444: It Should Definitely Bother Apple


00:00:00   - In other news, some jackass named Casey

00:00:02   just started recording two and a half minutes ago.

00:00:04   So I'm gonna leave you a nice edit.

00:00:05   So in case you wanna cut all that--

00:00:07   - I'm gonna kill it. - I know.

00:00:09   - Your punishment is I'm gonna have to use

00:00:10   the low-quality Zoom version for your opening banter.

00:00:13   - That is also completely acceptable, no joke.

00:00:15   But do you want me to leave you like a nice

00:00:16   let's start with follow up right now?

00:00:18   - Do you need to have a checklist, Casey?

00:00:20   - I do, I need to call Merlin. - I suggested that Merlin

00:00:22   have a checklist, and maybe you need a checklist, too.

00:00:25   - It's been a long time.

00:00:26   And the problem is, I was all out of sorts today,

00:00:29   and I'm the one who caused us to come and do this today.

00:00:32   And then I felt like I was late to get to our Zoom call.

00:00:35   It's entirely my fault.

00:00:36   Like, I'm not trying to blame anyone but me.

00:00:38   But I was all out of sorts, I didn't hit record,

00:00:40   and I'm used to call recorder having my back on this one.

00:00:43   And because we switched to Zoom,

00:00:45   and because we were all eventually going to be on M1 Max,

00:00:48   except maybe John, it wasn't there to save me.

00:00:51   It's all my fault, but I feel dumb.

00:00:53   Anyway, so you don't want to go at it,

00:00:55   you're just gonna use the crap copy.

00:00:56   That's totally fine, it's entirely my fault.

00:00:58   I do not blame you at all, but I'll leave you

00:01:00   a nice intro if you want it.

00:01:02   - You'll find out.

00:01:03   - Okay.

00:01:04   - See, the problem is, if I use the crap copy,

00:01:06   it punishes you, but it also punishes me,

00:01:08   because people will first think

00:01:09   that I just suck at audio quality.

00:01:11   (laughing)

00:01:13   - Well, you could also leave all this in if you would like.

00:01:15   - People don't even notice.

00:01:17   It'll be short enough, it'll sound like,

00:01:18   oh, it sounded weird in the beginning,

00:01:19   but then it sounded normal, it'll be fine.

00:01:21   - I'm gonna do this for me, and you're going to ignore it,

00:01:24   and that's fine, but it will make me feel slightly better

00:01:26   about my ineptitude.

00:01:28   So I need you two to shut the hell up for like 10 seconds.

00:01:30   - Are you re-recording an intro?

00:01:31   - You're never gonna be able to do it naturally.

00:01:33   It's always gonna sound awkward.

00:01:34   - No, no, just, let me give it a shot.

00:01:36   - We are sponsored this week by Squarespace.

00:01:38   - God dammit.

00:01:39   All right.

00:01:40   - Recording. - Hey, listeners.

00:01:42   Would you two shut up for two seconds?

00:01:44   - That's an incomparable joke for you there, Casey.

00:01:47   - Hey, listeners, it's your pal Casey.

00:01:49   Some dummy, like me, forgot to hit record right away

00:01:52   when I started recording tonight.

00:01:53   So if I sound like garbage, it's not Marco's fault,

00:01:55   it's not John's fault, it's not your phone's fault,

00:01:58   it's my fault.

00:01:58   But don't worry, I hit record after a few minutes,

00:02:01   and then I'll sound just like I normally do.

00:02:02   - I'm not gonna use this.

00:02:04   I would never put that in.

00:02:06   I would, I've already done the edit in my head.

00:02:08   I gotta cover, don't worry.

00:02:09   I know exactly what I'm gonna do.

00:02:11   There's no way I'm gonna use something like that ever.

00:02:13   - You've heard of headcanon?

00:02:14   Marco's got headedit.

00:02:16   - Yeah. (laughs)

00:02:17   - Hi, listeners, like this.

00:02:19   - Why, why would I ever do that?

00:02:21   - Hey, if you, I, because I just wanted to give you

00:02:24   the option, it makes me feel better to know

00:02:25   you have the option.

00:02:26   I know you're not gonna use it.

00:02:27   It's not for you, it's for me.

00:02:28   - Hey, listeners, Casey here.

00:02:30   I'd like to apologize for my ineptitude

00:02:33   starting my recording tonight.

00:02:34   - You should apologize for his counterfactual statements

00:02:38   about cryptocurrency.

00:02:39   That's what you should be apologizing for.

00:02:40   - Oh, God.

00:02:42   - I just, I hate to tell you, Casey,

00:02:43   but you really just don't have any of your facts

00:02:46   right on cryptocurrency.

00:02:46   - Things you said were based not in fact but ignorance.

00:02:49   Here are five paragraphs describing how wrong you are.

00:02:53   - We're lucky if they have paragraph breaks.

00:02:55   - Oh, God, you wanna restart the whole friggin' show

00:02:57   'cause we can do that. - No, no, no.

00:02:59   - I'm kidding, I'm kidding, I'm kidding, I'm kidding.

00:03:01   - We plow bravely forward.

00:03:02   - Yep, this is all goin' in.

00:03:04   - I wanted to bring up just a very quick follow-up item

00:03:09   from last week's Ask ATP.

00:03:11   Somebody had asked about what camera to take to Disney World,

00:03:16   and I actually really enjoyed that discussion.

00:03:17   I thought it was very interesting, but somebody,

00:03:20   Ryan D. wrote in to remind me of Disney PhotoPass,

00:03:23   and if you're not a Disney World person,

00:03:24   this probably means nothing to you.

00:03:25   I'll try to be very brief.

00:03:27   Disney PhotoPass is a thing that you can add on,

00:03:29   of course, for money, where as you are around the parks,

00:03:33   you can choose to have your picture taken

00:03:36   by Disney photographers that have DSLRs,

00:03:38   and I don't recall exactly what equipment they have,

00:03:40   but I know they're DSLRs.

00:03:42   And as you're around the park, you can say,

00:03:43   "Hey, would you mind taking a picture of us, please?"

00:03:44   And they'll scan your ticket

00:03:46   or your MagicBand or what have you,

00:03:47   and then that evening, that thing,

00:03:51   that picture will be in your online account,

00:03:53   so you can download a full res copy

00:03:55   and so on and so forth.

00:03:56   I think it was a couple hundred bucks

00:03:59   when we went in late 2019 for Declan Spiff,

00:04:02   which on the surface is a lot of money

00:04:04   to have these Disney photographers take your picture,

00:04:06   but I absolutely think it's worth every ounce

00:04:09   of the money you spend, because not only can you do this

00:04:12   and get everyone in the pictures

00:04:13   as opposed to all of our family pictures,

00:04:15   where it's everyone but me because I'm taking the picture,

00:04:17   but also, as you get on and off rides,

00:04:19   you can just bloop your ticket

00:04:20   and it will automatically send that ride photo

00:04:24   that in the before times, before before times,

00:04:27   it used to cost like 20 bucks for each of these,

00:04:29   it'll sync that ride photo with your account

00:04:30   and then you can just download it on your own,

00:04:32   which is super great.

00:04:33   In some cases, in some rides,

00:04:35   by some magic I'm not entirely clear on,

00:04:37   it'll actually automatically figure out

00:04:39   which vehicle you were on and which photo you're in

00:04:42   and sync that with your account.

00:04:43   You don't have to do any manual blooping of any sort.

00:04:45   So that's Disney PhotoPass.

00:04:47   If you are a Disney World person or Disneyland,

00:04:49   I mean, I'm sorry if all you have is Disneyland,

00:04:51   but that's neither here nor there,

00:04:52   if you're a Disney World person, please check that out.

00:04:54   It's very, very good.

00:04:56   - Yeah, I think we got that when we went.

00:04:57   And if you were like the person last week

00:04:59   who was asking what kind of cameras should they bring

00:05:01   and whether they should use like a rental company

00:05:03   to get one, chances are good that you probably also

00:05:05   want to take your own photos

00:05:07   because the Disney, the PhotoPass ones are what you expect.

00:05:10   It's you in front of landmarks, taking in a group picture,

00:05:13   maybe doing a fun pose, right?

00:05:14   But if you're taking your own camera

00:05:16   and wanting to get more candid things or casual things

00:05:18   or photos of other aspects traveling to and from the park,

00:05:22   your hotel room, kids waiting in line,

00:05:25   or all sorts of stuff like that,

00:05:26   you want to take your own pictures too.

00:05:27   So I like everything at Disney.

00:05:30   It's an add-on and it's a good add-on

00:05:32   and you should get it in addition to the other thing

00:05:34   and also the other thing and also the other thing.

00:05:36   So Disney is expensive, but PhotoPass does have value.

00:05:41   Like Casey, I think the only pictures we have

00:05:44   with me in them are the PhotoPass pictures.

00:05:45   - Exactly. - I'm taking all the pictures.

00:05:47   And some of them are good.

00:05:49   And then one more note.

00:05:50   Casey keeps saying DSLR.

00:05:52   I'm assuming they don't have the little mirrors

00:05:55   flapping up and down in their cameras anymore,

00:05:57   but this is just the, what you're trying to say with that

00:05:59   is an interchangeable lens digital camera?

00:06:01   Is that what you're trying to say?

00:06:02   - Yes, yes.

00:06:03   A big fancy camera, TM.

00:06:05   Moving right along, Dan Chandler had some interesting

00:06:08   feedback with regard to cybersecurity and bug bounties

00:06:11   and things of that nature.

00:06:12   I'm a cybersecurity professional, says Dan Chandler,

00:06:14   and have helped run bug bounties for some large organizations

00:06:17   there are a few reasons why an organization

00:06:18   should not just pay out for any bug that's reported.

00:06:21   First of all, many vulnerabilities reported

00:06:22   to bug bounty programs are also sold to criminals.

00:06:24   If I'm willing to sell to criminals,

00:06:26   then why not get paid twice?

00:06:28   Secondly, if you host a bug bounty program

00:06:29   that is too quote unquote generous,

00:06:31   then you get more and more people hunting for defects

00:06:33   in your product.

00:06:34   You have to assume that some percentage of these people

00:06:36   are going to sell their exploit to a criminal

00:06:37   as well as submit it to the bug bounty program.

00:06:40   Since you cannot fix every vulnerability instantly,

00:06:42   you wanna balance the desire to encourage someone

00:06:44   who finds a vulnerability to come forward with the risk

00:06:46   to the public of paying random people

00:06:49   to hunt for vulnerabilities in your product or service.

00:06:53   And then finally, it's actually pretty uncommon

00:06:55   for a bug bounty program to uncover a major vulnerability

00:06:58   the company did not already know about.

00:06:59   It happens, but it's rare.

00:07:01   The main purpose of the large bug bounty payouts

00:07:03   is essentially to provide hush money to someone

00:07:04   who does find a major vulnerability before dispatched.

00:07:08   - Yeah, I think that that's true in general,

00:07:10   but for Apple and the iPhone specifically,

00:07:13   there's probably not much more you could do

00:07:15   to encourage people to find exploits.

00:07:17   People are already highly motivated to do that.

00:07:22   So, I mean, it is definitely a balance,

00:07:24   but in general, this definitely makes sense.

00:07:27   The getting paid twice thing,

00:07:28   I feel like that's just the cost of doing business.

00:07:30   I mean, like, yeah, that's gonna happen.

00:07:32   You don't have control over it,

00:07:33   but all you can do is encourage

00:07:37   all the honest people to come,

00:07:39   and yeah, the dishonest people are also gonna come.

00:07:40   It's just the cost of doing business, but it's a shame.

00:07:43   The hush money thing is interesting

00:07:45   because you see it from my read

00:07:50   on these people's blog posts and stuff,

00:07:52   the people who are trying to do the right thing

00:07:54   and keep quiet for such a long time,

00:07:57   and what I feel like is the motivation of these people

00:07:59   to eventually break their silence

00:08:01   and just essentially refuse the money

00:08:02   is not so much that, like, oh, you can pay me to keep quiet,

00:08:07   but if you don't, I'm gonna out you,

00:08:08   is there is cache and reputation boost

00:08:13   to finding an important vulnerability.

00:08:14   You can talk about it at a security conference, right?

00:08:17   Like, it helps your profile in the security business

00:08:21   to find big vulnerabilities,

00:08:23   and the longer you have to keep quiet about them,

00:08:25   the more you can't give talks about them.

00:08:29   It's like you don't get reputational credit for it, right?

00:08:31   And the things I'm reading are people

00:08:33   who essentially end up turning down the money from Apple.

00:08:35   Now, maybe they already sold it to criminals,

00:08:36   but I can't tell that from their blog post,

00:08:38   but it seems to me that they really just wanna tell the world

00:08:41   that they found this 'cause they're proud of it,

00:08:43   but Apple says, oh, you can't until we fix it,

00:08:45   and they send an email once every six months

00:08:47   to say, no, it's not fixed yet, so that can be refreshing.

00:08:50   But anyway, these are all important points in general

00:08:52   with bug bounty programs that,

00:08:53   especially if you have a thing

00:08:55   that people previously weren't breaking into,

00:08:57   but suddenly you're giving out millions of dollars,

00:08:59   yeah, it's gonna attract a bunch of new people

00:09:00   to try to find holes in your thing,

00:09:01   and your thing does have holes in it

00:09:03   because they all do because they're made by people.

00:09:06   - I wanted to briefly talk about cryptocurrency

00:09:08   because I really like feedback email, apparently.

00:09:11   - Why? - We got a ton,

00:09:13   we got a ton of feedback.

00:09:15   We got a ton of feedback about crypto.

00:09:17   - Mostly from libertarians, tech bros, and finance bros.

00:09:19   - Yes, and we got, to my recollection, maybe I missed it,

00:09:24   but to my recollection, we got literally zero email

00:09:27   about CSAM or maybe a couple of items,

00:09:30   and boy, did we get a bunch on crypto,

00:09:31   so we can tell what ATP listeners care about,

00:09:34   or perhaps what they disagree with.

00:09:35   But I did wanna point out the,

00:09:38   I'm trying to temper myself here.

00:09:40   The most compelling argument that I personally have heard

00:09:43   in favor of cryptocurrency,

00:09:44   which I have not had a lot of time to research,

00:09:46   but I did very, very briefly,

00:09:48   is that apparently, in countries like Nigeria,

00:09:51   as an example, Bitcoin may actually be

00:09:54   kind of the savior it is claimed to be.

00:09:56   My limited understanding, please fact check this

00:09:58   if you're interested because I'm probably lying

00:10:00   to you accidentally, my limited understanding is,

00:10:02   in some of these countries like Nigeria,

00:10:04   the, what is it, fiat currency,

00:10:07   what's the derogatory term that you use for--

00:10:09   - I believe that's it, yeah, fiat currency, yeah.

00:10:11   - The fiat currency is like falling apart in a disaster,

00:10:14   and so a lot of regular shmoes in Nigeria,

00:10:17   if what I've read is to be believed,

00:10:20   are turning to Bitcoin to kind of take banking,

00:10:22   or take money into their own hands.

00:10:24   And if that really is the case,

00:10:26   then okay, I can get behind that.

00:10:28   That seems somewhat legitimate.

00:10:31   I still think there are better ways to go about this,

00:10:33   perhaps, but if it costs the heat death of the universe

00:10:36   in order to get us there, then YOLO.

00:10:38   But I did want to point out that that was

00:10:40   one of the few semi-compelling arguments I've heard,

00:10:43   even though we have heard a lot of arguments

00:10:44   about Bitcoin over the last week,

00:10:47   not even like six days, four to five days,

00:10:49   since we released it.

00:10:50   - Would you call them arguments?

00:10:52   - A lot of well actuallys.

00:10:54   - We've been sent a lot of words about Bitcoin

00:10:56   over the last few days.

00:10:58   (laughing)

00:10:59   A lot, like the average length of the emails

00:11:01   is quite high.

00:11:03   - I don't want to make Casey disappointed,

00:11:04   but I think the one thing you picked out

00:11:06   is maybe a redeeming value of Bitcoin,

00:11:09   I feel like is exactly in keeping

00:11:11   with our collective take on it on the last episode,

00:11:14   because the situation you just described is

00:11:17   you have people in a country with a failing monetary system

00:11:21   and they can't trust their government

00:11:23   to run the monetary system,

00:11:25   or the monetary system is badly broken by corruption,

00:11:27   or massive inflation, or all sorts of other problems.

00:11:30   They don't have a good functioning monetary system.

00:11:32   So Bitcoin to the rescue, right?

00:11:34   That's exactly the scenario we were describing,

00:11:37   where Bitcoin is useful.

00:11:39   If you have a bunch of people who can't trust each other

00:11:42   and there's no middle party to be the trusted,

00:11:45   you know, finance institution,

00:11:48   like say if you're a criminal

00:11:49   or you're trying to collect ransomware,

00:11:51   or you're living in a failed state

00:11:52   and the monetary system of your entire country

00:11:54   has fallen apart, yeah, Bitcoin is there for you.

00:11:57   That's the exact use case.

00:11:59   Now in this case, you're not a criminal,

00:12:00   or you're not doing anything wrong.

00:12:01   It's not your fault you live in this country.

00:12:03   And so it's good that there's something,

00:12:05   and that's why the underlying technical structure

00:12:09   of having a way for people who don't trust each other

00:12:12   to nevertheless be able to securely transact

00:12:15   without anyone in the middle who they all have to trust,

00:12:18   that's why this is interesting.

00:12:20   But if the only time it becomes relevant or useful

00:12:23   is if like it's your last resort,

00:12:25   that's not an endorsement of Bitcoin or cryptocurrency.

00:12:28   That's a condemnation of the monetary system

00:12:30   of the country that you live in, right?

00:12:32   If Bitcoin was super awesome for being a currency,

00:12:37   we would all be using it in this country,

00:12:38   'cause why wouldn't we?

00:12:39   But instead we use dollars

00:12:40   because they're better for that.

00:12:41   Yeah, and like as a sort of,

00:12:47   if you have to use Bitcoin specifically

00:12:50   for your monetary transactions,

00:12:53   because you have no choice,

00:12:54   your other monetary choices must be really bad

00:12:58   because I would never want to use as my money

00:13:02   a thing whose value can be cut in half

00:13:04   over the course of a couple of months.

00:13:06   It's extremely volatile.

00:13:08   It's not, you know, you don't want that in a currency.

00:13:10   You don't want it to be that volatile.

00:13:12   Maybe if you're using it as an investment vehicle

00:13:14   and you're speculating, volatility can be fun

00:13:16   and you can make lots of money or lose lots of money,

00:13:18   depending on how it goes.

00:13:19   But really, like if you look at the all-time graph

00:13:22   of Bitcoin value, it is extremely spiky.

00:13:25   And depending on where you are in the timeline,

00:13:27   you can lose half of your money

00:13:29   in less than a quarter of a year.

00:13:32   If you're on the other side of the spikes,

00:13:34   or you could quintuple your money in less than a half a year,

00:13:36   which is the part that the Bitcoin fans all look at.

00:13:38   So if you find yourself in a situation

00:13:40   where Bitcoin is your best choice as a currency,

00:13:44   that's a bummer.

00:13:45   But I don't think it is an endorsement of Bitcoin

00:13:48   as a replacement for, you know,

00:13:52   quote unquote normal currency.

00:13:53   - Fiat. - Yeah.

00:13:55   - And I think there's also the technical barrier,

00:13:57   it's also not to be underestimated.

00:13:58   I mean, you have this currency that people

00:14:02   are putting real money into and collecting real money from

00:14:06   that has a pretty massive technical requirement

00:14:11   of knowledge that you need to have

00:14:13   and care that you need to take

00:14:14   in order to have this very responsibly,

00:14:16   if such a thing can be considered responsible on any level.

00:14:19   Like, imagine if people's entire retirement savings

00:14:23   were dependent on their password hygiene.

00:14:25   This would be a bad scene.

00:14:28   This would, like, that would be really bad.

00:14:30   And that's because Bitcoin is so technical

00:14:34   and because it works a lot more like cash

00:14:38   under your mattress, but that,

00:14:40   it's cash under your mattress

00:14:41   that the entire world can access

00:14:43   and if you make one mistake,

00:14:44   the entire world can exploit it.

00:14:47   That's not a good place for the general audience

00:14:51   of non-technical users to be relying

00:14:53   on a lot of their money to be stored in.

00:14:56   And so, any scenario that you say,

00:14:58   "Oh, Bitcoin's great for this."

00:14:59   Like, well, there's also, in addition to all the downsides

00:15:00   we talked about last week, you know,

00:15:01   with the environmental costs and everything,

00:15:03   and the various illicit trades and ransomware

00:15:07   and everything that it seems to have fueled,

00:15:09   there's also just this massive technical risk factor here

00:15:13   that people get scammed out of their Bitcoins

00:15:16   or hacked out of their Bitcoins all the time.

00:15:19   And then you involve all these weird shady wallet companies

00:15:23   and exchanges that introduce its own whole levels

00:15:26   of technical risk and opportunities for sleaziness or scams.

00:15:31   It's just, it's like this giant seedy underbelly of finance

00:15:36   that the proponents of it seem to be very, you know,

00:15:39   hell-bent on getting regular people

00:15:41   to put their money into it.

00:15:43   See, also the stock market.

00:15:44   Whereas, like, really, if you don't have

00:15:47   a baseline level of knowledge,

00:15:49   you will lose, or you will be at risk to lose everything.

00:15:53   Through no fault of your own.

00:15:54   And that's, I think that can't be overlooked.

00:15:57   - Yeah, a lot of companies build on top

00:15:58   of the infrastructure of Bitcoin or whatever.

00:16:00   Like, you end up going through one of these companies

00:16:02   to deal with stuff, just because you don't, like,

00:16:05   there is a technical barrier to being able

00:16:06   to sort of figure out how to do it

00:16:08   and having the capacity to do it, you know,

00:16:11   right on the network itself.

00:16:12   So there's tons of companies that will keep a wallet for you

00:16:14   and mining pools and all sorts of other things

00:16:17   where even though Bitcoin is supposed to be decentralized

00:16:20   and no central authority or whatever,

00:16:23   it doesn't mean that there aren't intermediaries.

00:16:26   I imagine most, you know, sort of casual individuals

00:16:30   who are doing things with any kind of cryptocurrency

00:16:32   are using some kind of intermediary

00:16:34   that makes it more convenient for them.

00:16:35   Some of them don't actually require you

00:16:37   to give up any particular security,

00:16:39   in which case you're back to the Markov scenario

00:16:41   where it's on you to make sure you're careful

00:16:43   with this stuff.

00:16:44   But other ones do sort of take over some of the tasks

00:16:46   of security for you in exchange for transaction fees

00:16:50   or whatever, you know, like there are businesses

00:16:51   built on top of this and some people have been promoted

00:16:53   that this is the model, that Bitcoin,

00:16:54   even though it has a very crappy transaction rate

00:16:56   due to proof of work stuff,

00:16:58   you can build a second layer on top of that

00:17:00   and that's your currency system and so on and so forth.

00:17:02   But you know, it's kind of a shame that Bitcoin

00:17:05   is the one with all of the PR and everything

00:17:08   because in many ways it's kind of the most primitive

00:17:12   and the sort of, the least user friendly, let's say.

00:17:15   But that said, like there are lots of other cryptocurrencies

00:17:19   and lots of these other, you know,

00:17:21   anyone can make a cryptocurrency

00:17:22   and they all have different feature sets

00:17:23   and some of them are clones of other ones

00:17:24   and there's lots of monetary scams around them.

00:17:26   But it's a big world of stuff.

00:17:29   Like there are lots of interesting ideas

00:17:31   floating around there from like Ethereum's like contracts

00:17:34   on the blockchain and everything to all sorts of,

00:17:36   you know, the proof of work, proof of stake for stuff

00:17:38   and all the various parameters within those models

00:17:42   and how they're distributed and it's sort of like

00:17:45   a bunch of experiments all being run at once.

00:17:47   Which one of these works?

00:17:48   Which is easiest to scam?

00:17:49   Which makes the most money for investors?

00:17:51   Which has the highest chance of you losing all your money

00:17:53   because you forgot your password or got hacked

00:17:55   and got your, you know, private key stolen?

00:17:57   Like that's all happening out there and I think some,

00:18:02   you know, the technology, the underlying technology,

00:18:05   you can't put this genie back in the bottle.

00:18:06   Like this is technology that has a use,

00:18:08   even if it ends up mostly being used to like stop cheaters

00:18:11   in online games or something in the future,

00:18:12   like decades from now, something is going to come of this.

00:18:16   But right now it is a fairly dangerous place

00:18:19   for individuals to be.

00:18:20   So we, you know, when we come down hard on crypto,

00:18:23   it's not like we're saying, oh,

00:18:24   nothing will ever come of this.

00:18:26   This technology is bad and should be, you know, erased.

00:18:30   No, the technology, you know, the knowledge, the math,

00:18:33   the, you know, the experimentation, that's all great.

00:18:35   But if you're an individual listening to a tech podcast

00:18:37   and you're like, should I put all my money

00:18:39   into cryptocurrency?

00:18:40   Should I put any money into cryptocurrency?

00:18:41   You kind of have to know what you're getting into.

00:18:42   It's super risky, very dangerous.

00:18:45   You have to know a lot about what you're doing.

00:18:47   And there are a lot of people out there

00:18:48   who are going to encourage you with all their might

00:18:50   to put as much as possible into whatever

00:18:52   their pet cryptocurrency is

00:18:53   because they stand to gain from it.

00:18:55   So kind of like the stock market, like Marco said,

00:18:57   there are people who will encourage you,

00:18:58   oh, become a day trader, get on E-Trade,

00:19:00   do individual investing.

00:19:01   And that's just a losing bet.

00:19:03   Not because the stock market is inherently a bad thing

00:19:05   that we should eliminate,

00:19:06   although maybe there's a different argument

00:19:08   for that elsewhere, but because,

00:19:10   but because as an individual,

00:19:12   if you are going to try to be an individual investor

00:19:14   and speculate on what's going to go up

00:19:15   and what's going to go down,

00:19:16   you're probably going to lose, so maybe don't do that.

00:19:18   Like, that's why you see the sort of boring financial advice

00:19:21   of even though it's fun to be a day trader

00:19:22   and maybe you can do it as a hobby,

00:19:24   don't bet your life savings on it, right?

00:19:26   Cryptocurrency is very similar.

00:19:29   And I'm always very wary of people really pushing

00:19:34   that everyone should be getting into Bitcoin

00:19:36   coming from somebody who has a big stake in Bitcoin

00:19:39   or it's their hobby or they,

00:19:41   it's not always nefarious.

00:19:41   Sometimes they're just enthusiastic.

00:19:43   Like, they're super into it, right?

00:19:44   Some people are super into something.

00:19:45   They really want you to get into it

00:19:46   and they will encourage you.

00:19:48   It's not like they're trying to scam you

00:19:50   and they're not even, may not even be doing it to think,

00:19:52   well, if more people get into Bitcoin,

00:19:54   the value will go up and my money will go up.

00:19:56   They're just really enthusiastic about it,

00:19:57   but it still doesn't mean,

00:19:58   like people enthusiastic about day trading too.

00:20:00   It still doesn't mean that it's right for you.

00:20:01   So in general, I would say cryptocurrency,

00:20:05   like you'll know it when it becomes a thing

00:20:06   that is reasonable and safe for people to do.

00:20:08   But right now we are still definitely

00:20:10   in the lots of experiments going on phase.

00:20:14   NFT is out there, you got Ethereum, you got Bitcoin.

00:20:17   We don't know how this is gonna all work out

00:20:20   and lots of signs point to it

00:20:22   not working out really well at all.

00:20:23   So the safe bet is to just stay away.

00:20:25   If you want to throw a couple bucks in and play with it

00:20:27   and you can deal with the potential moral implications

00:20:30   of a tiny increase in CO2 output

00:20:33   from your tiny individual contribution, go for it.

00:20:36   But don't buy the hype that it is,

00:20:40   any one of these things is necessarily the future of currency

00:20:43   because that is, to say the least, a huge open question.

00:20:47   - We are sponsored this week by Squarespace.

00:20:51   Start building your new website today

00:20:53   at squarespace.com/ATP.

00:20:56   Enter offer code ATP at checkout to get 10% off.

00:20:59   Make your next move with a beautiful website

00:21:02   from Squarespace.

00:21:04   Squarespace, quite simply,

00:21:05   makes it incredibly easy to make great websites.

00:21:09   It takes almost no time

00:21:11   and you don't need to be a web developer

00:21:13   or a designer or a nerd in order to make it.

00:21:15   There's no coding required.

00:21:18   So this has amazing potential.

00:21:20   As nerds like me,

00:21:22   even if you could make a website yourself

00:21:24   in some manual way,

00:21:25   Squarespace can be a massive time saver,

00:21:27   especially if you want to do something complicated

00:21:31   that normally for your, like hosting it yourself,

00:21:33   things like storefronts or podcast hosting

00:21:36   or really any kind of dynamic functionality,

00:21:38   galleries, calendars, stuff like that.

00:21:40   It's tricky to do all that stuff yourself.

00:21:42   Or you create work for yourself in the future if you do it.

00:21:45   Like you have to set up a server somewhere.

00:21:47   You have to do software upgrades.

00:21:48   You gotta worry about server maintenance and uptime

00:21:51   and security patches and stuff like that.

00:21:53   Squarespace takes all of that away.

00:21:55   So even if you are a nerd, that's a huge time saver

00:21:58   and it reduces your own future liability and work.

00:22:01   And if you're not a nerd,

00:22:02   you can create websites that are just as good

00:22:04   as what professionals can make,

00:22:05   even if you don't have any design or development

00:22:07   or web development skills.

00:22:08   So it's amazing.

00:22:10   See for yourself by starting a free trial

00:22:12   at squarespace.com/atp.

00:22:15   There's no credit card required.

00:22:16   You can build the entire site in trial mode

00:22:19   and see how it works for you and if it works for you.

00:22:21   And once you're ready to sign up, go back there,

00:22:23   squarespace.com/atp.

00:22:25   Use offer code ATP to get 10% off your first purchase.

00:22:29   That's squarespace.com/atp.

00:22:31   Code ATP for 10% off your first purchase.

00:22:34   Thank you so much to Squarespace for sponsoring our show.

00:22:37   Make your next move at Squarespace.

00:22:40   - See Sam's stuff.

00:22:45   This is child safety stuff.

00:22:48   We talked about quite a bit last week,

00:22:49   which I actually really enjoyed the conversation.

00:22:51   We got a lot of very positive feedback about it,

00:22:53   which I really genuinely appreciate.

00:22:55   That was very kind of all of you.

00:22:57   We do have some feedback about it,

00:22:58   or excuse me, follow up about it though.

00:23:00   Facebook found 20 million photos, not 20 million people.

00:23:04   That is quite a big difference.

00:23:05   I'm not sure which one of us said that incorrectly,

00:23:07   but it is worth noting.

00:23:08   - Yeah, we said it right a whole bunch of times,

00:23:10   but I think I eventually said it wrong once.

00:23:11   So just to make that clear in case you're afraid

00:23:13   that there are 20 million child predators out there now.

00:23:16   But if you want to get depressed,

00:23:17   you can start trying to do the math and figure out,

00:23:19   well, so how many pictures per person is it

00:23:20   and how many people is it?

00:23:21   I don't know that math.

00:23:22   All I know is it was 20 million photos.

00:23:23   And that was in one year.

00:23:25   So maybe that doesn't make you feel as good.

00:23:26   But anyway.

00:23:27   - Yikes.

00:23:29   Moving right along.

00:23:29   John, you found a very entrancing PDF

00:23:32   that you'd like to share with the class?

00:23:34   - Yeah, I gotta reference this in the next item,

00:23:37   but these are all on Apple's apple.com/child-safety.

00:23:40   This one was called, what is it?

00:23:43   Security Threat Model Review, Apple's Child Safety Features.

00:23:45   I think it was interesting because if you read it,

00:23:48   each thing that is part of this system

00:23:50   that we described last week is broken into sections

00:23:52   where it says, what are the goals of this feature?

00:23:54   What are the design principles?

00:23:55   And what are the security and privacy requirements?

00:23:58   And if you read this document in isolation,

00:24:01   it makes a lot of sense.

00:24:03   It's like, okay, here's this feature.

00:24:06   Here's the principles we have,

00:24:07   like what the principles are.

00:24:09   How is it vulnerable?

00:24:11   Should Apple be able to do this or not be able to do it?

00:24:13   Should information never leave the user's device

00:24:15   or stay on the device?

00:24:16   Like the security and privacy requirements?

00:24:19   It's saying, when implementing this feature,

00:24:21   here are the things we want to be true about it.

00:24:23   And if you list it, you'll be nodding your head and going,

00:24:25   yeah, that's a good goal of this feature.

00:24:28   I like the design principles.

00:24:29   I like the security and privacy requirements.

00:24:31   It may, and it explains why is this system made

00:24:34   the way it is.

00:24:35   And it also explains why in this interview

00:24:38   with Craig Federighi from Joanna Stern

00:24:40   of the Wall Street Journal,

00:24:42   that Federighi really hammers on the superior privacy

00:24:46   of Apple's approach.

00:24:48   Like it's almost like he's reading from this document

00:24:50   of saying, we did it this way

00:24:51   because this provides more privacy.

00:24:53   And he doesn't elaborate on it.

00:24:54   This document elaborates on it.

00:24:56   When he says more privacy, this is what he means.

00:24:59   The things in this document are saying,

00:25:01   it has these qualities.

00:25:03   It adheres to these principles.

00:25:05   The goals of this features were X, Y, and Z,

00:25:07   and that's why we did it this way to achieve these goals.

00:25:10   So I'm gonna get back to that in a second,

00:25:11   but I'll let Casey summarize the interview.

00:25:13   - Right, so this is the interview with Craig Federighi

00:25:16   and Joanna Stern, which I just wanted to say,

00:25:18   I think Joanna's excellent.

00:25:20   She did such a great job at this.

00:25:22   There are some quibbles that I think we have,

00:25:25   but by and large, I thought it was really, really well done.

00:25:27   And I liked the way that she would like pause Federighi

00:25:29   and they would do their little motion graphics

00:25:30   or illustrations, whatever they are,

00:25:32   in order to explain stuff.

00:25:33   There were a couple of interesting points about this though.

00:25:36   I love Federighi, I really do.

00:25:38   I think he strikes me as a very nice and very smart guy.

00:25:41   I didn't love this interview with him though.

00:25:44   It seemed, I got the vibe that he wasn't telling me

00:25:48   the whole story, even though allegedly he was trying

00:25:51   to tell the whole story.

00:25:53   And granted, it's a short interview.

00:25:55   Granted, it's for a more basic audience,

00:25:57   but I don't know, some of the things he said

00:25:59   just didn't rub me right.

00:26:00   One of the things he did say though,

00:26:03   is that the database of hashes, I guess,

00:26:06   are shipped on device, which we'd known last week.

00:26:10   And he specifically cited that it's the same database

00:26:13   in China as it is in America,

00:26:15   which I thought it was interesting that he kind of

00:26:17   gave a nod in the direction of China

00:26:19   as something that we're all, not fearful of,

00:26:22   but I can't think of a better way of phrasing it.

00:26:24   And it makes sense, I mean,

00:26:25   that is what we're all thinking about,

00:26:26   but I was surprised that he acknowledged it.

00:26:28   And then the other thing that struck me a little weird

00:26:30   was he said there are multiple levels of auditability

00:26:33   in this system.

00:26:34   Like there are multiple places

00:26:35   where regular people can audit it.

00:26:37   And he implied, for example, that regular people

00:26:39   could audit the contents of the database

00:26:41   that is shipped as part of iOS.

00:26:43   And I just, where is this?

00:26:46   'Cause I don't see this.

00:26:47   Maybe it's to be announced, like how a regular person

00:26:50   or perhaps a security researcher could go in

00:26:52   and look at this. - Did he say regular people?

00:26:53   'Cause my impression

00:26:54   is talking-- - No, he didn't.

00:26:55   - He means people outside Apple.

00:26:57   - Yes, exactly.

00:26:58   But even still, like even like a me or you or a Marco

00:27:02   or like a Guy Rambo, like where is this stuff

00:27:05   that we can go look at?

00:27:06   Because Apple generally doesn't take too kindly to us,

00:27:10   you know, opening up iOS releases

00:27:12   and trying to go spelunking within them.

00:27:13   So perhaps I'm being chicken little

00:27:17   and perhaps there'll be explicit instructions about it

00:27:19   even for regular people for all I know.

00:27:21   But sitting here today, it seemed a little dubious to me.

00:27:25   - Well, I mean, they're gonna ship the bits to you.

00:27:27   So, you know, and if it's in the OS,

00:27:29   people will be able to find it and compare it

00:27:31   and know when it changes and see that it is the same

00:27:33   across regions and all the other stuff, right?

00:27:35   And there's a lot more technical detail to that.

00:27:37   I felt like in this interview, he was trying to,

00:27:41   he couldn't possibly go into the stuff

00:27:42   that these tech documents go into.

00:27:44   Not even the stuff from the threat model document

00:27:46   that I put in the links,

00:27:47   but everything he was saying in them,

00:27:49   you could sort of reference back to that.

00:27:51   But here's, there was one question that Joanna didn't ask

00:27:54   that I think would have been illuminating

00:27:57   and really is the thing that I've been thinking about

00:27:59   since our discussion last week, that it's the kind of the,

00:28:03   it's not a problem for Apple now,

00:28:05   but I feel like it makes more,

00:28:07   everything they say and people discomfort with it

00:28:08   makes more sense when you look in on this one point

00:28:12   and this question.

00:28:13   And we talked about it last week too,

00:28:14   but I'm gonna dive into it again here.

00:28:17   Joanna didn't ask about end-to-end encryption

00:28:21   on iCloud backups and iCloud photo library, right?

00:28:24   Doesn't currently exist, right?

00:28:26   Right now, when you do an iCloud backup,

00:28:28   Apple has the key to it.

00:28:29   It's encrypted at rest, but Apple has the key

00:28:31   so they can look at it.

00:28:32   Same thing with your iCloud photo library.

00:28:35   If Apple wanted, they can look at all your pictures

00:28:37   'cause they're on Apple servers and yes,

00:28:38   they're all encrypted, but Apple has the key, right?

00:28:41   That's my understanding.

00:28:42   And I've checked that in a couple of different places

00:28:44   and that's the case, right?

00:28:46   Everything in this threat model document is true

00:28:49   within the scope of the features they added.

00:28:51   Like here was our design requirements.

00:28:53   We didn't want Apple to be able to see any of your pictures

00:28:56   until you've crossed the threshold.

00:28:58   And we didn't wanna know if you were near the threshold

00:29:02   and with all like, and by the way,

00:29:04   something I got wrong on the thing.

00:29:05   They sent a security voucher for every single picture.

00:29:07   So even the good ones and the bad ones.

00:29:09   So Apple has no idea, like every single picture

00:29:11   gets a security voucher that they scan.

00:29:13   Apple has no idea whether of all the security vouchers

00:29:16   they got are the few of them indicating a bad picture

00:29:19   is past the threshold or whatever, right?

00:29:21   So these are the design principles.

00:29:23   Like Apple's like, we didn't wanna know this.

00:29:25   We wanted to make it secure so we can't tell this.

00:29:27   Mathematically, we can't do this.

00:29:29   And it's like, okay, the feature you described

00:29:31   fulfills these requirements, but there's a huge problem.

00:29:34   None of that matters because you don't need to mess

00:29:36   with this at all, Apple, because you have access

00:29:38   to all our pictures.

00:29:39   Like you don't have to worry.

00:29:40   This CSAM feature doesn't change the fact

00:29:43   that you already have access to all our pictures.

00:29:45   Like every one of the sort of design goals

00:29:50   and security and privacy requirements in these CSAM features

00:29:53   is pointless because as I was trying to make the point

00:29:55   last week, no one would ever try to use this system

00:29:59   to get at the pictures because there's already

00:30:02   complete access to every single person's picture

00:30:04   on the server side today.

00:30:06   That's the way it is, right?

00:30:08   So when reading this document and them saying

00:30:11   this is better privacy, the only way it makes sense to me

00:30:15   is that eventually if Apple does end to end encryption

00:30:20   of iCloud backups or even just the photos things

00:30:22   or whatever, suddenly this all makes sense

00:30:25   because suddenly these security requirements

00:30:27   and design principles are relevant, right?

00:30:32   It's like saying, boy, this door has a million locks on it

00:30:35   and even Apple can't open it, but there's no wall.

00:30:37   And so you can just walk past the door,

00:30:38   but the door is super secure.

00:30:40   The door really preserves your privacy.

00:30:43   But it's like, but there's no wall.

00:30:44   It's like, but we won't, we'll only try to go.

00:30:48   It doesn't make any sense, right?

00:30:50   And so what I get out of this whole week's worth

00:30:52   of press and everything is that Apple,

00:30:54   seems like Apple does not want to be able to see your photos

00:30:58   but they currently can.

00:31:00   Every part of the CSAM system and the scanning thing

00:31:02   or whatever is made so that Apple's like,

00:31:04   look, we don't wanna see your photos.

00:31:05   We don't wanna be able to see your photos.

00:31:08   Like not until this threshold,

00:31:10   that's why they built this complicated system of like,

00:31:13   you know, we have the system that's gonna try to see

00:31:14   if it's a match against this database, but it's not exact.

00:31:17   So we have to do a threshold and when it hits,

00:31:19   only then do we ever want to even be able to see

00:31:22   a low resolution thumbnail to try to confirm

00:31:24   if it's one of the pictures from the NicMec database.

00:31:26   But otherwise we don't wanna be able to see your photos

00:31:29   at all, but we totally can't.

00:31:30   We can see all of them, right?

00:31:32   So, and they haven't said anything about this.

00:31:35   Like, I mean, if you asked them, if you had asked them,

00:31:38   hey, Apple, you ever gonna do end-to-end encryption

00:31:39   on a cloud photo library and cloud cloud backups?

00:31:41   They're not gonna tell you

00:31:42   'cause they don't talk about future products,

00:31:43   but this entire feature only makes sense

00:31:47   in a world where Apple plans to do that.

00:31:49   Here's the second problem.

00:31:51   Everything I said last week about,

00:31:52   don't worry about this feature

00:31:53   because it doesn't make security any worse

00:31:55   'cause Apple already has access to all of your photos.

00:31:57   If that ever changes and Apple suddenly

00:32:00   doesn't have access to all your photos,

00:32:02   this CSAM feature does become the most attractive vector

00:32:06   for governments or anyone else

00:32:09   to force Apple to get at stuff, right?

00:32:11   What I was trying to say last week,

00:32:12   which a lot of people weren't understanding,

00:32:14   is like, no one would go through the CSAM feature to do this.

00:32:16   There's way easier ways, right?

00:32:18   Why would you make your life more difficult?

00:32:19   This system is way more secure than the, hey, Apple,

00:32:22   just drew up to everything and let us scan it

00:32:24   or like hacking Apple to do that or whatever, right?

00:32:27   But if that changes this, then what everyone's saying about,

00:32:30   oh, you built the feature and now it's easy to get it,

00:32:32   that suddenly becomes true

00:32:33   because the previous lack of a wall,

00:32:36   now there's a brick wall there

00:32:37   and the door suddenly becomes the most viable vector

00:32:40   because at least it opens and closes

00:32:41   and you just have to pick the locks or whatever, right?

00:32:44   So it's kind of a weird situation.

00:32:46   And I haven't seen this really put in these terms

00:32:49   in any of the discussion.

00:32:50   It's like some of these features are nonsensical now,

00:32:55   but if you make them make sense

00:32:56   by implementing end-to-end encryption,

00:32:58   all of the sort of scare tactics

00:33:01   about the slippery slope things become worse

00:33:03   because then this does become the most valid way

00:33:06   to try to have a government force Apple to do things.

00:33:09   And as I was trying to emphasize last week,

00:33:11   governments can force you to do things

00:33:13   'cause that's the way government works.

00:33:14   They have all the guns and they control the laws

00:33:16   in the countries in which they operate.

00:33:17   And if you don't like that,

00:33:20   there's no amount of security they can fix that.

00:33:25   Governments can outlaw end-to-end security

00:33:26   and then it'll become illegal for you to do that

00:33:29   and they can make it criminal and take you to court

00:33:31   and blah, blah, blah.

00:33:32   You really need to deal with your government.

00:33:34   That is your core problem here.

00:33:35   But since we don't know, okay, does Apple plan

00:33:40   to implement end-to-end security?

00:33:41   It's hard to know how to feel about these features.

00:33:43   If the Apple has said,

00:33:44   "And by the way, we're gonna do end-to-end security,"

00:33:47   and they announced that at the same time as this,

00:33:48   I would be much more on the side of,

00:33:50   ooh, the CSAM feature now that they've built it,

00:33:52   it makes it more likely that bad things will happen.

00:33:56   But they didn't announce that.

00:33:57   So we have no idea if they're ever gonna do

00:33:58   end-to-end encryption.

00:33:59   So it's really weird.

00:34:01   Like, and that's why I think this threat model document

00:34:05   is great.

00:34:06   If you read it and don't know about all the other aspects

00:34:09   of Apple security on their servers,

00:34:10   like the fact that iCloud backups are not end-to-end

00:34:12   encrypted and Apple already has access to your photos,

00:34:15   then this document in isolation looks airtight.

00:34:18   But if you do know that context,

00:34:19   this document starts to seem really weird and nonsensical.

00:34:23   And by the way, if I'm wrong about the photos thing,

00:34:25   again, I tried to confirm that with as many people

00:34:27   as I could think to ask this question to

00:34:28   and everyone said, "Yes, this is the truth."

00:34:29   But if that's not the case, someone from Apple,

00:34:31   please tell me, can Apple currently look at all the iCloud

00:34:34   photos in someone's, in theory, not that they do,

00:34:37   I'm sure they don't, but in theory,

00:34:39   could they look at everyone's photos

00:34:41   in their iCloud photo library?

00:34:43   As far as I've been able to tell the answer to that is yes.

00:34:44   We know it's true for iCloud backups

00:34:46   because they've done that and law enforcement and stuff

00:34:48   has made them do that in the US or whatever.

00:34:50   - Well, and I think that's a critical differentiator.

00:34:52   A lot of people here are assuming,

00:34:54   like you are proposing, like many people have proposed,

00:34:57   like well, this seems like an obvious precursor

00:35:00   to Apple offering end-to-end iCloud encryption.

00:35:03   And that's actually, that's probably a separate discussion

00:35:06   of whether that's even a good idea

00:35:07   and certainly whether that should be the default

00:35:09   or whether it should be an opt-in thing

00:35:10   because there are serious repercussions if, for example,

00:35:14   you forget your password and you lose access

00:35:16   to all your devices and that's a big support issue

00:35:20   just from the reality of customer support

00:35:22   and everything that Apple have to deal with.

00:35:24   - Yeah, we talked about this on past episodes of ADP.

00:35:27   The why, the reason Apple is resisting doing that

00:35:29   is not so much because it's a principled stand against,

00:35:32   or like they want to be able to access your things.

00:35:34   It's a customer support issue, which I kind of believe,

00:35:36   but as time marches on, I think as we said

00:35:38   the last time we discussed, as time marches on,

00:35:40   it becomes less and less tenable to say,

00:35:41   okay, customer support, but, and I think some support

00:35:44   for the idea that Apple's coming around on this

00:35:46   is the new features they added about like delegating

00:35:48   to like a family member to unlock your stuff,

00:35:50   whatever that feature is called.

00:35:51   - Right, yeah, the legacy planning stuff.

00:35:52   - Right, that is a thing that someone would do

00:35:54   if they were eventually planning to really bite the bullet

00:35:57   and say, I know it's gonna be a pain in the ass

00:35:59   for customer support, but like I would imagine

00:36:01   they would really start pushing hard

00:36:03   on when everybody sets up your phone, like,

00:36:05   tell us, please tell us, are you sure you don't want

00:36:07   to tell us somebody, like your brother or sister

00:36:10   or parent or a friend who you want to trust

00:36:12   because you're gonna need this later

00:36:13   when you forget your passwords, right?

00:36:15   If they hammer that feature really hard,

00:36:17   then maybe they can mitigate against

00:36:19   the eventual end-to-end encryption.

00:36:21   - Yeah, but I think ultimately I would bet

00:36:24   that this feature's existence, while this would,

00:36:28   I think, make end-to-end encryption easier for the law

00:36:31   and governments to swallow if it does eventually

00:36:33   become either an option or the default,

00:36:36   I don't know that this necessarily suggests

00:36:38   that that's coming because you're right

00:36:40   that I'm pretty sure Apple does have the keys

00:36:43   to all of your iCloud data with the exception

00:36:45   of iCloud Keychain, which is end-to-end encrypted.

00:36:48   But as far as I can guess, it seems like maybe

00:36:53   they wouldn't want, whatever the process is

00:36:57   that they use internally to make sure that random employees

00:37:00   aren't just snooping on everyone's iCloud data,

00:37:02   I'm sure they probably have some kind of process

00:37:03   for actually decrypting customer data

00:37:06   and handing it over to law enforcement,

00:37:07   and they might only want to invoke that

00:37:09   when served with the warrant, for instance.

00:37:11   Whereas the CCAM scanning feature,

00:37:13   this is the difference between law enforcement

00:37:15   versus surveillance, this feature is constantly

00:37:19   scanning your stuff going up to iCloud,

00:37:22   even if no warrant has been issued against you.

00:37:25   And so maybe they don't want that same,

00:37:29   whatever the warrant reply system is,

00:37:31   where okay, we're served with this warrant,

00:37:33   we are forced, we legally must comply with it,

00:37:36   so we are forced to hand over any data

00:37:37   we have about this customer, so then they have a process

00:37:39   to deal with that, right?

00:37:40   But what if, if they use that process

00:37:44   to look into your photos and then hand it off to the police,

00:37:47   maybe they could get sued for, I don't know,

00:37:50   maybe, like suppose they refer somebody to law enforcement,

00:37:55   and it ends up, it's actually like a false positive,

00:37:58   it's actually, the stuff they have is actually legal,

00:38:00   and they get law enforcement on their backs

00:38:02   and it ruins their life, and then they sue Apple.

00:38:04   Maybe Apple just wants to keep their hands

00:38:06   as clean as possible, and like okay, well,

00:38:08   the keys that we have to look at all your iCloud data,

00:38:10   we're only gonna use those keys as we are legally required

00:38:13   to when served with a warrant or subpoena or whatever,

00:38:16   whereas this automated system that's proactively surveilling

00:38:20   all of our data for this stuff,

00:38:22   maybe that goes through a much more strict

00:38:25   and narrow view process to avoid their own liability.

00:38:30   - Well, I think it's kind of the opposite,

00:38:31   where if they're served a warrant,

00:38:33   that the information they get from that

00:38:34   will be admissible in court, whereas it's questionable

00:38:36   whether the surveillance stuff that they catch

00:38:39   just by scanning everybody is, but in terms of the government

00:38:41   making them do things, even just the plain old US government

00:38:44   can not just make Apple say, oh, we'll scan this person's

00:38:47   thing, they can, because terrorism, I'm sure,

00:38:50   make Apple, under the right conditions,

00:38:52   have a secret warrant that requires Apple

00:38:55   to scan everybody's picture all the time,

00:38:57   24 hours a day in perpetuity for whatever the government

00:39:00   wants them to because terrorism,

00:39:01   and because of some terrible Patriot Act law

00:39:04   and a secret judge that offers a secret thing,

00:39:05   and by the way, Apple can't talk about it,

00:39:07   maybe they're already doing this, right?

00:39:08   Setting aside the NSA hacking them

00:39:10   and already being inside their data centers

00:39:13   or having cracked all the encryption

00:39:15   and gotten the secret keys out for everyone,

00:39:17   it's like, there's so many scenarios

00:39:19   in which the US government has done things

00:39:21   that are no worse than what I just described

00:39:23   for very stupid reasons, and so that,

00:39:26   like, that's why when I read all these documents,

00:39:28   it's like, what I keep hearing in my head

00:39:31   and what I hear in the federal reading thing is,

00:39:33   Apple doesn't want to be able to see your photos,

00:39:36   like, they don't even wanna be able to do it,

00:39:38   it's kinda like, the reason they were able to resist

00:39:39   the FBI thing is there's literally nothing they can do,

00:39:42   right, right now, Apple can, is able,

00:39:45   yes, there are policies and processes involved,

00:39:46   but they're able to see your photos,

00:39:48   and it's much easier for Apple to say,

00:39:50   we literally can't do that, we don't have the keys,

00:39:53   that's where Apple wants to be,

00:39:55   that's how these CSAM features have been designed,

00:39:57   but that is not how iCloud backups

00:39:59   and iCloud photo library are designed,

00:40:01   and so those two features are not in keeping

00:40:03   with everything that Apple is doing and saying about,

00:40:06   like, they would prefer not to,

00:40:07   and the CSAM thing is like, again,

00:40:09   with the potential of end-to-end in the future,

00:40:11   if these EU and UK laws come down

00:40:14   that requires Apple to scan, now they can still do that

00:40:18   with end-to-end encryption, like, it doesn't prevent them

00:40:20   from doing end-to-end encryption on the iCloud photo library,

00:40:23   like, they're now well positioned to comply with all laws,

00:40:27   but also no longer be able to see things on their servers,

00:40:32   which will then, like I said,

00:40:33   make the CSAM feature much more dangerous,

00:40:35   so it's a weird situation they're in,

00:40:37   and Apple's, you know, some other people said this,

00:40:39   and other podcast listen to it, like,

00:40:41   Apple's secrecy about this means that we don't hear anything

00:40:44   and all of a sudden it just arrives,

00:40:45   and I was like, oh, what's all this stuff?

00:40:46   And they announced everything altogether,

00:40:48   and their secrecy also means that they're not gonna tell us

00:40:50   that this is a precursor to doing end-to-end encryption,

00:40:52   so we just had to guess, and so we don't really know

00:40:54   quite how to feel about it, so it's weird and complicated,

00:40:57   and I think Apple's actual security, like,

00:41:02   threat model of, you know, their entire company

00:41:05   is very different than what they're doing more recently,

00:41:09   and the things they're doing more recently

00:41:10   lean in one direction very strongly,

00:41:12   but the things they've done in the past are variable,

00:41:14   to say the least.

00:41:15   - Yeah, it's a mess, like, I don't need to, you know,

00:41:21   rehash everything we talked about last week,

00:41:22   but they're kind of darned if they do, darned if they don't,

00:41:24   and I think in a lot of ways they've kind of set themselves

00:41:26   up in this position because of secrecy,

00:41:28   because of, oh, we're the most private of all the people,

00:41:30   or all the companies, and so it's just, it's tough.

00:41:33   - I mean, can you blame, like,

00:41:34   they knew this was going to be a problem,

00:41:36   that's why they announced it on, you know,

00:41:38   late in the weekend in August, like, it's,

00:41:40   this is when you drop, you know,

00:41:42   news that might be unpopular,

00:41:44   you drop it, you know, Thursday or Friday in August.

00:41:47   - Like it's hot.

00:41:48   - I don't think they have that much to worry about,

00:41:49   'cause I think most of the people flipping out about this

00:41:51   are people who are, like, tech nerds,

00:41:52   or into the security world, but like,

00:41:54   in terms of a story that has legs with the general public,

00:41:57   I mean, there's the possibility that it sort of, you know,

00:42:00   latches on as, like, Apple's always scanning your phone,

00:42:02   but even those things, like, the whole Facebook

00:42:04   is listening on your microphone or whatever,

00:42:06   I think people lose interest in those,

00:42:07   maybe they're just not juicy enough,

00:42:08   this is the problem with lots of tech security-related stuff

00:42:10   for good and for bad, when something really bad happens,

00:42:12   it's very difficult to get regular people to care about it,

00:42:16   because it just seems so weird and esoteric,

00:42:18   and you have to convince them of these fourth order effects

00:42:20   that may affect them, and it's,

00:42:22   it's why we get so many bad laws,

00:42:25   I mean, remember how much we fought against the DMCA

00:42:27   and everything, and all of the, you know,

00:42:29   bad things that that could cause,

00:42:30   and now if there's three milliseconds of music

00:42:33   from a passing car in your YouTube video,

00:42:35   one strike is against you, and soon your livelihood's

00:42:37   gonna be gone if it happens three times, right?

00:42:38   Like, the consequences happened, still no one cares,

00:42:41   it's like, that's just the way the thing is,

00:42:43   no copyright intended, it's like, oh,

00:42:45   it's hard to get people to care,

00:42:46   it's hard to get people to care about these issues,

00:42:49   and so Apple, in this case, I feel like Apple's

00:42:51   going to benefit from that apathy of the general public.

00:42:56   - We are sponsored this week by Mack Weldon,

00:43:01   the brand that has reinvented men's basics.

00:43:04   They got famous 'cause of their underwear,

00:43:06   their underwear is fantastic, I wear it literally every day,

00:43:08   and they are so much more than underwear now,

00:43:11   they have a huge collection of amazing men's basics.

00:43:14   T-shirts, polos, button-ups, shorts,

00:43:17   pants, swimsuits, and so much more.

00:43:20   What I like about them, you know, I wear Mack Weldon,

00:43:22   every day I'm wearing their underwear, no matter what,

00:43:24   'cause it's literally 100% my underwear,

00:43:25   so every day I'm wearing Mack Weldon underwear,

00:43:27   I know you really wanna know this, right?

00:43:28   I also have many of their socks,

00:43:30   I have tons of their t-shirts,

00:43:32   I especially love their silver line of t-shirts,

00:43:35   I wear these all summer long, and much of the winter,

00:43:38   because silver fibers in the fabric blend

00:43:41   actually are antimicrobial, and makes it basically

00:43:44   impossible to stink while wearing it.

00:43:46   Also, if you want different materials for workout clothes,

00:43:49   they are great at all of that,

00:43:51   they have all sorts of breathable mesh fabrics

00:43:53   and stuff like that.

00:43:54   As the summer comes to a close, and we get into the fall,

00:43:56   I love their long sleeve collection, it is fantastic.

00:43:59   My favorite is the Warm Knit series of long sleeve shirts,

00:44:03   and they have all sorts of other options from there,

00:44:05   Tech Cashmere, all sorts of great stuff.

00:44:08   So they have amazing materials, amazing products,

00:44:10   I love the fit of their clothes, it's modern,

00:44:13   but it's also comfortable, it's not like, you know,

00:44:14   too skin tight or anything, so it's comfortable,

00:44:17   it's consistent, easy to buy, easy to wear,

00:44:19   easy to care for, and it lasts forever.

00:44:22   I've had Mack Weldon clothes now for something like

00:44:24   four or five years, I don't think I've ever lost

00:44:26   a single item of clothing to just wearing out.

00:44:28   Their stuff is just fantastic, so see for yourself

00:44:31   at mackweldon.com/atppodcast, and you can get 20% off

00:44:36   your first order with promo code ATPPODCAST.

00:44:41   Once again, that's mackweldon.com, M-A-C-K-W-E-L-D-O-N,

00:44:45   mackweldon.com/atppodcast, promo code ATPPODCAST

00:44:50   for 20% off, I love Mack Weldon's clothes,

00:44:54   I wear them all the time, mackweldon.com/atppodcast.

00:44:58   Thank you so much to Mack Weldon for sponsoring our show.

00:45:01   Mack Weldon, Reinventing Men's Basics.

00:45:03   - Speaking of benefiting from apathy from the general public,

00:45:10   what do you guys think about Electron?

00:45:12   - Oh man, I'm so happy we finally got to this.

00:45:17   It was pressing on us 'cause it had just happened

00:45:19   right before we recorded last week, but we were not

00:45:21   gonna have room for it in the show with all the CSAM stuff

00:45:23   last week, so here we go.

00:45:26   - Yeah, all right, so I, for my own benefit,

00:45:28   I would like to issue a quick series of disclosures.

00:45:32   First of all, 1Password has sponsored the show in the past,

00:45:35   most recently on the 8th of June, which was episode 434.

00:45:39   You probably won't believe it based on this conversation

00:45:41   we're about to have, but they have sponsored us in the past.

00:45:44   - Well, and to be clear, they sponsored us one time,

00:45:46   there are currently no future sponsorships booked with them,

00:45:51   although I don't think we would turn them down

00:45:53   because I still use 1Password and like them as a company,

00:45:56   and we are, I think, about to criticize them,

00:45:59   and I think this should tell you, listeners,

00:46:00   that we are not afraid to criticize sponsors.

00:46:03   I hope you trust us on that, 'cause we're gonna just

00:46:07   let it rip here, and I think we will be civil to them

00:46:11   because I think that's just our style most of the time,

00:46:14   but we will criticize them freely, so here we go.

00:46:16   - You're not gonna suggest that their CEO be fired?

00:46:19   (laughing)

00:46:21   We only do that to Apple.

00:46:22   - Yeah, only Apple, only Apple.

00:46:24   That's funny.

00:46:25   But I do wanna also note that the 1Password people

00:46:28   that I've spoken to, and I don't know any of them

00:46:31   terribly well, but any of the ones that I've spoken to

00:46:33   have been incredibly, impossibly nice people,

00:46:35   because hey, guess what, a lot of them are Canadian,

00:46:37   so that stands, but they are very, very nice.

00:46:40   I do think they are well-meaning,

00:46:41   but don't like the decisions of late,

00:46:44   I gotta tell you, gentlemen.

00:46:45   So this morning, I downloaded 1Password 8 Beta for Mac OS,

00:46:51   which is now being written, or has been written in Electron.

00:46:56   Electron, again, is the cross-platform thing, app framework

00:47:01   that lets you allegedly, ostensibly,

00:47:04   write once, run anywhere.

00:47:06   It is based on web technologies,

00:47:08   and so in my personal estimation, it's write once,

00:47:11   feel not native everywhere.

00:47:14   So it does kind of work everywhere,

00:47:15   but it doesn't feel native anywhere.

00:47:17   And there's probably 350 different takes

00:47:20   we can have on this, or different approaches on this.

00:47:22   But I think the thing that really bums me out,

00:47:26   that I'd like to say upfront, is there's a list of software,

00:47:31   there's not a long list, but a list of software

00:47:33   that I feel like I evangelize, because I love it.

00:47:37   I really, really love the software.

00:47:39   And hand to God, 1Password has always been on that list,

00:47:44   and this list for me, anyway, is very, very short.

00:47:47   1Password, so far, has been pretty much bulletproof for me.

00:47:52   I personally really like their subscription service.

00:47:56   I know a lot of people are deeply turned off by it,

00:47:58   and that's fine.

00:47:59   I can totally understand why you would feel that way.

00:48:02   But for me, I jumped on 1Password for families early,

00:48:06   and it has become absolutely critical

00:48:08   for Aaron and I to share important passwords,

00:48:10   and also documents between each other,

00:48:12   in a way that's secure and safe.

00:48:14   And I have always held their apps,

00:48:18   their entire Apple app suite,

00:48:21   I can't speak for Windows or Linux, but--

00:48:23   - I can.

00:48:24   - Or for Android, either, but apparently Marco

00:48:28   can either confirm what I'm about to say or deny it.

00:48:31   But at least on Apple platforms,

00:48:33   their apps have always been excellent platform citizens.

00:48:36   By that I mean, whatever the convention

00:48:38   of the particular platform we're talking about,

00:48:40   whatever the convention is on iOS,

00:48:41   whatever the convention is on macOS,

00:48:43   perhaps Marco on Windows, or maybe Android,

00:48:47   they've always treated that platform well,

00:48:51   and they've always acted as a good citizen

00:48:53   within the platform.

00:48:54   When in Rome, do what the Romans do.

00:48:56   Well, they've always done that very well,

00:48:58   irrespective of platform.

00:48:59   Is that true on Windows too?

00:49:00   - I mean, I've used 1Password on Windows

00:49:03   for a total of like 20 minutes,

00:49:06   and I've used Windows outside of a game.

00:49:10   I've used Windows for not that much more than that

00:49:13   in the last decade or more.

00:49:15   So I can't really say how good of a Windows app it is

00:49:19   compared to other Windows apps.

00:49:20   But I can say that as a 1Password user for many years,

00:49:24   as a 1Password family plan user, again,

00:49:27   I think I mentioned this all during the ad,

00:49:29   and certainly we've talked about them occasionally

00:49:30   here and there before, we have it for my family,

00:49:34   we like it, it works well.

00:49:36   For the most part, I have a few asterisks on that,

00:49:38   but for the most part it works well, it has worked well.

00:49:40   One of the great things about it

00:49:42   that I think is a major advantage it has

00:49:45   over Apple's iCloud keychain stuff

00:49:47   that's been increasing in scope over the last few years

00:49:49   is that I can use it on Windows.

00:49:51   And this is not even that new.

00:49:53   I mean, for a while they would have this

00:49:56   JavaScript web app you could export

00:49:58   and have that work on Windows or anything else.

00:50:01   At some point in the last few years,

00:50:03   I believe they started offering

00:50:04   the actual native Windows client.

00:50:06   I haven't used it on Linux, sorry, I mean, who has?

00:50:09   But next year, next year is the year.

00:50:13   - Next year, damn it!

00:50:14   (laughing)

00:50:16   - But the cross-platform nature, being able,

00:50:19   like when I was setting up a gaming PC,

00:50:20   being able to have all my passwords in there

00:50:24   for all of the stupid Microsoft accounts

00:50:26   and Dropbox and everything, it was really nice.

00:50:29   It's a very convenient thing

00:50:30   to have that available cross-platform.

00:50:32   So I very much value 1Password,

00:50:36   and I think what we're about to get into here

00:50:39   is their new beta for their new stuff.

00:50:42   And it really suggests that the client experience

00:50:46   of 1Password is about to get worse.

00:50:49   And that makes me sad, because I've had,

00:50:51   for the most part, only very good things to say about it.

00:50:53   I mean, the only problems I've really had with it

00:50:55   in the last, maybe year or so,

00:50:58   I've found the browser plugin to be less reliable

00:51:01   at various things.

00:51:02   But otherwise, it's been great for years before that.

00:51:06   And the fact that it's about to get worse in certain ways,

00:51:10   it seems like a really unfortunate thing

00:51:14   and possibly an avoidable thing.

00:51:16   - Yeah, and real-time follow-up,

00:51:18   as of just a few hours ago, Apple released iCloud

00:51:21   for Windows 12.5, which apparently includes

00:51:24   a password manager app.

00:51:25   So-- - Really?

00:51:26   They don't have one on the Mac?

00:51:28   - Well-- - Unless you count

00:51:29   keychain access, which is terrible.

00:51:30   - Oh, come on, keychain's the best.

00:51:32   - In Monterey, they moved it into system preferences,

00:51:35   so there's a preference pane for passwords.

00:51:37   - Oh, that's right, yeah, that's a little better.

00:51:39   - Yeah, it is.

00:51:39   I mean, that's probably kind of where you'd expect to see it.

00:51:42   Keychain access is more like a utilities folder kind of thing

00:51:45   but if you just, normal people don't use keychain access,

00:51:47   but I feel like normal people will go to system preferences

00:51:49   and click on the thing that says passwords.

00:51:50   And that's the exposure to the new,

00:51:53   the new password thing has a two-factor thing built in

00:51:55   and will generate your passwords.

00:51:57   And it's also, by the way, reflected in Safari in Monterey.

00:51:59   So Safari has it in its own preferences,

00:52:02   also decked out with the new features,

00:52:04   but they also put it in system preferences

00:52:06   because that's where people will look for it.

00:52:07   So things are getting better

00:52:10   and slightly more featureful on the Mac.

00:52:12   Still nowhere close to 1Password's features.

00:52:13   You haven't even mentioned the family thing,

00:52:14   which I think is the real killer,

00:52:16   the real killer feature of 1Password,

00:52:18   even if you never do anything cross-platform.

00:52:20   - Narrator, they both mentioned it.

00:52:21   - Yeah. (laughs)

00:52:23   Yeah, no, that's the thing, is that for me,

00:52:27   what I love about 1Password is,

00:52:28   as compared to like iCloud keychain,

00:52:30   is that first of all,

00:52:32   I can store things other than passwords.

00:52:33   And maybe you can in iCloud keychain,

00:52:35   but last I had looked at it, that wasn't the case.

00:52:37   I can store documents, I can store notes,

00:52:39   I can store things that aren't just passwords,

00:52:42   which for me is very important.

00:52:43   - You can store notes.

00:52:44   I haven't tried documents,

00:52:46   but you can just make notes in Keychain Access,

00:52:48   I'm pretty sure.

00:52:49   - Okay, well, I also keep PDFs, for example,

00:52:52   and things like that in there.

00:52:53   - Yeah, I keep a scan of my driver's license.

00:52:55   - Exactly, same.

00:52:56   - It's handy to have this kind of stuff.

00:52:58   - And again, as both Marco and I were evangelizing

00:53:03   and touting 1Password for Families,

00:53:05   or when I last had a real job,

00:53:08   I brought 1Password to our company,

00:53:10   and we were using 1Password for Business.

00:53:11   At the same time, I was using 1Password for Families,

00:53:13   and all of that intermingled really, really well, actually.

00:53:17   So again, I love 1Password for the service.

00:53:20   I personally love paying for 1Password for the service.

00:53:22   I mean that genuinely,

00:53:24   because not only are the people very good,

00:53:25   and the apps, until maybe now, are really good,

00:53:29   but the service is really good,

00:53:30   and it genuinely makes my online life better

00:53:33   and more secure, and for that,

00:53:35   I think it's well worth whatever money it is

00:53:36   I pay them every year.

00:53:38   But yeah, this new beta Mac app is based on Electron,

00:53:43   and again, that means it's written in JavaScript,

00:53:47   and apparently a whole bunch of Rust.

00:53:48   They're very excited about Rust over there.

00:53:50   And what that means is, in my personal opinion,

00:53:56   it will never feel properly and truly native.

00:54:00   Now, can you get close?

00:54:02   You certainly can, but take, for me,

00:54:04   the canonical good Electron app is Visual Studio Code,

00:54:09   and Visual Studio Code, to me,

00:54:11   is a genuinely and truly great app.

00:54:15   Native, though, eh, not really.

00:54:18   It's a great app, but it doesn't really feel native.

00:54:21   It doesn't really feel like it's part of the Mac,

00:54:24   and that's okay, but what bums me out about 1Password

00:54:29   is they have this long, long, long,

00:54:31   like 15 or 20 year history,

00:54:32   of being excellent platform systems everywhere,

00:54:36   excellent platform citizens, excuse me, everywhere,

00:54:39   and this certainly doesn't smell

00:54:43   like it's gonna be the case too much longer.

00:54:45   And I have installed the beta,

00:54:48   and I've used it for a little while,

00:54:52   and as the three of us do, I have thoughts.

00:54:56   Do you want me to start diving into this,

00:54:59   or would we rather kind of talk about,

00:55:01   oh, Penny is not on airplane mode right now.

00:55:03   Would you rather, let me just reboot that whole thing.

00:55:06   Would you like to have me go into my particulars,

00:55:09   or would you rather talk kind of more generally previous,

00:55:12   before we get into that?

00:55:13   - I think you should go through your list of complaints,

00:55:15   because I think it's important that you made this list,

00:55:18   because lots of people will say this,

00:55:19   oh, it uses web technologies,

00:55:20   and it doesn't feel native on the Mac or whatever,

00:55:23   but what does that mean?

00:55:25   What does it mean in concrete terms?

00:55:26   How does it affect me as a user?

00:55:27   What if I'm not a touchy-feely person

00:55:29   who has this inherent feel of,

00:55:31   if I can feel this isn't right for the Mac,

00:55:34   what are the actual consequences?

00:55:36   And I think that's what you have a list of here.

00:55:38   We say that all the time,

00:55:39   but I think it's important to nail it down, so please do.

00:55:42   - Yeah, so I went on a Twitter rant about this,

00:55:46   which I directed at the 1Password account,

00:55:49   so if you happen to follow me,

00:55:51   but don't follow 1Password, you wouldn't have seen it.

00:55:53   I'll put an unrolled version of it linked in the show notes.

00:55:57   But nevertheless, so here's some examples.

00:56:00   When I installed the beta,

00:56:03   one of the first things it asked me on my iMac Pro,

00:56:07   on my Intel iMac Pro, was, hey, do you wanna use Touch ID?

00:56:11   What? (laughs)

00:56:13   I'm sorry, on my Intel iMac Pro?

00:56:15   Yes, I would like to use Touch ID, but I can't.

00:56:18   I can't, and that is a very silly thing

00:56:22   that lasted two and a half seconds,

00:56:25   but it's the sort of thing that if it were a native app,

00:56:28   and perhaps there is a way,

00:56:30   with this new based on Electron app,

00:56:32   maybe, or powered by Electron or whatever,

00:56:35   maybe there's a way to get to the API

00:56:37   that would tell them whether or not Touch ID

00:56:39   is even available on this particular computer,

00:56:42   but based on my experience,

00:56:45   they certainly didn't bother trying to figure that out.

00:56:47   And so this is a great example

00:56:49   of least common denominator user interface.

00:56:52   One of the platforms that this app may run on has Touch ID,

00:56:57   so screw it, let's ask everyone about Touch ID,

00:57:00   which is fine.

00:57:02   Is it in and of itself a big deal?

00:57:04   Certainly not, but that's my first paper cut,

00:57:06   and I've been running this new app for 30 seconds.

00:57:09   Okay, so let's say I go and I try to enter

00:57:13   my master password.

00:57:14   So I'm sorry, I should have said this already,

00:57:15   but basically if you somehow lived under a rock

00:57:17   and aren't familiar with 1Password,

00:57:19   you have one password, you have a single password

00:57:23   that opens up-- - You fingered it out,

00:57:24   you cracked it.

00:57:25   - Maybe that's why he became a dentist.

00:57:27   - So you have this 1Password that once you open it up,

00:57:30   then you have unique passwords

00:57:31   for like everything under the sun.

00:57:32   You have a unique password for Gmail,

00:57:34   a unique password for Facebook and so on and so forth.

00:57:35   So when you enter that 1Password incorrectly,

00:57:38   in every version of 1Password I've ever used,

00:57:41   or every native version,

00:57:42   I don't recall if it did it on the web or not,

00:57:44   but in every native version though,

00:57:45   the screen would shake side to side,

00:57:46   just like the login screen does on a Mac.

00:57:49   And at one point I entered my password incorrectly,

00:57:52   either on purpose or accident, and nothing happened.

00:57:55   It just said, oh, that's not right.

00:57:58   Is that a big deal?

00:57:59   Certainly not.

00:58:00   But I have, I've been using 1Password, geez, 10, 15,

00:58:04   probably like 10 years.

00:58:05   And I'm used to seeing a shake

00:58:07   when I get the password wrong.

00:58:07   I'm not even really looking at the screen,

00:58:09   but I'm seeing something shaking side to side

00:58:11   in my periphery.

00:58:12   And I know, oh, I gotta try that again.

00:58:14   Again, something silly, something that maybe could be done,

00:58:18   but at least as of the time in which we are recording

00:58:21   is not being done.

00:58:22   - And to be fair, it is a beta.

00:58:24   - Yeah, absolutely.

00:58:25   - But I think a lot of this stuff, ultimately,

00:58:26   I think a lot of this stuff

00:58:27   is probably not going to improve for the final version.

00:58:31   - And that's the thing is,

00:58:33   if the ostensible reason

00:58:34   for going to this electron-powered monstrosity

00:58:37   is to have as little custom user interface

00:58:42   on any given platform as you can get away with,

00:58:45   then why would they make it shake

00:58:47   unless they make it shake everywhere?

00:58:48   And gosh knows that the animation APIs

00:58:51   are gonna be different on a Mac versus Windows

00:58:52   and so on and so forth.

00:58:53   So I don't think things like this are going to change.

00:58:58   And I'd love to be wrong.

00:58:59   Golly, I would love more than almost anything in the world,

00:59:03   even more than eating crow about crypto,

00:59:05   which I'm never gonna do 'cause I'm right,

00:59:07   I would love to be able to eat crow on this and say,

00:59:10   you know what, this new electron version,

00:59:12   the final released version, hand to God,

00:59:15   I can't tell the difference between this and the real one,

00:59:16   and the native one, the real one, see what I did there,

00:59:18   and the native one.

00:59:20   So yeah, I was wrong.

00:59:21   It's just fine.

00:59:22   - By the way, the animation APIs

00:59:23   would be the same on all platforms

00:59:24   because they'd be web APIs.

00:59:25   That's the whole point of a web-based--

00:59:26   - Oh, that's true.

00:59:27   No, you're right, you're right, you're right.

00:59:28   - It's just animation.

00:59:29   But what you're getting at is the conventions.

00:59:31   Like, did it always shake on Windows

00:59:33   or was that just a Mac thing, right?

00:59:35   Is that a convention on Windows

00:59:37   like it is in the Mac shaking when you get it wrong

00:59:38   or is it not a convention?

00:59:39   So if you did it everywhere,

00:59:41   you may not be, like you said before,

00:59:42   may not feel like a native citizen of the platform.

00:59:46   Like, you're not complying with the conventions

00:59:48   of your environment,

00:59:50   but instead are complying with the conventions

00:59:51   that someone has decided it should be the same

00:59:53   across all platforms.

00:59:55   - Right.

00:59:56   So then things got dodgy.

00:59:59   And I think I've since figured out what the problem is.

01:00:01   I suspect, and I hope that this will get fixed

01:00:03   by the time the beta is no longer a beta,

01:00:05   but when I first started trying to use

01:00:07   this new 1Password8 beta,

01:00:08   it had me install a new version of the extension for Safari,

01:00:12   which makes perfect sense.

01:00:13   It's totally reasonable.

01:00:15   But it didn't seem like it really wanted to do anything.

01:00:18   But there was no solid communication

01:00:20   between Safari and the actual app.

01:00:24   And for the life of me,

01:00:25   I couldn't figure out what I was doing wrong.

01:00:27   But I would go to hit the little icon

01:00:29   in the toolbar in Safari,

01:00:30   which in the past would ask me to enter my password

01:00:34   right there in the extension,

01:00:35   which I believe is not the case anymore.

01:00:38   I think I was running an old extension

01:00:39   or something like that.

01:00:40   I'm a little wishy-washy on this, so I might be lying.

01:00:43   But one way or another,

01:00:45   the extension that I was used to

01:00:46   was that it would let me enter the password

01:00:48   right there in the extension,

01:00:49   and then it would give me my list of passwords

01:00:51   for that particular website.

01:00:53   Well, now it's asking, it's kicking open the full app,

01:00:56   which is kind of annoying

01:00:57   because it's a context switch I'm not expecting

01:00:59   and don't particularly want, but okay, fine.

01:01:01   But then when I would successfully enter my password,

01:01:04   the extension would just sit there and spin.

01:01:07   Okay, so I tried it again, same story.

01:01:10   Eventually I figured out what appears to be the problem was

01:01:13   I made the critical mistake of asking one password

01:01:16   not to be in my menu bar on my Mac,

01:01:18   which is something I've done forever.

01:01:20   I really don't like menu bar items

01:01:22   except the ones I want up there,

01:01:25   which is funny because I have like 304 up there,

01:01:27   but they're the ones I want, darn it.

01:01:28   And so-- - No, I am so with you

01:01:30   on this, by the way, I'm 1,000% with you on that.

01:01:33   - Thank you, and so I hate having things

01:01:36   that I don't want on my menu bar.

01:01:37   And yes, I'm aware that Bartender exists.

01:01:39   I don't want to use Bartender.

01:01:41   I just wanna have the stuff I want up there.

01:01:43   And so immediately when I had installed the beta,

01:01:45   I took the, I had checked to the, or unchecked,

01:01:49   I guess I should say, the option of having one password

01:01:51   in the menu bar and kudos to them

01:01:53   that that option was already there in the beta.

01:01:54   Everything was great.

01:01:56   Except it appears that by taking it out of the menu bar,

01:02:01   I have also killed the like daemon for lack of a better term,

01:02:04   you know, the always resident server, if you will,

01:02:08   that's within my Mac in order to communicate

01:02:11   with one password.

01:02:13   So when my, when Safari was going to talk to the daemon,

01:02:16   it wasn't there.

01:02:17   - It's pronounced affluent.

01:02:19   - Did I, oh God, I don't even know what I just said

01:02:21   that made you think of that.

01:02:22   But anyways, the point is that I was trying to get

01:02:26   to this process that wasn't there, and so it wasn't working.

01:02:30   And then once I finally figured out,

01:02:31   oh, I wonder if I need to keep one password in the,

01:02:34   oh, okay, great.

01:02:37   So apparently I do need to have the menu bar icon there,

01:02:40   which I really, really don't want.

01:02:41   And again, I would hope and suspect

01:02:43   that this will get fixed in the future.

01:02:45   But if it's the way, if this is the way it is forever,

01:02:48   I'm gonna be real grumpy about it.

01:02:49   It's a dumb thing to be grumpy about,

01:02:50   but darn it, I'm gonna be grumpy about it.

01:02:51   - No, no, no, this is not, no, I mean, first of all,

01:02:53   it's probably just a beta bug.

01:02:54   But second of all-- - I agree, I agree.

01:02:56   - If that were actually how it would ship,

01:02:59   I would be grumpy about that too,

01:03:00   because I, and this is, I think,

01:03:02   part of the larger picture here,

01:03:04   but I hate when I install something that is, to me,

01:03:08   a utility, and it wants to take over my computer.

01:03:12   - Yep. - And it's like,

01:03:13   hey, you know what, did you know

01:03:14   we now do all these other things?

01:03:16   Now you can use Dropbox as the biggest example

01:03:19   of this in recent years, but it's like,

01:03:21   now you can use those for all your collaboration and tools.

01:03:24   No, I don't want, you are a utility,

01:03:26   not my entire computer.

01:03:28   My computer is not yours.

01:03:29   And when applications that have no good reason

01:03:33   to have a menu bar item put one there,

01:03:36   especially as they almost always do by default,

01:03:39   and it's like, now we're running all the time

01:03:41   to help you out, it's like, no,

01:03:42   you're running all the time to help you out,

01:03:44   not to help me out.

01:03:46   So yeah, I am totally with you on basically keeping

01:03:51   these sprawling businesses' apps

01:03:53   from sprawling all over my computer.

01:03:54   It's like, your business is making you do this,

01:03:57   but that's not my problem.

01:03:59   My problem is this utility app that I thought

01:04:02   was only gonna do this one basic thing in a normal way

01:04:04   wants to grab more real estate than I think it deserves.

01:04:08   - Except for my two apps, which do have to be running

01:04:10   all the time and only appear in the menu bar.

01:04:12   They're fine, right?

01:04:13   - Are they Electron?

01:04:14   - They're brutal. - They are not.

01:04:17   But if they're not running all the time,

01:04:19   they don't work, so there's that.

01:04:21   - So Andrew Byer in the chat is telling me,

01:04:24   one of the big, Andrew works on 1Password,

01:04:26   one of the big changes between 1Password 7 and 8

01:04:29   is our change from Safari app extensions

01:04:30   to a web extension, which comes with some new

01:04:32   Apple API issues.

01:04:34   Safari 15 brings a bunch of improvements on Mac OS,

01:04:36   like the popover opening speed.

01:04:38   So I'm hopeful to see that those improvements land.

01:04:41   And I think, like I was alluding to earlier,

01:04:43   perhaps I was using an ancient version of the extension,

01:04:46   and that's part of the reason why I find this new one

01:04:48   so crummy, is because not only is it working

01:04:50   with the crummier native app, but on top of that,

01:04:53   I'm using the crummier new APIs

01:04:56   that Apple is giving 1Password.

01:04:57   So it's just crummy all the way down.

01:05:00   And those are just a handful of examples

01:05:02   of why I was not in love, and I am not in love

01:05:05   with the new beta.

01:05:07   Again, it is certainly possible

01:05:09   all these things will be fixed.

01:05:10   I'd be surprised, but it is possible.

01:05:13   But the thing of it is, is that 1Password,

01:05:15   as I've said this before, I'll say it a few more times,

01:05:17   was always, to use a groupism,

01:05:20   it was always a Mac-assed Mac app.

01:05:23   It was always a really strong, really solid Mac app.

01:05:27   I'm sure I could come up with complaints

01:05:29   about 1Password 7, but for the most part,

01:05:31   it was a really great shining example,

01:05:35   almost to a panic level, of what a great Mac app could be.

01:05:39   And I would say the same with the iOS apps too.

01:05:41   I'm sure I could come up with complaints,

01:05:43   but on the whole, they were really, really,

01:05:45   really great solid apps.

01:05:47   And now I feel like it's an app on my computer.

01:05:52   It's just another one.

01:05:53   And that's fine.

01:05:55   I guess one could argue that I should not get my engine revved

01:05:58   as much as I used to by a password manager,

01:06:00   but darn it, there's not a lot of things

01:06:02   to be happy about these days, and it always made me happy.

01:06:05   And 1Password 8 does not make me happy.

01:06:08   With that said, to give credit

01:06:11   where credit is potentially due,

01:06:13   I did not take this, or I did not compare to 1Password 7,

01:06:16   but I did look at the memory usage of 1Password 8,

01:06:18   and one of the things that people love to whine about,

01:06:20   including me, with regard to electron-powered stuff,

01:06:23   is that it uses a butt ton of memory.

01:06:25   And when I looked earlier today,

01:06:27   I was using about 135 megs of memory at idle,

01:06:31   which is a lot, and is more than it should be,

01:06:34   but it's not like the 17 gigs that Chrome uses

01:06:37   when it's looking at about blank.

01:06:40   So it certainly could be worse.

01:06:43   There is a long explanation that Dave Teare wrote.

01:06:47   Dave was one of the co-founders of 1Password

01:06:49   that explains kind of the history of 1Password for Linux,

01:06:54   and he and I exchanged a couple of tweets earlier today.

01:06:56   Again, nicest guy.

01:06:59   Everyone there is so nice.

01:07:00   David offered, and we just crisscrossed on timing,

01:07:03   to get on the phone with me to talk about

01:07:05   kind of the motivations of why they're going

01:07:08   the way they're going, which most of me, honestly,

01:07:11   does not really care or wanna hear,

01:07:13   but because I love 1Password and the people there so much,

01:07:16   I was going to hear them out

01:07:16   and at least entertain the conversation,

01:07:18   as it turns out, the timing just didn't work out.

01:07:21   But this Medium post goes through,

01:07:22   like how did 1Password land on electron power,

01:07:27   being powered by electron as the way forward?

01:07:31   And I guess what I keep coming back to,

01:07:34   and it is so easy for me to armchair quarterback,

01:07:36   but hey, that's what I do for a living now.

01:07:38   It's so easy for me to armchair quarterback,

01:07:39   but it seems to me that this is not the way forward

01:07:47   that I want or that I think ultimately 1Password wants,

01:07:52   because what it gives them is a kind of meh experience

01:07:55   everywhere rather than a certainly more difficult,

01:07:59   more expensive, more time consuming,

01:08:01   but ultimately excellent experience everywhere.

01:08:04   And I think, I don't wanna get into it yet,

01:08:06   but I think we should talk a little bit

01:08:07   about what their alternatives were,

01:08:10   both with regards to SwiftUI and Catalyst,

01:08:11   but let's put that in the parking lot for a minute

01:08:14   and let's come back to that.

01:08:16   I don't know, I've been talking for a long time.

01:08:18   Gentlemen, what's your take on this?

01:08:21   - You should mention the blog post

01:08:22   on the 1Password site itself that also goes through this

01:08:25   from a slightly different perspective than the Medium post.

01:08:27   In fact, that's the first place I would say

01:08:29   you should look to where the company explains

01:08:32   how did we end up where we are?

01:08:33   We previously had like a Mac app

01:08:35   and a Windows app or whatever.

01:08:37   How did we end up where we have this electron app

01:08:39   across all the platforms?

01:08:40   And I think it explains it well.

01:08:42   There's a bunch of quotes in here

01:08:43   about their various requirements

01:08:45   and it explains basically that they,

01:08:49   this wasn't, they had to,

01:08:49   it was like a plan A and a plan B.

01:08:51   Or I don't even know which one would be A or B.

01:08:53   But when they did the Mac app,

01:08:54   they had the electron one and they also had a SwiftUI app

01:08:59   and they were doing both,

01:09:00   presumably to see which one's gonna work out better

01:09:03   and in the end, the one that worked out better

01:09:05   was the electron one.

01:09:07   And so they went with that.

01:09:08   It's not like they decided from day one

01:09:10   we're going electron everywhere.

01:09:11   They were hedging their bets,

01:09:12   saying we should try making a native Mac app,

01:09:15   try using SwiftUI, you know,

01:09:17   get some cross-platform stuff with iOS and iPadOS or whatever

01:09:20   and it just turned out that the electron one

01:09:22   was the very best.

01:09:22   Anyway, they explained it in the blog post.

01:09:23   You can read it.

01:09:24   But I think, they go into this a little bit,

01:09:27   but the underlying assumption, which I think is true,

01:09:30   is that part of 1Password's value as a product

01:09:34   is the fact that it is cross-platform.

01:09:37   Apple's keychain is just now trying to kind of be like that.

01:09:42   Oh hey, we have a Windows app, but 1Password,

01:09:44   I mean, 1Password runs on Linux for crying out loud,

01:09:46   runs on Android, runs on Windows,

01:09:47   but it's like their selling point is,

01:09:50   you know, especially for a password manager,

01:09:52   as Marco figured out,

01:09:52   even if you are essentially a one-platform household,

01:09:55   using a password manager that is available

01:09:59   many different places can come in surprisingly handy

01:10:02   that one time you do end up having an Android phone briefly

01:10:05   or having a Windows PC for gaming or whatever.

01:10:08   It's convenient, like,

01:10:09   'cause that's exactly the type of thing,

01:10:11   like, when you go to another password platform,

01:10:14   your passwords don't change or disappear,

01:10:16   like, you still have whatever,

01:10:17   your Dropbox account, your Microsoft account,

01:10:19   your login to Amazon.com, whatever, right?

01:10:22   That's still you, you are the same person,

01:10:24   so why shouldn't your passwords come with you?

01:10:26   So it makes perfect sense that a company like 1Password

01:10:29   correctly realizes, like, two things.

01:10:32   One, a great part of our value is that we're cross-platform,

01:10:36   and two, within the realm of any single platform,

01:10:39   we are essentially competing against the platform vendor.

01:10:42   Apple has a solution to this called iCloud Keychain, right?

01:10:46   But, and if you're 1Password, you're like,

01:10:48   well, on the Apple platform,

01:10:51   not that our days are numbered,

01:10:52   because Apple's probably never gonna have all the features

01:10:54   that 1Password does, and, you know,

01:10:56   1Password probably cares more about this than Apple does,

01:10:58   but anytime you're competing with a built-in feature,

01:11:00   the built-in feature doesn't actually have to be better

01:11:02   than you to sort of gobble up your market share,

01:11:05   so it's kind of dangerous to sort of

01:11:07   bet the future of your company on the fact that

01:11:10   we'll always have a better password manager than Apple,

01:11:12   and people will be able to recognize

01:11:14   that we have the better password manager,

01:11:16   and reward us by paying money for a thing

01:11:18   they could get for free with their OS.

01:11:20   It's much better to say, we need to go cross-platform,

01:11:24   because we feel like that's an area where,

01:11:26   maybe they at one time thought that's an area

01:11:27   where Apple won't go, Apple has proved them wrong

01:11:30   with their Windows iCloud stuff

01:11:31   that they've been doing in recent years,

01:11:33   but you can have more confidence

01:11:34   that even if Apple does go there,

01:11:36   Apple's track record of making really good Windows apps

01:11:39   has not been great, see Safari for Windows,

01:11:41   QuickTime for Windows,

01:11:42   basically anything they've ever done for Windows,

01:11:45   the bootcamp drivers for Windows, maybe.

01:11:47   So that's a better strategy for the company,

01:11:52   so that's the context of this thing,

01:11:54   why do they care about cross-platform,

01:11:56   and then from there, everything else

01:11:58   follows this in this blog post,

01:11:59   like how many people are in me,

01:12:00   how much money has been invested,

01:12:03   the investors wanna see in their return,

01:12:04   their investment, we need to do the thing

01:12:06   that is the strength of our company, right?

01:12:09   How much time and energy have we spent for the past years,

01:12:12   with all the years that Casey loved,

01:12:13   where they had a really Mac-native app,

01:12:17   as they describe in their blog post,

01:12:20   it became a problem trying to coordinate two teams

01:12:22   making two separate applications,

01:12:23   and it was making them as a company move more slowly

01:12:26   and take more time to add features,

01:12:28   kind of like reading the threat model of the CSAM thing,

01:12:31   if you read the document in isolation,

01:12:33   you will be nodding your head and going, yes,

01:12:35   yeah, this all makes sense, right?

01:12:37   But where the rubber meets the road

01:12:38   is what Casey was talking about,

01:12:39   it's like, okay, but I'm not an employee

01:12:41   or shareholder of 1Password,

01:12:43   I'm just a user of their product,

01:12:45   and my experience has gotten worse.

01:12:47   Now I have to say, the list of things

01:12:48   that Casey went down here,

01:12:50   a lot of them seem like potential beta bugs

01:12:54   or small things that aren't a big deal,

01:12:55   but I think the earlier point that you made

01:12:58   about Visual Studio is a good one.

01:13:02   Most users don't know or care what API their app used,

01:13:05   but within any given API,

01:13:07   you can have a good Electron app,

01:13:09   or you can have a bad one.

01:13:10   My choice for a good Electron app,

01:13:11   I think Slack is still Electron, right?

01:13:13   Or an app that uses web technologies or web views or whatever.

01:13:16   There is a huge difference

01:13:18   between a good Electron app and a bad one.

01:13:20   I say this is someone who uses Teams and Slack.

01:13:23   I don't know if Teams is Electron, I hope it is,

01:13:26   because there's no other excuse

01:13:27   for it to be so horrible on the Mac.

01:13:29   It looks like it's using web technology,

01:13:30   it is so much worse than Slack, it's not even funny.

01:13:33   Same thing, pick an API.

01:13:37   UIKit on the iPhone, you can make a good app with UIKit,

01:13:40   and you can make a bad app, right?

01:13:41   And I think the range between a good app

01:13:44   within a given framework

01:13:45   and a bad app within a given framework

01:13:47   is probably bigger than the average range

01:13:49   between apps on different frameworks, right?

01:13:53   So it's not ridiculous to think

01:13:55   that one password strategy of using Electron,

01:13:57   like it has huge benefits for their ability,

01:13:59   for their velocity, as we say in the business,

01:14:01   for their ability to get features out the door

01:14:04   in a timely manner,

01:14:06   to have a consistent experience across all their platforms,

01:14:08   to be able to roll out features simultaneously.

01:14:10   Like there's all these reasons,

01:14:11   and the Rust backend is making the core

01:14:14   in a cross-platform Rust language

01:14:16   with more safety features, it all makes tech sense.

01:14:20   But I don't wanna minimize Casey's complaints here

01:14:23   because the bottom line is,

01:14:24   as you would hope, one password eight, here it is,

01:14:28   that as a user of this app,

01:14:30   you would be excited because the app would get

01:14:32   in your estimation better,

01:14:33   and thus far, Casey is not excited

01:14:35   about the app getting better.

01:14:37   I mean, you can offset this with new features,

01:14:40   and maybe if you did hop across platforms a lot,

01:14:43   you would enjoy the consistency

01:14:44   where before they were different for weird reasons,

01:14:47   or they got features at different times,

01:14:49   but that's the challenge for one password, the company,

01:14:52   and the product is to, one, make a really good Electron app,

01:14:56   and two, try not to downgrade the user experience

01:15:00   of your customers from what they are previously accustomed to

01:15:02   and it sounds like, at least in Casey's estimation,

01:15:05   it feels like a downgrade right now,

01:15:07   even though it's just a beta.

01:15:09   - It definitely does feel like a downgrade,

01:15:10   but again, the complaints I have so far

01:15:13   are beta kind of complaints,

01:15:16   and they're not that big a deal

01:15:18   in the grand scheme of things.

01:15:19   And the actual app itself,

01:15:21   I haven't spent too much time with it today.

01:15:23   I don't, I feel like there's a lot of white space here

01:15:26   that isn't necessary,

01:15:27   but that's a quibble of a quibble of a quibble.

01:15:29   The app itself seems like it's perfectly functional

01:15:31   and will work just fine,

01:15:32   which really, especially for a beta this early,

01:15:35   is pretty high praise.

01:15:37   Like if the app itself is workable and sufficient,

01:15:40   then one could make an argument

01:15:41   that I should get off my high horse,

01:15:42   and you might be right, and just shut up and deal,

01:15:45   but it just makes me sad, man,

01:15:47   'cause it was such a great app.

01:15:47   - That's not what I said at all.

01:15:49   - No, no, no, no, no, no, no, no, no, no, no, no, no.

01:15:51   I'm sorry, I'm not trying to put words in your mouth at all.

01:15:53   I just mean in general, one could say,

01:15:55   the royal you could say that,

01:15:57   you know, I'm whining and moaning about nothing,

01:16:00   and maybe that's true, but I don't know.

01:16:01   It just makes me so sad that what was once a shining example

01:16:04   at least today is not a shining example.

01:16:08   Now, maybe it will be later, I don't know,

01:16:10   but it's not today, and it still bums me out.

01:16:14   - Do you feel like it's a good Electron app?

01:16:16   Like, you know, compare it to whatever your favorite is,

01:16:17   Visual Studio Code, Slack, or whatever.

01:16:19   Do you feel like it is within the bounds of Electron

01:16:22   and web technology?

01:16:23   Does it feel like a good one,

01:16:24   or does it feel like Teams?

01:16:25   - Well, I haven't used Teams,

01:16:27   but I take the point you're driving at.

01:16:30   Yeah, it's good, yeah, it's good.

01:16:32   But again, like, I would never say that

01:16:34   about the old 1Password.

01:16:35   I would say it's friggin' great, but--

01:16:37   - Yeah, you were enthusiastic, yeah, I totally get it.

01:16:39   So here's the thing, like,

01:16:41   I don't wanna take 1Password off the hook,

01:16:45   because, you know, as they outline in their thing here,

01:16:48   like, an option that was on the table

01:16:52   is to just continue making a complete native Mac app

01:16:55   like they had always made, with a Rust core underneath it,

01:16:58   which would probably mean rewriting the whole thing

01:17:00   from scratch or whatever,

01:17:01   but that would be more expensive and time-consuming

01:17:03   and difficult than doing what they did, right?

01:17:05   And maybe they'll change their mind about that,

01:17:07   depending on what the feedback is like,

01:17:09   or maybe most people don't even care,

01:17:10   and as long as they have a good Electron app, it'll be fine.

01:17:13   But there is a portion of blame for this whole situation.

01:17:16   It lands squarely in the lap of Apple,

01:17:18   and it's not really super Apple's--

01:17:21   - Oh, we'll get there.

01:17:22   - Yeah, I'm not gonna say, I'm gonna get there now,

01:17:24   'cause I don't think it, I wanna--

01:17:25   - Oh, come on, I wanna talk about 1Password.

01:17:26   - Yeah, no, no, yeah, give Michael a chance.

01:17:28   - All right, all right, I'll jump to it.

01:17:30   Go ahead, have you used it?

01:17:31   I didn't, I wasn't aware you'd used the version eight yet.

01:17:33   - I haven't, and that's kind of, I think this is,

01:17:36   I wanna, like, split this discussion between,

01:17:39   I wanna, like, in a moment,

01:17:41   I wanna close the book on 1Password

01:17:43   and have kind of a separate discussion about, you know,

01:17:46   the problem of SwiftUI and Apple's cross-platform stuff,

01:17:49   and how, you know, how Electron plays into that,

01:17:51   because I think the reason why we're seeing all this rage

01:17:54   at 1Password over this right now,

01:17:56   I think is a combination of factors.

01:17:57   I mean, first of all, many long-time 1Password consumer users

01:18:02   have been upset with the company's overall direction

01:18:06   in the last few years towards their own sync service,

01:18:09   with, you know, towards subscription pricing,

01:18:11   and this is, like, you know, 1Password has kind of

01:18:13   borne the brunt of a lot of, just like,

01:18:17   the general consumer resentment towards things moving

01:18:21   towards subscription pricing and all that,

01:18:23   so, like, there's a lot of that going into this.

01:18:25   I think it's also worth noting the context of, like,

01:18:28   the changes that 1Password has been going through

01:18:31   as a company in the last few years, like,

01:18:33   you know, the news came out a couple weeks ago

01:18:34   about their new fundraising round,

01:18:36   and I think this surprised a lot of people,

01:18:39   myself included, with, like,

01:18:40   quite how big of a company they are now.

01:18:43   So I pasted the link here.

01:18:45   So, you know, it's raised $100 million,

01:18:48   it's their second round, and I think what's most interesting

01:18:49   here is looking at how different the numbers are

01:18:52   between their first round from two years ago and now.

01:18:55   So they went in two years from 174 employees,

01:19:00   which is way higher than I would have guessed,

01:19:03   that they had, to 475.

01:19:07   So at 475 employees currently work at 1Password,

01:19:13   it is a massive company, they do $120 million in revenue,

01:19:17   and if you look at also, like,

01:19:20   they're getting into a lot more, way more business stuff

01:19:22   than anything that the three of us would even probably

01:19:26   even know about, let alone use.

01:19:28   - They should be sponsoring us more,

01:19:29   I didn't know they had that much money.

01:19:30   (laughing)

01:19:32   Buy some more ads, it's chump change for you.

01:19:34   - And their number of business customers

01:19:36   has nearly doubled in that time,

01:19:37   according to all this news, so, like,

01:19:38   if you look at, like, this is a company that has exploded

01:19:42   in money, in people, in focus, and in scope

01:19:46   over the last couple years, and for those of us,

01:19:49   like the three of us, or two of us,

01:19:51   John, you don't even use it, do you?

01:19:52   - No, I don't use it, but I do recommend

01:19:53   other people use it.

01:19:54   - Right, so for Casey and I, and many of the listeners

01:19:57   who are big 1Password fans for years,

01:19:59   not only does this stuff mostly happen

01:20:02   without us even knowing about it,

01:20:03   like all this growth into business and everything,

01:20:05   but most of this is stuff that will actively

01:20:08   make this company worse for serving our needs,

01:20:10   or at least will incentivize them to go

01:20:13   in much different directions,

01:20:14   and focus in much different directions.

01:20:15   And so, this, I think this is why so much

01:20:19   of this frustration and anger over the move

01:20:22   to an Electron app has hit 1Password in particular,

01:20:25   because they already had these other factors going

01:20:27   that were giving them a lot of resentment

01:20:29   among certain groups of the community,

01:20:30   and I think that's not to be overlooked.

01:20:32   I also think, despite what Casey says,

01:20:35   I would not call 1Password, the previous version,

01:20:38   a quote Mac-asked Mac app.

01:20:41   It does use native frameworks,

01:20:42   but it has a ton of custom UI, and it always has.

01:20:47   And I actually think it works pretty well,

01:20:48   but I can see why they are going in an Electron direction,

01:20:53   because from their point of view,

01:20:55   it was already super custom.

01:20:57   - Certainly.

01:20:58   - And I don't even necessarily care that much

01:21:01   for the reasons why most people don't like Electron apps.

01:21:06   Most of the reasons are things like,

01:21:08   "Well, it doesn't resize smoothly."

01:21:10   Well, you know what, I don't resize my windows that often,

01:21:12   I don't care.

01:21:12   Or, like, it doesn't use the full native UI.

01:21:15   It's like, "Well, look at this app.

01:21:16   "This is not native UI," or, "This is not,"

01:21:18   I mean, standard, I would say, standard UI.

01:21:20   So, already, we're already out of that realm here.

01:21:23   What I care about with Electron apps, now, okay,

01:21:28   we're gonna slice this conversation right here.

01:21:30   This chapter change, all right.

01:21:32   That was 1Password.

01:21:34   Now we're gonna talk about UI frameworks

01:21:36   and the challenges there.

01:21:38   What I care a lot about with Electron apps

01:21:41   is not that they don't resize smoothly,

01:21:44   it's not that their preferences window

01:21:46   is a weird overlay inside the main window.

01:21:48   I honestly don't care much about that at all,

01:21:51   because those things don't get in my way very often.

01:21:54   What gets in my way very often is two things,

01:21:57   how incredibly bloated they are, especially at launch time,

01:22:01   and how they tend to deviate from system standard behaviors,

01:22:06   especially around things like keyboard navigation,

01:22:09   shortcuts, things like that.

01:22:10   - Accessibility.

01:22:11   - Yeah, that's a big one, yeah.

01:22:13   I mean, that doesn't affect me personally

01:22:16   at this moment very much,

01:22:17   but that affects a ton of people in huge ways.

01:22:19   So that's a huge one.

01:22:21   So, Electron apps in general,

01:22:23   because they are this basically web views

01:22:25   with fancy stuff around them or within them,

01:22:28   but basically all this custom web stuff,

01:22:30   they tend to have a lot of just little paper cuts in use,

01:22:33   just little things that don't work the way the system works,

01:22:36   little behaviors that are a little bit different

01:22:37   as you navigate or as you work through the app

01:22:39   or as you use keyboards or big things

01:22:42   as you use assistive technologies.

01:22:43   So there's all sorts of little ways

01:22:46   that Electron apps make the customer experience worse.

01:22:49   And two of the biggest ones are memory usage,

01:22:52   disk space, and I guess launch time, and counting.

01:22:55   And to me, the move to Electron,

01:23:01   it has these externalities.

01:23:02   It's kind of like our Bitcoin discussion,

01:23:04   but on a much smaller level.

01:23:05   It has these externalities of,

01:23:08   we're gonna waste significantly more memory,

01:23:10   significantly more disk space,

01:23:11   more time to launch the app, et cetera.

01:23:13   Like, we're gonna really bloat up

01:23:15   the app's technical resource needs

01:23:18   in a way that doesn't really help our customers at all,

01:23:21   and we are actually foisting the externality of that

01:23:24   onto our customers, onto all their devices.

01:23:27   So we're gonna take up all this disk space around the world,

01:23:30   all this extra RAM around the world on all these computers.

01:23:33   We're gonna make everyone's experience a little bit worse

01:23:35   in order to save us some time and money.

01:23:38   I think that's one of the reasons

01:23:39   why this rubbed people the wrong way,

01:23:40   but I think that ultimately gets down to,

01:23:42   that's the biggest problem I have with Electron apps.

01:23:45   Again, it's not the animations and stuff.

01:23:47   Honestly, that's fine.

01:23:49   My password manager has always looked totally weird

01:23:51   compared to other apps.

01:23:52   I still like it, 'cause it worked well.

01:23:55   But if this move is going to make it work

01:23:58   with as much mediocrity as every other Electron app

01:24:01   I've ever seen, including things, you know, Slack,

01:24:02   I've used it enough now.

01:24:04   I've seen enough.

01:24:05   I know how this is likely to go.

01:24:07   And even if they take all the care in the world

01:24:10   to try to do their best, it's not gonna be the same.

01:24:12   It's not gonna be like a native app.

01:24:14   It's gonna be full of all those paper cuts,

01:24:15   maybe fewer of them than if they hadn't cared at all

01:24:18   to fix any of them, but there's gonna be

01:24:21   all those paper cuts all throughout it.

01:24:22   And for a company that has about 475 employees,

01:24:27   I know these aren't all engineers.

01:24:30   I know engineering and scaling, engineering resources,

01:24:33   these are not simple things.

01:24:36   But I just, ooh, I fell back into one password, whoops.

01:24:39   (laughs)

01:24:40   I just don't think this was a good decision

01:24:44   of resource allocation.

01:24:46   'Cause it's not like they're starting from scratch.

01:24:50   They already had native apps. (laughs)

01:24:54   So it's like they're throwing that away

01:24:56   or throwing much of that away, and I just,

01:25:00   it seems like many common engineering

01:25:04   foibles have happened here.

01:25:08   They tried something new, it didn't work out.

01:25:10   We'll get to that in a moment.

01:25:11   Don't worry, John.

01:25:12   They tried something new, it didn't work out,

01:25:15   and so they didn't even seem to consider,

01:25:17   well, why don't we just do what we were doing before?

01:25:19   - Well, I mean, the reason they didn't do

01:25:22   what they were doing before, they explained

01:25:23   in the blog post, 'cause what they were doing before,

01:25:25   they knew for a fact had these certain problems

01:25:27   in terms of coordination and time to market

01:25:29   and synchronizing features between things,

01:25:30   and that's why they didn't just say,

01:25:32   why don't we just go back to what we were doing before?

01:25:34   So I kind of understand where they're coming from.

01:25:36   They had a status quo, and the status quo

01:25:38   was not meeting the needs of the business,

01:25:40   so they needed to do something.

01:25:42   - I mean, yeah, I get that argument.

01:25:45   I don't necessarily know if I agree with the conclusions

01:25:48   that companies come to sometimes with that argument,

01:25:50   which often lead to things like Electron,

01:25:52   because it's very much the grass is always greener situation

01:25:56   to a large degree.

01:25:57   Electron is not free, and it has its own downsides.

01:26:00   I mean, this is true.

01:26:01   Any time a large engineering decision is made

01:26:03   to switch to some massive new framework,

01:26:05   like for instance, I think even trying SwiftUI

01:26:08   for a company of this size, for a company

01:26:11   that the Mac app is so important,

01:26:13   I think they should never even try SwiftUI.

01:26:15   Like, one engineer should have tried it for a weekend

01:26:18   and realized it's not ready and stopped.

01:26:20   So the fact that they invested very heavily into it,

01:26:22   I think that shows, like that was a misdirection, I think.

01:26:26   Anyway, so again, I don't wanna spend too much time

01:26:29   on this specifically on this,

01:26:29   because I think it's much more about the general,

01:26:32   like Electron in general, my problem with it

01:26:36   is that externalizing the downsides to your user base

01:26:41   is to save yourself a couple engineers

01:26:45   when you're a big company.

01:26:46   That to me, I don't appreciate that

01:26:50   as a user of these things.

01:26:51   And as a 1Password user in particular,

01:26:53   it's, oh god, I fell back into it again.

01:26:55   I see why people are mad,

01:26:56   because they've taken the same path as Dropbox

01:27:00   and many other companies where like,

01:27:01   it starts out as this consumer thing that we all love,

01:27:04   and then it turns out, you know,

01:27:06   the consumer thing can't really have

01:27:09   like this massive explosive growth business,

01:27:11   or it's hard when the platform makers move into it,

01:27:13   or whatever, there's major reasons

01:27:16   why they want to explode into the business world.

01:27:18   So the company balloons in size and in financing,

01:27:22   and they explode into the business world

01:27:23   and do all these business features,

01:27:24   and it leaves behind people like us

01:27:27   who are like, well, we didn't really want any of that,

01:27:30   and now this thing that we like and have come to rely on,

01:27:33   and that doesn't have a lot of good alternatives,

01:27:36   is now going in this massive direction

01:27:37   that is actively against the things that we like,

01:27:41   or that we value, or that we need.

01:27:42   (upbeat music)

01:27:43   We are sponsored this week by Linode,

01:27:46   my favorite place to run servers.

01:27:48   Visit linode.com/atp and see why Linode

01:27:51   has been voted the top infrastructure as a service provider

01:27:54   by both G2 and TrustRadius.

01:27:57   From their award-winning support,

01:27:58   which is offered 24/7/365,

01:28:00   and that's regardless of your plan size,

01:28:02   from that $5 a month plan

01:28:04   all the way up to at base services you can put there,

01:28:07   everyone gets that same amazing level of support.

01:28:09   So from that to their ease of use, their great setup,

01:28:12   it's clear why developers like me

01:28:14   have been trusting Linode for projects

01:28:16   both big and small since 2003.

01:28:19   You can deploy your entire application stack

01:28:21   with Linode's one-click app marketplace,

01:28:23   or build it all from scratch and manage everything yourself

01:28:26   with supported centralized tools like Terraform.

01:28:28   Linode offers the best price to performance ratio

01:28:31   for all compute instances, including GPU compute instances

01:28:35   as well as block storage, Kubernetes,

01:28:37   and their upcoming bare metal release.

01:28:40   Quite frankly, this is what drew me to Linode

01:28:41   in the first place.

01:28:42   Years ago when I started there,

01:28:43   way before they were a sponsor of anything,

01:28:45   you know, I pay for it all myself.

01:28:46   It's wonderful, it's a great value.

01:28:48   And I care about that value.

01:28:49   I care about what I'm getting for my money.

01:28:50   And in hosting, sometimes you get a place

01:28:53   that's like a good value for a year or two

01:28:54   and then it's not anymore.

01:28:55   Linode has been an amazing value

01:28:57   the entire time I've been a customer.

01:29:00   They always give you more for your money.

01:29:02   As technology moves forward,

01:29:03   they give you more for the buck.

01:29:04   It's fantastic.

01:29:06   Linode makes cloud computing fast, simple, and affordable,

01:29:09   allowing you to focus on your projects, not your servers.

01:29:12   Visit linode.com/atp, create a free account

01:29:15   with either your Google or GitHub account

01:29:17   or just your email address,

01:29:18   and you get $100 in free credit.

01:29:20   Once again, linode.com/atp.

01:29:23   Create your free account to get $100 in credit.

01:29:26   I love Linode.

01:29:27   If you gotta run servers somewhere,

01:29:29   I strongly recommend Linode.

01:29:30   Thank you so much to Linode for sponsoring our show

01:29:33   and hosting all my stuff.

01:29:34   (upbeat music)

01:29:37   Electron.

01:29:40   Go ahead, Jon. (laughs)

01:29:41   - All right, so the framework question.

01:29:44   This is tangentially related to 1Password,

01:29:47   but it's actually more of an Apple problem

01:29:51   that they have to deal with, right?

01:29:53   So the reason 1Password looked at SwiftUI

01:29:56   is because in theory and as pitched by Apple,

01:29:59   SwiftUI is a framework where you can write an application

01:30:01   and you can use a lot of that same code,

01:30:03   if not the exact same application,

01:30:05   depending on how you wanna try to do it,

01:30:07   on the Mac, on the phone, on the iPad, on the watch.

01:30:12   You know, it's Apple's cross-platform UI framework

01:30:16   to the extent that it exists.

01:30:18   So if part of the deal of this thing is,

01:30:20   hey, we've got a problem, we've got all these native apps,

01:30:22   the coordination is a big problem for us,

01:30:25   let's try to unify, right?

01:30:26   Step one in the unification

01:30:28   that we haven't talked too much about

01:30:29   is sort of doing the core and Rust in a cross-platform way,

01:30:32   and I think that's a great idea.

01:30:34   When we talk about the core, we're talking about like,

01:30:36   the part that doesn't have a user interface,

01:30:37   just the guts of the machine.

01:30:39   Using Rust, which is a language that has lots of rules

01:30:41   about memory ownership and type safety and everything,

01:30:44   is a great idea for a security-conscious application

01:30:47   rather than say, writing it in C or some other language

01:30:49   that has lots of security problems.

01:30:51   Great, make your core in that, right?

01:30:53   Like, that's our new sort of new generation.

01:30:54   We used to have the core,

01:30:56   but it was different on different platforms

01:30:57   and it was kind of a pain.

01:30:58   Let's write a new core in Rust.

01:30:59   Then you have this core with no interface,

01:31:01   and you have to decide, how do I put an interface on this?

01:31:05   And 1Password didn't immediately jump to,

01:31:07   let's just do Electron everywhere.

01:31:08   We use the Rust core and then we'll do Electron for our UI.

01:31:11   That wasn't their first thing.

01:31:12   They thought of, okay, on Apple's platform,

01:31:15   Apple actually has a newish native UI framework

01:31:20   that can target more than one Apple platform.

01:31:23   So no, you can't use Swift UI across all of our platforms,

01:31:26   Linux, Android, Windows,

01:31:27   but we can get pretty much all the Apple platforms

01:31:30   we care about with this one framework.

01:31:32   So let's consider a bifurcated strategy,

01:31:34   which is like Electron everywhere,

01:31:36   except for on Apple platforms, we'll try using Swift UI,

01:31:41   which in itself is, and Jason's not wrote the story recently

01:31:44   saying how the Mac just wasn't important enough

01:31:46   for 1Password to do this, and in the end, that is true.

01:31:48   But the idea that they looked at Swift UI at all

01:31:52   shows that 1Password kind of knows

01:31:55   where its bread is buttered.

01:31:56   I don't know what their financials are,

01:31:57   but 1Password was his roots as a Mac company, right?

01:32:00   I think they were Mac first, right,

01:32:01   for years before they even branched out.

01:32:03   I don't know if that's true,

01:32:05   but I've always thought of them as a Mac company,

01:32:07   was considering doing a totally different framework

01:32:11   just for Apple's platforms.

01:32:13   Maybe that makes financial sense.

01:32:15   I don't know what percentage of 1Password customers

01:32:17   are on Apple platforms versus not,

01:32:19   but that was a thing that they considered,

01:32:21   which I think shows that either financially

01:32:24   it makes some sense for them to do that,

01:32:26   or just emotionally because they feel the roots

01:32:28   in the Apple platform that they were considering doing that.

01:32:31   That didn't work out for reasons that anyone

01:32:33   who has tried to use Swift UI in the past several years

01:32:36   understands Swift UI is young, it has lots of limitations.

01:32:39   I don't think it's impossible to pull off

01:32:42   a 1Password application on a Swift UI,

01:32:44   but you would then have to decide what to mix it with,

01:32:47   because there are things that the Swift UI can't do

01:32:49   or can't do easily or can't do feasibly,

01:32:52   and you have to mix it with something.

01:32:54   So you can mix Swift UI with AppKit, like I do in my apps.

01:32:57   You can mix Swift UI with UIKit in a catalyst app.

01:33:01   What are the other options you have?

01:33:02   I mean, you can do pure Swift UI,

01:33:03   but that's probably not gonna fly.

01:33:06   And then once you're doing that,

01:33:07   now you're losing a lot of the cross-platform part of it,

01:33:10   depending on how you look at it.

01:33:11   If you do it in catalyst, you can say,

01:33:12   well, if we're gonna do it in catalyst,

01:33:13   why do we need Swift UI at all?

01:33:14   Why don't we just use catalyst app for our Mac

01:33:16   and then use that same UIKit code for the phone and the iPad?

01:33:19   And you have a whole bunch of different options

01:33:22   on the various Apple platforms, right?

01:33:24   But they didn't have time to run all those experiments.

01:33:26   So they said, well, when the Swift UI one didn't work out,

01:33:28   let's just do Electron everywhere

01:33:29   'cause Electron runs on the Mac.

01:33:30   But that whole soup that I just explained

01:33:32   is part of Apple's problem.

01:33:33   Swift UI is Apple's newest framework

01:33:36   and it is the one that has the potential

01:33:38   to run on the most platforms,

01:33:40   but it's young and it's not really up to maybe the task

01:33:45   of an app like 1Password at this point.

01:33:48   Catalyst also exists.

01:33:51   And it's a way if you are coming from a UIKit

01:33:53   and you either have an existing UIKit application

01:33:55   on the iPad or the iPhone,

01:33:57   or you just know UIKit

01:33:58   'cause you've been developing on those platforms,

01:34:00   but you wanna write a Mac app,

01:34:01   now you can write a Mac app in UIKit,

01:34:04   sneaking into AppKit every once in a while to do stuff.

01:34:06   And then of course there's AppKit,

01:34:07   the old API that is superseded maybe

01:34:12   by Catalyst and or Swift UI.

01:34:14   This is not a great situation for the Mac

01:34:18   because the reason you see among the little circles

01:34:20   that we travel in,

01:34:21   lots of discussions of all these different words,

01:34:23   Catalyst, AppKit and Swift UI,

01:34:25   is that there is no obvious answer for all situations

01:34:31   on how to develop a native Mac app.

01:34:34   Setting aside Electron, what should I use?

01:34:36   And there's almost like a flow chart of like,

01:34:39   well, do you have an existing UIKit app?

01:34:41   Are you writing from scratch?

01:34:43   Do you have an existing AppKit app?

01:34:45   Are you gonna target the watch?

01:34:47   Are you gonna target the iPhone?

01:34:48   Like, you know, how complicated is your application?

01:34:51   What is your tolerance for bugs and immaturity?

01:34:54   Apple has been in this place before,

01:34:56   many, many times over the years.

01:34:58   I'm just gonna go back to the most recent one,

01:35:00   but there are, if you keep going back in time,

01:35:01   there's more and more and more ones for even older people.

01:35:06   The most recent time Apple found itself in a scenario

01:35:08   is the dawn of Mac OS X.

01:35:10   Before Mac OS X, Apple tried to do an OS called Rhapsody,

01:35:13   which is basically the same as Mac OS X,

01:35:15   but without the ability to easily port

01:35:18   classic Mac OS maps, apps to it.

01:35:20   And that OS strategy didn't fly,

01:35:23   mostly because the companies that had existing Mac apps said,

01:35:26   yeah, no, we're not gonna rewrite our apps.

01:35:28   Like, Microsoft said, no, we're not rewriting Office

01:35:30   for the next step APIs.

01:35:32   And Adobe said, no, we're not rewriting Photoshop

01:35:33   for the next step APIs, right?

01:35:35   So Apple had to come up with Mac OS X,

01:35:37   which was basically Rhapsody,

01:35:38   plus a new API called Carbon,

01:35:40   which was essentially the parts

01:35:43   of the old classic Mac API that they could port

01:35:46   in a safe way to a modern operating system, right?

01:35:48   And then Microsoft ported its apps to Carbon,

01:35:51   and Adobe ported its apps to Carbon.

01:35:53   And then all the next developers

01:35:55   ported their apps to Cocoa,

01:35:56   not ported, they were already based on that.

01:35:58   They renamed a bunch of stuff

01:35:59   and got their AppKit apps to run in Cocoa.

01:36:03   And for years, for many, many years,

01:36:05   it seemed like a longer time than it actually was,

01:36:07   but for many years in the beginning of Mac OS X,

01:36:10   there were two ways to write a native Mac OS X app.

01:36:14   You could write in Carbon, or you could write in Cocoa.

01:36:17   And people would ask questions.

01:36:19   I wanna write a Mac app, which API should I use?

01:36:22   And you'd go through the flow chart.

01:36:23   Do you have an existing Mac app?

01:36:24   If you do, you should probably use Carbon,

01:36:25   because you can easily port it to that.

01:36:27   Do you have an existing NextApp app?

01:36:28   If you do, you shouldn't use Cocoa,

01:36:29   because it's basically the same API,

01:36:31   and it just renames some stuff, and it'll be fine.

01:36:33   What if I'm starting from scratch?

01:36:35   Well, do you know Objective-C?

01:36:37   What's Objective-C?

01:36:38   How do you feel about square brackets?

01:36:40   What language do you know, what APIs?

01:36:44   Have you ever made another Mac app before?

01:36:46   What APIs are you familiar with, right?

01:36:48   And aside from the obvious ones,

01:36:51   which is like, hey, I've got Adobe Photoshop,

01:36:54   I should obviously go with Carbon,

01:36:55   because I'm not rewriting it in NextApp,

01:36:57   or I've got like OmniWeb,

01:36:59   I should obviously use AppKit, 'cause that's the one.

01:37:01   There was no obvious answer,

01:37:02   and Apple wouldn't tell you what you should do.

01:37:05   They would just say, well,

01:37:07   use the one that you prefer.

01:37:10   We try to give them feature parity.

01:37:12   And as the years went on,

01:37:13   sometimes a feature would appear in AppKit first,

01:37:15   sometimes a feature would appear in Carbon first.

01:37:18   Some features were only available in Carbon,

01:37:20   like a bunch of stuff having to do with Classic Mac OS

01:37:22   and the QuickTime stuff or whatever.

01:37:24   And then eventually some features only available in Cocoa.

01:37:27   And Apple had a bunch of WWDCs where they do these sessions

01:37:30   where we're like, we're gonna do feature parity,

01:37:31   and we're not gonna do that anymore.

01:37:32   And every new thing that we come out with

01:37:34   is gonna be in Carbon and Cocoa at the same time.

01:37:38   And you can see how, like in one way,

01:37:41   this is a necessary strategy,

01:37:43   'cause you can't have an OS

01:37:44   unless you can bring along all the apps.

01:37:45   You need Microsoft Office, you need Internet Explorer,

01:37:48   whatever the hell, right?

01:37:49   And all these new Cocoa apps are new and exciting.

01:37:51   They let people, individuals make applications on their own

01:37:53   that have become popular, like NetNewsWire,

01:37:55   written by one person through the magic of Cocoa.

01:37:58   These are both good things.

01:37:59   I don't wanna give either one of them up.

01:38:00   I can't give up Carbon.

01:38:02   And matter of fact, major parts of the operating system

01:38:05   are Carbon only, and Cocoa apps

01:38:07   end up needing to call into Carbon to do those things.

01:38:09   But I can't give up Cocoa

01:38:10   because there's so much excitement happening there,

01:38:11   and people are writing apps that, you know, very quickly,

01:38:14   and writing these feature-filled apps

01:38:15   because Cocoa is this amazing framework,

01:38:17   and they're learning Objective-C and blah, blah, blah.

01:38:21   During that time, a lot of developers really wished,

01:38:24   Apple, just tell us which one we should use.

01:38:26   Like, which one should we use?

01:38:28   Is it gonna be Carbon forever and ever,

01:38:30   or is it gonna be Cocoa forever?

01:38:31   Because you can't have both because it's just too confusing.

01:38:34   And Apple would say, well, we need to have both right now.

01:38:36   But developers, if you're on the Cocoa side,

01:38:39   you were saying, we should just get rid

01:38:40   of this Carbon garbage.

01:38:41   It's terrible.

01:38:41   Objective-C is the future.

01:38:42   Everything should be AppKit.

01:38:43   And if you're Carbon, you'd be like,

01:38:45   what the hell is with this Objective-C stuff?

01:38:47   Like, no one uses that language.

01:38:48   It makes no sense.

01:38:49   It's so ugly.

01:38:50   The API is stupid.

01:38:51   All the real features are in Carbon.

01:38:53   Why don't we just forget about that?

01:38:55   Just like we forgot about the Java interface to it

01:38:57   and just go with Carbon forever.

01:38:59   Eventually, after what seemed like way, way too long,

01:39:03   Apple made a decision, and the decision was,

01:39:05   Carbon, you're out.

01:39:06   And it's Cocoa from here on.

01:39:10   And that was incredibly clarifying,

01:39:13   for there was a period of time where you said,

01:39:15   if you wanna make a native Mac application, how do I do it?

01:39:18   The answer was AppKit, Cocoa.

01:39:20   Period.

01:39:21   That was it, because Carbon didn't come to 64-bit.

01:39:23   And once the OS was 64-bit only,

01:39:25   which also took a long time, your only option was AppKit.

01:39:29   And yeah, there's other models of building applications.

01:39:32   You can make a Java app, like a native Java app

01:39:35   with all those widgets and web technologies

01:39:37   and all sorts of stuff like that.

01:39:38   But eventually, they made the call.

01:39:41   We are back now in a situation that's even worse,

01:39:44   where we have Catalyst, which is good for UIKit things.

01:39:48   We have SwiftUI, which is kinda like the new Cocoa,

01:39:50   it's like the new hotness, although, you know,

01:39:52   obviously Cocoa was a decade-old technology

01:39:55   when Apple bought it, unlike SwiftUI.

01:39:58   And then we have AppKit, still lurking back there.

01:40:00   All three of those things work today

01:40:02   to make a Mac application.

01:40:04   And Apple will not tell you which one of those

01:40:07   is the real future, maybe because they don't know.

01:40:10   But right now, they're doing the thing they did for years

01:40:12   with Carbon and Cocoa, it's like, they're all pretty good,

01:40:14   just pick the one that's best for you.

01:40:16   I don't think that's a good strategy.

01:40:19   But on the other hand, I don't think it's a good strategy

01:40:22   to ditch one at this point, because, I mean,

01:40:25   Catalyst debatably, when Catalyst came out,

01:40:28   we didn't know about SwiftUI,

01:40:29   so Catalyst seemed like the future of the Mac.

01:40:31   But then SwiftUI came out, and it's like,

01:40:32   no, what the hell is the future, right?

01:40:35   And so if you're 1Password,

01:40:36   and you're trying to make a native Mac app,

01:40:38   forget about Electron, it's not even clear

01:40:40   what you should do.

01:40:42   The only thing that's clear is that AppKit

01:40:43   is probably not the future.

01:40:45   But it's also the most full featured API on the platform,

01:40:48   and it can do all the things,

01:40:49   and you can make amazing apps with it, but you're doing it,

01:40:51   you feel like this is just not the future,

01:40:52   'cause this is not, like,

01:40:54   Apple introduced two new frameworks since then.

01:40:56   They both have a lot to say for them, right?

01:41:00   Catalyst is great, and it's shared with UIKit,

01:41:03   and has great benefits as me as a developer.

01:41:05   But SwiftUI is the new hotness,

01:41:06   but then there's AppKit that has all the features,

01:41:08   and if I use SwiftUI or Catalyst,

01:41:10   I also have to go back into AppKit to get those features,

01:41:12   so maybe AppKit's the new Carbon,

01:41:13   and is AppKit not gonna be ported to 128K, or 128 bit?

01:41:16   That's a joke, that's not coming, don't worry.

01:41:18   Like, it's super confusing.

01:41:22   So I understand Apple's situation,

01:41:24   I understand why Apple doesn't come out and say,

01:41:26   SwiftUI, number one, that's the future,

01:41:28   everyone should go for it.

01:41:29   Catalyst, weird stopgap, don't worry about it, it's cool

01:41:31   if you're gonna port apps,

01:41:32   AppKit, forget it, screw it, it's dead, right?

01:41:34   They don't say that.

01:41:35   And so, like, every Mac developer

01:41:38   has this difficult choice to make

01:41:41   that's like make or break your app, right?

01:41:43   I almost feel worse for the people who have picked one,

01:41:47   who have said, I'm all in on Catalyst,

01:41:50   'cause what if Catalyst is the one that doesn't make it?

01:41:52   I mean, I guess you get a few good years out of it,

01:41:54   you got to reuse a lot of your work that you did

01:41:56   with UIKit, reuse your knowledge or whatever, it's great,

01:41:59   but then five years from now,

01:42:00   Catalyst is like sunset over the course

01:42:02   of a few OS releases.

01:42:04   You're gonna have to rewrite your app in SwiftUI,

01:42:07   or AppKit if AppKit is still around, right?

01:42:10   And same thing is true, if SwiftUI just doesn't work out

01:42:13   and ends up fizzling and Catalyst is the true future

01:42:15   and you really bought in on SwiftUI,

01:42:16   what are you gonna do then?

01:42:18   So I feel for 1Password in this situation,

01:42:21   it is almost like the safest bet in terms of future-proofing

01:42:24   is to defer this decision and say,

01:42:26   we're just gonna go with Electron for now,

01:42:28   because they tried SwiftUI and it wasn't ready

01:42:30   and I totally believe them on that, right?

01:42:32   - Oh yeah, absolutely believe them.

01:42:34   - And then, and they probably didn't have time

01:42:36   to go back on Catalyst and it's like,

01:42:37   well, we don't know what the right,

01:42:39   we don't know which horse to bet on.

01:42:41   So if we just do Electron and don't bet on any horse

01:42:43   and go with a donkey, right?

01:42:45   Then we can just wait this out.

01:42:47   And if it turns out our Mac customers really hate this

01:42:50   and their Apple customers want us to do native,

01:42:51   maybe by the time we revisit the decision in a year or two,

01:42:54   it'll become more clear what we're supposed to do.

01:42:57   But I really, really feel like Apple's current strategy

01:43:00   of supporting both Catalyst and SwiftUI

01:43:03   as the modern options on the Mac

01:43:06   is untenable in the medium term.

01:43:08   Within the next five years,

01:43:09   Apple needs to make a call, I think,

01:43:11   because there's just no way to support

01:43:13   three major UI frameworks,

01:43:16   plus all the shared underlying stuff on the Mac,

01:43:19   and then complain when people choose Electron instead.

01:43:22   Because like, well, what was my alternative?

01:43:24   One of this alphabet soup of vaguely inter-compatible APIs,

01:43:28   none of which I can use in isolation

01:43:30   to make a quote unquote full featured native Mac app.

01:43:33   Because at this point you can't even use like,

01:43:35   well, I don't know, you can probably still use AppKit

01:43:37   to make a full-aged app.

01:43:38   Is there anything you need to go into

01:43:39   Catalyst or SwiftUI for?

01:43:40   - No, right now, whatever you want to do on the Mac,

01:43:44   AppKit does it.

01:43:45   And AppKit, you know, AppKit is,

01:43:47   you know, the parallel in iOS is obviously UIKit.

01:43:51   That's like the main framework that the other frameworks

01:43:55   seem to be implemented in, you know,

01:43:57   on the underlying levels, or at least in part.

01:43:59   And AppKit is like, it's the one that will be supported

01:44:04   and maintained probably the longest on the Mac.

01:44:07   I mean, in this case, like, I think SwiftUI,

01:44:09   and it's a whole discussion probably for another day,

01:44:14   but, you know, SwiftUI started as a watch framework.

01:44:19   And then the other OSes kind of, you know,

01:44:23   snatched it up and made it their own as well.

01:44:25   But it started on the watch.

01:44:27   And if you use SwiftUI on all these platforms,

01:44:31   that will make a lot of sense to know that.

01:44:33   Because on the watch, it's pretty good.

01:44:37   And it was very badly needed compared to, you know,

01:44:41   old watch kit UI stuff.

01:44:43   That was terrible.

01:44:44   And so it was badly needed.

01:44:45   And SwiftUI does well in simple contexts,

01:44:49   where the scope of what you're trying to do with the UI

01:44:53   is fairly low.

01:44:54   It's not that complicated.

01:44:56   You're using mostly default behaviors

01:44:59   and appearances of things.

01:45:00   You're not doing a lot of customization.

01:45:02   And you have relatively simple views

01:45:06   and relatively simple needs and simple data models.

01:45:09   Watch apps tend to have that,

01:45:10   because watch apps have to be simplified

01:45:12   for lots of other reasons.

01:45:13   So it makes tons of sense on the watch,

01:45:15   which is why it was born there.

01:45:17   And it also has, like, you know, less problem area to cover,

01:45:21   and it's most mature there.

01:45:22   So on the watch, SwiftUI is a no-brainer.

01:45:24   Yeah, if you're making an app on the watch,

01:45:26   use SwiftUI, period.

01:45:27   As you move up to the, like, you know, quote, larger,

01:45:31   I guess, by screen size, or by complexity, certainly,

01:45:34   you know, as you move to the larger platforms,

01:45:37   you know, on the phone, SwiftUI is,

01:45:40   well, it's a little less usable than on the watch.

01:45:42   You know, there's more rough edges, there's more bugs.

01:45:46   There's more, like, walls that you hit

01:45:48   trying to do common customizations or common behaviors

01:45:52   that UI kit apps have been doing forever.

01:45:55   You hit more of those walls on iOS

01:45:57   than you on watchOS, for sure.

01:45:58   You can tell that it's a little less tested,

01:46:01   it's a little, few more rough edges,

01:46:04   and there are more ways, once you go from watchOS to iOS

01:46:08   in SwiftUI, there are more ways in which the SwiftUI model

01:46:11   of doing things kind of breaks down,

01:46:14   or starts having a lot of really ugly, you know,

01:46:16   things you have to be doing and jumping through hoops

01:46:18   to get it to work right.

01:46:19   Well, then take that onto the Mac,

01:46:21   and you scale it up even further onto this,

01:46:24   the Mac is now even further than the watch,

01:46:28   like in scope and everything, Mac apps tend to be

01:46:30   significantly more complicated than iOS apps in their UIs

01:46:33   and their behaviors and what they have to accommodate,

01:46:35   what they have to do, what's important,

01:46:37   and also, the Mac, unlike iOS, is a way lower priority.

01:46:42   It gets way less engineering attention,

01:46:46   like in software terms.

01:46:47   The UI, like SwiftUI on the Mac doesn't seem like

01:46:50   it's getting a lot of attention from anybody,

01:46:52   because what a surprise, look at Mac OS software quality

01:46:55   over the last decade, it's not as high of a priority as iOS.

01:46:59   And so, you have this framework that's been,

01:47:01   you know, it's pretty opinionated, and still pretty young,

01:47:05   and has a lot of really rough edges,

01:47:07   and so, you know, it's pretty good on the platform

01:47:10   that it was made for, but as you get bigger

01:47:12   and more complicated, and then in the case of the Mac,

01:47:14   as you get seemingly a lot less resources devoted to it,

01:47:17   I don't think SwiftUI on the Mac is ever gonna be great.

01:47:22   I suspect SwiftUI on the Mac to always be

01:47:25   this kind of experimental thing that a lot of people

01:47:28   try to use, doesn't work out very well,

01:47:30   and they go to something else.

01:47:31   And then the problem there is, what John was saying,

01:47:34   well, what do you go to?

01:47:35   And AppKit is actually the right answer.

01:47:38   Unfortunately, it doesn't feel good to go to AppKit

01:47:41   for a brand new app in 2021.

01:47:42   It feels like that's probably a bad decision,

01:47:45   but with the realities of, you know,

01:47:48   Mac OS engineering priorities and quality priorities,

01:47:51   I don't think SwiftUI is ever gonna be the right move on Mac

01:47:54   and Catalyst, I think, has proven to be

01:47:57   kind of like Electron.

01:48:01   There's a lot of downsides to usability.

01:48:04   - It's more like Carbon, because it's saying,

01:48:06   hey, we have a bunch of customers who have existing apps

01:48:09   who would like to reuse that code

01:48:11   and that skills on a different platform.

01:48:13   So, you know, Catalyst is just Carbon for UIKit, right?

01:48:17   That's essentially what it is.

01:48:19   It's even better than Carbon, because you don't even have

01:48:20   to change as much code, and they didn't have to,

01:48:22   but that's, you know, we have to bring along,

01:48:26   we have to bring along these developers,

01:48:27   'cause this is where all our developers,

01:48:28   all our developers know UIKit, very few of them know

01:48:30   Mac stuff, if you want more Mac apps,

01:48:32   we need a way for running UIKit on here,

01:48:34   but it doesn't feel, it doesn't, it feels like Carbon.

01:48:38   It feels like, all right, well, these people need

01:48:40   to be able to bring their stuff along,

01:48:42   and it feels like early Carbon, where there's not parity

01:48:44   between the UIs, and they're very different, right?

01:48:46   And so it's not clear, you know, like, again,

01:48:50   before SwiftUI, Catalyst is, I think,

01:48:52   this is the name of the episode Extinction Level Event,

01:48:55   where it's like, well, that's it for AppKit, then,

01:48:56   because once you bring Catalyst over here,

01:48:59   like, all those, why would anyone ever learn AppKit again?

01:49:03   Because if you don't need to learn it,

01:49:04   and you already know UIKit, and you have a way

01:49:06   to run those apps on here, why wouldn't just ever do that?

01:49:09   But now SwiftUI is in the mix, and it's even more confusing.

01:49:11   And I don't wanna say about SwiftUI,

01:49:13   the fact that it started out on the watch,

01:49:15   I think, I agree with you, it remains,

01:49:17   I would say it remains an open question

01:49:20   as to whether the sort of API paradigm,

01:49:24   declarative interfaces, as defined by SwiftUI,

01:49:28   is sufficient or a good way

01:49:32   to make very complicated Mac apps.

01:49:34   The reason we don't know that yet

01:49:35   is because SwiftUI currently lacks tons of features,

01:49:38   that it just doesn't have the features,

01:49:40   and that's why people bang their head against the wall

01:49:42   trying to make SwiftUI do a thing

01:49:44   that it doesn't have features for yet, right?

01:49:46   Once they add the feature to SwiftUI,

01:49:48   sometimes it's easy to do whatever the thing

01:49:49   that you were trying to do,

01:49:50   but if it doesn't have that feature at all,

01:49:51   like first responder or controlling focus,

01:49:55   trying to get that to work in some weird way feels terrible.

01:50:00   But if and when they add that feature,

01:50:02   it's like, oh, now it's easy, right?

01:50:05   But still.

01:50:06   - Honestly, I disagree with you on this.

01:50:08   I think the biggest pain points of SwiftUI,

01:50:11   in my experience, again,

01:50:12   I haven't tried making a Mac app with it.

01:50:13   I have a lot of experience on the watch,

01:50:15   some experience on iOS so far.

01:50:17   My experience with SwiftUI

01:50:18   is not running into missing features.

01:50:22   It's running into capabilities or behaviors

01:50:25   that are really easy in UIKit,

01:50:29   you know, in procedural programming,

01:50:31   that are just really hard because of SwiftUI's model,

01:50:35   that just like this declarative model,

01:50:37   the things that it makes easy or easier,

01:50:41   it's like magic when you use it

01:50:43   and you can make something so fast.

01:50:45   I love SwiftUI when I'm working

01:50:48   within the things it's good at.

01:50:49   And then I hit some little thing,

01:50:51   it's like, wait a minute, I can't ship this like this.

01:50:54   I have to have it, you know,

01:50:55   like when you, it has to like deselect the cell correctly

01:50:58   when I go back here or whatever.

01:50:59   And I run into some little behavioral detail like that.

01:51:02   And oh, I just can't do that.

01:51:04   Like it isn't that it's hard.

01:51:06   - I feel like that's a missing feature though,

01:51:08   because if you had the, you know,

01:51:10   on defocused unselect, that would take you two seconds

01:51:14   where the typing of that feature existed.

01:51:15   - Well, so sometimes it's a missing feature,

01:51:17   but sometimes it's just like,

01:51:19   I can't do this thing I'm trying to do,

01:51:21   and I understand why I can't do it,

01:51:23   because the way, like the procedural nature

01:51:25   or the declarative nature of this,

01:51:27   yeah, that would be really hard to model

01:51:29   in this kind of thing.

01:51:30   Or I can do it, but it requires

01:51:32   all this ugly crap hack work around,

01:51:35   because that's just not a thing that declarative UIs

01:51:39   are well representing, you know?

01:51:42   - That's why I say it's an open question though,

01:51:43   because the flip side is also true.

01:51:45   There are things that are a super pain in the butt

01:51:47   to do in an imperative language

01:51:49   that are trivial to do in a declarative one.

01:51:51   And the open question is,

01:51:53   what does that ratio break down as?

01:51:55   Like the things that Swift UI is good at

01:51:56   versus the things that a non declarative API is good at.

01:52:00   What is the ratio of those in a typical app?

01:52:02   And it's modified by like you having,

01:52:04   not having experience with this API,

01:52:06   lots of people not having experience with an API like this.

01:52:08   But that's why I feel like more people,

01:52:10   you need more features to be able to build bigger apps.

01:52:13   And then when you build the bigger apps,

01:52:13   you need to figure out,

01:52:14   are the things that Swift UI is good at

01:52:17   enough to offset the things it's bad at?

01:52:19   Because I think it's basically,

01:52:21   it's pretty non-overlapping set

01:52:23   of like the things that AppKit is good at

01:52:25   and the thing that it's bad at.

01:52:26   Like it's a complimentary set with Swift UI.

01:52:30   There's not a lot of overlap

01:52:30   just because the models are so different, right?

01:52:32   But what I wanted to get at

01:52:33   with this having origins on the watch

01:52:36   is that one thing in Swift UI's favor is it does,

01:52:40   well, there's two sides to it.

01:52:42   It does a lot of things to be efficient.

01:52:44   Part one of the advantages of being a declarative API

01:52:49   is it's harder for you to add code

01:52:52   that slows the system down

01:52:53   because it takes your whole model,

01:52:55   turns it into a structure, figures out,

01:52:57   like all the view combining and crap

01:53:00   that you would have to do in like AppKit apps manually

01:53:02   to improve your performance problems

01:53:04   after watching 50 WWDC sessions.

01:53:06   Swift UI is doing that for you internally.

01:53:08   Like you don't have to do that.

01:53:10   The framework does it.

01:53:12   The framework will, in theory,

01:53:14   figure out how to make your thing fast,

01:53:15   figure out how to combine your views.

01:53:17   Like don't worry about making tons of little views

01:53:19   in Swift UI.

01:53:20   It's not actually making NS views

01:53:21   for every single one of those things.

01:53:22   The system will figure it out, right?

01:53:24   'Cause it has to be efficient

01:53:25   'cause it has to run on the watch.

01:53:26   The other side of that is,

01:53:27   yeah, but the watch doesn't have much crap going on.

01:53:29   So really, like has this actually been tested?

01:53:33   Yes, it is efficient enough to run on the watch,

01:53:35   but honestly, how many Swift UI views

01:53:38   can you fit on the watch screen?

01:53:39   Like there's not that many of them,

01:53:41   whereas a Mac app can have a ton of them.

01:53:43   So this supposed system that's gonna like

01:53:46   turn everything into a data structure

01:53:48   and run it through this machine

01:53:49   and make views to be an efficient way,

01:53:51   does that actually work when I have a table

01:53:54   with like millions of cells and stuff?

01:53:56   Or does it fall over because AppKit has had

01:53:58   multiple decades of optimization

01:54:00   and actually NS table or even how UI collection view

01:54:03   actually do this much better

01:54:04   because they've been forged in the crucible

01:54:06   of years and years and years of making this faster

01:54:09   and having a WWDC session telling you how to make it faster

01:54:11   and then repeating that cycle, right?

01:54:13   So that's why Swift UI is a question mark,

01:54:16   but there is a bunch of stuff in favor of it.

01:54:17   It is good at things that other frameworks are not good at.

01:54:20   It does have lots of technical things that in theory

01:54:22   can make it very fast and efficient

01:54:25   without much developer effort.

01:54:27   It does have the potential as Apple keeps pushing

01:54:29   to be less bug prone because you don't have to worry about

01:54:32   as many states of the interface

01:54:34   and having things be immutable versus mutable

01:54:37   and declarative versus imperative.

01:54:39   Like Apple really pushes the benefits and they are real

01:54:42   and they do make sense and they could all work out,

01:54:46   but we don't know if that's the case yet, right?

01:54:48   All we know is that right now it's young, it's got bugs,

01:54:50   it doesn't have all the features we need.

01:54:52   Some parts of it are in fact slow

01:54:54   when you try to do big things,

01:54:56   but it's too early to make a call, right?

01:54:59   And then catalyst is kind of the same thing.

01:55:01   Catalyst is a known quantity, we know about UIKit,

01:55:03   but there's a bunch of crap you can't do

01:55:05   without falling down to AppKit.

01:55:06   And until very recently, it's been very difficult

01:55:09   to make an app that can fool a actual experienced Mac user

01:55:13   into thinking it's not a catalyst app, right?

01:55:15   The scaling thing helps a lot,

01:55:17   but there are other sort of telltale signs.

01:55:20   And especially if you're bringing an app

01:55:21   from the iPad or the iPhone,

01:55:23   it's very easy to tell that it's not a native Mac app

01:55:25   because no one would ever make a Mac app like that

01:55:27   because that's not how Mac apps work.

01:55:29   So the Mac as a platform is in a difficult situation.

01:55:34   Part of that situation is just Apple in terms of like,

01:55:38   well, how important is the Mac to any one person?

01:55:40   But part of it is Apple's own doing

01:55:41   and that they don't have a clear message

01:55:43   on what should I be doing instead of Electron.

01:55:45   So Electron really starts to feel like a safe, wise,

01:55:50   and reasonable choice until Apple gets his crap together.

01:55:56   - Yeah, it's such a crummy state of the Mac, right?

01:56:01   And to bring this briefly back to 1Password,

01:56:04   I'm still not convinced that catalyst

01:56:06   wouldn't have been an acceptable answer.

01:56:08   So it would be straight UI kit on iOS and iPad,

01:56:12   and then 90% UI kit wherever possible on Mac OS

01:56:17   and then dropping back to AppKit

01:56:19   or something like that if necessary.

01:56:20   I mean, if the backend really and truly is Rust,

01:56:23   and if it really and truly does 90% of the heavy lifting,

01:56:26   then I got to imagine 90% of 10% is still not too much code.

01:56:31   You know what I mean?

01:56:31   Like it shouldn't have been that thick a shim

01:56:33   over their Rust backend,

01:56:35   but be that as a May again,

01:56:37   I can armchair quarterback all the time.

01:56:39   - I mean, honestly, I think they should have used AppKit.

01:56:41   They already knew how to use it.

01:56:42   They already had a giant existing app.

01:56:43   Like AppKit is the right answer here.

01:56:46   I know it doesn't feel good from an engineering standpoint,

01:56:48   but that is the right answer right now.

01:56:51   - I mean, they would have had to throw away

01:56:52   the existing AppKit app,

01:56:53   but getting back to the core thing being in Rust,

01:56:55   like granted, you're gonna need to put something new

01:56:57   on top of it because we all know

01:56:58   despite everyone's attempts to be disciplined,

01:57:01   your backend is tied to your front end

01:57:03   in ways that are difficult.

01:57:03   So I totally understand that you've got to throw away

01:57:06   your existing AppKit app, probably all of it, right?

01:57:09   You've got a new core, right?

01:57:11   But on top of that new core,

01:57:13   how thick would the layer of AppKit UI kit

01:57:16   or SwiftUI have to be?

01:57:17   They tried to do a SwiftUI,

01:57:18   didn't work out for whatever reasons,

01:57:20   if they had tried to do an AppKit layer on top.

01:57:22   Certainly, you know, more work than Electron

01:57:24   because Electron is shared across all the platforms

01:57:26   and you just do it once, great.

01:57:28   But how complicated would that be?

01:57:31   I don't, I'm not, as I've used 1Password,

01:57:34   last 1Password version I had was three, I think.

01:57:36   I think I just deleted it actually a couple of months ago

01:57:37   'cause I realized I hadn't launched it in a while

01:57:39   or maybe it had the circle with a line through it.

01:57:42   I'm saying it doesn't run on this OS anymore.

01:57:43   But I don't know how complicated 1Password is.

01:57:45   How much UI does 1Password have?

01:57:48   But pick any API and it's plausible

01:57:52   that would have been a similar amount of work

01:57:56   to use AppKit, Catalyst, or SwiftUI on top of that core.

01:58:01   All of those options are obviously way more work

01:58:05   than doing zero work and just using Electron everywhere.

01:58:07   So again, I can kind of understand why the company

01:58:09   went with what they went with.

01:58:11   But I also mostly agree with Marco

01:58:14   that if you had done it with AppKit,

01:58:16   that's a, in terms of customer experience,

01:58:18   currently that's a no compromise solution.

01:58:22   Like I was trying to think of,

01:58:23   is there anything you can't do in AppKit?

01:58:25   I think maybe with some of the stuff

01:58:28   they're adding to SwiftUI,

01:58:29   some things are actually a little bit more difficult

01:58:30   than AppKit, like the sum of the SwiftUI views

01:58:32   would be difficult to synthesize in AppKit.

01:58:34   But in general, I don't think there's anything

01:58:35   you literally can't do in AppKit.

01:58:38   So from a customer's perspective,

01:58:40   they don't need to know your cores and Rust, who cares?

01:58:42   Your UI is in AppKit.

01:58:43   They don't need to know you rewrote it all,

01:58:44   especially if you change it

01:58:45   and it looks a little bit different

01:58:46   for the version eight or whatever.

01:58:48   And that's fine.

01:58:50   If you did it in Catalyst,

01:58:52   I do wonder if we would be having this exact same podcast,

01:58:55   only instead of us complaining about them going to Electron,

01:58:57   we'd be complaining that they went to Catalyst.

01:59:00   Because Catalyst apps also have their own kind of,

01:59:04   especially if your goal is to share that code

01:59:06   with iPad and the iPhone,

01:59:08   he'd be like, oh, why don't the menu,

01:59:10   why is these menu items weird?

01:59:11   Why don't the keyboard shortcuts work?

01:59:13   Like there's tons of reasons to complain about Catalyst,

01:59:15   because it's all so young, right?

01:59:17   And then SwiftUI, like, you know,

01:59:20   they would still be writing it,

01:59:21   because there's like three things they needed to do

01:59:23   that it doesn't currently do,

01:59:24   and good luck trying to wedge that in, right?

01:59:26   - And SwiftUI is buggy too, like it's not,

01:59:29   if you look at the way SwiftUI does,

01:59:31   even like certain transitions,

01:59:32   like navigation controller transitions,

01:59:34   certain animations, certain, like,

01:59:36   SwiftUI actually does a lot of things in different ways

01:59:41   than the native UI frameworks on its own platform does them.

01:59:45   Like if you write certain things in UIKit or AppKit

01:59:48   versus SwiftUI, they actually sometimes behave

01:59:50   in small different ways.

01:59:52   And so like, this is why I think the idea

01:59:56   of cross-platform design and having like,

02:00:00   having a shared framework

02:00:01   between very different kinds of platforms.

02:00:04   How long has our industry been trying to do this?

02:00:07   And how has, when has it ever worked

02:00:09   with the sole exception of the web browser?

02:00:12   With the web browser is the greatest cross-platform,

02:00:16   cross-UI, you know, everything.

02:00:18   But once you get into apps, native apps,

02:00:21   the platforms are so different in big and small ways,

02:00:26   you know, a few big ways and a thousand small ways,

02:00:29   that I don't think it's even possible

02:00:31   to expect any cross-platform toolkit

02:00:34   to ever really make great UI experiences.

02:00:37   I think whatever you write for a phone,

02:00:40   or for a watch, or for the Mac,

02:00:42   or for the PC, or for the web browser,

02:00:44   those are all very different targets,

02:00:46   and they all have different UI conventions,

02:00:48   different expected behaviors by users,

02:00:50   entirely different environments and needs and priorities.

02:00:54   And so you're right, catalyst apps do suck,

02:00:56   and the reason they suck is not because

02:00:58   they're built on web technologies.

02:01:00   It's not because, like, they don't have

02:01:02   all of the same implementation details,

02:01:04   or almost any of the same implementation details,

02:01:06   as something like Electron.

02:01:08   They suck because they're running iPad code on the Mac,

02:01:12   and it doesn't feel right, and it doesn't behave right

02:01:15   in lots of little tiny ways.

02:01:17   And that's native code.

02:01:18   That's, like, it's not being interpreted or emulated.

02:01:22   That's native code, running in what is kind of

02:01:26   a native framework, but it's kind of for the wrong platform.

02:01:29   But I don't think this dream of having cross-platform,

02:01:34   you know, we're just gonna write one app,

02:01:36   and it's gonna be the same,

02:01:37   and it's gonna be great everywhere,

02:01:40   I don't think that's ever achievable,

02:01:42   because platforms aren't the same.

02:01:44   And to be great on a platform requires it to adopt

02:01:48   to all the platform's little behaviors

02:01:49   and priorities and things,

02:01:50   which are all gonna be different.

02:01:51   So, that's why I think a company like 1Password,

02:01:55   they have the resources, they have the engineering,

02:01:58   they have the staff.

02:01:59   They got to where they are today, in part,

02:02:02   because they made native apps on multiple platforms

02:02:06   that were good.

02:02:07   And the idea of transitioning that to one shared app,

02:02:13   no matter what framework they're using,

02:02:15   is not going to be good.

02:02:17   It's not gonna be as good as what they had before,

02:02:19   it's not gonna feel right,

02:02:21   everything's gonna feel like a web view,

02:02:23   because that's what it is.

02:02:25   But even if they wrote it all in native code,

02:02:27   if they still had the exact same UI behavior

02:02:31   and layout and everything across all platforms,

02:02:33   it would also still feel and work poorly.

02:02:36   Different platforms are different for reasons,

02:02:39   and they're always going to be.

02:02:40   And so, if you're going to have an app on multiple platforms

02:02:44   and you care a lot about the experience being good,

02:02:47   I think you have to write it natively on each platform.

02:02:50   - You know, that's another argument,

02:02:52   what you just said is kind of another argument for Electron,

02:02:55   unfortunately, because of all the things you listed,

02:02:59   like it feeling native or whatever,

02:03:01   the web, as you noted, is a sort of common interface

02:03:06   across all platforms that it has its own conventions

02:03:09   and language, blue underline words,

02:03:11   click on and you take you places as an address bar,

02:03:13   back and forward, reload,

02:03:14   like there's this whole other miniature world

02:03:16   of UI conventions that exist within the web,

02:03:19   and obviously it's not as consistent as a single OS,

02:03:20   what people are familiar with.

02:03:21   And the second thing the web has going for it is,

02:03:24   good web browser engines essentially embed native controls,

02:03:29   like the text fields when you hit control,

02:03:32   hit control A in a text field,

02:03:34   which is like an Emacs key binding that works

02:03:35   because the NS text field from Next

02:03:37   was written by a bunch of Emacs users,

02:03:39   so control A works in text fields on the Mac OS 10,

02:03:42   as long as you're using a Cocoa API, right?

02:03:45   Does that work in web browsers?

02:03:46   I'm pretty sure it does.

02:03:48   Casey, you need to go test this for me.

02:03:49   - Beginning of line? - It does, it does.

02:03:52   - So, you know, same thing with buttons,

02:03:54   they may not look like native buttons,

02:03:55   but very often, you know,

02:03:56   they were historically native buttons now

02:03:58   because of CSS stuff,

02:03:59   they may be a little bit weird or whatever.

02:04:01   Pop-up menus, scrolling regions, text editing regions,

02:04:04   most web browser engines, most good ones these days,

02:04:07   try to use native controls within them, right?

02:04:12   Catalyst uses quote-unquote native UI controls,

02:04:16   which do not behave like Mac controls,

02:04:18   they behave like iPad and iPhone controls,

02:04:21   and the iPad and iPhone,

02:04:22   until recently didn't even have a cursor, right?

02:04:25   And so it's a totally different interface paradigm,

02:04:30   and, you know, an Electron app,

02:04:32   the two things that I was going for is one,

02:04:33   it might actually feel more native,

02:04:34   and two, the parts that don't feel native feel like web,

02:04:37   which at least is an interface that people look at and say,

02:04:40   oh, I kind of, you know, they code switch,

02:04:43   they mode switch, whatever,

02:04:44   they're like, oh, this is like a web UI.

02:04:46   Like, I feel like I do that when I use Slack.

02:04:47   Like, when I'm using Slack,

02:04:49   it's not like I feel like I'm using a web browser,

02:04:52   but I, like, I'm in web app mode, like,

02:04:56   and I think a lot of Mac users,

02:04:58   we've been used to that since we have web browsers,

02:05:00   because basically, you know,

02:05:01   maybe 50% of the windows on our computer

02:05:04   are web windows, right?

02:05:06   Where the whole world inside those windows

02:05:08   is the web page language, right?

02:05:10   And then the Mac stuff is outside of it.

02:05:12   And so when I go to Slack, I'm into the web mode.

02:05:15   If a catalyst app lands on here,

02:05:17   and it doesn't respond to any of my keyboard commands

02:05:20   or focus commands in the text fields,

02:05:21   then I can't tab from text fields,

02:05:22   and the date picker is some weird wheel of fortune thing

02:05:26   that I don't even understand, that's not web,

02:05:29   that's not Mac, and it feels worse,

02:05:31   like, it just, I don't want that at all, right?

02:05:33   So again, Electron is not giving you the best experience.

02:05:37   I agree with Marco, you're one of the best experience

02:05:39   you write at an AppKit, and you know,

02:05:40   or hell, AppKit was SwiftUI inflected,

02:05:43   which I think is also, I feel like that's the second choice.

02:05:45   If we had to rank these, AppKit will feel the most native,

02:05:47   'cause it is the most native, but of course,

02:05:49   everyone thinks that API is dead or dying.

02:05:52   AppKit with SwiftUI views,

02:05:54   I think is the best technical solution,

02:05:56   because every place you can't use SwiftUI,

02:05:58   just use AppKit, you're fine,

02:05:59   but the places where you can get SwiftUI,

02:06:01   I can tell you, it integrates really well

02:06:03   with AppKit, and the places where you get benefit from it,

02:06:06   big win, as you all know, use it in the places

02:06:08   where it's a big win, it saves you tons of time,

02:06:11   and by the way, those views happen to be reusable

02:06:13   if you wanna use them elsewhere, right?

02:06:15   And then I would say, a distant third is Catalyst.

02:06:19   This is all based on the fact that Apple

02:06:21   hasn't really given any guidance

02:06:22   about which one of these three is dying,

02:06:24   which one of these three is gonna lose,

02:06:25   like, what is the ranking, which one is gonna get the boot,

02:06:28   which one is gonna die from slow neglect,

02:06:30   which one is gonna win, we don't know,

02:06:32   but just on the technical merits,

02:06:33   AppKit with SwiftUI, number one,

02:06:36   SwiftUI alone did not finish, and Catalyst, third place.

02:06:42   And then that soup, though, I feel like Electron,

02:06:46   the choice of Electron, which is make the user experience

02:06:50   worse for users and get everyone to complain,

02:06:51   but potentially get everyone over the hump,

02:06:55   and eventually people just stop complaining,

02:06:56   and if this actually does the work the way you say,

02:06:59   where, oh, now we can do features more quickly,

02:07:01   well, then prove it by rolling out features more quickly,

02:07:03   and maybe people start to get happy,

02:07:05   or maybe they still grumble,

02:07:06   and then you buy yourself a year or two

02:07:08   where you can have your, you know,

02:07:11   your mea culpa post and say, we heard you,

02:07:14   and now that it's clear that we shouldn't be using Electron

02:07:17   on the Mac, it's also become more clear

02:07:19   that insert framework here is the future of APIs on the Mac,

02:07:22   and so we've rewritten the Mac client using that API.

02:07:27   - Before we go, I hear what you guys are saying,

02:07:31   and I agree with you, but I don't know,

02:07:33   I feel like, my gut tells me, having never used it,

02:07:38   that Catalyst is a more viable solution here

02:07:41   than I think especially, John, you're giving it credit for,

02:07:44   and I am quite possibly wrong there,

02:07:46   but my call to action for the listeners is,

02:07:49   if you have an app that you're fairly confident is Catalyst

02:07:54   that you use or write that you think is a really

02:07:57   and truly good platform citizen, let me know on Twitter.

02:07:59   I'd be curious to hear what that is,

02:08:01   because I don't know what the plate of Catalyst apps is.

02:08:06   Like, I know the ones that we all hate on the Mac

02:08:10   that Apple ships, like Home, which honestly is garbage

02:08:13   on iOS too, but that's neither there nor there.

02:08:15   - Home is terrible everywhere, bad example.

02:08:18   - Yeah, but that's exactly my point.

02:08:20   Like, Home, and I'm sure there's a couple others

02:08:22   that I'm not thinking of off the top of my head, but--

02:08:24   - Well, Messages is probably the most used Catalyst app

02:08:26   if I had to guess.

02:08:27   - That's true, and that still has a couple of quirks

02:08:30   in Big Sur, but for the most part, I think it's pretty good.

02:08:34   But yeah, if there's a Catalyst app that you use or write

02:08:38   that you genuinely believe is really and truly awesome,

02:08:41   I'd be curious to hear about that on Twitter,

02:08:42   so please let me know.

02:08:44   - Yeah, Catalyst has, like, there's no reason

02:08:46   Catalyst can't be eventually made to be as good as AppKit

02:08:49   with all the features, it's just not there yet,

02:08:51   'cause it's only been a few years

02:08:52   since it's been on the Mac platform,

02:08:54   and like, stuff doesn't work yet, drag and drop,

02:08:56   or the cursor doesn't work right, the right way,

02:08:58   or the menu bar stuff's not the same, like,

02:08:59   all of these, SwiftUI is the youngest, obviously,

02:09:02   and it's got the farthest to go,

02:09:03   but there's nothing technically stopping

02:09:05   either Catalyst or SwiftUI from eventually being the API

02:09:10   on the Mac platform, it's just neither one of them

02:09:12   is right now, right?

02:09:13   And so we're faced with the reality, you know,

02:09:16   and I, you know, I gave SwiftUI, did not finish,

02:09:19   but I just feel like it's too young and too ready,

02:09:21   but I rank Catalyst below AppKit with SwiftUI mixed in,

02:09:25   like, that's one of the beauties, I mean,

02:09:27   one of the beauties of SwiftUI is it's really easy

02:09:29   to mix in with AppKit, you can also mix in SwiftUI,

02:09:32   obviously, in a Catalyst app, and you can mix AppKit in

02:09:34   with the Catalyst app, too, but I feel like three APIs

02:09:36   is too many. (laughs)

02:09:38   - Yeah. - In a single app,

02:09:40   so if you have to mix them, AppKit with SwiftUI is,

02:09:43   just makes so much sense, because you can just smell

02:09:46   when this is gonna be a place where SwiftUI's

02:09:48   gonna be awesome, or it's not, you're in AppKit

02:09:49   and you can literally do anything and you're fine, right?

02:09:52   But Catalyst, it's a much more difficult balancing act,

02:09:55   so I feel like we just have to wait to see

02:09:58   how this all shakes out.

02:09:59   Right now, Catalyst is in the lead, technically,

02:10:01   because it has more features and you can make

02:10:03   a more convincing, more complicated Mac app with Catalyst

02:10:07   than you can with SwiftUI, but AppKit, you know,

02:10:10   obviously can do everything and is, you know,

02:10:14   hugely mature and has good performance,

02:10:17   and eventually, Microsoft and Adobe did rewrite their crap

02:10:20   using this API, so yeah, it's probably gonna be around

02:10:24   for a while, so that's why I just keep looking at SwiftUI

02:10:27   and Catalyst and wondering how that's gonna shake out.

02:10:30   But in the meantime, like, again, I don't use 1Password.

02:10:33   You know, I bought it a couple times,

02:10:35   decided it wasn't for me, I just used iClog Keychain

02:10:39   for a variety of reasons, and I'm glad that iClog Keychain

02:10:42   is getting better, but I will say that every day,

02:10:45   I use Slack and other Electron apps that I consider

02:10:49   good Electron apps, and I have to say,

02:10:51   a good Electron app doesn't bother me too much,

02:10:55   but it should definitely bother Apple.

02:10:57   - And I'll say, like, I'm still using 1Password

02:11:00   even throughout all this because iClog Keychain

02:11:03   would be the obvious thing that I would go to instead,

02:11:07   but I don't trust Apple yet to have the functionality

02:11:12   I need consistently in that product yet.

02:11:14   Right now, I use iClog Keychain as a convenience.

02:11:18   Like, if I fill in a password on a web forum

02:11:20   from 1Password and Apple offers to save it, I say yes.

02:11:24   And the next time I go to that site,

02:11:25   it might fill it in sometimes, it might not.

02:11:29   It also seems broken on my phone forever for some reason.

02:11:31   Like, iClog Keychain just never,

02:11:33   it never works properly on my phone.

02:11:35   Works great on all my other devices except my phone.

02:11:37   - It's 'cause it's too small.

02:11:38   - Right, yeah, maybe.

02:11:40   But my battery life is getting bad fast.

02:11:42   - It's 'cause it knows you have 1Password installed

02:11:45   and it's angry.

02:11:46   - Yeah, right.

02:11:47   - It's been--

02:11:48   - Like, I don't like iClog Keychain yet.

02:11:51   I think it might eventually get good,

02:11:54   but it's not good enough and stable enough

02:11:56   and consistent enough for me yet.

02:11:58   It still doesn't have a lot of features

02:11:59   I like with 1Password.

02:12:01   And of course, there is the cross-platform thing

02:12:03   that is always gonna be kind of an afterthought for Apple

02:12:06   if it exists at all.

02:12:07   So I want to keep using this product

02:12:10   and I probably will keep using this product.

02:12:13   I'm just gonna have more paper cuts now.

02:12:15   And that's unfortunate.

02:12:17   And I hope they can find a way not to do that

02:12:20   or at least to reduce those or eliminate those paper cuts.

02:12:22   But I think some degree of that is inevitable

02:12:26   with all Electron apps.

02:12:27   And if not Electron, as I was saying a minute ago,

02:12:29   with all cross-platform apps.

02:12:31   Like, if you don't have native UIs that were really written

02:12:36   with the platform they're running on in mind

02:12:38   with a significant amount of native code on each platform,

02:12:41   I don't think you can make great experiences.

02:12:43   I think you can make okay,

02:12:44   you can make acceptable experiences.

02:12:46   It's hard to make great experiences.

02:12:48   The most common Electron app I use is Slack.

02:12:51   I use it all day every day.

02:12:52   And it's not a great experience.

02:12:54   It's fine.

02:12:56   But it's not great.

02:12:57   And Slack I feel like is even more excusable

02:13:01   as an Electron app because it has such a much larger

02:13:04   amount of UI.

02:13:06   Like, there's so much UI in Slack.

02:13:10   So many different kinds of screens,

02:13:11   so many different modes the UI can be in,

02:13:13   so many different levels and threads.

02:13:16   And there's so much UI in Slack that is more excusable

02:13:20   to me to be an Electron app.

02:13:21   - And it's a server-side app.

02:13:23   Like, everything you do talks to a server.

02:13:25   So it being web-based technology,

02:13:27   it's like, okay, I can see that.

02:13:29   - Right, yes.

02:13:30   But 1Password, I think, the conception of it that I have

02:13:35   is that the amount of UI in this app

02:13:38   is significantly smaller than Slack.

02:13:40   Now, that being said, in all the different directions

02:13:43   they're going as they're focused on business,

02:13:45   enterprise kind of features, maybe that's all changing

02:13:48   for a bunch of stuff I'll never use.

02:13:50   And that's why it's extra frustrating.

02:13:52   - Would you like to save your screenshots in 1Password?

02:13:54   (laughing)

02:13:56   - 1Password can now back up your entire computer.

02:13:58   - I just got that prompt today.

02:13:59   I'm like, what now?

02:14:00   - From Dropbox, yeah.

02:14:01   - This is dialogue, yeah.

02:14:02   'Cause I was on some, like one of the kids' accounts

02:14:04   on a computer that they don't use.

02:14:06   And I'm like, would I like to save my screen?

02:14:09   I'm like, wow, this is a Dropbox dialogue?

02:14:11   What the hell is, I've long since dismissed it

02:14:13   and told Dropbox to shop on my computers, yeah.

02:14:15   Please, 1Password, do not offer to save all our screenshots.

02:14:18   - Dropbox needs your root password

02:14:20   to enable certain features.

02:14:21   Oh yeah, mm-hmm.

02:14:23   Yeah, anyway, yeah.

02:14:25   Let's hope 1Password doesn't go the way of Dropbox.

02:14:28   But unfortunately, just looking at the direction

02:14:31   they're going as a company,

02:14:33   focusing a lot on the business market and everything,

02:14:34   I think it's gonna be an uphill battle

02:14:37   to not go that direction.

02:14:38   And so I hope they don't, but anyway.

02:14:41   But as a final note, I mean, at least Mark and I,

02:14:45   we spent a lot of this time talking about 1Password

02:14:47   because it's a product and company we love so darn much.

02:14:49   And in the defense of 1Password,

02:14:52   this is the first public beta of 1Password 8.

02:14:56   And three 1Password employees have been hanging out

02:14:59   in the chat, including both founders,

02:15:00   this entire, or certainly this entire segment,

02:15:03   if not the entire episode.

02:15:04   So they obviously care.

02:15:07   And I don't think, I don't get the feeling

02:15:10   that they're just in here trying to do

02:15:12   some sort of damage control.

02:15:13   I really genuinely believe that they care,

02:15:14   and that's why we care.

02:15:17   And I hope that continues to be the case,

02:15:18   because I agree that I fear that 1Password's heading

02:15:22   for a Dropbox fall into irrelevance,

02:15:26   and I really hope that that's not the case.

02:15:28   - I wouldn't even say irrelevance.

02:15:29   I would just say just very different priorities

02:15:31   than what all the consumers who started using it

02:15:34   really want out of it.

02:15:35   - And that's true, that's fair, that's fair.

02:15:38   - Thanks to our sponsors this week.

02:15:39   - 1Password. (laughs)

02:15:43   No, actually, it was Linode, Mac Weldon, and Squarespace.

02:15:46   And thanks to our members who support us directly.

02:15:48   You can join, atp.fm/join.

02:15:51   We will talk to you next week.

02:15:53   (upbeat music)

02:15:56   ♪ Now the show is over ♪

02:15:58   ♪ They didn't even mean to begin ♪

02:16:01   ♪ 'Cause it was accidental ♪

02:16:02   ♪ Accidental ♪

02:16:03   ♪ Oh, it was accidental ♪

02:16:05   ♪ Accidental ♪

02:16:06   ♪ John didn't do any research ♪

02:16:08   ♪ Marco and Casey wouldn't let him ♪

02:16:11   ♪ 'Cause it was accidental ♪

02:16:13   ♪ Accidental ♪

02:16:14   ♪ Oh, it was accidental ♪

02:16:16   ♪ Accidental ♪

02:16:17   ♪ And you can find the show notes at atp.fm ♪

02:16:22   ♪ And if you're into Twitter ♪

02:16:25   ♪ You can follow them at C-A-S-E-Y-L-I-S-S ♪

02:16:30   ♪ So that's Casey Liss M-A-R-C-O-A-R-M ♪

02:16:35   ♪ Auntie Marco Arment ♪

02:16:38   ♪ S-I-R-A-C ♪

02:16:40   ♪ U-S-A-C-R-A-Q-S-A ♪

02:16:43   ♪ It's accidental ♪

02:16:44   ♪ Accidental ♪

02:16:46   ♪ They didn't mean to ♪

02:16:48   ♪ Accidental ♪

02:16:50   ♪ Accidental ♪

02:16:51   ♪ Tech podcast ♪

02:16:53   ♪ So long ♪

02:16:55   - So my bike was stolen a few days ago.

02:16:59   - Well, it's all coming up Millhouse for you this week.

02:17:01   - Good thing you had an AirTag on it though.

02:17:04   - Right?

02:17:05   - So. - Right?

02:17:06   Oh wow, oh wait, is this real?

02:17:08   Oh, now I'm really excited.

02:17:10   - So this was incredible.

02:17:11   So Tiff was showing at an art show here in town,

02:17:14   which was great, it was a big deal,

02:17:16   huge, I'm very proud of how it went for her,

02:17:18   she was great and stuff went well, it was great.

02:17:20   Anyway, Tiff was doing this art show.

02:17:22   I was sitting at the booth with her

02:17:23   for the second half of this day,

02:17:26   and I was riding my bike back and forth occasionally,

02:17:28   back to the house to let hops out

02:17:31   or do other, pick up stuff, whatever.

02:17:34   I was parking my bike 15 feet from where I was sitting.

02:17:38   It was in, I shot, did we figure out if that's a word?

02:17:42   Is I shot a word?

02:17:44   - This is a new one, this is not like hardened.

02:17:46   - I guess within view.

02:17:47   So it was within eye shot.

02:17:51   And I don't usually like my bike in town

02:17:54   because it's a beach town,

02:17:56   that you can't bring bikes on the ferry,

02:17:59   so there's nowhere for a bike to really go.

02:18:02   And so bikes don't usually get stolen for profit.

02:18:06   They get stolen usually by drunk idiots

02:18:09   who are about to miss the last ferry of the night.

02:18:12   And so they rush to grab whatever bike they can find,

02:18:15   they ride to the ferry and they dump it

02:18:16   somewhere near the ferry.

02:18:18   And so then the next morning,

02:18:19   everyone goes in the town Facebook group

02:18:21   and posts like, hey, there's this bike in front of my house,

02:18:23   who's is this?

02:18:24   And then someone else would be like,

02:18:25   oh, I know, that's Bob's bike,

02:18:27   'cause everyone knows it's a small town.

02:18:29   So this is the environment that we operate in here.

02:18:32   So normally I don't even lock my bike

02:18:34   if I'm just going out to a grocery store or something,

02:18:37   'cause there's not a real theft problem

02:18:40   in the way that you would usually think of one.

02:18:42   So I thought AirTags would be perfect for this,

02:18:46   because usually, again, the problem is not

02:18:49   professional bike thieves coming up with an angle grinder

02:18:52   and cutting your U-lock to steal your bike for profit.

02:18:56   All you need to know is, okay, my bike is not

02:18:58   where I left it, it's probably somewhere stupid,

02:19:00   where is it?

02:19:01   That's all you need to know.

02:19:03   So I thought AirTags were great.

02:19:05   So when I got my first AirTags earlier in the summer,

02:19:08   I put one in discrete locations on many common objects,

02:19:12   including my bike, and figuring that, hey,

02:19:15   this could be good for a passive environment like this.

02:19:18   And also, the lack of true GPS or cellular in them

02:19:22   wasn't a big problem, because I don't think

02:19:25   there's anywhere in this entire island

02:19:27   that an object is likely to be more than 20 feet

02:19:30   from an iPhone for very long.

02:19:32   We have very tightly packed houses,

02:19:35   and tons of people walking around all the time.

02:19:38   So the iPhone location basis of them is also gonna be,

02:19:42   I think, pretty accurate.

02:19:43   So anyway, so at this R-fair with Tiff,

02:19:46   my bike is parked 15 feet away within eye shot,

02:19:50   and within an hour and a half period,

02:19:54   like between 3.30 and five on this day,

02:19:56   we finish up the R-fair, Tiff's packing up,

02:19:59   I go to get my bike, I'm like, where's my bike?

02:20:01   I parked it here, right, I'm looking around like,

02:20:04   where is it?

02:20:05   And this was in a bike rack full of other bikes.

02:20:06   Like, I'm like, where did my bike go?

02:20:09   Did somebody steal my bike in front of me?

02:20:13   And I didn't notice?

02:20:15   Yes, yes they did.

02:20:18   (laughing)

02:20:20   So at some point, someone in this R-fair,

02:20:24   like there was a lot of foot traffic,

02:20:26   someone at some point walked up to my bike

02:20:29   out of the, and just took it out of the rack.

02:20:31   - That's bananas.

02:20:32   - So I'm like, all right, well, let's see.

02:20:36   So I looked, opened up the Find My app,

02:20:39   and Find My Bike, it instantly showed a point

02:20:43   in the map that was a few blocks away, by the ferry.

02:20:46   (laughing)

02:20:48   I was like, okay, but it's like, okay,

02:20:50   this happened between 3.30 and five p.m.

02:20:53   Could somebody have really been that bombed

02:20:55   at like four o'clock in the afternoon?

02:20:57   I mean, it turns out--

02:20:57   - Challenge accepted.

02:20:59   - On Fire Island, yes.

02:21:00   But also, I'm like, this wasn't even the last ferry.

02:21:04   This was like four o'clock,

02:21:06   the ferry's run 'til like midnight.

02:21:08   Anyway, so I walked over, I'm like, this'll be amazing,

02:21:14   my bike is actually where this says it is.

02:21:16   I walk towards it on the map, and sure enough,

02:21:19   the AirTag had exactly located my bike,

02:21:22   which was parked in front of a storefront

02:21:24   and next to a couple other bikes near the ferry.

02:21:27   (laughing)

02:21:28   I have no idea how this happened in front of me

02:21:32   without me noticing.

02:21:34   It doesn't even make sense, because in the context

02:21:38   of this art fair, there were so little,

02:21:40   it was hard to even walk down the sidewalk,

02:21:44   let alone bike down it, 'cause there's so much traffic,

02:21:47   it's like walking through Times Square,

02:21:50   but on a much smaller scale, obviously.

02:21:52   I don't know why somebody did this,

02:21:53   but the fact is, my bike was indeed stolen

02:21:55   in the stupid way that bikes get stolen here.

02:21:57   The AirTag worked perfectly, and it let me find it

02:22:00   in 10 seconds after I started looking.

02:22:03   Like, wait, where's my bike?

02:22:04   It's not here, okay, find my, boom,

02:22:06   it's a few blocks that way, okay.

02:22:08   Walk right to it, it's exactly where it says it is.

02:22:10   So, here is my success story with AirTags.

02:22:13   If you happen to have the very strange needs

02:22:16   and priorities that I do for bikes here,

02:22:18   they work really well for that.

02:22:20   - Keep an eye on your bike, too.

02:22:21   - Why?

02:22:22   - Yeah, that might be a good idea.

02:22:24   (beeping)