-end encrypted.

01:01:21   The big categories of stuff that previously was,

01:01:25   Apple could access.

01:01:26   Now, if you enable advanced data protection for iCloud,

01:01:29   Apple can't access it.

01:01:30   They literally don't have the key.

01:01:31   If the government comes to them and says,

01:01:32   "We need to see these people's photos

01:01:33   "and you've enabled advanced data protection of iCloud,"

01:01:36   Apple literally can't give them.

01:01:38   They can't see your photos, period.

01:01:39   They don't have the key, only you have it.

01:01:41   And in the past, that hasn't been true

01:01:43   for like, what are those 14 categories?

01:01:45   Your passwords.

01:01:46   iCloud key chain has always been like this.

01:01:48   Your health data, I think, has already been like this.

01:01:50   You're probably looking at the Oracle case.

01:01:52   A bunch of stuff was always like this.

01:01:54   This is not Apple's first time doing this.

01:01:56   It's just that there were these big categories of data

01:01:58   that weren't like that and Apple sort of,

01:02:01   you know, the Craig Federighi interview,

01:02:03   which we'll get to in a little bit,

01:02:04   was saying like, oh, we were using this feature

01:02:07   and other things to sort of get good at it

01:02:09   and now we're finally ready to roll it out everywhere,

01:02:12   almost everywhere.

01:02:13   - Yeah, just very quickly.

01:02:14   So like you said, a lot of stuff was already

01:02:16   end-to-end encrypted, including,

01:02:18   I'm happy to report, your Memoji.

01:02:19   (laughing)

01:02:20   But it's the stuff, the categories,

01:02:23   nine or whatever categories that would be

01:02:25   end-to-end encrypted that previously were not.

01:02:27   our wallet passes.

01:02:28   I'm pretty sure that's not your credit card,

01:02:30   but like your boarding passes and things like that.

01:02:32   Voice memo, Siri shortcuts, Safari bookmarks,

01:02:35   reminders, notes, photos, iCloud drive,

01:02:37   iCloud backup, including device and messages backup,

01:02:41   and oh, I'm sorry, and that's it.

01:02:42   And then the three that remain

01:02:43   that will never ever, ever be end-to-end encrypted,

01:02:45   or at least not as of right now,

01:02:47   are calendars, contacts, and mail.

01:02:49   And the short-short version on why is because,

01:02:51   oh, we have to integrate with the rest of the world.

01:02:54   And so we need to be able to insert data,

01:02:57   remove data, et cetera, et cetera.

01:02:58   - Yeah, before we get to those caveats,

01:03:00   I think there's a question in the chat room

01:03:01   that's addressed by the Wall Street Journal article,

01:03:03   which I think is behind a paywall,

01:03:05   but snippets have been extracted.

01:03:07   They said, "The new encryption system will roll out

01:03:09   "as an option in the U.S. by year's end,

01:03:11   "and then worldwide, including China, in 2023."

01:03:15   'Cause that's the question, does this include China?

01:03:17   And according to Federighi in his interview

01:03:19   with the Wall Street Journal

01:03:20   that we'll link to in the show notes,

01:03:21   he said, "Yeah, no, we're planning on rolling it out

01:03:23   "in China."

01:03:24   I didn't sound super confident.

01:03:26   It's like, oh, I haven't heard anything

01:03:27   from the Chinese government,

01:03:28   but I do wonder how this is gonna work

01:03:29   because Apple's had to make a lot of compromises

01:03:33   with their security to be in China,

01:03:35   that China gets to run the data centers or whatever,

01:03:37   but China running the data centers matters a lot less

01:03:40   if the data centers don't have the keys to your data.

01:03:43   And somehow I don't see this going well for Apple

01:03:48   'cause once China realizes what features are in this,

01:03:53   Maybe they could request that, okay,

01:03:55   but in iOS in China, just don't enable this feature?

01:03:58   I don't know what the plan is there,

01:04:00   but stay tuned for more news and that.

01:04:02   But as of right now, the intention is

01:04:04   that this will roll out worldwide, including China.

01:04:07   - Yeah, there's no way this,

01:04:08   there's no way China gets this enabled for them

01:04:11   for very long.

01:04:12   Maybe it rolls out initially,

01:04:14   because the government hasn't gotten wind of it yet.

01:04:16   I guarantee you, as soon as they get wind of it,

01:04:18   which has probably happened today,

01:04:20   I guarantee you they're gonna have a problem with this.

01:04:24   You look at the Chinese government's history

01:04:26   with data they can't access being generated

01:04:29   by their citizens, not a chance.

01:04:32   There is no way this stays like this.

01:04:35   - Yep, I agree with you.

01:04:36   And we should just make it clear

01:04:38   that there was a article by Joanna Stern

01:04:40   in the Wall Street Journal, and we'll link that,

01:04:42   both the raw version and the Apple News version,

01:04:45   because I believe a lot of times

01:04:47   you can get to the Apple News version

01:04:48   If you're, you know, what is it, Apple One subscriber, what have you, we'll link that

01:04:53   and both of them in the show notes.

01:04:54   And she also had a YouTube video, which was in the article and also is on, excuse me,

01:04:58   there was a video that was in the article and also on YouTube.

01:05:00   It was like six and a half minutes and that was an interview or a discussion between her

01:05:04   and Craig Federighi.

01:05:06   And that was very good.

01:05:07   And we'll put that in the show notes as well.

01:05:08   Additionally, in the show notes will be the platform security guide, which is I think

01:05:12   something that has existed for quite a while now, but it has new stuff for advanced data

01:05:16   protection on iCloud.

01:05:17   I took a quick spin through this earlier today,

01:05:20   and I thought that there were some interesting pieces

01:05:23   to this, so reading from various portions of that guide.

01:05:27   I work collaboration, the shared albums feature in photos,

01:05:30   and sharing content with quote, anyone with link quote.

01:05:33   Do not support advanced data protection.

01:05:35   When you use these features, the encryption keys

01:05:36   for the shared content are securely uploaded

01:05:38   to Apple data centers so that iCloud can facilitate

01:05:41   real-time collaboration or web sharing.

01:05:43   This means the shared content is not end-to-end encrypted

01:05:46   even when advanced data protection is enabled.

01:05:48   Now, quick note, point of fact,

01:05:50   I had read this as shared photo library,

01:05:53   which is not what it says.

01:05:54   - It's a shared album feature.

01:05:55   - Shared albums, which makes a lot more sense.

01:05:58   - The very unfortunately named feature

01:05:59   that's gonna be a problem if and when Apple

01:06:01   actually adds album sharing to shared photo library,

01:06:04   'cause what the hell you gonna call it?

01:06:06   So unlike the thing that you said before,

01:06:07   like they said, oh, mail, contacts, and calendar

01:06:10   aren't end-to-end encrypted

01:06:11   because they need to interoperate.

01:06:13   Some of those, if you squint, make some kind of sense.

01:06:16   Basically, here's the main thing that prevents them

01:06:20   from doing end-to-end is if you need to have a URL

01:06:23   that anyone can load and get info,

01:06:26   you can't use end-to-end encryption

01:06:29   unless you're willing to force everyone who loads that URL

01:06:32   to somehow get into your system enough

01:06:35   that you can validate and share keys with them,

01:06:37   you know what I mean?

01:06:38   But a lot of this stuff, the way it works,

01:06:40   like integration with other systems is no,

01:06:42   they just expect to be able to load the URL.

01:06:43   So the anyone with a link thing is a great example.

01:06:45   Whenever you see one of those like share this

01:06:47   with anyone who has the link can view it,

01:06:49   that means you're using basically security through obscurity.

01:06:51   If you don't know the URL,

01:06:52   you're probably not gonna find this

01:06:54   if we've done a good job,

01:06:55   but anybody who knows the URL,

01:06:57   they can just load it, right?

01:06:58   Lots of things work that way.

01:07:00   You can't make an anyone with link link that says,

01:07:03   oh, well, yeah, I know what you wanna get at here,

01:07:06   but you need to either sign into your Apple ID

01:07:08   and then trade a secret key with the person

01:07:10   who's sharing this with you,

01:07:12   or get an Apple ID if you don't have one,

01:07:14   and at that point, people are already leaving, right?

01:07:15   'Cause the whole point of Anyone with a Link is,

01:07:18   give it to someone, they don't need to have an Apple ID,

01:07:19   they don't need to get an Apple ID,

01:07:21   they don't need to exchange anything with you,

01:07:22   they don't need to, like,

01:07:23   you don't even need to know who they are.

01:07:25   Anyone with a Link means Anyone with a Link.

01:07:26   Some aspects of mail, contact, and calendar are like that,

01:07:30   and it's not just other people that interact with them,

01:07:32   but there's third-party software and services

01:07:34   that expect to be able to interact

01:07:36   with the various protocols that run mail, contacts,

01:07:39   and calendaring that would break if they tried to roll this out.

01:07:42   So I kind of understand that.

01:07:44   And shared albums, similarly, you can make a shared album,

01:07:47   and there's a web view of that.

01:07:49   So if you want to share pictures with someone in your family who

01:07:51   does not have an Apple device, or maybe they don't even

01:07:52   have a phone at all, they just have a computer,

01:07:54   or whatever, unlikely it's probably the reverse.

01:07:56   But anyway, those features don't do

01:07:59   undead encryption, because the whole point of them is

01:08:01   for sharing.

01:08:02   And then the iWork collaboration,

01:08:04   that just seems like something that's sort of, well,

01:08:06   I guess it's the anyone with a link thing.

01:08:09   So the things that don't use it are kind of the things

01:08:13   that you would expect.

01:08:14   But this is another caveat that people tend not

01:08:16   to think about when we talked about, oh, now finally

01:08:19   my messages will be end-to-end encrypted.

01:08:21   So I'm secure, right?

01:08:22   Well, your messages kind of like your email.

01:08:27   If you secure-- if you had secured your email somehow

01:08:30   using some secure email system or you'd secure your messages,

01:08:33   It doesn't really matter because everyone you've ever emailed also has those emails.

01:08:39   You know what I mean?

01:08:40   Like half your email is not yours.

01:08:41   And the same thing with messages.

01:08:44   Everybody you talk to over messages, if they're not also encrypting, your messages could be

01:08:49   subpoenaed through them.

01:08:50   That's part of the nature of communication.

01:08:52   You give them your half of the conversation and then it's up to them to safely store that

01:08:57   somewhere.

01:08:58   So that's true of email and that's true of messages.

01:09:00   So if you think, "Now I've end-to-end encrypted my messages.

01:09:02   The government can never see what I write in messages.

01:09:05   Has everyone you ever talked to on iMessage

01:09:08   also enabled advanced data protection?

01:09:10   If not, government can still get it.

01:09:11   So just keep that in mind.

01:09:13   - Continuing from the same document,

01:09:15   when advanced data protection is enabled,

01:09:17   access to your data via iCloud.com is disabled by default.

01:09:20   You have the option to turn on data access on iCloud.com,

01:09:23   which allows the web browser that you're using

01:09:25   and Apple to have temporary access

01:09:27   to data-specific encryption keys provided by your device

01:09:30   to decrypt and view your information.

01:09:32   Devices where the user is signed in with their Apple ID

01:09:34   must be updated to iOS 16.2, iPadOS 16.2, Mac OS 13.1,

01:09:39   TVOS 16.2, watchOS 9.2, and the latest version of iCloud

01:09:43   for Windows.

01:09:43   This requirement prevents a previous version of iOS, iPadOS,

01:09:46   Mac OS, TVOS, or watchOS from mishandling the newly created

01:09:50   service keys by re-uploading them to the available

01:09:52   after authentication HSM--

01:09:54   I'm not sure what that means off the top of my head--

01:09:55   in a misguided attempt to repair the account state.

01:09:58   Whoopsie-doopsies.

01:10:00   So yeah, so another couple of caveats as well.

01:10:01   Basically everything that you touch

01:10:03   needs to be latest and greatest,

01:10:04   and I hope you don't like iCloud.com unless,

01:10:07   and if you do, you have to turn it on explicitly.

01:10:09   - HSM is hardware security module.

01:10:11   Yeah, this is the thing that's really gonna trip people up.

01:10:14   You need to, just in case this isn't clear,

01:10:16   if you have like an old phone in a drawer

01:10:18   that's running an old version of iOS,

01:10:21   and it's still logged into your Apple ID,

01:10:22   you can't enable this feature.

01:10:24   You have to be updated everywhere.

01:10:26   So what that means is finding the old devices

01:10:29   and either erasing them or signing out

01:10:31   of your Apple ID on them.

01:10:32   They're trying to basically prevent you thinking you're

01:10:34   secure, where really you have some old device that

01:10:37   doesn't have any of this code that's

01:10:38   leaking your information out or subverting it or whatever.

01:10:41   And this is going to be, I think,

01:10:43   the main barrier to adoption.

01:10:44   So this isn't enabled by default, first of all.

01:10:46   And second of all, for all the tech nerds, they're like, yeah,

01:10:47   I'm going to try it.

01:10:48   Tech nerds are very likely to have a bunch of devices that

01:10:51   haven't been updated.

01:10:51   You think, oh, tech nerds update their stuff right away.

01:10:53   They're going to have everything updated soon.

01:10:55   No, it's all the devices that are in drawers

01:10:57   that you forgot about that are still signed into your Apple ID.

01:11:00   So you have to go and hunt them down and sign out.

01:11:03   And related to that, the last time I personally

01:11:06   ran across this, and probably a lot of tech nerds did, is

01:11:08   a feature that was laying the groundwork for this, which

01:11:11   is the-- I forget what Apple calls it,

01:11:12   but it's like the, hey, designate some other person

01:11:15   to be like your backup if you forget everything.

01:11:17   What is that one called?

01:11:19   Recovery contact, right?

01:11:20   Yeah, something like that.

01:11:21   It's a feature of iOS and Mac.

01:11:22   You basically designate a person to say,

01:11:24   I trust this person enough so that if I lose all my stuff

01:11:27   and I lose all my recovery code,

01:11:29   this is part of the recovery process.

01:11:30   I think you also give this up

01:11:31   if you do that 28 character thing, so be careful.

01:11:33   But anyway, for normal people who are wise

01:11:35   and are not gonna do that,

01:11:36   you would designate a recovery conduct.

01:11:38   But to even do that, you had to make sure

01:11:40   everything was like updated.

01:11:42   I forget what the requirements were,

01:11:42   but you had to go through and update a bunch of stuff.

01:11:44   So the first time I tried to go through it, it says,

01:11:46   you can't use this feature until devices X, Y, Z, and Q

01:11:50   are all like logged out of your app ID.

01:11:52   So I had to go around my house and hunt those things down,

01:11:54   or you can even go on the website.

01:11:56   I think it's either at appleid.apple.com or iCloud.com.

01:11:59   You can delete devices from your Apple ID,

01:12:01   which basically invalidates their keys.

01:12:03   You would have to do that before you could even

01:12:05   designate a recovery contact.

01:12:06   Well, this whole process is gonna have to repeat,

01:12:09   only now what you're gonna need are a bunch of versions

01:12:11   of OSs that aren't even out yet.

01:12:13   In particular, the one that might trip people up

01:12:15   is Mac OS 13.1, because who updates their Macs?

01:12:18   You gotta update everything.

01:12:19   So if you're excited about this feature,

01:12:21   And I think unlike the hardware recovery key

01:12:23   and unlike the hardware recovery device

01:12:26   and the 28 character code,

01:12:27   I think advanced data protection is reasonable

01:12:29   for pretty much everybody to do

01:12:31   and it's probably a good idea

01:12:32   because you are still protected

01:12:33   by Apple's recovery procedure

01:12:35   and I think it will force you,

01:12:36   I don't know if this is in the notes here,

01:12:38   but I think it will force you to have a recovery contact.

01:12:40   Like to enable advanced data protection,

01:12:43   it will either force you or strongly suggest

01:12:46   that you have a recovery contact.

01:12:48   So you'll still mostly be protected

01:12:50   And Apple's customer support will still mostly not be totally

01:12:53   destroyed by people locking themselves out of all their data.

01:12:55   But you will need to update everything everywhere to get this to run.

01:12:59   Yeah, it was in the video interview with Joanna Stern that, um, she said to,

01:13:04   to, to Craig, well, what took so damn long and almost verbatim, I believe.

01:13:09   And he said, well, one of the things we have to worry about is customer support

01:13:12   because, you know, you're now putting the onus on yourself to be able to recover.

01:13:17   And so I believe that Craig had said,

01:13:19   "You must choose a designated contact

01:13:22   "or alternatively print out this 28 character,"

01:13:26   whatever it is, "recovery code."

01:13:28   And they will compel you to do one or the other

01:13:32   because if you lose your backup person

01:13:35   and/or your backup code,

01:13:37   there's literally nothing Apple can do by design.

01:13:40   The whole point is that they have no mechanism

01:13:44   to get into your data.

01:13:45   And it was interesting that for all of the different things

01:13:49   that were said, naturally none of them involved,

01:13:53   oh, well, and by the way,

01:13:54   law enforcement also cannot get into your data.

01:13:56   Like this is all about,

01:13:58   oh, just having good security practices.

01:14:00   They never said either directly or indirectly.

01:14:02   This is about preventing law enforcement

01:14:04   from getting at your stuff if you don't want them to,

01:14:06   which I thought was kind of funny.

01:14:08   Anyway, Jason over at Six Colors had a really good summary

01:14:12   and he made a few points I wanted to quickly read.

01:14:14   Another reason Apple has fought against encrypting

01:14:16   all the things is that it has some serious side effects

01:14:18   for users, most notably that Apple can't unlock your data

01:14:20   if you no longer have the password to your Apple ID.

01:14:22   Oh, here we go, to solve this problem,

01:14:23   see I should have read ahead my own show notes

01:14:25   and I was the one who put them in, hooray.

01:14:27   To solve this problem, Apple's placing these new

01:14:29   nine encryption services in a new feature called

01:14:31   Advanced Data Protection that isn't on by default,

01:14:33   just like John said a moment ago,

01:14:34   and according to Joanna Stern of the Wall Street Journal,

01:14:37   requires that users generate at least one additional method

01:14:39   of unlocking their account.

01:14:39   Methods include a printout of a very long string

01:14:42   that can be stored somewhere secure,

01:14:43   or the designation of a different Apple ID

01:14:44   is having the authority to unlock the account.

01:14:47   Anything else about this before we talk about

01:14:49   the other bomb that was dropped today?

01:14:51   - Yeah, I am interested though,

01:14:52   because based on what I had earlier in the notes

01:14:54   about the fact that when you create that 28 character code,

01:14:57   it turns off account recovery,

01:14:58   I wonder if I'm either have that wrong

01:15:00   or if that will be communicated clearly

01:15:03   in the sort of onboarding procedure.

01:15:06   Because if it does turn off recovery, it's like,

01:15:08   all right, so obviously trusting someone else is also a risk

01:15:10   'cause now that's another vector that they can get to you,

01:15:12   Like if someone hacks them because they don't use good security and they're a recovery thing

01:15:17   for you, in theory, the person you designate as a recovery contact also needs you to participate

01:15:22   to get access, but in practice, the whole point is that if you've forgotten everything,

01:15:27   just them plus knowing enough about you, like your applet, anyway, it seems like that is

01:15:32   another potential vector for people to hack you is whoever you trust as a security contact.

01:15:36   But on the other hand, if you just do the 28 character code, then you're trusting yourself

01:15:41   with that slip of paper and if you lose that, you can't go whining to anybody and say,

01:15:46   "But isn't there some kind of recovery procedure where I can show who I am and this person

01:15:50   will vouch for me?"

01:15:51   And they'll be like, "No, you took the 28-character code.

01:15:53   You don't have that piece of paper.

01:15:55   Tough luck."

01:15:56   And that's not a place where I want to be.

01:15:58   So I've already designated the backup content.

01:16:01   I think I picked my wife or something, but that seems much safer for me, again, for normal

01:16:05   people.

01:16:06   Those features that exist for the 28-character code and the message verification, that's

01:16:11   for heads of state, journalists, celebrities, probably not you.

01:16:15   Indeed. All right. And then the other bomb that was dropped, which I don't think was

01:16:21   any like official announcement anywhere, but, um, Oh no, I'm sorry. There was an official

01:16:26   announcement. That's right. Uh, so Apple has a statement, uh, after extensive consultation

01:16:31   with experts to gather feedback on child protection initiatives we proposed last year, we are

01:16:34   deepening our investment in the communication safety feature that we first made available

01:16:38   in December 2021. We have further decided not to move forward with our previously proposed CSAM

01:16:43   detection tool for iCloud Photos. Children can be protected without companies combing through

01:16:48   personal data and we will continue to working with governments, child advocates, and other companies

01:16:52   to help protect young people, preserve their right to privacy, and make the internet a safer place

01:16:56   for children and for us all." So in summary, Apple now says it stopped the development of

01:17:03   their CSAM system, following criticism, blah, blah, blah. Federighi said that Apple's focus

01:17:08   is related to protecting children, their focus related to protecting children has been on areas

01:17:13   such as communication, giving parents tools to protect children, and iMessage. There's a quote,

01:17:17   "child sexual abuse can be headed off before it occurs," he said. That's where we're putting our

01:17:22   energy going forward. Additionally, Wired had a different article where they wrote,

01:17:29   Apple has told Wired that while it is not ready to announce a specific timeline for

01:17:34   expanding its communication safety features, the company is working on adding the ability

01:17:39   to detect nudity in video sensory messages when the protection is enabled. The company

01:17:43   also plans to expand the offering beyond messages to its other communication applications.

01:17:47   Ultimately, the goal is to make it possible for third-party developers to incorporate

01:17:50   the communication safety tools into their own applications.

01:17:53   So this is a big retreat from the idea that Apple is going to scan the photos on your

01:17:58   your device looking for a child sexual abuse material,

01:18:02   changing to a very different posture,

01:18:06   which is the whole heading it off beyond what happens,

01:18:07   basically saying, as data is sent from

01:18:10   or perhaps received by your device,

01:18:13   we will look at it at that moment and try to,

01:18:16   like the feature that they told Wire,

01:18:18   like, oh, well, maybe you'll eventually have

01:18:19   a third-party framework where you can detect nudity,

01:18:22   like detecting nudity and child sexual abuse material,

01:18:25   two very different things, right?

01:18:27   'cause you could be sending a picture of yourself naked

01:18:30   to your significant other,

01:18:32   and that is not child sexual abuse material,

01:18:34   but it would trip off the nudity filter.

01:18:35   So I'm not sure what they're trying to say there

01:18:38   other than, hey, here's a cool machine learning tool

01:18:40   that will package up that you could use

01:18:41   in your application if you wanted.

01:18:43   But end-to-end encryption combined with a retreat

01:18:48   from scanning on device kind of puts them back

01:18:52   to where they were before,

01:18:53   where, well, they said they weren't scanning it

01:18:56   on the server.

01:18:57   Now they won't be able to scan it on the server

01:18:59   if you enable advanced data protection.

01:19:01   And also, they're not gonna scan it on your device.

01:19:04   All, what they are gonna do is the features they described

01:19:06   with like, hey, if a miner tries to send a picture

01:19:09   of themselves naked through messages,

01:19:11   it will pop up a little thing and say,

01:19:13   you sure you wanna do this and try to educate them

01:19:15   and head them off at the pass.

01:19:16   And I'm not sure where they stand

01:19:17   on the whole parental notification feature,

01:19:19   was like, if they're young, we'll send a message

01:19:21   to their parent and tell them they're doing it,

01:19:22   but I think they retreated from that as well.

01:19:24   This message where they said there,

01:19:26   quote unquote, deepening our investment

01:19:29   in the communication safety features

01:19:30   that we first made available.

01:19:32   If by deepening our investment,

01:19:33   you mean totally changing what you plan to do

01:19:35   because people yelled at you?

01:19:37   Yeah, I mean, I guess you're deepening something.

01:19:40   We talked a lot about this when it was announced,

01:19:43   but they've changed their position

01:19:46   based on essentially criticism and consultation

01:19:48   from lots of people, from security researchers,

01:19:51   from privacy advocates, from lots of people who had

01:19:55   scenarios where this feature could be abused by governments

01:19:58   for nefarious purposes or used by hackers.

01:20:01   So what they're basically doing is for now,

01:20:04   playing it safe, which is we're not doing any of those

01:20:06   things that we thought might be risky.

01:20:09   We are doing end-to-end encryption,

01:20:10   which everybody wants and is good,

01:20:12   but of course that same feature can be used

01:20:14   for nefarious actors to hide their activities, right?

01:20:16   That's the nature of security.

01:20:18   If you do security right, it helps the good guys and the bad guys equally.

01:20:24   Despite what everybody in Congress and our country wants, there's no way to magically

01:20:29   protect all the good people's data but not the bad people's.

01:20:32   We'll just add a backdoor that only the good people know, but that's not how security works.

01:20:35   If you add a backdoor, it's a backdoor for everybody, and there's no way to have a backdoor

01:20:39   and also have security.

01:20:41   So Apple has opted to have security, and then the on-device scanning was a way to get around

01:20:45   that.

01:20:46   It was like, "Well, Apple won't have the keys.

01:20:48   can't get the keys. It'll just be scanned on your device which will try to make a secure

01:20:52   hardware thing." And then people were not up for that. They said, "No, we don't want

01:20:55   that to happen." So Apple said, "Okay, that won't happen. But here's your Ndend encryption."

01:20:59   So I guess this is a pretty good outcome in terms of Apple proposed something. There was

01:21:05   a lot of public feedback that it wasn't a good idea, but they continued to pursue the

01:21:10   Ndend encryption despite the fact that that seemed almost tied to the CSAM stuff. They

01:21:14   separated it and said end-to-end encryption, good, everyone's going to get it, here you go.

01:21:18   And then the CSAM stuff, we're still trying to figure that out.

01:21:22   Anything else on all this? I am excited, I'm pleased that it's happening. Of course,

01:21:28   I wish it happened yesterday, but the next best time is now. And I do, I'd have to look at it

01:21:34   more, but sitting here now, I do plan to turn it on once it's out of beta and once it's available

01:21:39   to everyone. And I will probably advise Aaron to do the same thing. I know, Marco, what is your,

01:21:44   sitting here knowing what you know today,

01:21:46   would you turn this on?

01:21:47   - Probably, but not yet.

01:21:50   I wanna wait until, you know,

01:21:52   I mean, I'm sure they've been very careful and everything,

01:21:54   but the stakes are so high if things go wrong here

01:21:58   that I'm not gonna jump on it like, you know, on day one.

01:22:01   I might wait, you know, I'm not even on Venturi yet,

01:22:03   like, you know, I'm waiting.

01:22:05   - Why don't you get Venturi, it's fine.

01:22:07   - You know, the point one is about to come out,

01:22:09   I'll probably jump on that when they do that, but.

01:22:11   - You'd need the point one to do this anyway.

01:22:13   - That's true, that's true.

01:22:14   - Yeah, so for people who don't know

01:22:16   how to think about this,

01:22:18   all this data that we just talked about,

01:22:19   it's already encrypted.

01:22:20   So if you're wondering,

01:22:21   I want Apple to have an unencrypted version of my photos.

01:22:23   They don't, they have an encrypted version.

01:22:25   Everything they have is encrypted.

01:22:26   The difference is that they also have the key.

01:22:29   So this is not like,

01:22:30   oh, this is gonna scramble all my data.

01:22:31   Your data is already scrambled on Apple servers.

01:22:33   It's already nonsense.

01:22:34   Like if you were to break into Apple servers

01:22:36   and just grab your photos,

01:22:37   you'd have a bunch of binary garbage.

01:22:39   You need the key.

01:22:40   Apple also currently has the key.

01:22:42   All this feature is not all this feature is doing

01:22:44   to minimize what they're doing, but like logically speaking,

01:22:47   they're just taking the key away from Apple.

01:22:48   They're really making a new key and you only you have.

01:22:50   But anyway, Apple will not have the key

01:22:52   and you will have it.

01:22:53   Right now you both have the key,

01:22:54   but it doesn't change the nature of your data.

01:22:56   So there's not gonna be some long process that goes through

01:22:58   and re-encrypts all your data or whatever.

01:22:59   It's already encrypted in all places, right?

01:23:02   The only difference is who has the key.

01:23:04   And this move is changing it from you have the key

01:23:06   and Apple has the key to just you

01:23:09   and all your trusted devices and so on and so forth.

01:23:11   And Marker was right that any change like this is a risk

01:23:14   because if they have a bug or something and it screws up,

01:23:16   now your key is in one fewer place, right?

01:23:19   Apple used to have your key and now they don't.

01:23:21   So if they screw something up such that you lose all your

01:23:24   keys or something and their backup solution doesn't work,

01:23:26   Apple doesn't have one more copy of the key.

01:23:28   I think that's highly unlikely to happen,

01:23:30   but if you're listening to this and you're worried like,

01:23:32   I don't want to do this because I don't want my data

01:23:33   to be encrypted, it's already encrypted everywhere.

01:23:36   It is encrypted at rest as they say,

01:23:37   it's just a question of who has the keys,

01:23:39   how many copies of the key are there and who has them.

01:23:42   - So this is good news, I'm excited for it.

01:23:45   I am sure China and other similar governments

01:23:49   are going to be equally enthusiastic about it.

01:23:51   And to be honest, I'm not so confident

01:23:53   that American government will be

01:23:54   particularly enthusiastic about it, but we shall see.

01:23:56   - Yeah, I mean, American governments,

01:23:58   I mean, they're, whatever, they're always making noise.

01:24:00   But Apple is not the first company to do this.

01:24:02   Like, and then encrypted backups,

01:24:03   like, Android's had it for years and years.

01:24:04   Like, it is a common feature of all sorts.

01:24:06   Like, Keychain, your health data,

01:24:08   like, this is not a new thing.

01:24:09   They're just extending it to more data.

01:24:11   So it was overdue.

01:24:12   Like Apple was behind the times.

01:24:14   They had done it for a bunch of important data,

01:24:16   and your Memoji, but they hadn't done it

01:24:19   for your photos and your backups,

01:24:21   and now they finally have.

01:24:21   Those are the two biggies that we really care about.

01:24:24   - All right, additionally, Apple has added

01:24:26   700 new price points to the App Store.

01:24:29   Cool. - No, this is good.

01:24:31   Look, okay. - I don't know.

01:24:32   - First of all, this is a small deal, not a big deal.

01:24:36   - Right, I think they had to start

01:24:38   by letting people know that there are price points

01:24:40   on the App Store, 'cause I think a lot of people think

01:24:42   if you haven't ever sold an app,

01:24:43   that when you sell an app, you decide what the price

01:24:46   is gonna be and you type it into a text field

01:24:48   and that's not how it works.

01:24:49   - Yeah, so the way App Store pricing has worked to date,

01:24:53   there's a few exceptions around subscriptions,

01:24:56   stuff like that, but for the most part,

01:24:57   the way it has worked to date is when you post your app

01:25:00   to the App Store, you select a quote price tier

01:25:03   and that's what it is everywhere.

01:25:04   and the price tier is basically like every dollar

01:25:08   in the US dollar with 99 at the end.

01:25:11   So that's why 99 cents was the base price

01:25:13   and that's tier one.

01:25:15   Or like tier zero is like free, right?

01:25:17   So then anyway, you can do tier two, all right,

01:25:20   then that's 199 or whatever.

01:25:23   And there's been limited to no ability so far

01:25:28   to customize prices by region.

01:25:32   Although, again, the subscription pricing

01:25:36   has been a little bit different in that regard.

01:25:37   They've had a few more options

01:25:38   than straight up in-app purchases.

01:25:40   - But Apple does that for you, like for the pricing.

01:25:42   - Yes. - When you say,

01:25:43   I want tier one, whatever that is, $1.99,

01:25:46   Apple tells you, okay, here's what tier one is in euros.

01:25:49   Here's what tier one is in this country.

01:25:51   Here's what tier one is in, like Apple decides that.

01:25:53   You don't get to pick that.

01:25:54   So not only do you not get to pick the exact price,

01:25:56   I want my thing to be $1.23.

01:25:58   Nope, sorry, you can't do that.

01:26:00   But then after you pick the price tier,

01:26:01   Apple says, okay, for that tier, here's how much it is

01:26:04   in all these currencies in other countries.

01:26:06   And they adjust that from time to time.

01:26:07   - Yeah, exactly.

01:26:09   There's a number of reasons why this is actually

01:26:11   very convenient for people like me who don't know

01:26:15   how things should be priced in the entire world.

01:26:17   I know my own market and I can hear from a few people

01:26:21   here and there about some of the other big markets,

01:26:23   but for the most part, like, hey, I want my annual

01:26:26   Overcast Premium purchase, which is my current,

01:26:29   I think currently my only in-app purchase

01:26:30   I offer in the App Store, it's just 10 bucks a month

01:26:34   in the US and roughly that same thing everywhere else,

01:26:38   like whatever the equivalents are.

01:26:39   And I don't have to think about that for the most part.

01:26:41   Like I just let it go and I let Apple figure out

01:26:43   what that means in each currency and they deal with

01:26:47   tax and everything and that's it.

01:26:48   Sorry, a year.

01:26:49   Sorry, $10 a year.

01:26:50   - Don't want you to be scared away, it's not $10 a month.

01:26:53   - No, it's $10 a year and in fact,

01:26:54   I think I actually am undercharging.

01:26:58   This is just an unrelated side note.

01:27:00   But if you look around like, oh God,

01:27:01   again, more app store stuff, the other day,

01:27:04   Adam asked if he can get an app for his iPad

01:27:07   that all of his friends are using,

01:27:09   a quote, meme generator app.

01:27:11   And what this means is an app that basically

01:27:14   searches public databases of like, you know,

01:27:16   Giphy and stuff for images,

01:27:18   unless you type impact text over them.

01:27:19   Like that's basically, it's the most simple app in the world.

01:27:22   $5 a month.

01:27:26   - What?

01:27:27   At least it's not per week.

01:27:28   probably was in the past before they stopped

01:27:30   letting you do that.

01:27:30   - I believe there was a weekly option,

01:27:32   but the cheapest option was $5 a month.

01:27:35   And not just one app, like every app that was popular

01:27:39   that showed up in search results that did this

01:27:41   is some kind of monthly, at least, subscription

01:27:45   of about that magnitude.

01:27:47   - Well, they're trying to find apps that kids wanna use

01:27:48   and they'll just ask their parents to do it

01:27:50   and the parents will say yes and then not notice

01:27:52   another $5 a month is coming out,

01:27:53   so they can literally type text over an image.

01:27:56   - That's it.

01:27:57   I just, it makes me so mad.

01:28:01   And I try not to show it too much,

01:28:04   'cause I don't wanna discourage him

01:28:05   from using stuff on his iPad and stuff,

01:28:06   so I try to hide my anger.

01:28:08   But the fact that this stuff exists in iOS

01:28:11   and that it is doing so well,

01:28:13   'cause, and these are apps that had

01:28:15   tens of thousands of ratings.

01:28:16   - I'm sure they're all legit.

01:28:19   - I know, right, but I bet some of them are.

01:28:21   I mean, they're high ranking,

01:28:22   and it's like, if you look at what the app store

01:28:26   has generated, in order to rank highly on the app store

01:28:31   these days, you have to be able to put a lot of money

01:28:34   into buying search ads, buying installs on Facebook

01:28:38   and stuff, and paying people to review it probably.

01:28:43   You have to put a lot of money into getting a higher

01:28:46   ranking, and so what ends up getting the highest ranking

01:28:49   is the stuff that has the most in-app purchase income

01:28:53   from it and so it's a self-fulfilling prophecy

01:28:56   and so the prices of everything just goes up and up and up

01:29:00   for common needs for everything that's actually

01:29:02   ranking well because it's full of all these scams

01:29:06   and they keep outranking everything else

01:29:07   because they can afford to.

01:29:09   And then the result is everything just costs more

01:29:12   and sucks more for users but Apple just makes more money

01:29:15   and so it's gonna stay that way.

01:29:17   Anyway, so going back to the subject.

01:29:21   So when you're designing that purchase,

01:29:23   oh anyway, and I think Overcast is underpriced

01:29:25   for what it is, because even if you look around

01:29:27   other podcast apps that have In-App Purchase stuff,

01:29:30   I'm cheaper than all of them, and maybe I shouldn't be,

01:29:33   but I don't know, I probably shouldn't change it.

01:29:35   But anyway, but yeah, it makes me so mad,

01:29:39   wow, I can type text over an image for $5 a month,

01:29:44   or I can pay, if somebody can pay 80 cents a month

01:29:47   or whatever for my podcast app, like, hmm.

01:29:50   Anyway, so yeah, so there's been limited control

01:29:55   by developers over what these price points are

01:29:57   and how they are targeted in different markets, et cetera.

01:30:02   And so, and there's been weird awkwardness too,

01:30:04   like because all the prices were forced to end in '99

01:30:08   in the US and whatever the equivalents are

01:30:09   in a lot of other places,

01:30:11   certain pricing didn't make sense,

01:30:13   especially when you look at like bundles

01:30:15   or you'd have like, oh, you know,

01:30:17   buy two months for the price of two or three or whatever.

01:30:21   Like sometimes the math would work out in such a way

01:30:23   that it didn't really make sense for like,

01:30:25   oh you're actually paying like 10 cents more

01:30:27   if you buy it this way 'cause of the stupid 99 pricing

01:30:30   that should have been like 98 or 90 or something

01:30:33   depending on how the rounding would work out.

01:30:34   So anyway, what they're doing is adding

01:30:38   a whole bunch more price tiers.

01:30:40   Now, we're not gonna notice much of this

01:30:44   in the US market and in like the, you know,

01:30:47   kind of North America, Europe,

01:30:49   most of the stuff is not gonna affect us that much

01:30:51   because people are gonna keep charging

01:30:52   what they've been charging because it makes sense

01:30:54   and it makes the most sales.

01:30:55   However, there are a few little tricks,

01:30:58   one of which is that the lowest price point,

01:31:01   instead of being 99 cents in the US,

01:31:03   is now gonna be 29 cents in the US.

01:31:07   That we're gonna notice.

01:31:09   That's gonna become a thing.

01:31:11   I don't know to what degree.

01:31:12   I mean, the idea of the rush to the bottom

01:31:17   with pricing everything going to 99 cents in the app store

01:31:20   was mainly a problem or rather an effect

01:31:24   of paid up front apps.

01:31:25   And we don't really live in that world anymore.

01:31:27   Very few apps are paid up front anymore.

01:31:30   And although I did just buy one the other day

01:31:32   for a stupid camera remote.

01:31:34   Long story short, Jon, you were right.

01:31:35   I should have upgraded the firmware on my Sony camera.

01:31:38   (laughing)

01:31:39   - It was 1.00. (laughs)

01:31:44   - Not a reassuring number.

01:31:45   - Yeah, it is now like three point something.

01:31:48   Yeah, it turns out the wifi didn't work before.

01:31:49   - And it does, and now it does animal eye detection.

01:31:52   You can take good Hops pictures.

01:31:53   - Oh good, yeah.

01:31:55   I'll look at that now, 'cause the autofocus performance

01:31:57   really is not very good.

01:31:58   Anyway, so I think what,

01:32:02   one interesting thing about this is that,

01:32:03   you know, yeah, people who wanna really fine grain

01:32:06   control their pricing will now have more options to do that.

01:32:09   I think the 29 cent thing could be more interesting

01:32:13   in the sense that it's almost a micropayment level now

01:32:17   where you can now have in-app purchase of that price.

01:32:22   So again, I'm not thinking there's gonna be

01:32:25   a whole bunch of 29 cent apps.

01:32:26   I think apps that are gonna succeed the most

01:32:28   are gonna still have to be free up front,

01:32:30   just like they have been for a long time.

01:32:32   However, 29 cents for in-app purchase,

01:32:36   I think I think that that could actually really affect things. I don't think for the worse,

01:32:42   I think it's probably just going to be additive in the world. Like I'm not I'm not thinking

01:32:46   of any reason why this is a bad thing. To have more options, you know, it's up to developers

01:32:51   how they use them. There's already rampant abuse of in app purchase everywhere all over

01:32:57   the App Store. There's already tons of scams and frauds and, and tricks and exploits that

01:33:02   that people do with psychology and the App Store rules

01:33:06   a little bit to do sleazy crap in the App Store.

01:33:09   So this isn't going to change any of that.

01:33:11   I think whatever potential for sleaziness in the App Store

01:33:15   this will enable has already been enabled for years

01:33:19   and is being let flourish by Apple,

01:33:22   either by neglect or act of encouraging.

01:33:24   So I don't think this is anything bad here.

01:33:28   I think it's only good.

01:33:29   The reason they're doing it are multifaceted.

01:33:33   Part of the reason they're doing it is

01:33:35   they wanna make the App Store better.

01:33:37   Part of the reason they're doing it

01:33:38   is they keep getting sued.

01:33:39   And I believe this was actually part of a settlement

01:33:42   to add more price tiers that they had to do

01:33:44   as part of some suit.

01:33:46   So the reality is the in-app purchase system

01:33:50   is still very limited in its capabilities.

01:33:54   It is still fairly overpriced in the market

01:33:58   in terms of its commission of what we have to pay them

01:34:00   to use it, and it is still competing by fiat

01:34:04   instead of by actual merit in most ways

01:34:07   because we aren't allowed to use anything else

01:34:09   on the iPhone.

01:34:10   And so this is a sign of Apple making their system better,

01:34:15   and that's good.

01:34:17   It shouldn't have taken this long to do this,

01:34:19   and their system is still not as good as it should be,

01:34:23   but I'm glad they're making progress,

01:34:25   And I wish that they were more forced to compete on merit

01:34:30   rather than gracing us with occasional enhancements

01:34:34   just out of the goodness of their heart slash lawsuits.

01:34:38   I wish they were actually being forced to compete on merit

01:34:40   because what they're doing here is really trying to get

01:34:44   the bare minimum functionality that they can get away with

01:34:47   while if they had to actually compete on merit,

01:34:50   look at all their competitors out there,

01:34:53   all the different payment processors

01:34:54   and payment platforms and everything.

01:34:55   And this is a drop in the bucket compared to what they offer.

01:34:58   - They did increase the top price to up to 10,000.

01:35:00   What was it before?

01:35:01   What was the top before?

01:35:02   - I believe 1000 before.

01:35:04   I could be wrong.

01:35:05   - And it's 10,000 upon request.

01:35:07   - Yeah, well, I mean, 10,000 is so weird

01:35:09   because like enterprise software costs more than that,

01:35:11   but regular software costs less.

01:35:12   So what the hell is 10,000?

01:35:13   That's just like in the middle of nowhere kind of,

01:35:15   anyway, whatever.

01:35:16   - It's a lot of gems and loot boxes and candy crush.

01:35:19   - Speaking of doing things better and having competition,

01:35:22   This is relevant to the discussion Jason and I had

01:35:26   on the upgrade that I guess that I'm recently,

01:35:28   that we will link in the show notes.

01:35:30   When I was using the, I tried out that Lenza app

01:35:33   that everyone's trying now with the AI image processing,

01:35:36   and you can hear me get very angry about that app on upgrade,

01:35:39   but not for this particular reason.

01:35:41   One of the things that I was angry about,

01:35:43   not the main one, but one of them

01:35:44   when I was playing with this,

01:35:46   was it has an app purchase for everything,

01:35:50   And it's fairly expensive, pay $6 so they can illegally

01:35:55   exploit the work of others to give you

01:35:56   a bunch of avatar images.

01:35:57   But I did one and I double tapped the side button

01:36:03   and face ID and in-app purchase went through, right?

01:36:07   And I saw on my Apple card the charge come up,

01:36:10   but nothing ever happened in the app.

01:36:11   It had no history of me doing that.

01:36:13   It's like, oh, you paid for a thing

01:36:14   and it should appear on the screen, but it's not there.

01:36:17   And so you go to their little help in the app

01:36:19   and it's like one of the FAQ items is like payment problem,

01:36:22   whatever, like, oh, you know, I paid for a thing

01:36:23   and I don't see it.

01:36:24   And they basically say, you know,

01:36:26   we can't give you a refund, which is true.

01:36:28   You should know from listening to ATP

01:36:30   that developers cannot give you a refund.

01:36:32   - That's not entirely true now.

01:36:35   With StoreKit 2, you can.

01:36:36   - Wait, what?

01:36:37   - You know, with StoreKit 2, there's an in-app refund flow.

01:36:41   - I thought it was just like a request a refund kind of,

01:36:44   like you could kick them to a certain screen, right?

01:36:46   Or is it--

01:36:47   - Maybe.

01:36:48   It's been a while since I've looked at this,

01:36:49   but with StoreKit 2, which is the new

01:36:52   like async/await powered StoreKit stuff,

01:36:54   there's absolutely a way,

01:36:56   I think it kicks to an Apple provided screen,

01:37:00   which is I think what you just said.

01:37:01   I forget, I'd have to look at it again,

01:37:03   but there is absolutely a new way that you can tell Apple,

01:37:07   hey, this user wants a refund,

01:37:09   and I forget exactly how it's processed from there.

01:37:11   - Right, well, the point is the request goes to Apple.

01:37:13   The request, I mean, the developer can facilitate the flow,

01:37:16   but in the end, Apple, and to most of the part,

01:37:18   Apple will fulfill that request.

01:37:21   They will give you the refund.

01:37:22   But the cost of it, the $6 charge that I got

01:37:26   that I got nothing for, right,

01:37:28   probably because of a bug in their program

01:37:29   or their servers are overwhelmed

01:37:30   or who knows what the problem was, right,

01:37:32   I made the calculation that it would be more annoying

01:37:35   than the $6 that I would get back

01:37:37   to try to go through the process.

01:37:38   'Cause now I have to go to,

01:37:40   they didn't have that flow facilitated,

01:37:41   so maybe if they had done that with Storch or two,

01:37:43   I would have tried it,

01:37:44   Like I have to go through a sort of the out of, you know,

01:37:47   out of band, go to this form, fill it out and say,

01:37:50   "Hey, I made an in-app purchase in this thing.

01:37:53   It was for this amount.

01:37:54   I made it roughly around this time

01:37:56   and I didn't get the thing before it gave me a refund."

01:37:58   Well, I made a bunch of $6 purchases

01:38:01   'cause I was playing with the program.

01:38:02   Which one of them didn't work?

01:38:04   I don't have even a way to identify it to say

01:38:07   like the fifth one for this amount made on this day

01:38:11   was the one I didn't get.

01:38:12   and it's just like, I just, it just seemed like such a headache.

01:38:15   I'm like, well, you win this time, you get my $6 and you didn't get anything from

01:38:18   because of how annoying it is in a competitive market.

01:38:22   Every purchase that you make through an in-app purchase system, you'd be able

01:38:25   to go to a webpage and see a history of all your transactions and each line

01:38:28   item would have a refund button at the end request refund, right?

01:38:31   Like how hard is it to return something to Amazon?

01:38:34   How hard is it to request a refund?

01:38:36   Like basic e-commerce functionality from the nineties is I can see a list of all

01:38:41   my transactions and I can do stuff to them right there.

01:38:45   I can look at the details of the order,

01:38:46   I can go link back to the pages of things,

01:38:48   and if I want to get a refund,

01:38:49   I don't have to go to someplace else

01:38:50   and dig something out right there.

01:38:52   It should say, do you want a refund in this order?

01:38:54   Do you want to initiate a return?

01:38:55   That's what the web is for, but in the world of Apple,

01:38:58   it's like, oh, go to a form on an Apple webpage

01:39:00   and now I guess in store kit too,

01:39:02   we'll try to facilitate that flow.

01:39:03   Forget about involving the developer

01:39:05   and allowing you to do a refund

01:39:06   or to do a refund programmatically or whatever,

01:39:08   just give the user enough knowledge.

01:39:09   Like all I had literally to know that this even happened

01:39:12   is I can go to transactions on my Apple card

01:39:14   and see a charge.

01:39:15   But beyond that, there's no record

01:39:17   that this thing ever happened anywhere else

01:39:18   and no way for me to identify it.

01:39:20   There's not even like an order number

01:39:21   or a transaction ID that's visible to me.

01:39:23   So frustrating.

01:39:24   Definitely not.

01:39:25   And this is like up to the standards of like,

01:39:28   maybe not 90s, but like early 2000s era e-commerce platforms

01:39:31   and the App Store does not meet that line.

01:39:34   - Yeah, I couldn't agree more.

01:39:36   And it's no good.

01:39:38   What are you gonna do?

01:39:39   But yeah, so apparently you can define all new,

01:39:43   or you can't define new price points,

01:39:45   but you can use a bunch of new price points.

01:39:47   They can end in various ending decimals,

01:39:51   so like something 95, something 99.

01:39:55   - Zero zero, finally.

01:39:56   - Yeah, I was gonna say, I think you can do zero zero,

01:39:58   like all sorts of different stuff.

01:40:00   And that's kind of exciting, I guess.

01:40:02   But yeah, I don't know.

01:40:04   This is nice, but it is far from revolutionary,

01:40:07   which I guess I shouldn't complain.

01:40:09   It's still better than nothing.

01:40:11   And then finally, very briefly,

01:40:12   Apple introduced Apple Music Sing,

01:40:15   which I don't think, yeah, it's available later this month.

01:40:18   But anyways, Apple Music Sing is an exciting new feature

01:40:20   that allows users to sing along with their favorite songs

01:40:22   with adjustable vocals and real-time lyrics.

01:40:25   Apple Music Sing offers multiple lyric views

01:40:27   to help fans take the lead, perform duets,

01:40:28   sing backup, and more,

01:40:29   all integrated within Apple Music's

01:40:31   unparalleled lyrics experience.

01:40:33   Coupled with an ever-expanding catalog

01:40:35   that features tens of millions

01:40:36   of the world's most singable songs,

01:40:38   Apple Music Sing makes it fun and easy for anyone to participate however and wherever they choose.

01:40:41   Available later this month to Apple Music subscribers worldwide. You can do it on iPhone,

01:40:46   iPad, and Apple TV. Vitici has, I think, taken a spin with this or has at least posted some

01:40:54   screenshots of it one way or another. We'll put a link to a tweet of his in the show notes. I don't

01:40:59   personally care for karaoke because I cannot carry a tune to save my life, but I think that's kind of

01:41:05   - Cool, I think it could be a fun party game.

01:41:07   We actually, I think I might have mentioned

01:41:08   we recently dug out our Wii and our rock band equipment

01:41:12   in order to play that with the kids from time to time,

01:41:15   and that's been quite fun, although,

01:41:17   as always with rock band, you never really find

01:41:20   anyone volunteering to be the singer.

01:41:22   What are you gonna do?

01:41:23   - I mean, that's a high-risk move.

01:41:24   - What, being the singer?

01:41:26   Yeah, it's terrible.

01:41:27   - Yeah, you know, everyone else is having fun.

01:41:29   You're the singer, like,

01:41:30   you're gonna be under some scrutiny.

01:41:31   - Yep, no, I couldn't agree more.

01:41:33   - But there are musical families,

01:41:34   like the Von Trapps or whatever,

01:41:36   where everyone wants to be the singer

01:41:37   'cause they can all carry a tune, must be nice.

01:41:40   - Must be friggin' nice.

01:41:41   Anyway, this is cool, I don't personally have a lot

01:41:43   to say about it, but I think it's neat,

01:41:45   and I'll definitely at least check it out,

01:41:47   and I'm curious what the user interaction

01:41:49   looks like for this.

01:41:50   Obviously, again, we've seen some screenshots,

01:41:52   but I think this is one of those things

01:41:53   you're gonna have to use it to really see how it feels.

01:41:55   But hey, that's kinda cool.

01:41:57   - Yeah, I think it's really cool.

01:41:58   - When I saw this feature, my first thought was,

01:42:02   Are they extracting the vocals using machine learning?

01:42:06   The answer seems to be no.

01:42:07   They're just using the fact that they have multitrack versions of these songs for their

01:42:11   Dolby Atmos versions.

01:42:12   They already have isolated vocals.

01:42:14   That's why they can just...

01:42:16   They're not extracting the vocals.

01:42:18   Vocals are already extracted.

01:42:19   That's why I think it's not going to be on every song in their catalog, but only however

01:42:23   many million they have these Dolby Atmos multitrack things for.

01:42:27   There are lots of really cool machine learning things that can extract vocals from songs.

01:42:32   You don't need a machine learning.

01:42:33   Machine learning is such a term,

01:42:34   and you gotta put it on everything now

01:42:35   to get VC funding or whatever.

01:42:36   But you can extract vocals from songs

01:42:39   by subtracting from the left channel from the right channel

01:42:41   if the vocals right in the middle or whatever.

01:42:42   There's very dumb digital signal processing things

01:42:44   you can do to try to get the vocals out.

01:42:47   But machine learning things can do a really scary good job

01:42:51   of doing it even if you just have a mixed thing.

01:42:53   But Apple doesn't have to worry about any of that

01:42:55   'cause they've got the individual tracks.

01:42:57   And yeah, this stuff looks fun.

01:42:58   And Apple's lyrics thing are actually pretty good.

01:43:00   I don't know if you ever accidentally tapped

01:43:01   that little double quote mark in a speech bubble in the bottom of Apple Music on your

01:43:06   phone and see the words come up.

01:43:08   But they do a good job of scrolling them.

01:43:10   They almost always look like a karaoke thing because they would scroll the lyrics and highlight

01:43:13   the ones as they're saying them.

01:43:15   The timings are really good.

01:43:17   The lyrics are usually pretty good.

01:43:19   The screenshot Petitche put in there, he put in "I've Had the Time of My Life" from Dirty

01:43:22   Dancing, which is like a duet, and it shows one person's vocals on the left side and the

01:43:26   other person's vocals on the right side so two people can sing at the same time.

01:43:30   again, not advanced technology, but a fun feature that they basically had all the pieces

01:43:34   of in Apple Music and now they have the final one. So I give this a thumbs up for all those

01:43:38   people out there who can actually carry a tune.

01:43:40   - Yeah, and I think if the catalog is actually broad enough that you can find stuff in there

01:43:47   that you want to sing where they actually do have the vocals isolated out, that's really

01:43:50   cool. And I don't know if Spotify has the same feature. I don't really pay attention

01:43:55   to the karaoke world, but that's a cool thing to do when you have the position they

01:44:00   they have in the music business where they can actually get all these mixes with the

01:44:03   vocals isolated out. That's a really cool thing to offer. And now anybody who has an

01:44:09   iPhone can anywhere do a karaoke party or whatever. That's a pretty cool thing.

01:44:15   And I like the fact that you can control the vocal volume because if you're not confident

01:44:20   enough in your singing, you can have the real vocals like 50% and it'll be a little bit

01:44:24   more like you're singing in the shower and it's a mercy that you can't even hear yourself

01:44:28   over the sound of the actual vocals.

01:44:31   - I mean, just think about how much parents

01:44:32   can torture their kids in the car with this.

01:44:35   - Oh my.

01:44:36   - Yeah, some people are pointing out in the chat,

01:44:38   like you read the thing before

01:44:39   that's available on Apple TV 4K.

01:44:41   Is it not available on the previous Apple TV 4Ks

01:44:45   and on the pre-4K Apple TVs?

01:44:48   - I don't know, that's a good question.

01:44:49   - And of course the Mac, no one cares about the Mac,

01:44:51   but the Mac was not mentioned.

01:44:52   I guess you can't do this on your Mac.

01:44:54   can only do it on iPhone, iPad, and the new Apple TV 4K.

01:44:58   That Apple TV 4K thing seems suspect to me,

01:45:01   but the lack of Mac seems very clear.

01:45:03   We are brought to you this week by Collide,

01:45:07   an endpoint security solution that uses

01:45:09   the most powerful untapped resource in IT, your end users.

01:45:14   Whether you're trying to achieve your security goals

01:45:16   for a third party audit or for your own compliance standards

01:45:19   the conventional wisdom is to treat

01:45:20   every device like Fort Knox.

01:45:22   Old school device management tools like MDMs

01:45:25   force disruptive agents onto employee devices

01:45:28   that slow down performance and treat privacy

01:45:30   as an afterthought at best.

01:45:31   And that way of doing things turns IT admins

01:45:34   and end users into enemies.

01:45:35   And it creates its own security problems

01:45:37   because users turn to shadow IT just to do their jobs.

01:45:40   So Collide does things differently.

01:45:43   Instead of forcing changes on users,

01:45:44   Collide sends them security recommendations via Slack.

01:45:47   It'll automatically notify your team

01:45:49   if their devices are insecure

01:45:51   and give them step-by-step instructions on how to solve the problem themselves.

01:45:55   By reaching out to employees via a friendly Slack DM and educating them about company

01:46:00   policies, Collide can help you build a culture in which everyone contributes to security

01:46:03   because everyone understands how and why they do it.

01:46:06   And for IT admins, Collide provides a single dashboard to monitor the security of your

01:46:11   entire fleet whether they're running Mac, Windows, or Linux devices.

01:46:15   You can see at a glance which employees have their disks encrypted, their OS up to date,

01:46:19   password manager installed, making it easy to prove compliance to your auditors, customers,

01:46:24   and leadership.

01:46:25   So that's Collide, user-centered, cross-platform endpoint security for teams that slack.

01:46:31   You can meet your compliance goals by putting users first.

01:46:35   Visit collide.com/ATP to find out how.

01:46:38   If you follow that link, they'll hook you up with a goodie bag, including a t-shirt,

01:46:41   just for activating your free trial.

01:46:44   Once again, KOLIDE, it's spelled K-O-L-I-D-E, KOLIDE.com/ATP.

01:46:49   Thank you so much to KOLIDE for sponsoring our show.

01:46:52   [MUSIC PLAYING]

01:46:55   All right, let's do some Ask ATP.

01:46:57   And Daryl Thornton writes, "Now that he

01:46:59   has had a Mac Studio running under his desk for some time,

01:47:01   can Jon give us an update of how it compares to his ideal

01:47:04   computer, the Mac Pro, and what things a new Mac Pro should

01:47:07   have that the Studio does not, above and beyond a separate

01:47:10   video card, of course?"

01:47:11   I mean, the new Mac Pro doesn't need a separate video card,

01:47:13   but it needs more of everything.

01:47:16   What does the MacStudio not have that I want?

01:47:19   More GPU.

01:47:21   It can be built in, but it just needs more of it,

01:47:23   a lot more of it, and it's gonna have a lot more of it.

01:47:25   And then also things, boring things, more RAM.

01:47:27   The MacStudio maxes out at what, 64?

01:47:30   I've got more than that in my Mac Pro.

01:47:31   You can't get more than that in a MacStudio.

01:47:33   The Mac Pro--

01:47:34   - I thought the studio could do 128.

01:47:35   - With the Ultra maybe?

01:47:38   - I think that's right.

01:47:39   - The Mac Pro can go up to like 1.5 terabytes,

01:47:41   so it's in a different league there.

01:47:42   Now the new Mac Pro probably won't go that high,

01:47:45   but what does it need over the Mac Studio?

01:47:46   More than that.

01:47:47   Maybe even simple things like more storage.

01:47:49   It might max out at the same size,

01:47:51   'cause it's not like SSDs take up that much room,

01:47:53   and I think the Studio maxes out at eight terabytes maybe?

01:47:56   - Yeah, eight terabytes, and it is 128 by the way.

01:47:59   - Yeah, all right, anyway.

01:48:01   The Mac Pro could go higher than that.

01:48:03   And then obviously there's expansion.

01:48:05   We don't know where they're gonna go in that direction,

01:48:07   but the Mac Studio kinda doesn't have much of any,

01:48:09   it's really small.

01:48:10   the Mac Pro could have expansion to add even more stuff.

01:48:14   But even setting aside expansion,

01:48:16   just ignore expansion entirely.

01:48:17   It should just have the capacity for more stuff,

01:48:20   more CPU cores, more RAM, more GPU cores, more power.

01:48:25   So there you go, that's the Mac Pro.

01:48:27   - Mark Romerman writes,

01:48:29   "How are you backing up the shared photo library

01:48:30   from your Mac?

01:48:31   Does it create another accessible photo library on the Mac

01:48:34   or is it hidden away in a library directory somewhere?"

01:48:38   For me, I don't do that much to the library.

01:48:43   Like, I don't--

01:48:44   I favorite some stuff.

01:48:45   I don't really make many albums.

01:48:47   So I don't really--

01:48:49   I don't actively--

01:48:51   I don't do anything specific to back this stuff up.

01:48:53   I have backblaze.

01:48:54   I have Time Machine.

01:48:55   But I don't do anything explicit or specific to back

01:48:58   this stuff up, in part because I consider the one true copy

01:49:01   of my photos, the files, on the file system on my Synology.

01:49:04   But I suspect that, John, you have some sort of opinion and/or

01:49:07   strategy about this? Yeah, I think that what this is asking is like, all right, so say I'm participating in a shared library. When I back up my photo library, like if I go to where my photo library is, you know, whatever dot i photo library file or whatever, are the shared library photos in there? Or are they only in the cloud? Right? And I tried to answer this question as best I could without an official Apple answer, by just looking inside that package file and seeing what's in there. As far as I can tell, on my computer, I have the shared library,

01:49:37   you know, being, participating in the shared library

01:49:42   on my wife's account on my computer

01:49:44   set to download originals and the iCloud,

01:49:48   the iPhoto library package thing

01:49:50   is the size I would expect it to be

01:49:52   if all the photos were in there.

01:49:53   Because when you go to like view my wife's personal library

01:49:56   on her account and her thing, there's nothing in it.

01:49:58   And yet the library thing is like over a terabyte, right?

01:50:01   So I think when you do that,

01:50:03   it doesn't make a separate library somewhere

01:50:05   in your existing iPhoto library package thingy,

01:50:09   that's where it will download all of the photos

01:50:12   from the shared photo library into that package.

01:50:15   And then it'll be backed up

01:50:17   just like it has been in the past.

01:50:19   I'm not 100% certain of that.

01:50:21   If anyone can get an official answer from Apple,

01:50:23   that would be great, but as far as I can tell,

01:50:25   that's how it works.

01:50:26   So whatever your backup procedure was,

01:50:27   like you were saying Casey,

01:50:28   oh, I back it up with Time Machine,

01:50:29   I back it up with Backblaze,

01:50:31   it's the same rules as before.

01:50:33   If you set it to download originals

01:50:34   and you use any backup software on that package,

01:50:37   you'll have backups of everything.

01:50:39   - And finally, Guillermo Alias writes,

01:50:41   "I've been a Mac user for about 10 years.

01:50:43   "One thing that I've never understood about the Mac

01:50:45   "is why I can't properly close the Finder app.

01:50:47   "Is it the only, it is the only app I can think of

01:50:49   "that just refuses to accept a command Q command,

01:50:52   "and I can't figure out why,

01:50:54   "since it is quote unquote just a file manager.

01:50:56   "Why is Finder so stubborn, John?"

01:50:58   - I remember one of the very early things I did with ResEdit

01:51:02   on the classic Mac OS was added command-q quit menu item

01:51:06   to the Finder.

01:51:07   And then you could just hit command-q in the Finder

01:51:09   and it would quit.

01:51:10   I mean, there is a interface reason why it's always running

01:51:14   because back in the original Mac,

01:51:15   the Finder was kind of that was your computer,

01:51:17   kind of when you turned it on, there it was.

01:51:20   And it didn't make sense for it to go away

01:51:22   because of what would be in its place.

01:51:23   In the modern era, the dock has taken over a lot of this,

01:51:27   but still a lot of things in the system

01:51:31   expect the finder to be running and they expect to be able to send messages to the finder through Apple events and

01:51:37   Have things work

01:51:38   so there are Mac applications that you may use probably older ones at this point that may just

01:51:42   expect to be able to fire off an Apple event to the finder and

01:51:46   Expect it to already be running as be able to process that I believe the finder will launch in response to that if it's not

01:51:51   Running but it's just what the rest of the system expects so you can quit the finder

01:51:56   It will relaunch automatically, but there are ways to sort of make it stay dead

01:52:00   but you don't want to do that because every other part of the system expects

01:52:05   it to already be running and will ask it to do things as if it's running and will

01:52:09   relaunch it if it's not running and it's there because that's sort of like that's

01:52:14   what's on the computer when you aren't running any applications that's just the

01:52:17   way the Mac works it's not just a file manager again the doc has taken over a

01:52:20   lot of stuff like the doc runs I think doc runs mission control the doc does

01:52:24   all sorts of things that you wouldn't expect it to do but the finder also does

01:52:27   lots of important jobs.

01:52:29   In particular, I think a lot of things

01:52:31   that launch services do may not require the Finder

01:52:35   to be running, but expect it to be running,

01:52:37   and that may also trigger it to launch when it's not running.

01:52:40   But yeah, it's mostly historical,

01:52:42   and the historical stuff has ramifications in your life,

01:52:45   so don't try to quit it and kill it.

01:52:47   Hopefully Finder is not using all your RAM

01:52:49   or grinding your disk.

01:52:50   Just let it be there in the background.

01:52:51   I think, what runs a desktop background?

01:52:53   Is that the Finder?

01:52:54   That's probably also the Dock.

01:52:55   The Dock has really taken over a lot of stuff

01:52:57   from the Finder.

01:52:58   You kinda can't quit the dock either.

01:52:59   I mean you can but it pops right back up.

01:53:01   So don't quit either one of those things.

01:53:03   Just let 'em run.

01:53:04   - Yeah, I kinda consider Finder to be the shell.

01:53:07   Even though I know kind of like the dock process kind of is

01:53:09   but like to be like Finder is like the shell process

01:53:12   of Mac OS, like it's always there.

01:53:16   - It really, login window is the shell process.

01:53:18   Don't kill login window.

01:53:19   (laughing)

01:53:20   - Yeah.

01:53:21   All right, thank you to our sponsors this week.

01:53:24   Trade Coffee, Collide, and Backblaze.

01:53:26   And thanks to our members who support us directly.

01:53:28   You can join atp.fm/join,

01:53:31   and we'll talk to you next week.

01:53:33   (upbeat music)

01:53:36   ♪ Now the show is over ♪

01:53:38   ♪ They didn't even mean to begin ♪

01:53:41   ♪ 'Cause it was accidental ♪

01:53:43   ♪ Oh, it was accidental ♪

01:53:46   ♪ John didn't do any research ♪

01:53:48   ♪ Marco and Casey wouldn't let him ♪

01:53:51   ♪ 'Cause it was accidental ♪

01:53:54   And you can find the show notes at ATP.FM And if you're into Twitter, you can follow

01:54:01   them @C-A-S-E-Y-L-I-S-S So that's Casey List M-A-R-C-O-A-R-M

01:54:13   Anti Marco Arment S-I-R-A-C-U-S-A-C-R-A-C-U-S-A

01:54:21   ♪ Nicely recused, it's accidental ♪

01:54:26   ♪ They didn't mean too accidental ♪

01:54:31   ♪ Tech podcast so long ♪

01:54:34   - I killed a mouse.

01:54:37   Like not the, you know, running aroundy kind.

01:54:40   - The harpoony belly kind?

01:54:43   - Yeah, I've never like worn out a magic mouse before, but--

01:54:47   - What part of it wears out, the button?

01:54:49   No, the button is actually totally fine.

01:54:51   I've worn out all the crappy Razer gaming mice.

01:54:56   No, it started tracking badly.

01:54:58   The vertical tracking was okay,

01:55:01   but the horizontal tracking, for some reason,

01:55:03   it kept juttering and everything.

01:55:04   At first I thought interference, low battery, whatever.

01:55:07   I tried it on different Macs in different rooms.

01:55:10   I tried obviously charging it, turning it off, turning it on.

01:55:12   It just is breaking.

01:55:14   - That sounds like what happened to my two Microsoft mice.

01:55:17   It was the same thing.

01:55:18   The tracking started getting all wonky,

01:55:19   and I thought it was all sorts of other things

01:55:20   and eventually realized this is what it was.

01:55:22   I wonder what causes that.

01:55:23   I mean, it could be like you have to clean

01:55:24   the plastic lens or whatever,

01:55:26   but I think it seems like some kind of hardware failure

01:55:28   inside the thing.

01:55:29   - Yeah, I tried obviously blowing out the sensor,

01:55:33   nothing appears to be in there.

01:55:34   I mean, this is the mouse that came with my iMac Pro,

01:55:38   which is what, 2017?

01:55:40   And I've used it heavily as my main desktop mouse

01:55:44   for that entire time.

01:55:45   So I've used the crap out of this mouse.

01:55:47   So if something is going to wear out over time,

01:55:50   that's a fairly reasonable thing to wear out

01:55:53   after whatever it's been, five, six years.

01:55:56   - But it's weird, isn't it weird that the electronics

01:55:58   and the optical sensing parts of things

01:56:00   with no moving parts would be the things to wear out?

01:56:02   - Yeah, for real.

01:56:03   - Yeah, that's why it was very surprising to me

01:56:06   that it died in that way.

01:56:08   Anyway, I feel like I've achieved something.

01:56:10   I don't think I've ever killed an Apple mouse before.

01:56:12   - We can hang it up on the wall.

01:56:13   - Yeah. (laughs)

01:56:14   - It's your trophy.

01:56:15   Actually you could just hang it on a nail, because if I remember right, I haven't used

01:56:19   one in a while, but the little...

01:56:20   Hang it on the lightning port.

01:56:21   Yeah.

01:56:22   No, well that's true.

01:56:23   No, I meant the optical sensor.

01:56:25   You could just stick the nail, or the optical sensor, that little circle, that hole right

01:56:28   on the nail, and it's perfect.

01:56:29   [BEEPING]