444: It Should Definitely Bother Apple17 Aug 2021
1Password, Electron apps, and the difficult problem of cross-platform UI development — especially for Mac apps.
- Disney PhotoPass (via Ryan D)
- Bug bounties (via Dan Chandler)
- Cryptocurrency and failed monetary systems
- 1Password 8: The Story So Far
- On cross-platform UI frameworks
- Post-show: Marco’s stolen bike
- Linode: Instantly deploy and manage an SSD server in the Linode Cloud. New accounts get a $100 credit.
- Mack Weldon: Reinventing men’s basics with smart design, premium fabrics, and simple shopping. Get 20% off your first order with code atppodcast.
- Squarespace: Make your next move. Use code ATP for 10% off your first order.
Become a member for ad-free episodes and our early-release, unedited “bootleg” feed!
- Hi, this is Casey Liss.
- Disney PhotoPass
- Bug-bounty follow-up
- Crypto follow-up (ugh)
- Sponsor: Squarespace (code ATP)
- Apple-CSAM follow-up
- Sponsor: Mack Weldon (code atppodcast)
- 1Password and Electron
- Sponsor: Linode
- Cross-platform UI frameworks
- Ending theme
Hi, this is Casey Liss.
⏹️ ▶️ Casey In other news, some jackass named Casey just started recording two and a half minutes ago, so I’m gonna leave
⏹️ ▶️ Casey you a nice edit, so in case
⏹️ ▶️ Casey, Marco you want to cut all that. I’m gonna kill you. I know, I know. Your punishment is
⏹️ ▶️ Marco I’m gonna have to use the low-quality Zoom version for your opening banter.
⏹️ ▶️ Casey That is also completely acceptable, no joke, but do you want me to leave you like a nice let’s start with follow-up right
⏹️ ▶️ John Do you need to have a checklist, Casey?
⏹️ ▶️ John, Casey I do, I need to call Merlin. I suggest that
⏹️ ▶️ John Merlin have a checklist, and maybe you need a checklist too.
⏹️ ▶️ Casey It’s been a long time, and the problem is I was all out of sorts today, and I’m the one who caused us to come
⏹️ ▶️ Casey to come and do this today. And then I felt like I was late to get to our zoom call. It’s
⏹️ ▶️ Casey entirely my fault. Like I’m not trying to blame anyone, but me, but I was all out of sorts. I didn’t hit record and
⏹️ ▶️ Casey I’m used to call recorder having my back on this one. And because we switched to zoom and because, you know,
⏹️ ▶️ Casey we were all eventually going to be on M1 Max, except maybe John, it wasn’t there to save me.
⏹️ ▶️ Casey It’s all my fault, but I feel dumb. Anyway, uh, do you, so you don’t want a good edit. You’re just going to use the crap copy.
⏹️ ▶️ Casey That’s totally fine. It’s entirely my fault. I do not blame you at all, but I’ll leave you a nice, you know, intro
⏹️ ▶️ Marco See, the problem is if I use the crap copy, it punishes you, but it also punishes me because people will first
⏹️ ▶️ Marco think that I just suck at audio quality.
⏹️ ▶️ Casey Well, you can also leave all this in if you would like.
⏹️ ▶️ John People don’t even notice. It’ll be short enough. It’ll sound like, oh, it sounded weird in the beginning, but then it sounded normal. It’ll be fine.
⏹️ ▶️ Casey I’m going to do this for me and you’re going to ignore it and that’s fine, but it will make me feel slightly better about my
⏹️ ▶️ Casey ineptitude. So I need you two to shut the hell up for like 10 seconds.
⏹️ ▶️ Marco Are you rerecording an intro?
⏹️ ▶️ John You’re never going to be able to do it naturally. It’s always going to sound awkward. No, no, just let me give it a shot.
⏹️ ▶️ Marco We are sponsored this week by Squarespace. God damn
⏹️ ▶️ Casey, John Recording. Hey listeners.
⏹️ ▶️ Casey Would you two shut up for two
⏹️ ▶️ Casey, John seconds? That’s an incomparable joke for
⏹️ ▶️ Casey you there, Casey. Hey listeners, it’s your pal Casey. Some dummy like me forgot
⏹️ ▶️ Casey to hit record right away when I started recording tonight. So if I sound like garbage, it’s not Marco’s fault.
⏹️ ▶️ Casey It’s not John’s fault. It’s not your phone’s fault, it’s my fault. But don’t worry, I hit record after a few minutes and then
⏹️ ▶️ Casey I’ll sound just like I normally do.
⏹️ ▶️ Marco I’m not gonna use this. I would never put that in. I’ve already done
⏹️ ▶️ Marco the edit in my head. I got it covered, don’t worry.
⏹️ ▶️ Marco, John I know exactly what I’m
⏹️ ▶️ Marco gonna do. There’s no way I’m gonna use something like that ever.
⏹️ ▶️ John You’ve heard of headcanon? Marco’s got headedit. Yeah.
⏹️ ▶️ Marco Hi, listeners. Like this.
⏹️ ▶️ Casey Why? Why would I ever do that? Because I just wanted to give you
⏹️ ▶️ Casey the option. It makes me feel better to know you have the option. I know you’re not going to use it. It’s not for you, it’s for me.
⏹️ ▶️ Marco Hey listeners, Casey here. I’d like to apologize for my ineptitude starting my recording
⏹️ ▶️ John You should apologize for his counterfactual statements about cryptocurrency. That’s what
⏹️ ▶️ John you should be apologizing for.
⏹️ ▶️ John I just, I hate to tell you Casey, but you really just don’t have any of your facts right on cryptocurrency.
⏹️ ▶️ Marco Things you said were based not in fact, but ignorance. Here are five paragraphs describing
⏹️ ▶️ Marco how wrong you are. We’re lucky if they have paragraph breaks.
⏹️ ▶️ Casey Oh God, you want to restart the whole friggin’ show? No. Nope.
⏹️ ▶️ Casey, Marco I’m kidding,
⏹️ ▶️ Casey I’m kidding, I’m kidding. We plow bravely forward.
⏹️ ▶️ Marco Yep, this is all going in.
⏹️ ▶️ Casey I wanted to bring up just a very quick follow-up item from last
⏹️ ▶️ Casey week’s Ask ATP. Somebody had asked about what camera to take to
⏹️ ▶️ Casey Disney World and I actually really enjoyed that discussion. I thought it was very interesting. But somebody, Ryan
⏹️ ▶️ Casey D, wrote in to remind me of Disney PhotoPass. And if you’re not a Disney World person, this probably means nothing to
⏹️ ▶️ Casey you. I’ll try to be very brief. Disney PhotoPass is a thing that you can add on, of course, for money, where
⏹️ ▶️ Casey as you are around the parks, you can choose to have your picture taken by, you know,
⏹️ ▶️ Casey Disney photographers that have, you know, DSLRs. And I don’t recall exactly what equipment they have, but I know they’re DSLRs.
⏹️ ▶️ Casey And as you’re around the park, you can say, Hey, would you mind taking a picture of us please? And they’ll scan your ticket or your magic band or what
⏹️ ▶️ Casey have you. And then that evening, that, that thing will, that picture will be in your
⏹️ ▶️ Casey like online account. So you can download a full res copy and so on and so forth. I think it was
⏹️ ▶️ Casey like a couple hundred bucks when when we went in late 2019 for Declan’s 5th, which
⏹️ ▶️ Casey on the surface is a lot of money to have these Disney photographers take your picture, but
⏹️ ▶️ Casey I absolutely think it’s worth every ounce of the money you spend, because not only can you do this and get everyone
⏹️ ▶️ Casey in the pictures as opposed to all of our family pictures, where it’s everyone but me, because I’m taking the picture, but also
⏹️ ▶️ Casey as you get on and off rides, you can just bloop your ticket and it will automatically send
⏹️ ▶️ Casey that ride photo that in the before times, before before times, it used to cost like 20 bucks for each of these.
⏹️ ▶️ Casey it’ll sync that ride photo with your account and then you can just download it on your own, which is super great. In some cases, in
⏹️ ▶️ Casey some rides, by some magic I’m not entirely clear on, it’ll actually automatically
⏹️ ▶️ Casey figure out which vehicle you were on and which photo you’re in and sync that with your account. You don’t have to do any manual
⏹️ ▶️ Casey blooping of any sort. So that’s Disney PhotoPass. If you are a Disney World person or Disneyland,
⏹️ ▶️ Casey I mean, I’m sorry if all you have is Disneyland, but that’s neither here nor there. If you’re a Disney World person, please check that out.
⏹️ ▶️ Casey It’s very, very good.
⏹️ ▶️ John Yeah, I think we got that when we went. And if you were like the person last week who was asking what kind of camera
⏹️ ▶️ John should they bring and whether they should use like a rental company to get one, chances are good that you probably also wanna take your
⏹️ ▶️ John own photos because the Disney, the PhotoPass ones are what you expect. It’s you in front of landmarks,
⏹️ ▶️ John taking in a group picture, maybe doing a fun pose, right? But if you’re taking your own camera and wanting to get more candid
⏹️ ▶️ John things or casual things or photos of other aspects, traveling to and from the park, your
⏹️ ▶️ John hotel room, you know, kids waiting in line or all sorts of stuff like that, you wanna take your own pictures
⏹️ ▶️ John too. So like everything at Disney, it’s an add-on, and it’s a good add-on,
⏹️ ▶️ John and you should get it in addition to the other thing, and also the other thing, and also the other thing. So Disney
⏹️ ▶️ John is expensive, but PhotoPass does have value. Like I said, Casey, I think the
⏹️ ▶️ John only pictures we have with me in
⏹️ ▶️ John, Marco them are the PhotoPass pictures. I’m taking all the pictures. And some
⏹️ ▶️ John of them are good. And then one more note, Casey keeps saying DSLR. I’m assuming
⏹️ ▶️ John they don’t have little mirrors flapping up and down in their cameras anymore, but this is just the, what
⏹️ ▶️ John you’re trying to say with that as an interchangeable lens digital
⏹️ ▶️ John, Casey camera? Is that what you’re trying to say?
⏹️ ▶️ Casey Yes, yes. big fancy camera, TM.
⏹️ ▶️ Casey Moving right along, Dan Chandler had some interesting feedback with regard to cybersecurity
⏹️ ▶️ Casey and bug bounties and things of that nature. I’m a cybersecurity professional, says Dan Chandler, and have helped run bug
⏹️ ▶️ Casey bounties for some large organizations. There are a few reasons why an organization should not just pay out for any bug that’s reported.
⏹️ ▶️ Casey First of all, many vulnerabilities reported to bug bounty programs are also sold to criminals. If I’m willing to sell to criminals,
⏹️ ▶️ Casey then why not get paid twice? Secondly, if you host a bug bounty program that is too quote unquote generous,
⏹️ ▶️ Casey then you get more and more people hunting for defects in your product. You have to assume that some percentage of these people are going to sell their
⏹️ ▶️ Casey exploit to a criminal as well as submit it to the bug bounty program. Since you cannot fix every vulnerability
⏹️ ▶️ Casey instantly, you want to balance the desire to encourage someone who finds a vulnerability to come forward with the risk to the public
⏹️ ▶️ Casey of paying random people to hunt for vulnerabilities in your product or service.
⏹️ ▶️ Casey And then finally, it’s actually pretty uncommon for a bug bounty program to uncover a major vulnerability
⏹️ ▶️ Casey the company did not already know about. It happens, but it’s rare. the main purpose of the large bug bounty payouts is essentially
⏹️ ▶️ Casey to provide hush money to someone who does find a major vulnerability before it is patched.
⏹️ ▶️ John Yeah, that’s true in general, but for Apple and the iPhone specifically,
⏹️ ▶️ John there’s probably not much more you could do to encourage people to find exploits. It’s already,
⏹️ ▶️ John people are already highly motivated to do that. So, I mean, it is definitely a balance, but
⏹️ ▶️ John in general, this definitely makes sense. The getting paid twice thing, I feel like that’s just
⏹️ ▶️ John the cost of doing business. I mean, like, yeah, that’s gonna happen. You don’t have control over it, but
⏹️ ▶️ John all you can do is catch, like, encourage all the honest people to come, and yeah, the
⏹️ ▶️ John dishonest people are also gonna come. It’s just cost of doing business, which is a shame. The hush money thing
⏹️ ▶️ John is interesting because you see it in the, from my
⏹️ ▶️ John read on these people’s blog posts and stuff, the people who are trying to do the right thing and keep quiet
⏹️ ▶️ John for such a long time, and what I feel like is the motivation of these people to eventually break their
⏹️ ▶️ John silence and just essentially refuse the money is not so much that like, oh, you
⏹️ ▶️ John know, you can pay me to keep quiet, but if you don’t, I’m gonna out you, is there is cache
⏹️ ▶️ John and reputation, you know, boosts to finding an important vulnerability. You can talk about it at
⏹️ ▶️ John a security conference, right? Like you, it helps your profile in the security
⏹️ ▶️ John business to find big vulnerabilities. And the longer you have to keep quiet about them, the,
⏹️ ▶️ John you know, the more you can’t give talks about them, or you know, it’s like you don’t get reputational credit
⏹️ ▶️ John for it, right? And these are the things I’m reading are people who essentially end up turning down the money from Apple. Now maybe they already
⏹️ ▶️ John sold it to criminals, but I can’t tell that from their blog posts. But it seems to me that they really just want to tell the world
⏹️ ▶️ John that they found this because they’re proud of it. But Apple says, oh, you can’t until we fix it. And you know, they
⏹️ ▶️ John send an email once every six months to say, no, it’s not fixed yet. So that can be frustrating. But anyway, these are
⏹️ ▶️ John all important points in general with bug bounty programs that, especially if you have a thing that people
⏹️ ▶️ John previously weren’t breaking into, but suddenly you’re giving out millions of dollars, yeah, it’s gonna attract a bunch of new people to try to find holes
⏹️ ▶️ John in your thing and your thing does have holes in it because they all do because they’re made by people.
Crypto follow-up (ugh)
⏹️ ▶️ Casey I wanted to briefly talk about cryptocurrency because I really like feedback email apparently.
⏹️ ▶️ Casey We got a ton of feedback. We got a ton of feedback about crypto.
⏹️ ▶️ Marco Mostly from libertarians, tech pros, and finance bros.
⏹️ ▶️ Casey we got, to my recollection, maybe I missed it, but to my recollection, we got literally zero
⏹️ ▶️ Casey email about CSAM or maybe a couple of items. And boy, did we get a bunch on crypto. so we can tell what ATP
⏹️ ▶️ Casey listeners care about, or perhaps what they disagree with. But I did want to point out the only,
⏹️ ▶️ Casey I’m trying to temper myself here. The most compelling argument that I personally have
⏹️ ▶️ Casey heard in favor of cryptocurrency, which I have not had a lot of time to research, but I did very, very briefly,
⏹️ ▶️ Casey is that apparently in countries like Nigeria, as an example, Bitcoin may
⏹️ ▶️ Casey actually be kind of the savior it is claimed to be. My limited understanding, please fact check this
⏹️ ▶️ Casey if you’re interested, probably lying to you accidentally. My limited understanding is in some of these countries
⏹️ ▶️ Casey like Nigeria, the, what is it, fiat currency? What’s the derogatory term that you
⏹️ ▶️ Casey, Marco real money? I believe that’s it, yeah, fiat currency.
⏹️ ▶️ Casey The fiat currency is like falling apart in a disaster. And so a lot of like regular schmoes
⏹️ ▶️ Casey in Nigeria, if what I’ve read is to be believed, are turning to Bitcoin to kind of take banking
⏹️ ▶️ Casey or take money into their own hands. And if that really is the case, then okay, I can
⏹️ ▶️ Casey get behind that. That seems somewhat legitimate. I still think there are better ways to
⏹️ ▶️ Casey go about this, perhaps, but if it costs the heat death of the universe in order to get us there, then YOLO.
⏹️ ▶️ Casey But I did want to point out that that was one of the few semi-compelling arguments I’ve heard, even though we have
⏹️ ▶️ Casey heard a lot of arguments about Bitcoin over the last week. Not even, like, four or five
⏹️ ▶️ Casey days since we released it. Would you call them arguments? A lot of well-actualies.
⏹️ ▶️ Marco We’ve been sent a lot of words about Bitcoin over the last few days. A lot. Like,
⏹️ ▶️ Marco the average length of the emails is quite high.
⏹️ ▶️ John I don’t want to make Casey disappointed, but I think the one thing you picked out is maybe
⏹️ ▶️ John a redeeming value of Bitcoin, I feel like, is exactly in keeping with our collective take on it on the last episode.
⏹️ ▶️ John Because the situation you just described is you have people in a country
⏹️ ▶️ John with a failing monetary system, and they can’t trust their government to run the monetary system
⏹️ ▶️ John or the monetary system is badly broken by corruption or massive inflation or all sorts of other problems.
⏹️ ▶️ John They don’t have a good functioning monetary system. So Bitcoin to the rescue, right? That’s
⏹️ ▶️ John exactly the scenario we’re describing where Bitcoin is useful. If you
⏹️ ▶️ John have a bunch of people who can’t trust each other and there’s no middle party to be the trusted
⏹️ ▶️ John finance institution, like say if you’re a criminal or you’re trying to collect ransomware or
⏹️ ▶️ John you’re living in a failed state and the monetary system of your entire country is falling apart, yeah,
⏹️ ▶️ John Bitcoin is there for you. That’s the exact use case. Now, in this case, you’re not a criminal or you’re not doing anything wrong. It’s not
⏹️ ▶️ John your fault you live in this country. And so it’s good that there’s something. And that’s why the underlying
⏹️ ▶️ John technical structure of having a way for people who don’t trust each
⏹️ ▶️ John other to nevertheless be able to securely transact without anyone in the middle
⏹️ ▶️ John who they all have to trust. That’s why this is interesting. But if the only time it becomes
⏹️ ▶️ John relevant or useful is if like it’s your last resort, that’s not an endorsement of Bitcoin
⏹️ ▶️ John, Marco or cryptocurrency.
⏹️ ▶️ John That’s a condemnation of the monetary system of the country that you live in, right? If Bitcoin
⏹️ ▶️ John was super awesome for doing things, for being a currency, we would all be using it in this country. Because why wouldn’t
⏹️ ▶️ John we? But instead we use dollars because they’re better for that. Yeah, and
⏹️ ▶️ John like as a sort of, you know, if you have to use
⏹️ ▶️ John Bitcoin specifically as your, for your monetary transactions, because you have no choice.
⏹️ ▶️ John Your other monetary choices must be really bad because I would never want to
⏹️ ▶️ John use as my money a thing whose value can be cut in half over the course of a couple of months.
⏹️ ▶️ John It’s extremely volatile. It’s not, you know, you don’t want that in a currency. You don’t want it to be that volatile.
⏹️ ▶️ John Maybe if you’re using it as an investment vehicle and you’re speculating, volatility can be fun and you can make lots of money or lose
⏹️ ▶️ John lots of money, depending on how it goes. But really, if you look at the all-time graph of Bitcoin
⏹️ ▶️ John value, it is extremely spiky. And depending on where you are in the timeline, you could
⏹️ ▶️ John lose half of your money in less than a quarter of a year if you’re on the other side of the spikes.
⏹️ ▶️ John Or you could quintuple your money in less than half a year, which is the part that the Bitcoin fans all look at. So
⏹️ ▶️ John if you find yourself in a situation where Bitcoin is your best choice as a currency,
⏹️ ▶️ John that’s a bummer. But I don’t think it is an endorsement of Bitcoin as
⏹️ ▶️ John a replacement for, quote unquote, normal currency.
⏹️ ▶️ Marco Yeah. I think there’s also the technical barrier is also not to be underestimated. I mean, you have
⏹️ ▶️ Marco this currency that people are putting real money into and collecting real money
⏹️ ▶️ Marco from that has a pretty massive technical
⏹️ ▶️ Marco requirement of knowledge that you need to have and care that you need to take in order to have this
⏹️ ▶️ Marco very responsibly, if such a thing can be considered responsible on any level. Like, imagine
⏹️ ▶️ Marco if people’s entire retirement savings were dependent on their password hygiene.
⏹️ ▶️ Marco This would be a bad scene. That would be really bad. And that’s because
⏹️ ▶️ Marco Bitcoin is so technical and because it works a lot more like cash
⏹️ ▶️ Marco under your mattress, but that it’s cash under your mattress that the entire world can
⏹️ ▶️ Marco access. And if you make one mistake, the entire world can exploit it. that’s not
⏹️ ▶️ Marco a good place for the general audience of non-technical users to
⏹️ ▶️ Marco be relying on a lot of their money to be stored in. And so any scenario that you say, oh,
⏹️ ▶️ Marco Bitcoin’s great for this, like, well, there’s also, in addition to all the downsides we talked about last week, you know, with the environmental costs and everything,
⏹️ ▶️ Marco and the various illicit trades and ransomware and everything that it seems to have
⏹️ ▶️ Marco fueled, there’s also just this massive technical risk factor here that
⏹️ ▶️ Marco people get scammed out of their Bitcoins or hacked out of their Bitcoins all the time. And
⏹️ ▶️ Marco then you involve all these weird, shady wallet companies and exchanges that introduces
⏹️ ▶️ Marco its own whole levels of technical risk and opportunities for sleaziness
⏹️ ▶️ Marco or scams. It’s just, it’s like this giant seedy underbelly of finance
⏹️ ▶️ Marco that the proponents of it seem to be very hell bent on getting regular
⏹️ ▶️ Marco people to put their money into it. See, also the stock market. Whereas like
⏹️ ▶️ Marco really if you don’t have a baseline level of knowledge, you will lose or you will be at risk to lose
⏹️ ▶️ Marco everything through no fault of your own. And that’s I think that can’t be overlooked.
⏹️ ▶️ John A lot of companies build on top of the infrastructure of Bitcoin or whatever like you end up going through one of these companies
⏹️ ▶️ John to deal with stuff just because you don’t like there is a technical barrier to being able to sort of figure
⏹️ ▶️ John out how to do it and having the capacity to do it. could write on the network itself. So there’s tons
⏹️ ▶️ John of companies that will keep a wallet for you and mining pools and all sorts of other things where
⏹️ ▶️ John even though Bitcoin is supposed to be decentralized and no central authority or whatever,
⏹️ ▶️ John it doesn’t mean that there aren’t intermediaries. I imagine most sort of casual
⏹️ ▶️ John individuals who are doing things with any kind of cryptocurrency are using some kind of intermediary that makes it
⏹️ ▶️ John more convenient for them. Some of them don’t actually require you to give up any particular security,
⏹️ ▶️ John case, you’re back to the Markov scenario where, well, it’s on you to make sure you’re careful with this stuff. But other
⏹️ ▶️ John ones do sort of take over some of the tasks of security for you in exchange for transaction fees
⏹️ ▶️ John or whatever. You know, like there are businesses built on top of this. And some people have even promoted this as the model that Bitcoin, even though
⏹️ ▶️ John it has a very crappy transaction rate due to proof of work stuff, you can build a second layer on top of that
⏹️ ▶️ John and that’s your currency system and so on and so forth. But, you know, it’s kind of a shame that Bitcoin
⏹️ ▶️ John is the one with all of the PR and everything, because in many ways, it’s kind of the most,
⏹️ ▶️ John the most primitive and the sort of the, the, the least user friendly, let’s say.
⏹️ ▶️ John But that’s not like there are lots of other cryptocurrencies and lots of these other, you know, anyone can
⏹️ ▶️ John make a cryptocurrency and they all have different feature sets and some of them are clones or other ones and there’s lots of monetary scams around them,
⏹️ ▶️ John but it’s a big world of stuff. Like there are lots of interesting ideas
⏹️ ▶️ John floating around there from like a theory, um, like contracts on the blockchain and everything to all sorts of, you know, the proof
⏹️ ▶️ John of work, worth, proof of stake for stuff and all the, all the various, uh, parameters within those models
⏹️ ▶️ John and how they’re distributed. And it’s sort of like a bunch of experiments all being run at once, which one of
⏹️ ▶️ John these works, which is easiest to scam, which makes the most money for investors, which has the highest chance of you losing
⏹️ ▶️ John all your money because you forgot your password or got hacked and got your, you know, private key stolen. Like
⏹️ ▶️ John that’s all happening out there. And I think some, you know,
⏹️ ▶️ John the technology, the underlying technology, you can’t put this genie back in the bottle. Like this is technology that has a
⏹️ ▶️ John use, even if it ends up mostly being used to like stop cheaters in online games or something in the future, like decades from
⏹️ ▶️ John now, something is going to come of this. But right now it is a fairly dangerous
⏹️ ▶️ John place for individuals to be. So we, you know, when we come down hard on crypto, it’s not like we’re
⏹️ ▶️ John saying, oh, nothing will ever come of this. this technology is bad and should be erased.
⏹️ ▶️ John No, the technology, the knowledge, the math, the experimentation, that’s all great,
⏹️ ▶️ John but if you’re an individual listening to a tech podcast and you’re like, should I put all my money into cryptocurrency? Should I put
⏹️ ▶️ John any money into cryptocurrency? You kind of have to know what you’re getting into. It’s super risky, very dangerous. You
⏹️ ▶️ John have to know a lot about what you’re doing. And there are a lot of people out there who are going to encourage you with all their might
⏹️ ▶️ John to put as much as possible into whatever their pet cryptocurrency is because they stand to gain from it. So
⏹️ ▶️ John kind of like the stock market, like Marcus said, there are people who will encourage you, oh, become a day trader, get on E-Trade, do individual
⏹️ ▶️ John investing, and that’s just a losing bet. Not because the stock market is inherently a bad thing that we should eliminate,
⏹️ ▶️ John although maybe there’s a different argument for that elsewhere, but because as an individual,
⏹️ ▶️ John if you are going to try to be an individual investor and speculate on what’s gonna go up and what’s gonna go down, you’re probably
⏹️ ▶️ John gonna lose, so maybe don’t do that. Like, that’s why you see the sort of boring financial advice, that even though it’s fun to be
⏹️ ▶️ John a day trader, and maybe you can do it as a hobby, don’t bet your life savings on it, right?
⏹️ ▶️ John Cryptocurrency is very similar. And I’m always very wary of
⏹️ ▶️ John people really pushing that everyone should be getting into Bitcoin coming from somebody who has a big stake in Bitcoin
⏹️ ▶️ John or it’s their hobby or, it’s not always nefarious. Sometimes they’re just enthusiastic. Like they’re super into
⏹️ ▶️ John it, right? Some people are super into something they really want you to get into it and they will encourage you. It’s not
⏹️ ▶️ John like they’re trying to scam you and they’re not even, may not even be doing it to think, well, if more people get into Bitcoin the
⏹️ ▶️ John value will go up and my money will go up. They’re just really enthusiastic about it, but it still doesn’t mean, like people enthusiastic
⏹️ ▶️ John about day trading too, it still doesn’t mean that it’s right for you. So in general, I would say cryptocurrency,
⏹️ ▶️ John like you’ll know it when it becomes a thing that is reasonable and safe for people to do. But right now we are still definitely
⏹️ ▶️ John in the lots of experiments going on phase. NFT is out there, you
⏹️ ▶️ John got Ethereum, you got Bitcoin. We don’t know how this is gonna all work
⏹️ ▶️ John out and lots of signs point to it not working out really well at all. So the safe bet is to just stay away. If
⏹️ ▶️ John you want to throw a couple bucks in and play with it, and you can deal with the potential moral implications of
⏹️ ▶️ John a tiny increase in CO2 output from your tiny individual contribution, go for
⏹️ ▶️ John it. But don’t buy the hype that it is, any one of these things
⏹️ ▶️ John is necessarily the future of currency, because that is, to say the least, a huge open question.
Sponsor: Squarespace (code ATP)
⏹️ ▶️ Marco We are sponsored this week by Squarespace. Start building your new
⏹️ ▶️ Marco website today at squarespace.com slash ATP. Enter offer code ATP
⏹️ ▶️ Marco at checkout to get 10% off. Make your next move with a beautiful website from Squarespace.
⏹️ ▶️ Marco Squarespace quite simply makes it incredibly easy to make great websites.
⏹️ ▶️ Marco It takes almost no time and you don’t need to be a web developer or a designer
⏹️ ▶️ Marco or a nerd in order to make it. There’s no coding required. So this has
⏹️ ▶️ Marco amazing potential. As nerds like me, even if you could make a website yourself in
⏹️ ▶️ Marco some manual way, Squarespace can be a massive time saver, especially if
⏹️ ▶️ Marco you want to do something complicated. Normally for hosting it yourself, things like storefronts
⏹️ ▶️ Marco or podcast hosting or really any kind of dynamic functionality, galleries, calendars,
⏹️ ▶️ Marco stuff like that, it’s tricky to do all that stuff yourself. Or you create work for yourself in the future
⏹️ ▶️ Marco if you do it. Like you have to set up a server somewhere, you have to do software upgrades, you have to worry about server maintenance and
⏹️ ▶️ Marco uptime and security patches and stuff like that. Squarespace takes all of that away. So
⏹️ ▶️ Marco even if you are a nerd, that’s a huge time saver and it reduces your own future reliability and work. And
⏹️ ▶️ Marco if you’re not a nerd, you can create websites that are just as good as what professionals can make, even if you don’t
⏹️ ▶️ Marco have any design or development or web development skills. So it’s amazing. for yourself by starting a
⏹️ ▶️ Marco free trial at Squarespace.com slash ATP. There’s no credit card
⏹️ ▶️ Marco required. You can build the entire site in trial mode and see how it works for you and if it works for you.
⏹️ ▶️ Marco And once you’re ready to sign up, go back there Squarespace.com slash ATP. Use offer code
⏹️ ▶️ Marco ATP to get 10% off your first purchase. That’s Squarespace.com slash ATP
⏹️ ▶️ Marco code ATP for 10% off your first purchase. Thank you so much to Squarespace for sponsoring
⏹️ ▶️ Marco our our show, make your next move at Squarespace.
⏹️ ▶️ Casey We talked about quite a bit last week, which I actually really enjoyed the conversation. We got a lot of very positive feedback
⏹️ ▶️ Casey about it, which I really genuinely appreciate. That was very kind of all of you. We do have some feedback about it. There
⏹️ ▶️ Casey are, excuse me, follow-up about it, though. Facebook found 20 million photos, not 20 million
⏹️ ▶️ Casey people. That is quite a big difference. I’m not sure which one of us said that incorrectly, but it is worth noting.
⏹️ ▶️ John We said it right a whole bunch of times, but I think I eventually said it wrong once. So just to make that clear, in case you’re afraid that there are 20
⏹️ ▶️ John million child predators out there. But if you wanna get depressed, you can start trying to do the math and figure out, well, so how many
⏹️ ▶️ John pictures per person is it and how many people is it? I don’t know that math. All I know is it was 20 million photos. And that was in one year.
⏹️ ▶️ John maybe that doesn’t make you feel as good. But anyway.
⏹️ ▶️ Casey Yikes. Moving right along. John, you found a very entrancing PDF that you’d
⏹️ ▶️ Casey like to share with the class.
⏹️ ▶️ John Yeah, I’m gonna reference this in the next item. but these are all on apple.com slash
⏹️ ▶️ John child hyphen safety. This one was called, what is it? Security Threat Model Review, Apple’s Child
⏹️ ▶️ John Safety Features. I thought it was interesting because if you read it, each thing that is part
⏹️ ▶️ John of the system that we described last week is broken into sections where it says, what are the goals of this feature? What are the design
⏹️ ▶️ John principles? And what are the security and privacy requirements? And if you read this
⏹️ ▶️ John document in isolation, it makes a lot of sense. Like it’s like, okay, here’s
⏹️ ▶️ John this feature. Here’s the principles we have, like what the principles are, you know,
⏹️ ▶️ John how is it vulnerable? Should Apple be able to do this or not be able to do it? Should information never leave the user’s device
⏹️ ▶️ John or stay in the device? Like this is the security and privacy requirements. Like it’s saying
⏹️ ▶️ John when implementing this feature, here are the things we want to be true about it. And if you list it, you’ll be nodding your head and
⏹️ ▶️ John going, yeah, that’s a good goal of this feature. I like those design principles. I like the security and privacy requirements.
⏹️ ▶️ John And it explains why is this system made the way it is. And it also explains why
⏹️ ▶️ John in this interview with Craig Federighi from Joanna Stern of the Wall Street Journal, that Federighi
⏹️ ▶️ John really hammers on the superior privacy of Apple’s approach.
⏹️ ▶️ John It’s almost like he’s reading from this document of saying, we did it this way because this provides more privacy. And he
⏹️ ▶️ John doesn’t elaborate on it. This document elaborates on it. When he says more privacy,
⏹️ ▶️ John this is what he means. The things in this document are saying, it has these qualities. It adheres to
⏹️ ▶️ John these principles. The goals of this feature were X, Y, and Z, and that’s why we did it this way, to achieve
⏹️ ▶️ John these goals. So I’m gonna get back to that in a second, but I’ll let Casey summarize the interview.
⏹️ ▶️ Casey Right, so this is the interview with Craig Federighi and Joanna Stern, which I just wanted to say, I
⏹️ ▶️ Casey think Joanna’s excellent. She did such a great job at this. There are some quibbles
⏹️ ▶️ Casey that I think we have, but by and large, I thought it was really, really well done. And I liked the way that she would pause Federighi and they would
⏹️ ▶️ Casey do their little motion graphics or illustrations, whatever they are, in order to explain stuff. There were a couple
⏹️ ▶️ Casey of interesting points about this, though. I love Federighi. I really do. I think he strikes me as a very
⏹️ ▶️ Casey nice and very smart guy. I didn’t love this interview with him, though. It
⏹️ ▶️ Casey seemed—I got the vibe that he wasn’t telling me the whole story,
⏹️ ▶️ Casey even though allegedly he was trying to tell the whole story. And granted, it’s a short interview.
⏹️ ▶️ Casey Granted, it’s for a more basic audience. But I don’t know. Some of the things he said just didn’t rub me right.
⏹️ ▶️ Casey One of the things he did say, though, is that the database of hashes, I guess, are
⏹️ ▶️ Casey shipped on device, which we’d known last week. And he specifically cited that it’s
⏹️ ▶️ Casey the same database in China as it is in America, which I thought it was interesting that he kind of
⏹️ ▶️ Casey gave a nod in the direction of China as something that we’re all, you know, not fearful of, but
⏹️ ▶️ Casey I can’t think of a better way of phrasing it. And it makes sense. I mean, that is what we’re all thinking about, but I was surprised that he
⏹️ ▶️ Casey acknowledged it. And then the other thing that struck me a little weird was he said there are multiple levels of auditability
⏹️ ▶️ Casey in this system. Like there are multiple places where regular people can audit it. And he implied, for example,
⏹️ ▶️ Casey that regular people could audit the contents of the database that is shipped as part of iOS. And
⏹️ ▶️ Casey I just, where is this? Because I don’t see this. And maybe it’s to be announced,
⏹️ ▶️ Casey like how a regular person or perhaps a security researcher could go in
⏹️ ▶️ Casey, John and look at this. Yeah, did he
⏹️ ▶️ John say regular people? Because
⏹️ ▶️ John, Casey my impression is talking… No, he
⏹️ ▶️ John didn’t. He didn’t. He means people
⏹️ ▶️ Casey outside Apple. Yes, exactly. But even still, like even like a me or you or a Marco or
⏹️ ▶️ Casey like a Guy Rambeau, like where where is this stuff that we can go look at? Because Apple generally
⏹️ ▶️ Casey doesn’t take too kindly to us, you know, opening up iOS releases and trying to go spelunking
⏹️ ▶️ Casey within them. So perhaps I’m I’m being chicken little and perhaps there’ll be
⏹️ ▶️ Casey explicit instructions about it even for regular people, for all I know. But sitting here today, it seemed
⏹️ ▶️ Casey a little dubious to me.
⏹️ ▶️ John Well, I mean, they’re going to ship the bits to you. So, you know, and if it’s if it’s in the OS, people will be able to
⏹️ ▶️ John find it and compare it and know when it changes and see that it is the same across regions and all the other stuff.
⏹️ ▶️ John Right. And there’s a lot more technical detail that I felt like in this interview. He was trying to
⏹️ ▶️ John he couldn’t possibly go into the stuff that these tech documents go into, not even the stuff from the threat model
⏹️ ▶️ John document that I put in the links. But he was everything he was saying in them, you could sort of reference back to that.
⏹️ ▶️ John But here’s there was one question that Joanna didn’t ask that I think would have been
⏹️ ▶️ John illuminating and really is the thing that I’ve been thinking about since our discussion last week, that
⏹️ ▶️ John it’s not a problem for Apple now, but I feel like it makes more, everything they say and people’s discomfort
⏹️ ▶️ John with it makes more sense when you look in on this one point and this question. And we talked
⏹️ ▶️ John about it last week too, but I’m gonna dive into it again here. Joanna didn’t ask
⏹️ ▶️ John about end-to-end encryption on iCloud backups and iCloud photo library,
⏹️ ▶️ John right? Doesn’t currently exist, right? Right now, when you do an iCloud backup, Apple has the key
⏹️ ▶️ John to it. It’s encrypted at rest, but Apple has the key so they can look at it. Same thing with your iCloud photo library.
⏹️ ▶️ John If Apple wanted, they can look at all your pictures because they’re on Apple servers. And yes, they’re all encrypted, but Apple has the key,
⏹️ ▶️ John right? That’s my understanding. And I’ve checked that in a couple of different places and that’s the case, right?
⏹️ ▶️ John Everything in this threat model document is true within the scope of the features they added.
⏹️ ▶️ John Like here was our design requirements. We didn’t want Apple to be able to see any of your pictures
⏹️ ▶️ John until you’ve crossed the threshold. And we didn’t wanna know if you were near the threshold.
⏹️ ▶️ John And by the way, something I got wrong on the thing. They sent a security voucher for every single picture. So even
⏹️ ▶️ John the good ones and the bad ones. So Apple has no idea. Like every single picture gets a security voucher that they scan.
⏹️ ▶️ John Apple has no idea whether of all the security vouchers they got are a few of them indicating
⏹️ ▶️ John a bad picture is past the threshold or whatever, right? So these are the design principles. Like Apple’s like,
⏹️ ▶️ John we didn’t want to know this. We wanted to make it secure. So we can’t tell this mathematically, we can’t do this. And
⏹️ ▶️ John it’s like, okay, the feature you described fulfills these requirements, but there’s a huge problem. None
⏹️ ▶️ John of that matters because you don’t need to mess with this at all, Apple, because you have access to all our pictures. Like
⏹️ ▶️ John you don’t have to worry. This CSAM feature doesn’t change the fact that you already have access to all our pictures.
⏹️ ▶️ John Like every one of the sort of design goals
⏹️ ▶️ John and security and privacy requirements in the CSAM features is pointless because as I was trying to
⏹️ ▶️ John make the point last week, no one would ever try to use this system to get at the pictures
⏹️ ▶️ John because there’s already complete access to every single person’s picture on the server side.
⏹️ ▶️ John Today, that’s the way it is, right? So when reading this document and them saying
⏹️ ▶️ John this is better privacy, the only way it makes sense to me is
⏹️ ▶️ John that eventually, if Apple does end-to-end encryption of iCloud backups
⏹️ ▶️ John or even just photos things or whatever, suddenly this all makes sense. Because suddenly these security
⏹️ ▶️ John requirements and design principles are relevant, right?
⏹️ ▶️ John It’s like saying, boy, this door has a million locks on it and even Apple can’t open it, but there’s no wall.
⏹️ ▶️ John And so you can just walk past the door.
⏹️ ▶️ John, Marco But the door is super secure. The
⏹️ ▶️ John door is, it really preserves your privacy. But it’s like, but there’s no wall. It’s like, but we
⏹️ ▶️ John won’t, we’ll only try to go. It doesn’t make any sense, right? And so
⏹️ ▶️ John what I get out of this whole week’s worth of press and everything is that Apple, seems like Apple does not
⏹️ ▶️ John want to be able to see your photos, but they currently can. Every part of the CSAM
⏹️ ▶️ John system and the scanning thing or whatever is made so that Apple’s like, look, we don’t wanna see your photos. We don’t wanna
⏹️ ▶️ John be able to see your photos. Like not until this threshold, like that’s why they built this
⏹️ ▶️ John complicated system of like, you know, we have the system that’s gonna try to see if it’s a match against this database, but it’s not
⏹️ ▶️ John exact, so we have to do a threshold, and when it hits, only then do we ever want to even be
⏹️ ▶️ John able to see a low-resolution thumbnail to try to confirm if it’s one of the pictures from the NCMEC database, but
⏹️ ▶️ John otherwise, we don’t wanna be able to see your photos at all, but we totally can. We can see all of them, right? And
⏹️ ▶️ John so, and they haven’t said anything about this. Like, I mean, if you asked them, if you had
⏹️ ▶️ John asked them, hey, Apple, you ever gonna do end-to-end encryption on a Cloudflower library and Cloud Cloud backups, they’re not gonna tell you because they don’t talk
⏹️ ▶️ John about future products, but this entire feature only makes sense
⏹️ ▶️ John in a world where Apple plans to do that. Here’s the second problem. Everything I said last week about,
⏹️ ▶️ John don’t worry about this feature because it doesn’t make security any worse because Apple already has access to all of your photos.
⏹️ ▶️ John If that ever changes and Apple suddenly doesn’t have access to all your photos, this
⏹️ ▶️ John CSAM feature does become the most attractive vector for governments or anyone
⏹️ ▶️ John else to force Apple to get its stuff, right? What I was trying to say last week, which a lot of people
⏹️ ▶️ John weren’t understanding is like, no one would go through the CSAM feature to do this. There’s way easier ways, right? Why would
⏹️ ▶️ John you make your life more difficult? The system is way more secure than the, hey Apple, just, you know, drip
⏹️ ▶️ John through everything and let us scan it or like hacking Apple to do that or whatever, right? But if that changes
⏹️ ▶️ John this, then what everyone’s saying about, oh, you built the feature and now it’s easy to get it, that suddenly becomes true because
⏹️ ▶️ John the previous lack of a wall, now there’s a brick wall there and the door suddenly becomes the most viable
⏹️ ▶️ John vector because at least it opens and closes and you just have to pick the locks or whatever, right? So it’s kind of a
⏹️ ▶️ John weird situation. And I haven’t seen this really put in these terms in
⏹️ ▶️ John any of the discussion. It’s like, some of these features are nonsensical now,
⏹️ ▶️ John but if you make them make sense by implementing end-to-end encryption, all of the sort
⏹️ ▶️ John of scare tactics about the slippery slope things become worse, because then this does become
⏹️ ▶️ John the most valid way to try to have a government force Apple to do things. And as I was trying to
⏹️ ▶️ John emphasize last week, governments can force you to do things because that’s the way government works. They have all the guns and they control
⏹️ ▶️ John the laws in the countries in which they operate. And if you don’t like that, you can’t, you
⏹️ ▶️ John know, there’s no amount of security they can fix that. Like, you know, governments count law
⏹️ ▶️ John and then security and then like, you know, it’ll become illegal for you to do that and they can make it criminal and take you to court
⏹️ ▶️ John and blah, blah, blah, you know. You really need to deal with your government. That is your core problem here. But
⏹️ ▶️ John since we don’t know, Okay, does Apple plan to implement end-to-end security? It’s hard to know how to feel about these
⏹️ ▶️ John features. If the head Apple has said, and by the way, we’re gonna do end-to-end security, I would, if they announced
⏹️ ▶️ John that at the same time of this, I would be much more on the side of, ooh, the CSAM feature, now that they’ve built it, it
⏹️ ▶️ John makes it more likely that bad things will happen. But they didn’t announce that. So we have no
⏹️ ▶️ John idea if they’re ever gonna do end-to-end encryption. So it’s really weird.
⏹️ ▶️ John And that’s why I think this threat model document is great. If you read it and don’t know about all the
⏹️ ▶️ John other aspects of Apple security on their servers, like the fact that the iCloud backups are not end-to-end encrypted and
⏹️ ▶️ John Apple already has access to your photos, then this document in isolation looks airtight. But if you
⏹️ ▶️ John do know that context, this document starts to seem really weird and nonsensical. And by the way,
⏹️ ▶️ John if I’m wrong about the photos thing, again, I tried to confirm that with as many people as I could think to ask this question to, and everyone
⏹️ ▶️ John said, yes, this is the truth. But if that’s not the case, someone from Apple, please tell me. Can Apple currently look at
⏹️ ▶️ John all the iCloud photos in theory, not that they do, I’m sure they don’t, but
⏹️ ▶️ John in theory, could they look at everyone’s photos in their iCloud photo library? As far as I’m going to tell, the answer to that is
⏹️ ▶️ John yes. We know it’s true for iCloud backups because they’ve done that and law enforcement and stuff has made them do that in
⏹️ ▶️ John the US or whatever.
⏹️ ▶️ Marco So- And I think that’s a critical differentiator. A lot of people here are assuming, like you are
⏹️ ▶️ Marco proposing, like many people have proposed, like, well, this seems like an obvious precursor to Apple
⏹️ ▶️ Marco offering end-to-end iCloud encryption. And that’s actually, that’s probably a separate discussion of whether
⏹️ ▶️ Marco that’s even a good idea, and certainly whether that should be the default or whether it should be an opt-in thing, because there are
⏹️ ▶️ Marco serious repercussions if, for example, you forget your password, and you lose access to all your devices,
⏹️ ▶️ Marco and that’s a big support issue, just from the reality of customer support and everything
⏹️ ▶️ Marco that Apple have to deal with.
⏹️ ▶️ John We talked about this on past episodes of ATP, why the reason Apple is resisting doing that is not
⏹️ ▶️ John so much because it’s a principled stand against, or they want to be able to access your things, is a customer
⏹️ ▶️ John support issue, which I kind of believe, but as time marches on, I think as we said the last time we discussed this, as time marches
⏹️ ▶️ John on, it becomes less and less tenable to say, okay, customer support, but, and I think some support for the
⏹️ ▶️ John idea that Apple’s coming around on this is the new features they added about like delegating to like a family member to unlock your
⏹️ ▶️ John stuff, whatever that
⏹️ ▶️ John, Marco feature is called.
⏹️ ▶️ Marco Right, yeah, legacy planning stuff.
⏹️ ▶️ John Right, that is a thing that someone would do if they were eventually planning to really bite the bullet and say,
⏹️ ▶️ John I know it’s gonna be a pain in the ass for customer support, but like I would imagine they would really start pushing hard
⏹️ ▶️ John on when everybody sets up your phone, like, tell us, please tell us, you sure you don’t wanna tell us somebody, like
⏹️ ▶️ John your brother or sister or parent or a friend who you wanna trust, because you’re gonna need this later when
⏹️ ▶️ John you forget your passwords, right? If they hammer that feature really hard, then maybe they can mitigate
⏹️ ▶️ John against the eventual end-to-end encryption.
⏹️ ▶️ Marco Yeah, but I think ultimately, I would bet that this feature’s existence, while
⏹️ ▶️ Marco this would, I think, make end-to-end encryption easier for the law
⏹️ ▶️ Marco and governments to swallow if it does eventually become either an option or the default. I don’t
⏹️ ▶️ Marco know that this necessarily suggests that that’s coming because you’re right, that I’m pretty sure
⏹️ ▶️ Marco Apple does have the keys to all of your iCloud data with the exception of iCloud key chain,
⏹️ ▶️ Marco which is end-to-end encrypted. But as far as I can guess, it seems
⏹️ ▶️ Marco like maybe they wouldn’t want whatever the process is that
⏹️ ▶️ Marco they use internally to make sure that random employees aren’t just snooping on everyone’s iCloud data. I’m sure they probably
⏹️ ▶️ Marco have some kind of process for actually decrypting customer data and handing it over to law enforcement. And
⏹️ ▶️ Marco they might only want to invoke that when served with a warrant, for instance. Whereas the CSAM
⏹️ ▶️ Marco scanning feature, this is the difference between law enforcement versus surveillance, this feature is
⏹️ ▶️ Marco constantly scanning your stuff, going up to iCloud, even if no warrant
⏹️ ▶️ Marco has been issued against you. And so maybe they don’t want that
⏹️ ▶️ Marco same, whatever the warrant reply system is, where okay, we’re served with this warrant, we are
⏹️ ▶️ Marco forced, we legally must comply with it, so we are forced to hand over any data we have about this customer,
⏹️ ▶️ Marco so then they have a process to deal with that, right? But what if, if they use that process
⏹️ ▶️ Marco to look into your photos, and then hand it off to the police, maybe they could get sued for,
⏹️ ▶️ Marco I don’t know, like maybe, like suppose, suppose they refer somebody to
⏹️ ▶️ Marco law enforcement, and it ends up, it’s actually like a false positive, it’s actually, you know, the stuff
⏹️ ▶️ Marco they have is actually legal, and they get law enforcement on their backs and it ruins their life, and then they sue Apple. Like,
⏹️ ▶️ Marco maybe Apple just wants to keep their hands as clean as possible, and like, okay, well, the keys that we have to look at all your
⏹️ ▶️ Marco iCloud data we’re only gonna use those keys as we are legally required to when served with
⏹️ ▶️ Marco a warrant or subpoena or whatever. Whereas, you know, this automated system that’s proactively surveilling
⏹️ ▶️ Marco all of our, you know, data for this stuff, maybe that goes through a much more strict and like
⏹️ ▶️ Marco narrow view process to avoid their own liability.
⏹️ ▶️ John I think it’s kind of the opposite where if they’re served a warrant that the information they get from that will be admissible in
⏹️ ▶️ John court Whereas the it’s questionable whether the surveillance stuff that they catch, you know Just by scanning everybody is but
⏹️ ▶️ John in terms of the government making them do things Like even just the plain old US government can not
⏹️ ▶️ John just make Apple say I will scan this person’s thing They can because terrorism I’m sure make
⏹️ ▶️ John Apple under the right conditions have a secret warrant that requires Apple to scan everybody’s
⏹️ ▶️ John picture all the time, 24 hours a day, in perpetuity for whatever the government wants them to because
⏹️ ▶️ John terrorism and because of some terrible Patriot Act law and a secret judge that offers a secret thing. And by the way, Apple
⏹️ ▶️ John can’t talk about it. Maybe they’re already doing this, right? Setting aside the NSA hacking them and
⏹️ ▶️ John already being inside their data centers or, you know, having cracked all the encryption and gotten the
⏹️ ▶️ John secret keys out for everyone’s like, there’s so many scenarios in which the US government has done things that are
⏹️ ▶️ John no worse than what that I just described for very stupid reasons. And so
⏹️ ▶️ John that’s why when I read all these documents, it’s like what I keep hearing in my head and what I
⏹️ ▶️ John hear in the Federated thing is Apple doesn’t want to be able to see your photos. Like they don’t even
⏹️ ▶️ John wanna be able to do it. It’s kind of like the reason they were able to resist the FBI thing is there’s literally nothing they can do.
⏹️ ▶️ John Right now Apple can, is able, yes, there are policies and processes involved, but they’re able to see your photos.
⏹️ ▶️ John And it’s much easier for Apple to say, we literally can’t do that. we don’t have the keys. That’s
⏹️ ▶️ John where Apple wants to be. That’s how the CSAM features have been designed. But that is not how iCloud
⏹️ ▶️ John backups and iCloud photo library are designed. And so those two features are not in keeping with everything that
⏹️ ▶️ John Apple is doing and saying about like they would prefer not to. And the CSAM thing is like, again, with the
⏹️ ▶️ John potential of end to end in the future, if these EU and UK laws come down that requires
⏹️ ▶️ John Apple to scan, now they can still do that with end to end encryption, like it doesn’t it doesn’t prevent
⏹️ ▶️ John them from doing end-to-end encryption on the iCloud photo library. Like, they’re now well-positioned
⏹️ ▶️ John to comply with all laws, but also no longer be able to see things on their servers,
⏹️ ▶️ John which will then, like I said, make the CCM feature much more dangerous. So it’s a weird situation they’re in. And Apple’s,
⏹️ ▶️ John you know, some other people said this on other podcasts I listen to, that Apple’s secrecy about this
⏹️ ▶️ John means that we don’t hear anything, and all of a sudden, it just arrives. And it’s like, oh, what’s all this stuff? And they announced everything all together. And
⏹️ ▶️ John their secrecy also means that they’re not going to tell us that this is a precursor to doing end-to-end encryption. So we just had to guess.
⏹️ ▶️ John And so we don’t really know quite how to feel about it. So it’s weird and complicated. And I think
⏹️ ▶️ John Apple’s Apple’s actual security, like threat model of, you
⏹️ ▶️ John know, their entire company is very different than what they’re doing more recently. And the things
⏹️ ▶️ John they’re doing more recently lean in one direction very strongly, but the things they’ve done in the past are variable
⏹️ ▶️ Casey Yeah, it’s, it’s a mess. like, I don’t need to rehash everything we talked about
⏹️ ▶️ Casey last week, but they’re kind of darned if they do, darned if they don’t. And I think in a lot of ways, they’ve kind of set themselves up in this
⏹️ ▶️ Casey position because of secrecy, because of, oh, we’re the most private of all the people or all the companies. And so it’s
⏹️ ▶️ Marco I mean, can you blame, like they knew this was going to be a problem. That’s why they announced it on, you know, late in the week
⏹️ ▶️ Marco and in August. Like it’s, that’s, that’s, this is, this is when you drop, you know, news that, that might
⏹️ ▶️ Marco be unpopular is you drop it, you know, Thursday or Friday in August. Like it’s hot.
⏹️ ▶️ John I don’t think they have that much to worry about because I think most of the people flipping out about this are people who are like tech nerds or into the
⏹️ ▶️ John security world. But like in terms of a story that has legs with the general public, I mean,
⏹️ ▶️ John there’s the possibility that it sort of, you know, latches on as like, Apple’s always scanning your phone, but even those
⏹️ ▶️ John things like the whole Facebook is listening on your microphone or whatever, I think people lose interest in those. Maybe they’re just not juicy enough.
⏹️ ▶️ John This is the problem with lots of tech security related stuff for good and for bad. When something really bad happens, it’s very difficult
⏹️ ▶️ John to get regular people to care about it because it just seems so weird and esoteric and
⏹️ ▶️ John you have to convince them of these fourth order effects that may affect them. It’s why we get so
⏹️ ▶️ John many bad laws. I mean, remember how much we fought against the DMCA and everything and all the
⏹️ ▶️ John bad things that that could cause. And now if there’s three milliseconds of music from a passing car
⏹️ ▶️ John in your YouTube video, one strike is against you and soon your live load is gonna be gone if it happens three times, right? Like,
⏹️ ▶️ John the consequences happened, still no one cares. It’s like, that’s just the way the thing is. No copyright intended.
⏹️ ▶️ John, Casey It’s hard to get people
⏹️ ▶️ John to care. It’s hard to get people to care about these issues. And so Apple, in this
⏹️ ▶️ John case, I feel like Apple is going to benefit from that apathy of the general public.
Sponsor: Mack Weldon (code atppodcast)
⏹️ ▶️ Marco We are sponsored this week by Mack Weldon, the brand
⏹️ ▶️ Marco that has reinvented men’s basics. They got famous because their underwear. Their underwear is fantastic.
⏹️ ▶️ Marco I wear it literally every day. And they are so much more than underwear now. They have a huge collection
⏹️ ▶️ Marco of amazing men’s basics. T-shirts, polos, button-ups, shorts, pants,
⏹️ ▶️ Marco swimsuits, and so much more. What I like about them, you know, I wear Mack Weldon, every day I’m wearing their
⏹️ ▶️ Marco underwear, no matter what, because it’s literally 100% of my underwear. So every day I’m wearing Mack Weldon underwear. I know you really want to know this, right?
⏹️ ▶️ Marco I also have many of their socks. I have tons of their t-shirts. I especially love their
⏹️ ▶️ Marco silver line of t-shirts. I wear these all summer long and much of the winter because
⏹️ ▶️ Marco silver fibers in the fabric blend actually are antimicrobial and makes it basically impossible
⏹️ ▶️ Marco to stink while wearing it. Also, if you want, you know, different materials for workout clothes, they’re
⏹️ ▶️ Marco great at all of that. They have all sorts of, you know, breathable mesh fabrics and stuff like that. As the summer
⏹️ ▶️ Marco comes to a close and we get into the fall, I love their long sleeve collection. It is fantastic.
⏹️ ▶️ Marco My favorite is the warm knit series of long sleeve shirts, and they have all sorts of other options
⏹️ ▶️ Marco from there. Tech cashmere, all sorts of great stuff. So they have amazing materials,
⏹️ ▶️ Marco amazing products. I love the fit of their clothes. It’s modern, but it’s also comfortable. It’s not like, you know, too
⏹️ ▶️ Marco skin tight or anything. So it’s comfortable, it’s consistent, easy to buy, easy to wear, easy to care for,
⏹️ ▶️ Marco and it lasts forever. I’ve had Mack Weldon clothes now for something like four or five years. I don’t think
⏹️ ▶️ Marco I’ve ever lost a single item of clothing to just wearing out. Their stuff is just fantastic. So see
⏹️ ▶️ Marco for yourself at macweldon.com slash ATP podcast
⏹️ ▶️ Marco and you can get 20% off your first order with promo code ATP podcast.
⏹️ ▶️ Marco Once again, that’s macweldon.com, M-A-C-K-W-E-L-D-O-N, macweldon.com
⏹️ ▶️ Marco slash ATP podcast, promo code ATP podcast for 20% off. I
⏹️ ▶️ Marco love Mack Weldon’s clothes. I wear them all the time. MackWeldon.com slash ATP podcast.
⏹️ ▶️ Marco Thank you so much to Mack Weldon for sponsoring our show. Mack Weldon, Reinventing Men’s Basics.
1Password and Electron
⏹️ ▶️ Casey Speaking of benefiting from apathy from the general public, what do you guys think about Electron?
⏹️ ▶️ Marco Oh man, I’m so happy we finally got to this. It was like it was pressing on us because it had just
⏹️ ▶️ Marco happened like right before we recorded last week, but you know we were not going to have room for it in the show with all the CSAM stuff last week.
⏹️ ▶️ Casey Yeah, all right. So I for my own benefit, I would like to issue a quick series of disclosures.
⏹️ ▶️ Casey First of all, 1Password has sponsored the show in the past, most recently on the 8th of June,
⏹️ ▶️ Casey which was episode 434. You probably won’t believe it based on this conversation we’re about to have,
⏹️ ▶️ Casey but they have sponsored us in the past.
⏹️ ▶️ Marco Well, and to be clear, they sponsored us one time. There are currently no future
⏹️ ▶️ Marco sponsorships booked with them, although I don’t think we would turn them down because
⏹️ ▶️ Marco I still use 1Password and like them as a company, and we are, I think, about to criticize them. And I think
⏹️ ▶️ Marco this should tell you, listeners, that we are not afraid to criticize sponsors. And
⏹️ ▶️ Marco I hope you trust us on that, because we’re going to just let it rip here. And I think we will
⏹️ ▶️ Marco be civil to them, because I think that’s just our style most of the time. But we will criticize
⏹️ ▶️ Marco them freely. So here we go.
⏹️ ▶️ John You’re not going to suggest that their CEO be fired?
⏹️ ▶️ Casey, John We only do that to Apple. Yeah,
⏹️ ▶️ Casey only Apple. Only Apple. That’s funny. But I do want to also note that the 1Password
⏹️ ▶️ Casey people that I’ve spoken to, and I don’t know any of them terribly well, but any of the ones that I’ve spoken
⏹️ ▶️ Casey to have been incredibly, impossibly nice people because, hey, guess what? A lot of them are Canadian, so that stands.
⏹️ ▶️ Casey But they are very, very nice. I do think they are well-meaning, but don’t like the decisions
⏹️ ▶️ Casey of late, I got to tell you, gentlemen. So this morning, I downloaded
⏹️ ▶️ Casey 1Password 8 Beta for macOS, which is now
⏹️ ▶️ Casey being written, or has been written in Electron. Electron, again, is the cross-platform
⏹️ ▶️ Casey thing, app framework that lets you allegedly, ostensibly, write once, run anywhere.
⏹️ ▶️ Casey It is based on web technologies. And so, in my personal estimation, it’s write once,
⏹️ ▶️ Casey feel not native everywhere. So, it does kind of work everywhere, but it doesn’t feel native anywhere.
⏹️ ▶️ Casey And there’s probably 350 different takes we can have on this or different approaches on this.
⏹️ ▶️ Casey But I think the thing that really bums me out that I’d like to say upfront is.
⏹️ ▶️ Casey There there’s a, there’s a list of software. There’s not a long list, but a list of software that
⏹️ ▶️ Casey I feel like I evangelize because I love it. I really, really love the software
⏹️ ▶️ Casey and hand to God one password has always been on that
⏹️ ▶️ Casey list. And this list for me anyway, is very, very short one password so far has
⏹️ ▶️ Casey been pretty much bulletproof for me. I personally really like their
⏹️ ▶️ Casey subscription service. I know a lot of people are deeply turned off by it and that’s fine. I can totally understand
⏹️ ▶️ Casey why you would feel that way. But for me, I jumped on one password for families early
⏹️ ▶️ Casey and it has become absolutely critical for Aaron and I to share important passwords and also documents
⏹️ ▶️ Casey between each other in a way that’s secure and safe and I have
⏹️ ▶️ Casey always held their apps, their entire Apple app suite. I can’t speak for
⏹️ ▶️ Casey Windows or Linux, but… I
⏹️ ▶️ Casey Or for Android either, but apparently Marco can either confirm
⏹️ ▶️ Casey what I’m about to say or deny it. But at least on Apple platforms, their apps have always been excellent platform
⏹️ ▶️ Casey citizens. By that, I mean, whatever the convention of the particular platform we’re talking about, whatever
⏹️ ▶️ Casey the convention is on iOS, whatever the convention is on macOS, perhaps Marco on Windows,
⏹️ ▶️ Casey or maybe Android, they’ve always treated that platform well. And they’ve always
⏹️ ▶️ Casey acted as a good citizen within the platform. You know, when in Rome, do what the Romans do. Well, they’ve always done that
⏹️ ▶️ Casey very well, irrespective of platform. Is that true on Windows too?
⏹️ ▶️ Marco Um, I mean, I’ve used one password on Windows for a total of like 20 minutes,
⏹️ ▶️ Marco but, and, and I’ve used Windows, you know, outside of a game, I’ve used Windows
⏹️ ▶️ Marco for not that much more than that in the last decade or more. So I can’t really say
⏹️ ▶️ Marco how good of a Windows app it is compared to other Windows apps. But I can say that
⏹️ ▶️ Marco as a 1Password user for many years, as a 1Password family plan user, again, I
⏹️ ▶️ Marco think I mentioned this all during the ad, and certainly we’ve talked about them occasionally here and there before,
⏹️ ▶️ Marco we have it for my family. We like it. It works well. For the most part, I have a few asterisks on that,
⏹️ ▶️ Marco but for the most it works well, it has worked well. One of the great things about it, that
⏹️ ▶️ Marco I think is a major advantage it has over Apple’s iCloud keychain stuff that’s been increasing in scope over
⏹️ ▶️ Marco the last few years, is that I can use it on Windows. And this is not even that new. I mean, for a
⏹️ ▶️ Marco work on Windows or anything else. At some point in the last few years, I believe they started offering
⏹️ ▶️ Marco the actual native Windows client. I haven’t used it on Linux, sorry. I mean, who has, but
⏹️ ▶️ Marco, John next year, next
⏹️ ▶️ Marco, Casey year is the year. But the cross-platform nature, like being able,
⏹️ ▶️ Marco like when I was setting up a gaming PC, being able to have all my passwords in there for
⏹️ ▶️ Marco all of the stupid Microsoft accounts and Dropbox and everything, it
⏹️ ▶️ Marco was really nice. It’s a very convenient thing to have that available cross-platform. So
⏹️ ▶️ Marco I very much value one password. And I think what we’re about to get into here is
⏹️ ▶️ Marco their new beta for their new stuff. And it really suggests that
⏹️ ▶️ Marco the client experience of 1Password is about to get worse. And that makes me sad
⏹️ ▶️ Marco because I’ve had, for the most part, only very good things to say about it. I mean, the only problems I’ve really had with it
⏹️ ▶️ Marco year or so, I’ve found the browser plugin to be less reliable at various things.
⏹️ ▶️ Marco But otherwise, it’s been great for years before that. And
⏹️ ▶️ Marco the fact that it’s about to get worse in certain ways, it seems like a
⏹️ ▶️ Marco really unfortunate thing and possibly an avoidable thing.
⏹️ ▶️ Casey Yeah, and real-time follow-up. As of just a few hours ago, Apple released iCloud for Windows 12.5,
⏹️ ▶️ Casey which apparently includes a password manager app. So-
⏹️ ▶️ Casey, Marco Really? They don’t have one on the Mac?
⏹️ ▶️ Marco, Casey Unless you count Keychain access, which is
⏹️ ▶️ Casey, John terrible. Oh, come on. Keychain’s the best.
⏹️ ▶️ John Monterey, they moved it into system preferences, So there’s a preference pane for passwords.
⏹️ ▶️ John, Marco Oh, that’s right. Yeah,
⏹️ ▶️ John that’s a little better.
⏹️ ▶️ John, Marco Yeah, it is.
⏹️ ▶️ John I mean, that’s probably kind of where you’d expect to see it. Keychain access is more like a utilities folder
⏹️ ▶️ John kind of thing. But if you just, like normal people don’t use keychain access. But I feel like normal people will go to system preferences and click
⏹️ ▶️ John on the thing that says passwords. And that’s the exposure to the new, like the new password thing has like a two factor
⏹️ ▶️ John thing built in and will generate your passwords. And it’s also, by the way, reflected in Safari and Monterey. So
⏹️ ▶️ John like Safari has it in its own preferences, like also decked out with the new features. but they also put it
⏹️ ▶️ John in system preferences because that’s where people will look for it. So things are getting better and
⏹️ ▶️ John slightly more featureful on the Mac. Still nowhere close to 1Password’s features. You haven’t even mentioned the family thing, which I think
⏹️ ▶️ John is the real killer feature of 1Password, even if you never do anything cross-platform.
⏹️ ▶️ Marco Narrator, they both mentioned it.
⏹️ ▶️ Casey Yeah, no, that’s the thing is that for me, what I love about 1Password is,
⏹️ ▶️ Casey as compared to like iCloud Keychain, is that first of all, I can store things other than passwords. And maybe
⏹️ ▶️ Casey you can in iCloud Keychain, but last I had looked at it, that wasn’t the case. You know, I can store documents, I can store
⏹️ ▶️ Casey notes, I can store things that aren’t just passwords, which for me is very important.
⏹️ ▶️ John You can start notes. I haven’t tried documents, but you can just make notes in Keychain Access, I’m
⏹️ ▶️ Casey Okay, well, I also keep like PDFs, for example, and things like that in there.
⏹️ ▶️ Marco Yeah, I keep like a scan of my driver’s license. You know,
⏹️ ▶️ Marco, Casey it’s like things that,
⏹️ ▶️ Marco it’s handy to have this kind of stuff, you know?
⏹️ ▶️ Casey Mm-hmm. And again, as both Marco and I were evangelizing and touting
⏹️ ▶️ Casey 1Password for families, or when I last had a real job, I brought 1Password to our company
⏹️ ▶️ Casey and we were using 1Password for business. At the same time, I was using 1Password for families and all of that intermingled
⏹️ ▶️ Casey really, really well, actually. So again, I love 1Password the service. I personally
⏹️ ▶️ Casey love paying for 1Password the service. I mean that genuinely because not only are the people very good in the
⏹️ ▶️ Casey apps, and till maybe now, really good, but the service is really good. And it genuinely
⏹️ ▶️ Casey makes my online life better and more secure. And for that, I think it’s well worth whatever money it is I
⏹️ ▶️ Casey pay them every year. But yeah, this new beta
⏹️ ▶️ Casey apparently a whole bunch of Rust. They’re very excited about Rust over there. And what that means
⏹️ ▶️ Casey is, in my personal opinion, it will never feel
⏹️ ▶️ Casey properly and truly native. Now, can you get close? You certainly
⏹️ ▶️ Casey can, but take, for me the canonical good Electron app is
⏹️ ▶️ Casey Visual Studio Code and Visual Studio Code to me is a genuinely
⏹️ ▶️ Casey and truly great app. Native though, not really.
⏹️ ▶️ Casey It’s a great app, but it doesn’t really feel native. It doesn’t really feel like it’s part of the Mac.
⏹️ ▶️ Casey And that’s okay. But what bums me out about 1Password is they have
⏹️ ▶️ Casey this long, long, long, like 15 or 20 years history of being excellent platform systems
⏹️ ▶️ Casey everywhere. Excellent, excellent platform citizens, excuse me, everywhere. And
⏹️ ▶️ Casey this certainly doesn’t smell like it’s going to be the case too much longer. And
⏹️ ▶️ Casey I have installed the beta. Um, and I’ve used it for a little while.
⏹️ ▶️ Casey And as the three of us do, I have thoughts. Do you want me to start
⏹️ ▶️ Casey diving into this, or would we rather kind of talk about, oh, Penny is not on
⏹️ ▶️ Casey airplane mode right now.
⏹️ ▶️ Casey rather, let me just reboot that whole thing. Would you like to have me go into my particulars, or
⏹️ ▶️ Casey would you rather talk kind of more generally previous, before we get into
⏹️ ▶️ John think you should go through your list of complaints, because I think it’s important that you made this list, because
⏹️ ▶️ John lots of people will say this, oh, it uses web technologies, and there doesn’t feel native on the Mac or whatever, but like,
⏹️ ▶️ John what does that mean? Like, what does it mean in concrete terms? How does it affect me as the user? What if I’m not a touchy feely person who
⏹️ ▶️ John has this inherent feel of, if I can feel this isn’t right for the Mac, like what
⏹️ ▶️ John are the actual consequences? And I think that’s what you have a list of here. We say that all the time, but I think it’s important
⏹️ ▶️ John to nail it down. So please do.
⏹️ ▶️ Casey Yeah, so I went on a Twitter rant about this, which I
⏹️ ▶️ Casey directed at the 1Password account. So if you happen to follow me, but don’t follow 1Password, you wouldn’t
⏹️ ▶️ Casey have seen it. I’ll put an unrolled version of it linked in the show notes. But
⏹️ ▶️ Casey nevertheless, so here’s some examples. When I installed the beta,
⏹️ ▶️ Casey one of the first things that asked me on my iMac Pro, on my Intel
⏹️ ▶️ Casey iMac Pro, was, hey, do you wanna use Touch ID? What?
⏹️ ▶️ Casey I’m sorry, on my Intel iMac Pro? Yes, I would like to use Touch ID, but I can’t. I can’t.
⏹️ ▶️ Casey And that is a very silly thing that lasted 2 and 1 1 seconds.
⏹️ ▶️ Casey But it’s the sort of thing that if it were a native app, and perhaps there is a way with this
⏹️ ▶️ Casey new based on Electron app, maybe powered by Electron or whatever, maybe there is a
⏹️ ▶️ Casey way to get to the API that would tell them whether or not Touch ID is even available on this particular computer.
⏹️ ▶️ Casey But based on my experience, they certainly didn’t bother trying to figure that out.
⏹️ ▶️ Casey And so this is a great example of like least common denominator user interface.
⏹️ ▶️ Casey One of the platforms that this app may run on has touch ID.
⏹️ ▶️ Casey So screw it. Let’s ask everyone about touch ID, which is fine. Like, is it in and of itself
⏹️ ▶️ Casey a big deal? Certainly not, but that’s my first paper cut. And I’ve been running this new app for 30 seconds.
⏹️ ▶️ Casey Okay. So let’s say I go and I try to enter my master
⏹️ ▶️ Casey password. So I’m sorry, I should have said this already, but basically if you’re not, If you’ve somehow lived under a rock and aren’t familiar with one password,
⏹️ ▶️ Casey you have one password, you have a single password that opens
⏹️ ▶️ Marco You cracked it. Maybe that’s why he became a dentist.
⏹️ ▶️ Casey So you have this one password that once you open it up, then you have unique passwords for like everything under the sun. You have a
⏹️ ▶️ Casey unique password for Gmail, unique password for Facebook, and so on and so forth. So when you enter that one password
⏹️ ▶️ Casey incorrectly, in every version of one password I’ve ever used, or every native version, I don’t recall if it did it on
⏹️ ▶️ Casey the web or not. In every native version though, the screen would shake side to side just like the login screen does
⏹️ ▶️ Casey on a Mac. And at one point I entered my password incorrectly either on purpose or by accident
⏹️ ▶️ Casey and nothing happened. It just said, oh, that’s not right. Is that a big deal?
⏹️ ▶️ Casey Certainly not. But I have, I’ve been using one password, jeez, 10, 15, probably
⏹️ ▶️ Casey like 10 years and I’m used to seeing a shake when I get the password wrong. I’m not even really looking at the screen,
⏹️ ▶️ Casey but I’m seeing something shaking side to side in my periphery And I know, oh, I got to try that again.
⏹️ ▶️ Casey Again, something silly, something that maybe could be done, but at least as of the time
⏹️ ▶️ Casey in which we are recording is not being done.
⏹️ ▶️ Marco And to be fair, it is a beta. Yeah, absolutely. But I think a lot of this stuff, ultimately, I think a lot of this stuff
⏹️ ▶️ Marco is, is probably not going to improve for the final version.
⏹️ ▶️ Casey And that’s the thing is, if the ostensible reason for going to this electron powered monstrosity
⏹️ ▶️ Casey is to have as little custom user interface on
⏹️ ▶️ Casey any given platform as you can get away with, then why would they make it shake, unless they
⏹️ ▶️ Casey make it shake everywhere? And gosh knows that the animation APIs are going to be different on a Mac versus Windows
⏹️ ▶️ Casey and so on and so forth. So I don’t think things like this are going
⏹️ ▶️ Casey to change. And I’d love to be wrong. Golly, I would love more than almost anything in the world,
⏹️ ▶️ Casey even more than eating crow about crypto, which I’m not going to do, I’m not going to do that. But I’m going to say that I’m going to be a little bit more conservative about it. I’m never gonna
⏹️ ▶️ Casey do, because I’m right. I would love to be able to eat crow on this and say, you know what, this new Electron version,
⏹️ ▶️ Casey you know, the final released version, hand to God, I can’t tell the difference between this and the real one, and
⏹️ ▶️ Casey the native one, the real one, see what
⏹️ ▶️ Casey, John I did there, and the native one. So yeah, I
⏹️ ▶️ John was wrong. It’s just fine. By the way, the animation APIs would be the same on all platforms, because they’d be web
⏹️ ▶️ John, Casey APIs. That’s the whole point
⏹️ ▶️ Casey of a web-based- Oh, that’s true. No,
⏹️ ▶️ Casey, John you’re right,
⏹️ ▶️ John you’re right, you’re right. It’s just CSS animation. But what you’re getting at is the conventions. Like, did it always shake on Windows, or was that just a Mac
⏹️ ▶️ John thing, right? Is that a convention on Windows like it is in the Mac, shaking when you get it wrong, or is it not
⏹️ ▶️ John a convention? So if you did it everywhere, you may not be, you may not, like you said before, may not feel like a
⏹️ ▶️ John native citizen of the platform. Like that you’re not complying with the conventions of your environment,
⏹️ ▶️ John but instead are complying with the conventions that someone has decided it should be the same across all platforms.
⏹️ ▶️ Casey Right. So then things got dodgy. And I think I’ve since figured
⏹️ ▶️ Casey out what the problem is. I suspect, and I hope that this will get fixed by the time the beta is no longer a beta.
⏹️ ▶️ Casey But when I first started trying to use this new 1Password8 beta, it had me install a new version
⏹️ ▶️ Casey of the extension for Safari, which makes perfect sense, it’s totally reasonable. But
⏹️ ▶️ Casey it didn’t seem like it really wanted to do anything. There was no solid communication between
⏹️ ▶️ Casey Safari and the actual app. And for the life of me, I couldn’t figure out
⏹️ ▶️ Casey what I was doing wrong. But I would go to hit the little icon in the toolbar in Safari, which in the
⏹️ ▶️ Casey past would ask me to enter my password right there in the extension, which
⏹️ ▶️ Casey I believe is not the case anymore. I think I was running an old extension or something like that. I’m a little wishy-washy
⏹️ ▶️ Casey on this, so I might be lying. But one way or another, the extension that I was used to
⏹️ ▶️ Casey was that it would let me enter the password right there in the extension, and then it would give me my list of passwords, you know, for that
⏹️ ▶️ Casey particular website. Well, now it’s asking, it’s kicking open the full app, which is kind of annoying
⏹️ ▶️ Casey because it’s a context switch I’m not expecting and don’t particularly want, but okay, fine. But then when
⏹️ ▶️ Casey I tried, when I would successfully enter my password, the extension would just sit there and spin. Okay,
⏹️ ▶️ Casey so I tried it again, same story. Eventually I figured out what appears to be the problem
⏹️ ▶️ Casey was I made the critical mistake of asking one password not to be in my menu bar on my
⏹️ ▶️ Casey Mac, which is something I’ve done forever. I really don’t like menu bar items except the ones
⏹️ ▶️ Casey I want up there, which is funny because I have like 304 up there, but they’re the ones I want, darn it.
⏹️ ▶️ Marco with you on this, by the way. I’m a thousand percent with you on that.
⏹️ ▶️ Casey Preston Pyshko Right. Thank you. And so I hate having things that I don’t want on my menu bar. And yes, I’m
⏹️ ▶️ Casey aware that bartender exists. I don’t want to use bartender. I just want to have the stuff I want up there.
⏹️ ▶️ Casey And so immediately when I had installed the beta, I took the, you know, the one I had checked to the or unchecked,
⏹️ ▶️ Casey I guess I should say the option of having one pass for the menu bar. And kudos to them that that option was already there
⏹️ ▶️ Casey in the beta, everything was great. Except it appears that
⏹️ ▶️ Casey by taking it out of the menu bar, I’ve also killed the like daemon, for lack of a better term, you know,
⏹️ ▶️ Casey the always resident server, if you will, that’s within my Mac, in order
⏹️ ▶️ Casey to communicate with one password. So, when Safari was going to talk
⏹️ ▶️ Casey to the daemon, it wasn’t there. Luke Dennyton It’s pronounced affluent. Oh, did I? Oh, God.
⏹️ ▶️ Casey I don’t even know what I just said that made you think of that. But anyways, the point is that I was trying
⏹️ ▶️ Casey to get to this process that wasn’t there, and so it wasn’t working. And then once I finally
⏹️ ▶️ Casey figured out, oh, I wonder if I need to keep one password in the main. Okay,
⏹️ ▶️ Casey great. So apparently, I do need to have the menu bar icon there, which I really, really don’t want.
⏹️ ▶️ Casey And again, I would hope and suspect that this will get fixed in the future. But if
⏹️ ▶️ Casey this is the way it is forever, I’m going to be real grumpy about it. It’s a dumb thing to be grumpy about, but darn it, I’m not going
⏹️ ▶️ Casey, Marco to be grumpy about it.
⏹️ ▶️ Marco No, no, no. First of all, it’s probably just a beta bug. But second
⏹️ ▶️ Marco if that were actually how it would ship, I would be grumpy about that too. And
⏹️ ▶️ Marco this is, I think, part of the larger picture here, but I hate when I install something
⏹️ ▶️ Marco that is, to me, a utility and it wants to take over my computer.
⏹️ ▶️ Marco And it’s like, hey, you know what? Did you know we now do all of these other things. Now you can use, you know, Dropbox
⏹️ ▶️ Marco is the biggest example of this in recent years, but it’s like, now you can use those for all your collaboration
⏹️ ▶️ Marco and tool. And it’s like, no, I don’t want, you are a utility, not my entire computer. My
⏹️ ▶️ Marco computer is not yours. And when applications that have no good
⏹️ ▶️ Marco reason to have a menu bar item, put one there, especially as they almost always do by default,
⏹️ ▶️ Marco and it’s like, now we’re running all the time to help you out. It’s like, no, you’re running all the time to help you out, not
⏹️ ▶️ Marco to help me out. So yeah, I am totally with you on like,
⏹️ ▶️ Marco basically keeping these sprawling businesses apps from sprawling all over my computer. It’s
⏹️ ▶️ Marco like your business is making you do this, but that’s not my problem. My problem is
⏹️ ▶️ Marco this utility app that I thought was only gonna do this one basic thing in a normal way, wants to
⏹️ ▶️ Marco grab more real estate than I think it deserves.
⏹️ ▶️ John Except for my two apps, which do have to be running all the time and only appear in the menu bar. They’re fine,
⏹️ ▶️ Marco right? Are they electron? Brutal.
⏹️ ▶️ John They are not, but if they’re not running all the time, they don’t work. So there’s
⏹️ ▶️ Casey So Andrew Byer in the chat is telling me, one of the big, Andrew works on 1Password, one of the big changes between
⏹️ ▶️ Casey 1Password 7 and 8 is our change from Safari app extensions to a web extension, which comes with some new Apple API
⏹️ ▶️ Casey issues. Safari 15 brings a bunch of improvements on Mac OS, like the popover opening speed. So that’s,
⏹️ ▶️ Casey I’m hopeful to see that those improvements land. I think like I was alluding to earlier, perhaps
⏹️ ▶️ Casey I was using like an ancient version of the extension and that’s part of the reason why I find this new one so crummy is because not
⏹️ ▶️ Casey only is it working with the crummier native app, but on top of that, I’m using the crummier
⏹️ ▶️ Casey new APIs that Apple is giving one password. So it’s just crummy all the way down. And
⏹️ ▶️ Casey those are just a handful of examples of why I was not in love and am not
⏹️ ▶️ Casey in love with the new beta. Again, it is certainly possible all these things will be fixed.
⏹️ ▶️ Casey I’d be surprised, but it is possible. But the thing of it is, is that 1Password,
⏹️ ▶️ Casey as I’ve said this before, I’ll say it a few more times, was always, and to use a grouberism, it was always
⏹️ ▶️ Casey a Mac-assed Mac app. It was always a really strong,
⏹️ ▶️ Casey really solid Mac app. I’m sure I could come up with complaints about 1Password 7, but for the most part,
⏹️ ▶️ Casey it was a really great shining example, you know, almost to a panic level
⏹️ ▶️ Casey of what a great Mac app could be. And I would say the same with the iOS apps too. I’m sure I could
⏹️ ▶️ Casey come up with complaints, but on the whole, they were really, really, really great solid apps.
⏹️ ▶️ Casey And now I feel like it’s an app on my computer. It’s just another
⏹️ ▶️ Casey one. And that’s fine. Like I guess one could argue that I should not get my
⏹️ ▶️ Casey engine revved as much as I used to by a password manager, but darn it, there’s not a lot of things to be happy
⏹️ ▶️ Casey about these days and it always made me happy. And 1Password8 does not make me happy.
⏹️ ▶️ Casey With that said, to give credit where credit is potentially due, I did not take this,
⏹️ ▶️ Casey or I did not compare to 1Password7, but I did look at the memory usage of 1Password8. And one of the things that people love
⏹️ ▶️ Casey to whine about, including me, with regard to electron-powered stuff, is that it uses a butt-ton
⏹️ ▶️ Casey of memory. And when I looked earlier today, I was using about 135 megs of memory at idle, which is
⏹️ ▶️ Casey a lot, and is more than it should be, but is not like the 17 gigs
⏹️ ▶️ Casey that Chrome uses when it’s looking at, you know, about blank. So,
⏹️ ▶️ Casey it certainly could be worse. There is a long explanation that Dave Teer wrote.
⏹️ ▶️ Casey Dave was one of the co-founders of 1Password that explains kind of the history of
⏹️ ▶️ Casey 1Password for Linux. And he and I exchanged a couple of tweets earlier today. Again, nicest
⏹️ ▶️ Casey guy. Everyone there is so nice. David offered and we just crisscrossed on timing to
⏹️ ▶️ Casey get on the phone with me to talk about kind of the motivations of why they’re going the way
⏹️ ▶️ Casey they’re going, which most of me honestly does not really care or want to hear,
⏹️ ▶️ Casey but because I love 1Password and the people there so much, I was going to hear them out and at least entertain the conversation. As
⏹️ ▶️ Casey it turns out, the timing just didn’t work out. But this Medium post goes through, how did
⏹️ ▶️ Casey 1Password land on being powered by Electron as the way forward?
⏹️ ▶️ Casey And I guess what I keep coming back to, and it is so easy for me to armchair quarterback, but hey,
⏹️ ▶️ Casey that’s what I do for a living now. It’s so easy for me to armchair quarterback, but it seems to me
⏹️ ▶️ Casey that this is not the way
⏹️ ▶️ Casey forward that I want or that I think ultimately 1Password wants.
⏹️ ▶️ Casey Because what it gives them is a kind of meh experience everywhere rather than
⏹️ ▶️ Casey a certainly more difficult, more expensive, more time consuming, but ultimately excellent
⏹️ ▶️ Casey experience everywhere. And I think we I don’t want to get into it yet, but I think we should talk a little bit about what their
⏹️ ▶️ Casey alternatives were, both with regards to SwiftUI and Catalyst. But let’s put that in the parking
⏹️ ▶️ Casey lot for a minute. And let’s come back to that. I’ve been talking for a long time. Gentlemen,
⏹️ ▶️ Casey what’s your take on this?
⏹️ ▶️ John You should mention the blog post on the One Password site itself that also goes through this from a slightly different
⏹️ ▶️ John perspective in the Medium post. In fact, that’s the first place I would say
⏹️ ▶️ John should look to where the company explains how did we end up where we are? We previously had like
⏹️ ▶️ John a Mac app and a Windows app or whatever. How did we end up where we have this electron app across
⏹️ ▶️ John all the platforms? And I think I think it explains it well. There’s a bunch of quotes in here about their various requirements.
⏹️ ▶️ John And like, you know, like it explains basically that they this wasn’t they had to there’s like a plan
⏹️ ▶️ John A and a plan B or I don’t even know which one would be A or B. But when they did the Mac app, they
⏹️ ▶️ John had the electron one, and they also had a Swift UI app, and they were doing both, presumably
⏹️ ▶️ John to see like which one’s going to work out better. And in the end, the one that worked out better was
⏹️ ▶️ John the electron one. And so they went with that. Like, it’s not like they decided from day one, we’re going electron everywhere.
⏹️ ▶️ John They were hedging their bets saying we should try making a native Mac app, try using Swift
⏹️ ▶️ John UI, you know, get some cross platform stuff with iOS and iPadOS or whatever. And it just turned out that
⏹️ ▶️ John the electron one was the very best. But anyway, they explain it in the blog post, you can read it. But I think,
⏹️ ▶️ John they go into this a little bit, but the underlying assumption, which I think is true, is that part of
⏹️ ▶️ John 1Password’s value as a product is the fact that it is cross-platform.
⏹️ ▶️ John Apple’s key chain is just now trying to kind of be like that, oh, hey, we have a Windows
⏹️ ▶️ John app, but 1Password, I mean, 1Password runs on Linux, for crying out loud. Runs on Android,
⏹️ ▶️ John, Marco runs on Windows, runs
⏹️ ▶️ John like, like their selling point is, you know, Especially for a password manager as Marco figured out even
⏹️ ▶️ John if you are essentially a one platform household Using a password manager that
⏹️ ▶️ John is available Many different places can come in surprisingly handy that one time you
⏹️ ▶️ John do end up having Android phone briefly or having a Windows PC For gaming or whatever
⏹️ ▶️ John It’s convenient like because that’s exactly the type of thing like when you go to another password Platform
⏹️ ▶️ John your passwords don’t change or disappear like you still have whatever your Dropbox account your Microsoft account
⏹️ ▶️ John your login to Amazon whatever, right? That’s still you, you are the same person, so why shouldn’t
⏹️ ▶️ John your passwords come with you? So it makes perfect sense that a company like 1Password correctly
⏹️ ▶️ John realizes like two things. One, a great part of our value
⏹️ ▶️ John is that we’re cross-platform and two, within the realm of any single platform, we
⏹️ ▶️ John are essentially competing against the platform vendor. Apple has a solution to this called iCloud Keychain,
⏹️ ▶️ John right? But if you’re 1Password, you’re like, Well, on the Apple platform,
⏹️ ▶️ John not that our days are numbered because Apple’s probably never gonna have all the features that 1Password does, and
⏹️ ▶️ John 1Password probably cares more about this than Apple does, but anytime you’re competing with a built-in feature, the built-in feature
⏹️ ▶️ John doesn’t actually have to be better than you to sort of gobble up your market share. So it’s kind of
⏹️ ▶️ John dangerous to sort of bet the future of your company on the fact that we’ll always have a
⏹️ ▶️ John better password manager than Apple, and people will be able to recognize that we have the better password manager
⏹️ ▶️ John and reward us by paying money for a thing they could get for free with their OS. It’s much better to
⏹️ ▶️ John say, we need to go cross-platform because we feel like that’s an area where, maybe they
⏹️ ▶️ John at one time thought that’s an area where Apple won’t go. Apple has proved them wrong
⏹️ ▶️ John, Marco with their Windows iCloud stuff that
⏹️ ▶️ John they’ve been doing in recent years. But you can have more confidence that even if Apple does go there, Apple’s
⏹️ ▶️ John track record of making really good Windows apps has not been great. See Safari for Windows, QuickTime
⏹️ ▶️ John for Windows, basically
⏹️ ▶️ John, Marco anything they’ve ever done for Windows.
⏹️ ▶️ John the bootcamp drivers for Windows maybe. So that’s
⏹️ ▶️ John a better strategy for the company. So that’s the context of this thing. Why do they care
⏹️ ▶️ John about cross-platform? And then from there, everything else follows this in this blog post. Like, how many people are me?
⏹️ ▶️ John How much money has been invested? The investors wanna see in their return and their investment, we need to
⏹️ ▶️ John do the thing that is the strength of our company, right? How much time and energy have we spent
⏹️ ▶️ John for the past years? With all the years that Casey loved, where they had a really Mac
⏹️ ▶️ John native app, as they describe in their blog posts, it became a problem trying
⏹️ ▶️ John to coordinate two teams making two separate applications and it was making them as a company move more slowly and
⏹️ ▶️ John take more time to add features. Like kind of like reading the threat model, the CSAM thing, if you read the
⏹️ ▶️ John document in isolation, you will be nodding your head and going, yes, yeah, this all makes sense, right?
⏹️ ▶️ John But where the rubber meets the road is what Casey was talking about. It’s like, okay, but I’m not an employee or a shareholder
⏹️ ▶️ John of 1Password, I’m just a user of their product, and my experience has gotten worse. Now
⏹️ ▶️ John to say the list of things that Casey went down here, a lot of them seem like, you know,
⏹️ ▶️ John potential beta bugs or small things that aren’t a big deal. But I think the earlier point
⏹️ ▶️ John that you made about Visual Studio is a good one. Most users
⏹️ ▶️ John don’t know or care what API their app use, but within any given API, you can have a good Electron
⏹️ ▶️ John app, or you can have a bad one. My choice for a good Electron app, I think Slack is still Electron, right? Or an
⏹️ ▶️ John app that uses web technologies or web views or whatever. Like there is a huge difference between
⏹️ ▶️ John a good Electron app and a bad one. I say this is someone who uses Teams and Slack. I don’t
⏹️ ▶️ John know if Teams is Electron. I hope it is because there’s no other excuse for it to be so horrible on the Mac.
⏹️ ▶️ John Like it looks like it’s using web technology. It is so much worse than Slack. It’s not even funny, right?
⏹️ ▶️ John Same thing, pick an API. UI kit on the iPhone. You can make a good app with UI kit
⏹️ ▶️ John and you make a bad app, right? And I think the range between a good app within a given framework
⏹️ ▶️ John and a bad app within a given framework is probably bigger than the average range between
⏹️ ▶️ John apps on different frameworks, right? So it’s not ridiculous to think that one password strategy
⏹️ ▶️ John of using Electron, like it has huge benefits for their ability, for their velocity, as we say in the business,
⏹️ ▶️ John, Marco to get features,
⏹️ ▶️ John for their ability to get features out the door in a timely manner, to have a consistent experience across all their
⏹️ ▶️ John platforms, to be able to roll out features simultaneously, like there’s all these reasons. And the Rust backend is, you know,
⏹️ ▶️ John like making the core and across platform Rust, you know, a language with more safety features. Like it
⏹️ ▶️ John all makes tech sense, but I don’t wanna minimize Casey’s, you know, complaints
⏹️ ▶️ John here because the bottom line is, as like you would hope, one password eight, here it is,
⏹️ ▶️ John that as a user of this app, you would be excited because the app would get in your estimation better. And
⏹️ ▶️ John thus far, Casey is not excited about the app getting better. I mean, you can offset
⏹️ ▶️ John this with new features, and maybe if you did hop across platforms a lot, you would enjoy
⏹️ ▶️ John the consistency where before they were different for weird reasons or they got features at different times,
⏹️ ▶️ John but that’s the challenge for 1Password, the company, and the product is to,
⏹️ ▶️ John one, make a really good Electron app and two, try not to downgrade the user experience
⏹️ ▶️ John of your customers from what they are previously accustomed to and it sounds like, at least in Casey’s estimation,
⏹️ ▶️ John it feels like a downgrade right now, even though it’s just a beta.
⏹️ ▶️ Casey It definitely does feel like a downgrade, but again, the complaints I have so far are beta
⏹️ ▶️ Casey kind of complaints. And they’re not that big a deal in the grand scheme of things. And the
⏹️ ▶️ Casey actual app itself, I haven’t spent too much time with it today. I don’t, I
⏹️ ▶️ Casey feel like there’s a lot of white space here that isn’t necessary, but that’s a quibble of a quibble of a quibble. The app itself
⏹️ ▶️ Casey seems like it’s perfectly functional and will work just fine, which really, especially for a beta this early,
⏹️ ▶️ Casey is pretty high praise. Like if the app itself is workable and sufficient, then
⏹️ ▶️ Casey one could make an argument that I should get off my high horse, and you might be right, and just shut up and deal. But
⏹️ ▶️ Casey it just makes me sad, man, because it
⏹️ ▶️ Casey, John was such a great app. That’s not what I said at all. No, no, no, no, no, no, no, no,
⏹️ ▶️ Casey no, no, no, no, no, no, no, no, no, no. I’m sorry. I’m not trying to put words in your mouth at all. I just mean in general, one could say, the royal
⏹️ ▶️ Casey you could say that, you know, I’m whining and moaning about nothing. And maybe
⏹️ ▶️ Casey that’s true. But I don’t know. It just makes me so sad that what was once a shining example at at least today
⏹️ ▶️ Casey is not a shining example. Now, maybe it will be later, I don’t know, but it’s not today and
⏹️ ▶️ Casey it still bums me out.
⏹️ ▶️ John Do you feel like it’s a good Electron app? Like, you know, compare it to whatever your favorite is, Visual Studio Code, Slack or whatever. Do you feel like
⏹️ ▶️ John it is within the bounds of Electron and web technology? Does it feel like a good one or does it feel like Teams?
⏹️ ▶️ Casey Oh, well, I haven’t used Teams, but I
⏹️ ▶️ Casey, John take the point you’re driving
⏹️ ▶️ Casey at. Yeah, it’s good. Yep, it’s good. But again, like I would never
⏹️ ▶️ Casey say that about the old one password, I would say it’s frigging great.
⏹️ ▶️ John, Casey were enthusiastic.
⏹️ ▶️ John Yeah, I totally get it. So here’s the thing, like, I don’t wanna take one password off the
⏹️ ▶️ John hook because, you know, as they outlined in their, you know, in their thing here, like,
⏹️ ▶️ John an option that was on the table is to just continue making a complete native Mac app like they
⏹️ ▶️ John with a Rust core underneath it, which would probably mean rewriting the whole thing from scratch or whatever, but that would be
⏹️ ▶️ John more expensive and time consuming and difficult than doing what they did, right? And maybe they’ll change their mind
⏹️ ▶️ John about that depending on what the feedback is like, but maybe most people don’t even care, and as long as they hit good Electra and Apple, it’ll be
⏹️ ▶️ John fine. But there is a portion of blame for this whole situation that lands squarely in the lap
⏹️ ▶️ John of Apple, and it’s not really super Apple’s.
⏹️ ▶️ John, Casey I mean- Oh, we’ll get there.
⏹️ ▶️ John, Marco Yeah, I’m not gonna say, I’m gonna get there now, because I don’t
⏹️ ▶️ John, Casey give- Oh, come on, I
⏹️ ▶️ John, Marco wanna talk about
⏹️ ▶️ John, Casey 1Pass, right? Yeah, no, no, yeah, give Mark a chance. Give Mark a chance. I’ll jump to it.
⏹️ ▶️ John Have you used it? I wasn’t aware you’d used the version 8
⏹️ ▶️ Marco yet. I haven’t and that’s kind of what I think this is. I want to like split this discussion
⏹️ ▶️ Marco between, I want to like, in a moment I want to close the book on 1Password and
⏹️ ▶️ Marco have kind of a separate discussion about, you know, the problem of SwiftUI and Apple’s cross-platform stuff
⏹️ ▶️ Marco and how, you know, how Electron plays into that. Because I think the reason why we’re seeing all this rage
⏹️ ▶️ Marco at 1Password over this right now I think is a combination of factors. I mean, first of all, many
⏹️ ▶️ Marco long-time 1Password consumer users have been upset with the company’s
⏹️ ▶️ Marco overall direction in the last few years towards their own sync service, with, you know, towards subscription pricing.
⏹️ ▶️ Marco And this is like, you know, 1Password has kind of borne the brunt of a lot of
⏹️ ▶️ Marco just like the general consumer resentment towards things moving towards
⏹️ ▶️ Marco subscription pricing and all that. So like, there’s a lot of that going into this. I think it’s also worth
⏹️ ▶️ Marco noting the context of the changes that 1Password has been going through as a company in the last
⏹️ ▶️ Marco few years. The news came out a couple weeks ago about their new fundraising round. And
⏹️ ▶️ Marco I think this surprised a lot of people, myself included, with quite how big of a company
⏹️ ▶️ Marco they are now. So I pasted the link here. So it’s raised $100 million, it’s
⏹️ ▶️ Marco their second round. And I think what’s most interesting here is looking at how different the numbers are between
⏹️ ▶️ Marco their first round from two years ago and now. So they went in two years from 174
⏹️ ▶️ Marco employees, which is way higher than I would have guessed that they had, to 475.
⏹️ ▶️ Marco So 475 employees currently work at 1Password. It
⏹️ ▶️ Marco is a massive company. They do $120 million in revenue.
⏹️ ▶️ Marco And if you look at also, they’re getting into a lot more, way more business stuff than
⏹️ ▶️ Marco anything that the three of us would even probably even know about, let alone use.
⏹️ ▶️ John They should be sponsoring us more. I didn’t know they had that much money. Yeah. That’s right.
⏹️ ▶️ Marco some more ads. It’s chump change for you. And their number of business customers has nearly doubled in that time according to
⏹️ ▶️ Marco all this news. So like, if you look at like, this is a company that has exploded in
⏹️ ▶️ Marco money, in people, in focus, and in scope over the last couple of years.
⏹️ ▶️ Marco And for those of us, like the three of us, or two of us, John, you don’t even use it, do you?
⏹️ ▶️ John No, I don’t use it, but I do recommend other people use it.
⏹️ ▶️ Marco Right, so for Casey and I and many of the listeners who are big 1Password fans for years,
⏹️ ▶️ Marco not only does this stuff mostly happen without us even knowing about it, like all this growth into business and everything,
⏹️ ▶️ Marco but most of this is stuff that will actively make this company worse for serving
⏹️ ▶️ Marco our needs, or at least will incentivize them to go in much different directions and focus in much different directions.
⏹️ ▶️ Marco And so, I think this is why so much of this frustration
⏹️ ▶️ Marco and anger over the move to an Electron app has hit 1Password in particular, because they already
⏹️ ▶️ Marco had these other factors going that were giving them a lot of resentment among certain groups of the community. And I think that’s
⏹️ ▶️ Marco not to be overlooked. I also think, despite what Casey says, I would not call 1Password,
⏹️ ▶️ Marco the previous version, a, you know, quote, Mac-ass Mac app. It does use native
⏹️ ▶️ Marco frameworks, but it has a ton of custom UI, and it always has.
⏹️ ▶️ Marco And I actually think it works pretty well, but I can see why they are
⏹️ ▶️ Marco going in an electron direction because from their point of view, it was already super custom.
⏹️ ▶️ Marco And I don’t even necessarily care that much for the reasons
⏹️ ▶️ Marco why most people don’t like electron apps. Most of the reasons are things like,
⏹️ ▶️ Marco well, it doesn’t resize smoothly. Well, you know what? I don’t resize my windows that often, I don’t care. Or
⏹️ ▶️ Marco it doesn’t use the full native UI. It’s like, well, look at this app. This is not native UI. or this is not, I mean,
⏹️ ▶️ Marco standard, I would say, standard UI. So already, we’re already out of that realm here.
⏹️ ▶️ Marco What I care about with Electron apps, now, okay, we’re gonna slice this conversation right
⏹️ ▶️ Marco here. This chapter change, all right. That was one password. Now we’re gonna talk about
⏹️ ▶️ Marco UI frameworks and the challenges there. What I care a lot about
⏹️ ▶️ Marco with Electron apps is not that they don’t resize smoothly. It’s not that their preferences
⏹️ ▶️ Marco window is a weird overlay inside the main window. That, I honestly don’t care much about that at all,
⏹️ ▶️ Marco because those things don’t get in my way very often. What gets in my way very often is two
⏹️ ▶️ Marco things. How incredibly bloated they are, especially at lunchtime,
⏹️ ▶️ Marco and how they tend to deviate from system standard behaviors, especially around
⏹️ ▶️ Marco things like keyboard navigation, shortcuts, things like that. Accessibility. Yeah,
⏹️ ▶️ Marco that’s a big one, yeah. I mean, that doesn’t affect me personally at this moment very much, but that affects a
⏹️ ▶️ Marco ton of people in huge ways. So that’s a huge one. So, electron apps
⏹️ ▶️ Marco in general, because they are this, you know, basically web views with fancy stuff around them, or, you know, within
⏹️ ▶️ Marco them, but basically, you know, custom web stuff, they tend to have a lot of just little paper cuts in
⏹️ ▶️ Marco use. Just little things that don’t work the way the system works, little behaviors that are a little bit different as you navigate
⏹️ ▶️ Marco or as you work through the app or as you use keyboards or big things as you use assistive technologies.
⏹️ ▶️ Marco So there’s all sorts of little ways that Electron apps make the customer experience
⏹️ ▶️ Marco worse. And two of the biggest ones are memory usage, disk space, and I guess launch
⏹️ ▶️ Marco time too, and counting. And counting. And to me,
⏹️ ▶️ Marco the move to Electron, it has these externalities. It’s kind of like our Bitcoin discussion, but on a much
⏹️ ▶️ Marco smaller level. It has these externalities of, we’re gonna waste significantly more memory,
⏹️ ▶️ Marco significantly more disk space, more time to launch the app, et cetera. Like we’re gonna really bloat
⏹️ ▶️ Marco up the app’s technical resource needs in a way that doesn’t really help
⏹️ ▶️ Marco our customers at all. And we are actually foisting the externality of that onto our
⏹️ ▶️ Marco customers, onto all their devices. So we’re gonna take up all this disk space around the world, all
⏹️ ▶️ Marco this extra RAM around the world, on all these computers, we’re gonna make everyone’s experience a little bit worse in order
⏹️ ▶️ Marco to save us some time and money. I think that’s one of the reasons why this rubs people the wrong way, but I
⏹️ ▶️ Marco think that ultimately gets down to like, That’s the biggest problem I have with Electron apps. Again, it’s
⏹️ ▶️ Marco not the animations and stuff. Honestly, that’s fine. My password manager has always looked
⏹️ ▶️ Marco totally weird compared to other apps. I still like it, it’s because it worked well. But if this
⏹️ ▶️ Marco move is going to make it work with as much mediocrity as every other Electron app I’ve
⏹️ ▶️ Marco ever seen, including things, you know, Slack, I’ve used enough now, I’ve seen enough, I know
⏹️ ▶️ Marco how this is likely to go. And even if they take all the care on the world to try to do their best,
⏹️ ▶️ Marco it’s not gonna be the same. It’s not gonna be like a native app. It’s gonna be full of all those paper cuts, maybe fewer of them than if they
⏹️ ▶️ Marco hadn’t cared at all to fix any of them, but there’s gonna be all those paper cuts all throughout it.
⏹️ ▶️ Marco And for a company that has about 475 employees,
⏹️ ▶️ Marco I know these aren’t all engineers. I know engineering and scaling engineering resources,
⏹️ ▶️ Marco these are not simple things, but I just, ooh, I fell back into one password,
⏹️ ▶️ Marco whoops. I just don’t think this was a good decision
⏹️ ▶️ Marco of resource allocation. Because it’s not like they’re starting from scratch.
⏹️ ▶️ Marco They already had native apps. So it’s like they’re
⏹️ ▶️ Marco throwing that away or throwing much of that away. And I just,
⏹️ ▶️ Marco it seems like many common engineering foibles
⏹️ ▶️ Marco have happened here. They tried something new, it didn’t work
⏹️ ▶️ Marco out. We’ll get to that in a moment. Don’t worry, John. They tried something new, it didn’t work out, and
⏹️ ▶️ Marco so they didn’t even seem to consider, well, why don’t we just do what we were doing before?
⏹️ ▶️ John Well, I mean, the reason they didn’t do what they were doing before, they explain in the blog post, because what they were doing before,
⏹️ ▶️ John they knew for a fact had these certain problems in terms of coordination and time to market and synchronizing features
⏹️ ▶️ John between things. And that’s why they didn’t just say, why don’t we just go back to what we were doing before? So I kind of understand
⏹️ ▶️ John where they’re coming from. they had a status quo and the status quo was not meeting the needs of the business. So they need
⏹️ ▶️ Marco I mean, yeah, that’s, I get that argument. I don’t necessarily know if I agree
⏹️ ▶️ Marco with the conclusions that companies come to sometimes with that argument, which often leads to things like electron, because
⏹️ ▶️ Marco you know, there’s, it’s very much to the grasses, I was greener situation to a large degree, you know, electron
⏹️ ▶️ Marco is not free, and it has its own downsides. And I mean, this is true, like, anytime large engineering
⏹️ ▶️ Marco decision is made to switch to to some massive new framework. Like for instance, I think even trying
⏹️ ▶️ Marco SwiftUI for a company of this size, for a company that the Mac app
⏹️ ▶️ Marco is so important, I think they should never even try SwiftUI. One engineer should
⏹️ ▶️ Marco have tried it for a weekend, realized it’s not ready and stopped.
⏹️ ▶️ Marco the fact that they had invested very heavily into it, I think that shows, that was a misdirection, I
⏹️ ▶️ Marco think. Anyway, so again, I don’t wanna spend too much time on them specifically on this because I think it’s much
⏹️ ▶️ Marco more about the general, like Electron in general, my problem with it
⏹️ ▶️ Marco is that externalizing the downsides to your user base
⏹️ ▶️ Marco to save yourself a couple engineers when you’re a big company. That to me,
⏹️ ▶️ Marco I don’t appreciate that as a user of these things. And as a 1Password user in particular, it’s, oh God, I fell
⏹️ ▶️ Marco back into it again. I see why people are mad because they’ve taken the same path
⏹️ ▶️ Marco as Dropbox and many other companies where it starts out as this consumer thing that we all love,
⏹️ ▶️ Marco and then it turns out the consumer thing can’t really have this massive
⏹️ ▶️ Marco explosive growth business, or it’s hard when the platform makers move into it, or whatever, there’s
⏹️ ▶️ Marco major reasons why they want to explode into the business world. So the company balloons
⏹️ ▶️ Marco in size and in financing, and they explode into the business world and do all these business features, and it
⏹️ ▶️ Marco leaves behind people like us who are like, well, we didn’t really want any of that, And now this thing
⏹️ ▶️ Marco that we like and have come to rely on, and it doesn’t have a lot of good alternatives,
⏹️ ▶️ Marco is now going in this massive direction that is actively against the things that we like that we value
⏹️ ▶️ Marco We are sponsored this week by Linode my favorite place to run
⏹️ ▶️ Marco servers. Visit linode.com slash ATP and see why Linode has been voted the top
⏹️ ▶️ Marco infrastructure as a service provider by both G2 and TrustRadius. From their award winning support
⏹️ ▶️ Marco which is offered 24 seven 365 and that’s regardless of your plan size from that $5
⏹️ ▶️ Marco a month plan all the way up to pay services you can put there everyone gets that same amazing level
⏹️ ▶️ Marco of support. So from that, to their ease of use, their great setup, it’s clear why developers
⏹️ ▶️ Marco like me have been trusting Linode for projects both big and small since 2003.
⏹️ ▶️ Marco You can deploy your entire application stack with Linode’s one-click app marketplace, or build it all from scratch
⏹️ ▶️ Marco and manage everything yourself with supported centralized tools like Terraform. Linode offers the best
⏹️ ▶️ Marco price to performance ratio for all compute instances, including GPU compute instances,
⏹️ ▶️ Marco as well as block storage, Kubernetes, and their upcoming bare metal release. Quite frankly,
⏹️ ▶️ Marco this is what drew me to Linode in the first place. Years ago when I started there, way before they were a sponsor of anything, you know, I pay
⏹️ ▶️ Marco for it all myself. It’s wonderful. It’s a great value. And I care about that value. I care about what I’m getting for my money.
⏹️ ▶️ Marco And in hosting, sometimes you get a place that’s like a good value for a year or two, and then it’s not anymore. Linode
⏹️ ▶️ Marco has been an amazing value the entire time I’ve been a customer. They always give you
⏹️ ▶️ Marco more for your money. As technology moves forward, they give you more for the buck. It’s fantastic. Linode Linode
⏹️ ▶️ Marco makes cloud computing fast, simple and affordable, allowing you to focus on your projects, not your servers.
⏹️ ▶️ Marco Visit linode.com slash ATP, create a free account with your Google or GitHub account
⏹️ ▶️ Marco or just your email address and you get $100 in free credit. Once again, linode.com
⏹️ ▶️ Marco slash ATP, create your free account to get $100 in credit. I love Linode. If
⏹️ ▶️ Marco you got to run server somewhere, I strongly recommend Linode. Thank you so much to Linode for sponsoring
⏹️ ▶️ Marco our show and hosting all my stuff.
Cross-platform UI frameworks
⏹️ ▶️ Marco Electron, go ahead John.
⏹️ ▶️ John right, so the framework question. This is tangentially related
⏹️ ▶️ John to 1Password but it’s actually more of an Apple problem that they have to deal
⏹️ ▶️ John with, right? So the reason 1Password looked at SwiftUI is because in theory
⏹️ ▶️ John and as pitched by Apple, SwiftUI is a framework where you can write an application and you can use
⏹️ ▶️ John a lot of that same code if not the exact same application, depending on how you wanna try to do it,
⏹️ ▶️ John on the Mac, on the phone, on the iPad, on the watch. It’s
⏹️ ▶️ John Apple’s cross-platform UI framework to the extent that it exists. So
⏹️ ▶️ John if part of the deal of this thing is, hey, we’ve got a problem, we’ve got all these native apps, the coordination is a big problem
⏹️ ▶️ John for us, let’s try to unify, right? Step one of the unification that we haven’t talked too much about
⏹️ ▶️ John is sort of doing the core and rust in a cross-platform way, and I think that’s a great idea.
⏹️ ▶️ John When we talk about the core, we’re talking about like the part that doesn’t have a user interface, just the guts of the machine.
⏹️ ▶️ John Using Rust, which is a language that has lots of rules about memory ownership and type safety and everything,
⏹️ ▶️ John is a great idea for a security conscious application rather than say writing it in C or some other language that has lots of security
⏹️ ▶️ John problems. Great, make your core in that, right? Like that’s our new sort of new generation. We used
⏹️ ▶️ John to have the core, but it was different on different platforms and it was kind of a pain. Let’s write a new core in Rust. Then you have this
⏹️ ▶️ John core with no interface and you have to decide, how do I put an interface on this?
⏹️ ▶️ John And 1Password didn’t immediately jump to, let’s just do Electron everywhere. We use the Rust core and then we’ll do Electron for
⏹️ ▶️ John our UI. That wasn’t their first thing. They thought of, okay, on Apple’s platform,
⏹️ ▶️ John Apple actually has a newish native UI framework
⏹️ ▶️ John that can target more than one Apple platform. So no, you can’t use SwiftUI across all of our platforms, Linux,
⏹️ ▶️ John Android, Windows, but we can get pretty much all the Apple platforms care about with this one framework.
⏹️ ▶️ John So let’s consider a bifurcated strategy, which is like, electron everywhere, except
⏹️ ▶️ John for on Apple platforms, we’ll try using Swift UI, which in itself
⏹️ ▶️ John is an you know, and Jason Stell wrote the story saying how the Mac just wasn’t important enough for one password is in the end,
⏹️ ▶️ John that is true. But the idea that they looked at Swift UI at all shows that
⏹️ ▶️ John one password kind of knows where its bread is buttered. I don’t know what their financials are. But one password with
⏹️ ▶️ John his roots as a Mac company, right? I I think they were Mac first, right for years before they even branched
⏹️ ▶️ John out. I don’t know if that’s true, but I’ve always thought of them as a Mac company was considering
⏹️ ▶️ John doing a totally different framework just for Apple’s platforms.
⏹️ ▶️ John Maybe that makes financial sense. I don’t know what percentage of one passwords customers are on Apple platforms versus not.
⏹️ ▶️ John But that was the thing that they considered, which I think shows that either financially it makes
⏹️ ▶️ John some sense for them to do that or just emotionally because they feel the roots in the Apple platform that they were considering
⏹️ ▶️ John doing that. That didn’t work out for reasons that anyone who has tried to use SwiftUI
⏹️ ▶️ John in the past several years understands SwiftUI is young, it has lots of limitations. I don’t think it’s impossible
⏹️ ▶️ John to pull off one password application on SwiftUI, but you would then have to decide
⏹️ ▶️ John what to mix it with because there are things that SwiftUI can’t do or can’t do easily or can’t do feasibly
⏹️ ▶️ John and you have to like mix it with something. So you can mix SwiftUI with AppKit like I do in my
⏹️ ▶️ John apps, You can mix SwiftUI with UIKit and a Catalyst app. What are the other options
⏹️ ▶️ John you have? I mean, you can do pure SwiftUI, but like I said, that’s probably not gonna fly. And then once you’re doing that,
⏹️ ▶️ John now you’re losing a lot of the cross-platform part of it, depending on how you look at it. If you do it in Catalyst, you can say, well, if
⏹️ ▶️ John we’re gonna do it in Catalyst, why do we need SwiftUI at all? Why don’t we just use Catalyst app for our Mac and then use that same UIKit
⏹️ ▶️ John code for the phone and the iPad? And you have a whole bunch of different options on the various Apple platforms,
⏹️ ▶️ John right? But they didn’t have time to run all those experiments. So they said, well, on the SwiftUI one didn’t work out. Let’s just do Electron everywhere because Electron
⏹️ ▶️ John runs on the Mac. But that whole soup that I just explained is part of Apple’s problem. SwiftUI
⏹️ ▶️ John is Apple’s newest framework and it is the one that has the potential to run on the most platforms,
⏹️ ▶️ John but it’s young and it’s not really up to maybe the task of an app like
⏹️ ▶️ John 1Password at this point. Catalyst also exists and it’s
⏹️ ▶️ John a way if you are coming from a UI kit and you either have an existing UI kit application on the iPad or the iPhone,
⏹️ ▶️ John or you just know UIKit because you’ve been developing on those platforms, but you want to write a Mac app, now you can
⏹️ ▶️ John write a Mac app in UIKit, sneaking into AppKit every once in a while to do stuff. And then of course
⏹️ ▶️ John there’s AppKit, the old API that is superseded maybe
⏹️ ▶️ John by Catalyst and or SwiftUI. This is not a great situation for the Mac
⏹️ ▶️ John because the reason you see among the little circles that we travel in lots of discussions of all these different
⏹️ ▶️ John words, Catalyst, AppKit, and SwiftUI, is that there is no
⏹️ ▶️ John obvious answer for all situations on how to develop a native Mac
⏹️ ▶️ John app. Setting aside Electron, what should I use? And there’s almost like a flow chart of,
⏹️ ▶️ John well, do you have an existing UIKit app? Are you writing from scratch? Do you have an existing
⏹️ ▶️ John AppKit app? Are you going to target the watch? Are you going to target the iPhone?
⏹️ ▶️ John How complicated is your application? What is your tolerance for bugs and immaturity?
⏹️ ▶️ John Apple has been in this place before, many, many times over the years. I’m just gonna go back to the most recent one, but
⏹️ ▶️ John if you keep going back in time, there’s more and more and more ones for even older people.
⏹️ ▶️ John The most recent time Apple found itself in a scenario is the dawn of Mac OS X. Before
⏹️ ▶️ John Mac OS X, Apple tried to do an OS called Rhapsody, which is basically the same as Mac OS X, but without the ability to
⏹️ ▶️ John easily port classic Mac OS apps to it. And that OS strategy
⏹️ ▶️ John didn’t fly, mostly because the companies that had existing Mac apps said, yeah, no, we’re
⏹️ ▶️ John not gonna rewrite our apps. Like Microsoft said, no, we’re not rewriting Office for the next step APIs. And Adobe
⏹️ ▶️ John said, no, we’re not rewriting Photoshop for the next step APIs, right? So Apple had to come up with Mac OS X, which was basically
⏹️ ▶️ John Rhapsody, plus a new API called Carbon, which was essentially the
⏹️ ▶️ John parts of the old classic Mac API that they could port in a safe way to a modern operating system, right?
⏹️ ▶️ John And then Microsoft ported its apps to Carbon and Adobe ported its apps to Carbon. And then
⏹️ ▶️ John all the next developers ported their apps to Cocoa. Not ported, they were already basically, they renamed a bunch of stuff
⏹️ ▶️ John apps to run in Cocoa. And for years, for many, many years, it seemed
⏹️ ▶️ John like a longer time than it actually was, but for many years in the beginning of Mac OS X, there
⏹️ ▶️ John were two ways to write a native Mac OS X app. You could write in Carbon
⏹️ ▶️ John or you could write in Cocoa. And people would ask questions. I wanna write a Mac app. Which API
⏹️ ▶️ John should I use? And you’d go through the flow chart. Do you have an existing Mac app? If you do, you should probably use Carbon because you can easily
⏹️ ▶️ John port it to that. Do you have an existing Nextstep app? If you do, you shouldn’t use Cocoa because it’s basically the same API. You just rename
⏹️ ▶️ John some stuff and it’ll be fine. What if I’m starting from scratch? Well, do you know Objective-C?
⏹️ ▶️ John What’s Objective-C? How do you feel about square brackets?
⏹️ ▶️ John What language do you know? What APIs? Have you ever made another Mac app before? or what APIs are you familiar with, right?
⏹️ ▶️ John And like, aside from the obvious ones, which is like, hey, I’ve got Adobe
⏹️ ▶️ John Photoshop, I should obviously go with Carbon because I’m not rewriting it in Nextstep, or I’ve got like OmniWeb,
⏹️ ▶️ John I should obviously use AppKit because that’s the one. There was no obvious answer and Apple wouldn’t tell you
⏹️ ▶️ John like what you should do. They would just say, well, you know, like
⏹️ ▶️ John use the one that you prefer. We try to give them feature parity. And as the years went on, sometimes a feature would
⏹️ ▶️ John appear in AppKit first, sometimes a feature would appear in Carbon first. Some features were only
⏹️ ▶️ John available in Carbon, like a bunch of stuff having to do with classic MacOS and the QuickTime stuff or whatever. And then eventually
⏹️ ▶️ John some features are only available in Cocoa. And Apple had a bunch of WWDCs where they do these sessions where we’re
⏹️ ▶️ John like, we’re gonna do feature parity and we’re not gonna do that anymore. And every new thing that we come out with is gonna be
⏹️ ▶️ John in Carbon and Cocoa at the same time. And you can see how,
⏹️ ▶️ John like in one way, this is a necessary strategy because you can’t have an OS unless you can bring along all the apps.
⏹️ ▶️ John You need Microsoft Office, you need Internet Explorer, whatever the hell, right? And all these new Cocoa apps are new and exciting.
⏹️ ▶️ John They’ll let people, individuals make applications on their own that then become popular, like NetNewsWire written by one
⏹️ ▶️ John person through the magic of Cocoa. These are both good things. I don’t wanna give either one of them up. I can’t
⏹️ ▶️ John give up Carbon. And matter of fact, major parts of the operating system are Carbon only,
⏹️ ▶️ John and Cocoa apps end up needing to call into Carbon to do those things. But I can’t give up Cocoa because there’s so much excitement
⏹️ ▶️ John happening there. People are writing apps that, you know, very quickly and writing these feature filled apps because Cocoa
⏹️ ▶️ John is this amazing framework and they’re learning Objective-C and blah, blah, blah. During that
⏹️ ▶️ John time, a lot of developers really wished, Apple just tell us which one we should use. Like which one should
⏹️ ▶️ John we use? Is it gonna be carbon forever and ever? Or is it gonna be Cocoa forever? But you can’t
⏹️ ▶️ John have both because it’s just too confusing. And Apple would say, well, we need to have both right now. But developers,
⏹️ ▶️ John if you’re on the Cocoa side, you were saying, we should just get rid of this carbon garbage, it’s terrible. Objective-C is the future, everything should
⏹️ ▶️ John be AppKit. And if you’re Carbon, you’d be like, what the hell is this Objective-C stuff? Like no one uses
⏹️ ▶️ John that language, it makes no sense, it’s so ugly, the API is stupid, all the real features are in Carbon.
⏹️ ▶️ John Why don’t we just forget about that, just like we forgot about the Java interface to it, and just go with Carbon forever,
⏹️ ▶️ John you know? Eventually, after what seemed like way, way too long, Apple made a decision,
⏹️ ▶️ John and the decision was, Carbon, you’re out. And it’s Coco from here
⏹️ ▶️ John on. And that was incredibly clarifying. For there was a period of time where
⏹️ ▶️ John you said, if you wanna make a native Mac application, how do I do it? The answer was AppKit, Cocoa,
⏹️ ▶️ John period. That was it, because Carbon didn’t come to 64-bit. And once the OS was 64-bit only, which also took a long time,
⏹️ ▶️ John your only option was AppKit. And yeah, there’s other
⏹️ ▶️ John models of building applications. You can make a Java app, like a native Java app with all those widgets and web
⏹️ ▶️ John technologies and all sorts of stuff like that. but eventually they made the call.
⏹️ ▶️ John We are back now in a situation that’s even worse where we have Catalyst, which is good for UI
⏹️ ▶️ John kit things. We have SwiftUI, which is kind of like the new Cocoa. It’s like the new hotness, all those, you
⏹️ ▶️ John know, obviously Cocoa was a decade old technology when Apple bought it, unlike SwiftUI.
⏹️ ▶️ John And then we have AppKit still lurking back there. All three of those things work today to make a
⏹️ ▶️ John Mac application. And Apple will not tell you which one of those is
⏹️ ▶️ John the real future, maybe because they don’t know. But right now they’re doing the thing they did for years with Carbon and Cocoa, it’s like,
⏹️ ▶️ John they’re all pretty good, just pick the one that’s best for you. I don’t think that’s a good strategy.
⏹️ ▶️ John But on the other hand, I don’t think it’s a good strategy to like ditch one at this point,
⏹️ ▶️ John because I mean, Catalyst debatably, you know, when Catalyst came out, we didn’t know about SwiftUI.
⏹️ ▶️ John So Catalyst seemed like the future of the Mac. But then SwiftUI came out, and it’s like, no, what the hell is the future, right?
⏹️ ▶️ John And so if you’re one password, and you’re trying to make a native Mac app, forget about Electron. It’s
⏹️ ▶️ John not even clear what you should do. The only thing that’s clear is that AppKit is probably not the future.
⏹️ ▶️ John But it’s also the most full featured API in the platform and it can do all the things and you can make amazing apps with it.
⏹️ ▶️ John But you’re doing it and you feel like this is just not the future because this is not like, Apple has introduced two new frameworks
⏹️ ▶️ John since then. They both have a lot to say for them, right? Catalyst is great
⏹️ ▶️ John and it’s shared with UIKit and has great benefits as me as a developer. but SwiftUI is the new hotness,
⏹️ ▶️ John but then there’s AppKit that has all the features, and if I use SwiftUI or Catalyst, I also have to go back into AppKit to get all those features
⏹️ ▶️ John so maybe AppKit’s the new carbon, and is AppKit not gonna be ported to 128k or 128-bit? That’s a joke, that’s not coming, don’t worry.
⏹️ ▶️ John Like, it’s super confusing. So
⏹️ ▶️ John I understand Apple’s situation. I understand why Apple doesn’t come out and say, SwiftUI, number one,
⏹️ ▶️ John that’s the future, everyone should go for it. Catalyst, weird stopgap, don’t worry about it, it’s cool if you’re gonna port apps. AppKit, forget it, screw
⏹️ ▶️ John it, it’s dead, right? They don’t say that. And so like every Mac developer
⏹️ ▶️ John has this difficult choice to make. It’s like make or break your app, right?
⏹️ ▶️ John I almost feel worse for the people who have picked one, who have said, I’m
⏹️ ▶️ John all in on Catalyst. Because what if Catalyst is the one that doesn’t make it? I mean, I guess you get a few good years out of it. You
⏹️ ▶️ John got to reuse a lot of your work that you did with UIKit, reuse your knowledge or whatever, it’s great. But then
⏹️ ▶️ John five years from now, Catalyst is like sunset over the course of a few OS releases. You’re gonna have to
⏹️ ▶️ John rewrite your app in SwiftUI or AppKit if AppKit is still around, right?
⏹️ ▶️ John And same thing is true. If SwiftUI just doesn’t work out and ends up like fizzling and Catalyst is the true future and you really
⏹️ ▶️ John bought in on SwiftUI, what are you gonna do then? So I feel for 1Password in this situation,
⏹️ ▶️ John it is almost like the safest bet in terms of future-proofing is to defer this decision
⏹️ ▶️ John and say, we’re just gonna go with Electron for now because they tried SwiftUI and it wasn’t ready and I totally believe them on
⏹️ ▶️ John that, right? Oh yeah, absolutely believe them. And then, and they probably didn’t have time
⏹️ ▶️ John to go back on Catalyst and it’s like, well, we don’t know what the right, we don’t know which horse to bet on. So if we just
⏹️ ▶️ John do Electron and don’t bet on any horse and go with a donkey, right? Then
⏹️ ▶️ John we can just wait this out. And if it turns out our Mac customers really hate this and their Apple customers want us to do native, maybe
⏹️ ▶️ John by the time we revisit the decision in a year or two, it’ll become more clear what we’re supposed to do.
⏹️ ▶️ John But I really, really feel like Apple’s current strategy of supporting both Catalyst
⏹️ ▶️ John and Swift UI as the modern options on the Mac is untenable in the
⏹️ ▶️ John medium term. Within the next five years, Apple needs to make a call, I think, because there’s just no way
⏹️ ▶️ John to support three major UI frameworks plus all the shared underlying stuff
⏹️ ▶️ John on the Mac and then complain when people choose Electron instead. Because like, well, what
⏹️ ▶️ John was my alternative? One of this alphabet soup of vaguely intercompatible APIs,
⏹️ ▶️ John none of which I can use in isolation to make a quote unquote full featured native Mac app? Because at
⏹️ ▶️ John this point, you can’t even use like, well, I don’t know, you can probably still use AppKit to make a full featured app. Is there
⏹️ ▶️ John anything you need to go into Catalyst or SwiftUI for?
⏹️ ▶️ Marco No, right now, whatever you wanna do on the Mac, AppKit does it. And AppKit
⏹️ ▶️ Marco is, you know, the parallel in iOS is obviously UIKit.
⏹️ ▶️ Marco That’s like the main framework that the other frameworks seem to be implemented in,
⏹️ ▶️ Marco you know, on the underlying levels, or at least in part. and AppKit is like,
⏹️ ▶️ Marco it’s the one that will be supported and maintained probably the longest on the Mac. I
⏹️ ▶️ Marco mean, in this case, like adding SwiftUI, and it’s a whole discussion probably
⏹️ ▶️ Marco for another day, but you know, SwiftUI started as a
⏹️ ▶️ Marco watch framework and then the other OSs kind of, you know,
⏹️ ▶️ Marco snatched it up and made it their own as well, but it started on the watch. And
⏹️ ▶️ Marco if you use SwiftUI on all these platforms, that will make a lot of sense to know that.
⏹️ ▶️ Marco the watch, it’s pretty good. And it was very badly needed
⏹️ ▶️ Marco compared to old watch kit UI stuff, that was terrible. And so it was badly needed
⏹️ ▶️ Marco and SwiftUI does well in simple contexts where the
⏹️ ▶️ Marco scope of what you’re trying to do with the UI is fairly low. It’s not that complicated.
⏹️ ▶️ Marco you’re using mostly default behaviors and appearances of things. You’re not doing a lot of customization.
⏹️ ▶️ Marco And you have relatively simple views and relatively simple needs and
⏹️ ▶️ Marco simple data models. Watch apps tend to have that because watch apps have to be simplified for lots of other reasons.
⏹️ ▶️ Marco So it makes tons of sense on the watch, which is why it was born there. And it
⏹️ ▶️ Marco also has less problem area to cover and it’s most mature there. So on the watch,
⏹️ ▶️ Marco SwiftUI is a no-brainer. Yeah, if you’re making an app on the watch, use SwiftUI, period.
⏹️ ▶️ Marco As you move up to the, quote, larger, I guess, by screen size, or by complexity, certainly,
⏹️ ▶️ Marco as you move to the larger platforms, on the phone, SwiftUI is,
⏹️ ▶️ Marco well, it’s a little less usable than on the watch. There’s more rough edges, there’s more bugs.
⏹️ ▶️ Marco There’s more walls that you hit trying to do common customizations or
⏹️ ▶️ Marco common behaviors that UI kit apps have been doing forever. you hit more of those walls
⏹️ ▶️ Marco on iOS than you on watchOS for sure. You can tell that it’s a little less tested,
⏹️ ▶️ Marco it’s a few more rough edges, and there are more ways, once
⏹️ ▶️ Marco you go from watchOS to iOS in SwiftUI, there are more ways in which the SwiftUI model
⏹️ ▶️ Marco of doing things kind of breaks down or starts having a lot of really ugly things you
⏹️ ▶️ Marco have to be doing and jumping through hoops to get it to work right. Well, then take that onto the Mac
⏹️ ▶️ Marco and you scale it up even further onto this. The Mac is now even further than
⏹️ ▶️ Marco the watch, like in scope and everything. Mac apps tend to be significantly more complicated than iOS
⏹️ ▶️ Marco apps in their UIs and their behaviors and what they have to accommodate, what they have to do, what’s important. And
⏹️ ▶️ Marco also, the Mac, unlike iOS, is a way lower priority.
⏹️ ▶️ Marco It gets way less engineering attention, like in software terms. The UI, like
⏹️ ▶️ Marco SwiftUI on the Mac doesn’t seem like it’s getting a lot of attention from anybody because what a surprise. look
⏹️ ▶️ Marco at Mac OS software quality over the last decade, it’s not as high of a priority as iOS.
⏹️ ▶️ Marco And so you have this framework that’s been, you know, it’s pretty opinionated
⏹️ ▶️ Marco and still pretty young and has a lot of really rough edges. And so, you know, it’s pretty
⏹️ ▶️ Marco good on the platform that it was made for, but as you get bigger and more complicated, and then in the case of the Mac, as you get
⏹️ ▶️ Marco seemingly a lot less resources devoted to it, I don’t think SwiftUI
⏹️ ▶️ Marco on the Mac is ever gonna be great. I suspect SwiftUI and the Mac to always be this
⏹️ ▶️ Marco kind of experimental thing that a lot of people try to use, doesn’t work out very well,
⏹️ ▶️ Marco and they go to something else. And then the problem there is, what John was saying, well, what do you go to? And
⏹️ ▶️ Marco AppKit is actually the right answer. Unfortunately, it doesn’t feel good to go to AppKit
⏹️ ▶️ Marco for a brand new app in 2021. It feels like that’s probably a bad decision, but
⏹️ ▶️ Marco with the realities of, you know, macOS engineering priorities and quality priorities,
⏹️ ▶️ Marco I don’t think SwiftUI is ever gonna be the right move on Mac and Catalyst I think has
⏹️ ▶️ Marco proven to be kind of like Electron. There’s
⏹️ ▶️ Marco a lot of downsides to
⏹️ ▶️ John usability. It’s more like Carbon because it’s saying, hey, we have a bunch of customers who have existing
⏹️ ▶️ John apps who would like to reuse that code and that skills on a different platform. So, you
⏹️ ▶️ John know, Catalyst is just Carbon for UIKit, right? That’s essentially what it is. It’s even
⏹️ ▶️ John better than Carbon because you don’t even have to change as much code that didn’t have to, but that’s, you know,
⏹️ ▶️ John we have to bring along, we have to bring along these developers because this is where all our developers, all our developers know
⏹️ ▶️ John UIKit, very few of them know Mac stuff. If you want more Mac apps, we need a way for UIKit on here, but
⏹️ ▶️ John it doesn’t feel, it doesn’t, it feels like carbon. It feels like, all right,
⏹️ ▶️ John well, these people need to be able to bring their stuff along and we’ll, and it feels like early carbon where there’s not parity between
⏹️ ▶️ John the UIs and they’re very different, right? And so it’s not clear, you know, Like again, before
⏹️ ▶️ John SwiftUI, Catalyst is, I think, this is the name of the episode extinction level event where
⏹️ ▶️ John it’s like, well, that’s it for AppKit then because once you bring Catalyst over here, like
⏹️ ▶️ John all those, why would anyone ever learn AppKit again? Because if you don’t need to learn it and you already know UIKit
⏹️ ▶️ John and you have a way to run those apps on here, why wouldn’t just everybody do that? But now SwiftUI is in the mix and it’s even
⏹️ ▶️ John more confusing. And I wanna say about SwiftUI, the fact that it started out on the watch,
⏹️ ▶️ John I think I agree with you that it remains, I would say it remains an open question as to whether the
⏹️ ▶️ John sort of API paradigm of declarative interfaces as defined
⏹️ ▶️ John by SwiftUI is sufficient or a good way
⏹️ ▶️ John to make very complicated Mac apps. The reason we don’t know that yet is because SwiftUI currently lacks tons
⏹️ ▶️ John of features. That it just doesn’t have the features. And that’s why people bang their head against the wall trying to make SwiftUI
⏹️ ▶️ John do a thing that it doesn’t have features for yet, right? Once they add the feature to SwiftUI, sometimes
⏹️ ▶️ John it’s easy to do whatever the thing that you were trying to do. But if it doesn’t have that feature at all, like, you know, first responder
⏹️ ▶️ John or, you know, controlling focus, trying to work, trying to get that to work in some weird
⏹️ ▶️ John way feels terrible. But if and when they add that feature, it’s like, oh, now it’s easy,
⏹️ ▶️ Marco Honestly, I disagree with you on this. I think the biggest pain points of SwiftUI, in my experience,
⏹️ ▶️ Marco again, I haven’t tried making a Mac app with it. I have, you know, a lot of experience on the watch, some experience on iOS so far.
⏹️ ▶️ Marco My experience with SwiftUI is not running into missing features, it’s running
⏹️ ▶️ Marco into capabilities or behaviors that are really easy
⏹️ ▶️ Marco in UI kit, you know, in procedural programming, that are just really hard
⏹️ ▶️ Marco because of SwiftUI’s model. That just like this declarative model, the
⏹️ ▶️ Marco things that it makes easy or easier, it’s like magic when you use
⏹️ ▶️ Marco it and you can make something so fast. I love SwiftUI when I’m working
⏹️ ▶️ Marco within the things it’s good at. And then I hit some little thing, it’s like, wait a minute, I can’t
⏹️ ▶️ Marco ship this like this, I have to have it, you know, like, when you, you know, it has to like deselect the cell correctly when
⏹️ ▶️ Marco I go back here or whatever. And you know, I run into some little behavioral detail like that, and oh, I just can’t
⏹️ ▶️ Marco do that. Like it’s not, it isn’t that it’s hard.
⏹️ ▶️ John I feel like that’s a missing feature though, because if you had the, you know, on defocused,
⏹️ ▶️ John unselect, that would take you two seconds worth of typing if that feature existed.
⏹️ ▶️ Marco Well, so sometimes it’s a missing feature, but sometimes it’s just like, I can’t do this thing
⏹️ ▶️ Marco I’m trying to do, and I understand why I can’t do it, because the procedural nature
⏹️ ▶️ Marco or the declarative nature of this, yeah, that would be really hard to model in this kind of thing, or
⏹️ ▶️ Marco I can do it, but it requires all this ugly crap hack workaround, because
⏹️ ▶️ Marco that’s just not a thing that declarative UIs are well-representing.
⏹️ ▶️ John That’s why I say it’s an open question, though, because the flip side is also true. There are things that are super pain in the
⏹️ ▶️ John butt to do in an imperative language that are trivial to do in a declarative one. And the
⏹️ ▶️ John open question is, what does that ratio break down? As like the things that SwiftUI is good at versus the things
⏹️ ▶️ John that a non-declarative API is good at, what is the ratio of those in a typical app? And
⏹️ ▶️ John it’s modified by like, you not having experience with this API, lots of people not having experience with an
⏹️ ▶️ John API like this, right? But that’s why I feel like more people, you need more features to be able to build bigger
⏹️ ▶️ John apps. And then when you build the bigger apps, you need to figure out are the things that SwiftUI is good at enough
⏹️ ▶️ John to offset the things it’s bad at? Because I think it’s basically, it’s pretty non-overlapping
⏹️ ▶️ John set of like the things that AppKit is good at and the thing that it’s bad at. Like it’s a complimentary
⏹️ ▶️ John set with SwiftUI. There’s not a lot of overlap just because the models are so different, right? But what I wanted to get
⏹️ ▶️ John at with having origins on the watch is that one thing in SwiftUI’s favor is
⏹️ ▶️ John it does, well, there’s two sides to it. It does a lot of things to be efficient. One
⏹️ ▶️ John of the advantages of being a declarative API
⏹️ ▶️ John is it’s harder for you to add a code that slows the system down because it takes your whole model, turns
⏹️ ▶️ John it into a structure, you know, figures out, like all the view combining and crap that you would
⏹️ ▶️ John have to do in like AppKit apps manually to improve your performance problems after watching 50W or DC
⏹️ ▶️ John sessions. SwiftUI is doing that for you internally. Like you don’t have to do that.
⏹️ ▶️ John the framework does it. The framework will, in theory, figure out how to make your thing fast,
⏹️ ▶️ John figure out how to combine your views. Like, don’t worry about making tons of little views in SwiftUI, it’s not actually making NS
⏹️ ▶️ John views for every single one of those things. The system will figure it out, right? Because it has to be efficient because it has to run on the watch.
⏹️ ▶️ John The other side of that is, yeah, but the watch doesn’t have much crap going on. So really,
⏹️ ▶️ John has this actually been tested? Yes, it’s efficient enough to run on the watch, but honestly, how many
⏹️ ▶️ John SwiftUI views can you fit
⏹️ ▶️ John watch screen? Like there’s not that many of them. Whereas a Mac app can have a ton of them. So
⏹️ ▶️ John this supposed system that’s gonna like turn everything into a data structure and run it through this
⏹️ ▶️ John machine and make views to be an efficient way. Does that actually work when I have a table with
⏹️ ▶️ John like millions of cells and stuff, or does it fall over because AppKit has had multiple decades
⏹️ ▶️ John of optimization and actually, you know, NS table or even how UI collection view actually do this much better
⏹️ ▶️ John because they’ve been forged in the crucible of years and years and years of making this faster and having a WWDC
⏹️ ▶️ John session telling you how to make it faster and then repeating that cycle, right? So that’s why SwiftUI
⏹️ ▶️ John is a question mark, but there is a bunch of stuff in favor of it. It is good at things that other frameworks are not good at. It
⏹️ ▶️ John does have lots of technical things that in theory can make it very fast and efficient
⏹️ ▶️ John without much developer effort. It does have the potential, as Apple keeps pushing, to be less
⏹️ ▶️ John bug prone because you don’t have to worry about as many states of the interface and having things
⏹️ ▶️ John be immutable versus mutable and declarative versus imperative. Like Apple really pushes the benefits
⏹️ ▶️ John and they are real and they do make sense and they could all work out, but we don’t
⏹️ ▶️ John know if that’s the case yet, right? All we know is that right now it’s young, it’s got bugs, it doesn’t have all the features we need.
⏹️ ▶️ John Some parts of it are in fact slow when you try to do big things, but it’s too early
⏹️ ▶️ John to make a call, right? And then Catalyst is kind of the same thing. Catalyst is a known quantity, we know about
⏹️ ▶️ John UIKit, but there’s a bunch of crap you can’t do without falling down to AppKit. And until very recently, It’s
⏹️ ▶️ John been very difficult to make an app that can fool a, you know, actual experienced Mac user
⏹️ ▶️ John into thinking it’s not a catalyst app, right? The scaling thing helps a lot, but there are other sort
⏹️ ▶️ John of telltale signs. And especially if you’re bringing an app from the iPad or the iPhone,
⏹️ ▶️ John, Marco it’s very easy to
⏹️ ▶️ John tell that it’s not a native Mac app because no one would ever make a Mac app like that because that’s not how Mac apps work.
⏹️ ▶️ John So the Mac as a platform is in a difficult situation.
⏹️ ▶️ John Part of that situation is just, you know, Apple in terms of like, well, how important is the Mac to any one person?
⏹️ ▶️ John But part of it is Apple’s own doing and that they don’t have a clear message on what should I be doing instead of Electron.
⏹️ ▶️ John So Electron really starts to feel like a safe,
⏹️ ▶️ John wise, uh, and reasonable choice until Apple gets his crap together.
⏹️ ▶️ Casey Yeah, it’s a, it’s just, it’s such a crummy, it’s such a crummy state of the Mac,
⏹️ ▶️ Casey right? To bring us briefly back to 1Password, I’m still not convinced that Catalyst wouldn’t
⏹️ ▶️ Casey have been an acceptable answer. So it would be straight UIKit on iOS and iPad, and
⏹️ ▶️ Casey then 90 percent UIKit wherever possible on Mac OS, and
⏹️ ▶️ Casey then dropping back to AppKit or something like that if necessary. I mean, if the back-end really and truly is
⏹️ ▶️ Casey Rust, and if it really and truly does 90 percent of the heavy lifting, then I got to imagine 90
⏹️ ▶️ Casey percent of 10 percent is still not too much code. You know what I mean? Like it shouldn’t have been that thick a shim
⏹️ ▶️ Casey over over their rust back end, but not be that as it may again, I can arm armchair quarterback all the time.
⏹️ ▶️ Marco I mean, honestly, I think they should have used app kit. They already knew how to use it. They already had a giant existing app like
⏹️ ▶️ Marco app kit is the right answer here. I know it doesn’t feel good from an engineering standpoint. But that
⏹️ ▶️ Marco is the right answer right now.
⏹️ ▶️ John I mean, they would have had to throw away the existing AppKit app, but getting back to the core thing being in Rust, like granted,
⏹️ ▶️ John you’re gonna need to put something new on top of it, because we all know, despite everyone’s attempts to be disciplined,
⏹️ ▶️ John your backend is tied to your frontend in ways that are difficult. So I totally understand that you’ve gotta throw away
⏹️ ▶️ John your existing AppKit app, probably all of it, right? You’ve got a new core, right? But
⏹️ ▶️ John on top of that new core, how thick would the layer of AppKit UI kit or SwiftUI
⏹️ ▶️ John have to be? They tried to do SwiftUI, It didn’t work out for whatever reasons if they had tried to do an app kit layer
⏹️ ▶️ John on top. Certainly, more work than Electron because Electron is shared across all the platforms and you just do it once,
⏹️ ▶️ John great. But how complicated would that be? I’ve used 1Password.
⏹️ ▶️ John Last 1Password version I had was three, I think. I think I just deleted it actually a couple of months ago
⏹️ ▶️ John because I realized I hadn’t launched it in a while or maybe it had the circle with a line through it
⏹️ ▶️ John, Marco saying it doesn’t run this OS anymore.
⏹️ ▶️ John But I don’t know how complicated 1Password is. How much UI does 1Password have? but
⏹️ ▶️ John pick any API, and it’s plausible, that would have been
⏹️ ▶️ John a similar amount of work to use AppKit, Catalyst,
⏹️ ▶️ John or SwiftUI on top of that core. All of those options are obviously way more work than
⏹️ ▶️ John doing zero work and just using Electron everywhere, right, so again, I can kind of understand why the company went with what they
⏹️ ▶️ John went with, but I also mostly agree with Marco that if you had done it with AppKit,
⏹️ ▶️ John That’s a, in terms of customer experience, currently that’s a no compromise
⏹️ ▶️ John solution. Like I was trying to think of, is there anything you can’t do in AppKit? I think maybe with
⏹️ ▶️ John some of the stuff they’re adding to SwiftUI, some things are actually a little bit more difficult than AppKit, like some of the SwiftUI
⏹️ ▶️ John views would be difficult to synthesize in AppKit, but in general, I don’t think there’s anything you literally can’t do in AppKit.
⏹️ ▶️ John So from a customer’s perspective, they don’t need to know your car is in rust, who cares? Your UI is in AppKit,
⏹️ ▶️ John they don’t need to know you rewrote it all, especially if you change it and it looks a little bit different for the version eight or whatever.
⏹️ ▶️ John And that’s fine. If you did it in Catalyst, I do wonder if we would be having
⏹️ ▶️ John this exact same podcast, only instead of us complaining about them going to Electron, we’d be complaining that they went to Catalyst.
⏹️ ▶️ John Because Catalyst apps also have their own kind of, especially if your goal
⏹️ ▶️ John is to share that code with iPad and the iPhone, he’d be like, oh, why is these menu items weird?
⏹️ ▶️ John Why don’t the keyboard shortcuts work? Like there’s tons of reasons to complain about Cal because it’s all so young, right?
⏹️ ▶️ John And then SwiftUI, like, you know, they would still be writing it because there’s like three things
⏹️ ▶️ John they needed to do that it doesn’t currently do and good luck trying to wedge that
⏹️ ▶️ Marco in, right? And SwiftUI is buggy too. Like it’s not, if you look at the way SwiftUI
⏹️ ▶️ Marco does, like even like certain transitions, like navigation controller transitions, certain animations,
⏹️ ▶️ Marco certain, like SwiftUI actually does a lot of things in different ways
⏹️ ▶️ Marco than the native UI frameworks on its own platform does them. Like if
⏹️ ▶️ Marco you write certain things in UIKit or AppKit versus SwiftUI, they actually sometimes behave in small
⏹️ ▶️ Marco different ways. And so like, this is why I think the idea of
⏹️ ▶️ Marco cross-platform design and having a shared framework between
⏹️ ▶️ Marco very different kinds of platforms, how long has our industry been trying to do this?
⏹️ ▶️ Marco And when has it ever worked with the sole exception of the web browser?
⏹️ ▶️ Marco With the web browser is the greatest cross-platform, cross-UI, you know, everything.
⏹️ ▶️ Marco But once you get into apps, native apps, the platforms are so
⏹️ ▶️ Marco different in big and small ways, you know, a few big ways and a thousand small
⏹️ ▶️ Marco ways, that I don’t think it’s even possible to expect any cross-platform toolkit
⏹️ ▶️ Marco to ever really make great UI experiences. I think whatever you write for
⏹️ ▶️ Marco a phone or for a watch or for the Mac or for the PC or for the web browser,
⏹️ ▶️ Marco those are all very different targets and they all have different UI conventions, different expected
⏹️ ▶️ Marco behaviors by users, entirely different environments and needs and priorities. And so
⏹️ ▶️ Marco you’re right, Catalyst apps do suck and the reason they suck is not because they’re built on web technologies.
⏹️ ▶️ Marco It’s not because, like, they don’t have all of the same implementation details or almost any of the same
⏹️ ▶️ Marco implementation details as something like Electron, they suck because they’re running
⏹️ ▶️ Marco iPad code on the Mac, and it doesn’t feel right, and it doesn’t behave right in lots of little
⏹️ ▶️ Marco tiny ways. And that’s native code. That’s like, it’s running, it’s not being
⏹️ ▶️ Marco like interpreted or emulated. That’s native code running in what
⏹️ ▶️ Marco is kind of a native framework, but it’s kind of for the wrong platform. But like, I don’t think
⏹️ ▶️ Marco this dream of having cross-platform, you know, we’re just gonna write one
⏹️ ▶️ Marco app and it’s gonna be the same and it’s gonna be great everywhere. I don’t think that’s ever
⏹️ ▶️ Marco achievable because platforms aren’t the same. And to be great on a platform
⏹️ ▶️ Marco requires it to adopt to all the platforms, little behaviors, and priorities, and things, which are all gonna be different. So
⏹️ ▶️ Marco that’s why I think a company like 1Password, they have the resources,
⏹️ ▶️ Marco they have the engineering, they have the staff. They got to where they are today in part
⏹️ ▶️ Marco because they made native apps on multiple platforms that were good. And
⏹️ ▶️ Marco the idea of transitioning that to one shared app, no
⏹️ ▶️ Marco matter what framework they’re using, is not going to be good. It’s not gonna be as good
⏹️ ▶️ Marco as what they had before. It’s not gonna feel right. Everything’s gonna feel like a web view because
⏹️ ▶️ Marco that’s what it is. But even if they wrote it all in native code, if they still had like the exact
⏹️ ▶️ Marco same UI behavior and layout and everything across all platforms, it would also still
⏹️ ▶️ Marco feel and work poorly. Different platforms are different for reasons and
⏹️ ▶️ Marco they’re always going to be. And so if you’re going to have an app on multiple platforms and you
⏹️ ▶️ Marco care a lot about the experience being good, I think you have to write it natively on each platform.
⏹️ ▶️ John You know, that’s another argument. What you just said is kind of another argument for Electron, unfortunately,
⏹️ ▶️ John because of all the things you listed like it feeling native or whatever.
⏹️ ▶️ John The web, as you noted, is a sort of common interface across all platforms that
⏹️ ▶️ John it has its own conventions and language, blue underline words, click on and you take your places as an address bar,
⏹️ ▶️ John back and forward, reload, like there’s this whole other miniature world of UI conventions that exist
⏹️ ▶️ John within the web. And obviously it’s not as consistent as a single OS, what people are familiar with. And the second thing the web has going
⏹️ ▶️ John for it is good web browser engines essentially embed native
⏹️ ▶️ John controls, like the text fields when you hit Control A in a text field,
⏹️ ▶️ John which is like an Emacs key binding that works because the NS text field from Next was written by a bunch of Emacs users,
⏹️ ▶️ John so Control A works in text fields on the Mac OS X as long as you’re using a Cocoa API, right?
⏹️ ▶️ John Does that work in web browsers? I’m pretty sure it does. Casey, you need to go test this for me.
⏹️ ▶️ John, Marco Beginning of line? It does,
⏹️ ▶️ John So, you know, same thing with buttons. They may not look like native buttons, but very often, you know, they were historically native
⏹️ ▶️ John buttons now because of CSS stuff. They may be a little bit weird or whatever. Pop-up menus, scrolling
⏹️ ▶️ John regions, text editing regions, most web browser engines, most good ones these days, try
⏹️ ▶️ John to use native controls within them, right? Catalyst
⏹️ ▶️ John uses quote unquote native UI controls, which do not behave like Mac controls.
⏹️ ▶️ John They behave like iPad and iPhone controls. And the iPad and iPhone, until recently, didn’t even
⏹️ ▶️ John have a cursor, right? And so it’s a totally different interface
⏹️ ▶️ John paradigm. And an electron app, the two things I was going for is one, it might
⏹️ ▶️ John actually feel more native and two, the parts that don’t feel native feel like web, which at least
⏹️ ▶️ John is an interface that people look at and say, oh, I kind of, you know, they code switch, they mode switch, whatever.
⏹️ ▶️ John They’re like, oh, this is like a web UI. Like, I feel like I do that when I use Slack. Like when I’m using Slack, it’s
⏹️ ▶️ John not like I feel like I’m using a web browser, but I’m in web
⏹️ ▶️ John app mode. And I think a lot of Mac users, we’ve been used to that since we have
⏹️ ▶️ John weatherizers because basically, maybe 50% of the windows on our computer are web
⏹️ ▶️ John windows, right? Where the whole world inside those windows is the web page language, right?
⏹️ ▶️ John And then the Mac stuff is outside of it. And so when I go to Slack, I’m into the web mode.
⏹️ ▶️ John If a Catalyst app lands on here and it doesn’t respond to any of my keyboard commands or
⏹️ ▶️ John focus commands in the text fields, and I can’t tab from text fields and the date picker is some weird
⏹️ ▶️ John wheel of fortune thing that I don’t even understand. That’s not web, that’s not Mac, and it
⏹️ ▶️ John feels worse. Like, it just, I don’t want that at all, right? So again,
⏹️ ▶️ John Electron is not giving you the best experience. I agree with Marco, you want the best experience, you write it in AppKit and, you know,
⏹️ ▶️ John or hell, AppKit with SwiftUI inflected, which I think is also, I feel like that’s the second choice. If we had to rank
⏹️ ▶️ John these, AppKit will feel the most native because it is the most native, but of course everyone thinks that API is dead or dying.
⏹️ ▶️ John AppKit with SwiftUI views, I think is the best technical solution because every place you can’t
⏹️ ▶️ John use SwiftUI, just use AppKit, you’re fine. But the places where you can get SwiftUI, I can tell you it integrates
⏹️ ▶️ John really well with AppKit and the places where you get benefit from it, big win. As you all know,
⏹️ ▶️ John use it in the places where it’s a big win, save you tons of time. And by the way, those use happen to be reusable
⏹️ ▶️ John if you wanna use them elsewhere, right? And then I would say a distant third is Catalyst.
⏹️ ▶️ John This is all based on the fact that Apple hasn’t really given any guidance about which one of these three is dying. Which
⏹️ ▶️ John one of these three is gonna lose? Like what is the ranking? Which one is gonna get the boot? Which one is gonna die from slow neglect?
⏹️ ▶️ John Which one is gonna win? We don’t know, but just on the technical merits, AppKit with SwiftUI, number one,
⏹️ ▶️ John you know, SwiftUI alone did not finish, and Catalyst,
⏹️ ▶️ John third place. nice. And then that soup, though, I feel like electron the choice
⏹️ ▶️ John of electron, which is make the user the user experience worse for users and get everyone to complain, but potentially,
⏹️ ▶️ John get everyone over the hump. And eventually people just stop complaining. And if you actually if this actually does work the way you say
⏹️ ▶️ John where Oh, now we can do features more quickly, well then prove it by rolling out features more quickly. And maybe people start to get happy.
⏹️ ▶️ John Or maybe they still grumble. And then you buy yourself a year or two, where you can have your, you know,
⏹️ ▶️ John your, your mea culpa post and say, we heard you. And now that it’s clear that
⏹️ ▶️ John we shouldn’t be using electron on the Mac, it’s also become more clear that insert framework here
⏹️ ▶️ John is the future of APIs on the Mac. And so we’re, we’ve rewritten the, the Mac client using that API.
⏹️ ▶️ Casey Before we go, I, I hear what you guys are saying and I, and I agree with you,
⏹️ ▶️ Casey but I don’t know, I feel like my gut tells me having never used it,
⏹️ ▶️ Casey that catalyst is more viable solution here than I think especially John, you’re
⏹️ ▶️ Casey giving it credit for. And I am quite possibly wrong there, but my call to action
⏹️ ▶️ Casey for the listeners is, if you have an app that you’re fairly confident is
⏹️ ▶️ Casey Catalyst that you use or write that you think is a really and truly good platform citizen,
⏹️ ▶️ Casey let me know on Twitter. I’d be curious to hear what that is because I don’t know what
⏹️ ▶️ Casey the plate of Catalyst apps is. that we all hate
⏹️ ▶️ Casey on the Mac that Apple ships, like Home, which honestly is garbage on iOS too, but
⏹️ ▶️ Casey that’s neither here nor there. Home is
⏹️ ▶️ Casey Yeah, but that’s exactly my point. Like Home, and I’m sure there’s a couple others that I’m not thinking of off the top of my head.
⏹️ ▶️ Marco Well, Messages is probably the most used Catalyst app if I had to guess.
⏹️ ▶️ Casey That’s true. And that still has a couple of quirks and big sir, but for the most part,
⏹️ ▶️ Casey I think it’s pretty good. But yeah, if there’s a Catalyst app that you use or write
⏹️ ▶️ Casey that you genuinely believe is really and truly awesome. I’d be curious to hear about that on Twitter. So please,
⏹️ ▶️ Casey please let me know.
⏹️ ▶️ John Yeah, Catalyst has, like, there’s no reason Catalyst can’t be eventually made to be as good as AppKit
⏹️ ▶️ John with all the features, it’s just not there yet. Because it’s only been a few years since it’s been on the Mac platform and like
⏹️ ▶️ John stuff doesn’t work yet, drag and drop, or the cursor doesn’t work right the right way, or the menu bar stuff’s not the same, like all
⏹️ ▶️ John of these, SwiftUI is the youngest, obviously, and it’s got the farthest to go, but there’s nothing technically stopping
⏹️ ▶️ John either Catalyst or SwiftUI from eventually being the API on
⏹️ ▶️ John the Mac platforms. Just neither one of them is right now, right? And so we’re faced with the reality, you know,
⏹️ ▶️ John and I, you know, I gave SwiftUI, I did not finish but I just feel like it’s too young and too ready.
⏹️ ▶️ John But I rank Catalyst below AppKit with SwiftUI mixed in. Like that’s one of the beauty,
⏹️ ▶️ John I mean, one of the beauties of SwiftUI is it’s really easy to mix in with AppKit. You can also mix in SwiftUI,
⏹️ ▶️ John obviously in a Catalyst app and you can mix AppKit in with the Catalyst app too but I feel like three APIs is too many.
⏹️ ▶️ John Yeah. In a single app. So if you have to mix them, AppKit with SwiftUI
⏹️ ▶️ John just makes so much sense because you can just smell when this is gonna be a place where SwiftUI is gonna be
⏹️ ▶️ John awesome, or it’s not, you’re in AppKit and you can literally do anything and you’re fine, right? But Catalyst, it’s a
⏹️ ▶️ John much more difficult balancing act. So I feel like we just have to wait to see how
⏹️ ▶️ John this all shakes out. Right now, Catalyst is in the lead, technically, because it has more features and you can make
⏹️ ▶️ John a more convincing, more complicated Mac app with Catalyst than you can with SwiftUI.
⏹️ ▶️ John But AppKit, you know, obviously can do everything and is, you know, hugely
⏹️ ▶️ John mature and has good performance. And eventually Microsoft and Adobe
⏹️ ▶️ John did rewrite their crap
⏹️ ▶️ John API. So yeah, it’s probably gonna be around for a while. So that’s why I just keep looking at SwiftUI
⏹️ ▶️ John and Catalyst and wondering how that’s gonna shake out. But in the meantime, like again, I don’t
⏹️ ▶️ John use 1Password. You know, I bought it a couple of times, decided it wasn’t for me.
⏹️ ▶️ John I just use iCloud Keychain for a variety of reasons. And I’m glad that iCloud Keychain is getting
⏹️ ▶️ John better. But I will say that every day I use Slack and other
⏹️ ▶️ John Electron apps that I consider good Electron apps. And I have to say a good Electron
⏹️ ▶️ John app doesn’t bother me too much, but it should definitely bother Apple.
⏹️ ▶️ Marco And I’ll say like, I’m still using 1Password even throughout all this because iCloud Keychain
⏹️ ▶️ Marco would be the only, would be the obvious thing that I would go to instead. But I don’t
⏹️ ▶️ Marco trust Apple yet to have the functionality I need consistently
⏹️ ▶️ Marco in that product yet. Right now I use iCloud Keychain as like a convenience. Like if
⏹️ ▶️ Marco I fill in a password on a web form from 1Password and Apple offers to save it, I say yes.
⏹️ ▶️ Marco And the next time I go to that site, It might fill it in, sometimes. It might not.
⏹️ ▶️ Marco It also seems broken on my phone forever for some reason. Like iCloud Keychain just never, it never
⏹️ ▶️ Marco works properly on my phone. Works great on all my other devices except my phone.
⏹️ ▶️ Casey It’s because it’s too small. Yeah,
⏹️ ▶️ Marco maybe. But my battery life is getting bad fast.
⏹️ ▶️ John It’s because it knows you have one password installed and it’s angry.
⏹️ ▶️ Marco Yeah, right. It’s been dictated. Yeah, so like I don’t like iCloud Keychain yet.
⏹️ ▶️ Marco I think it might eventually get good, but it’s not good enough and stable enough and
⏹️ ▶️ Marco consistent enough for me yet. It still doesn’t have a lot of features I like with 1Password. And of course, there is the
⏹️ ▶️ Marco cross-platform thing that is always gonna be kind of an afterthought for Apple if it exists
⏹️ ▶️ Marco at all. So I want to keep using this product and I probably will keep using this product.
⏹️ ▶️ Marco I’m just gonna have more paper cuts now. And that’s unfortunate. And I hope
⏹️ ▶️ Marco they can find a way not to do that or at least to reduce or eliminate those paper cuts. But
⏹️ ▶️ Marco I think some degree of that is inevitable with all electron apps, and if not electron,
⏹️ ▶️ Marco as I was saying a minute ago, with all cross-platform apps. Like, if you don’t have
⏹️ ▶️ Marco native UIs that were really written with the platform they’re running on in mind, with a significant amount
⏹️ ▶️ Marco of native code on each platform, I don’t think you can make great experiences. I think you can make okay,
⏹️ ▶️ Marco you can make acceptable experiences. It’s hard to make great experiences. The most common electron
⏹️ ▶️ Marco app I use is Slack. I use it all day, every day. and it’s not a great experience. It’s fine,
⏹️ ▶️ Marco but it’s not great. And Slack, I feel like, is even more excusable
⏹️ ▶️ Marco as an electron app because it has such a much larger amount of UI.
⏹️ ▶️ Marco Like, there’s so much UI in Slack. So many different kinds
⏹️ ▶️ Marco of screens, so many different modes the UI can be in, so many different levels and threads.
⏹️ ▶️ Marco There’s so much UI in Slack. That is more excusable to me to be an electron app.
⏹️ ▶️ John and it’s a server-side app. Like, everything you do talks to a server, so it being web-based
⏹️ ▶️ John technology is like, okay, I can see that.
⏹️ ▶️ Marco Right, yes. But one password I think, the conception of it that I have
⏹️ ▶️ Marco is that the amount of UI in this app is significantly smaller than Slack.
⏹️ ▶️ Marco Now, that being said, in all the different directions they’re going as they’re focused on business
⏹️ ▶️ Marco enterprise kind of features, maybe that’s all changing for a bunch of stuff I’ll never use. And that’s
⏹️ ▶️ Marco why it’s extra frustrating. Would you like to save your
⏹️ ▶️ John screenshots in 1Password? 1Password can now back
⏹️ ▶️ John your entire computer. I just got that prompt today. I’m like, what is this dialogue? Yeah,
⏹️ ▶️ John because I was on some, like one of the kids’ accounts on a computer that they don’t use normally. I’m like, would I like to
⏹️ ▶️ John save my screen? I’m like, this is a Dropbox dialogue? What the heck? Because I’ve long since dismissed
⏹️ ▶️ John it and told Dropbox to shut up on all my computers. Yeah, please, 1Password, do not offer to save all our screenshots.
⏹️ ▶️ Marco Dropbox needs your root password to enable certain features. Oh yeah? Mm-hmm.
⏹️ ▶️ Marco Yeah, anyway. Yeah, let’s hope 1Password doesn’t go the way of Dropbox, but unfortunately,
⏹️ ▶️ Marco just looking at the direction they’re going as a company, focusing a lot on the business market and everything, I
⏹️ ▶️ Marco think it’s gonna be an uphill battle to not go that direction. And so I hope they don’t, but
⏹️ ▶️ Casey But as a final note, I mean, at least Marco and I, we spent a lot of this time
⏹️ ▶️ Casey talking about 1Password because it’s a product and company we love so darn much. And in the defense of
⏹️ ▶️ Casey 1Password, this is the first public beta of 1Password 8. And three
⏹️ ▶️ Casey 1Password employees have been hanging out in the chat, including both founders this entire, or certainly
⏹️ ▶️ Casey this entire segment, if not the entire episode. So, they obviously care. And
⏹️ ▶️ Casey I don’t think, I don’t get the feeling that they’re just in here trying to do some sort of damage control. I
⏹️ ▶️ Casey really genuinely believe that they care, and that’s why we care. And I hope that continues to
⏹️ ▶️ Casey be the case, because I agree that I fear that that one password’s heading for a Dropbox
⏹️ ▶️ Casey fall into irrelevance, and I really hope that that’s not the case.
⏹️ ▶️ Marco I wouldn’t even say irrelevance. I would just say just very different priorities than what all the consumers
⏹️ ▶️ Marco who started using it really want out of it.
⏹️ ▶️ Casey That’s true, that’s fair, that’s fair.
⏹️ ▶️ Marco Thanks to our sponsors this week, One Password.
⏹️ ▶️ Marco No, actually, it was Linode, Mack Weldon, and Squarespace. and Squarespace. And thanks to our members who support
⏹️ ▶️ Marco us directly. You can join atp.fm slash join. We will talk to you next week.
⏹️ ▶️ John Now the show is over, they didn’t even mean to begin Cause
⏹️ ▶️ Casey oh it was accidental John didn’t do
⏹️ ▶️ John research, Marco and Casey wouldn’t let him Cause it was
⏹️ ▶️ Casey it was accidental And you can find the
⏹️ ▶️ John show notes at ATP.FM And if you’re into
⏹️ ▶️ Marco you can follow them at C-A-S-E-Y-L-I-S-S
⏹️ ▶️ Marco So that’s Casey Liss, M-A-R-C-O-A-R-M,
⏹️ ▶️ Marco N-T Marco Armin, S-I-R-A-C-U-S-A
⏹️ ▶️ Casey accidental, they didn’t mean
⏹️ ▶️ Marco to Accidental, accidental, tech podcast
⏹️ ▶️ Marco So my bike was stolen a few days ago.
⏹️ ▶️ Casey Well, it’s all coming up millhouse for you this week. Good
⏹️ ▶️ John thing you had an air tag on it though. Right? So.
⏹️ ▶️ Casey Right? Oh wow, oh wait, is this real? Oh, now I’m really excited.
⏹️ ▶️ Marco So this was incredible. So Tiff was showing at an art show here in town, which was, it was great,
⏹️ ▶️ Marco it was a big deal, a huge, I’m very proud of how it went for her, she was great and stuff went well, it was
⏹️ ▶️ Marco great. Anyway, Tiff was doing this art show. I was sitting at the booth with her for the second half of
⏹️ ▶️ Marco this day. And so, and I was riding my bike back and forth, occasionally back to the house to like, you know, let
⏹️ ▶️ Marco hops out or, you know, do other, you know, pick up stuff, whatever. I was parking my bike 15
⏹️ ▶️ Marco feet from where I was sitting. It was in, eyeshot, did we figure out if
⏹️ ▶️ Marco that’s a word? Is eyeshot a word? This is a new one. This is not like heartened. I guess
⏹️ ▶️ Marco within view. So it was within eyeshot.
⏹️ ▶️ Marco And I don’t usually lock my bike in town because it’s a beach town. You
⏹️ ▶️ Marco can’t bring bikes on the ferry, so there’s nowhere for a bike to really go.
⏹️ ▶️ Marco And so bikes don’t usually get stolen for profit. They get stolen
⏹️ ▶️ Marco usually by drunk idiots who are about to miss the last ferry of the night. And so they
⏹️ ▶️ Marco rush to grab whatever bike they can find, they ride to the ferry, and they dump it somewhere near the ferry.
⏹️ ▶️ Marco And so then the next morning, everyone goes in the town Facebook group, and post like, hey, there’s this bike in front of my house. Whose
⏹️ ▶️ Marco is this? And then like, someone else would be like, oh, I know that’s Bob’s bike. You know, cause everyone knows it’s a small town.
⏹️ ▶️ Marco So, so these are, this is like the, the environment that we operate in here. So normally I don’t even lock my bike if I’m
⏹️ ▶️ Marco just like going out to, you know, a grocery store or something. Cause it’s, there’s not a real
⏹️ ▶️ Marco theft problem for like, in the way that you would usually think of one. So I thought air tags
⏹️ ▶️ Marco would be perfect for this because usually, again, the problem is not professional bike
⏹️ ▶️ Marco thieves coming up with an angle grinder and cutting your U-lock to steal your bike for
⏹️ ▶️ Marco profit. All you need to know is, okay, my bike is not where I left it. It’s probably somewhere stupid.
⏹️ ▶️ Marco Where is it? Again, that’s all you need to know. So I thought air tags were great. So
⏹️ ▶️ Marco when I got my first air tags earlier in the summer, I put one in discrete locations
⏹️ ▶️ Marco on many common objects, including my bike, and figuring that, you know, hey,
⏹️ ▶️ Marco this could be good for a passive environment like this. And also, the lack of true GPS or
⏹️ ▶️ Marco cellular in them wasn’t a big problem because I don’t think there’s anywhere on this entire
⏹️ ▶️ Marco island that an object is likely to be more than 20 feet from an iPhone for very long.
⏹️ ▶️ Marco We have very tightly packed houses and tons of people walking around all
⏹️ ▶️ Marco the time. So, the iPhone location basis of them is also gonna be, I think, pretty
⏹️ ▶️ Marco accurate. So anyway, so at this art fair with Tiff, My bike is parked 15 feet away
⏹️ ▶️ Marco within eye shot. And within an hour and a half
⏹️ ▶️ Marco period, like between 3.30 and five on this day, we finish up the art fair, Tiff’s packing
⏹️ ▶️ Marco up. I go to get my bike. I’m like, where’s my bike? I parked it here, right? I’m looking around like,
⏹️ ▶️ Marco where is it? And this was in a bike rack full of other bikes. Like, I’m like, where did my bike go?
⏹️ ▶️ Marco I said, somebody steal my bike in front of me? And I
⏹️ ▶️ Marco didn’t notice. Yes, yes, they did.
⏹️ ▶️ Marco So at some point, someone in this, you know, art fair, like there’s a lot of, you know, foot traffic.
⏹️ ▶️ Marco Someone at some point walked up to my bike out of there and just took it out of the racket. That’s
⏹️ ▶️ Marco So I’m like, all right, well, let’s see. So
⏹️ ▶️ Marco I looked, opened up find my app and find my bike it instantly showed a point
⏹️ ▶️ Marco in the map that was a few blocks away by the ferry. I was
⏹️ ▶️ Marco like okay but it’s like okay it’s this happened between 3 30 and 5 pm. Could
⏹️ ▶️ Marco somebody have really been that bombed at like four o’clock in the afternoon? I mean
⏹️ ▶️ Marco, Casey it turns out
⏹️ ▶️ Marco on fire island yes but also i’m like this wasn’t even the last ferry
⏹️ ▶️ Marco they like Like, you know, this was like four o’clock. The ferries run till like midnight. Like this,
⏹️ ▶️ Marco it’s not, anyway. So I’m like, I walked over, I’m like, this will be amazing
⏹️ ▶️ Marco if my bike is actually where this says it is. I walk, you know, towards it on the map and sure enough, the air tag
⏹️ ▶️ Marco had exactly located my bike, which was parked in front of a storefront and next
⏹️ ▶️ Marco to a couple of the bikes near the ferry. I have no idea
⏹️ ▶️ Marco how this happened, like in front of me without me noticing. doesn’t even make sense
⏹️ ▶️ Marco because in the context of this art fair there were so little like
⏹️ ▶️ Marco you it was hard to even walk down the sidewalk let alone bike down it like there’s so
⏹️ ▶️ Marco much traffic it’s like walking through Times Square like that you’ve been on a much smaller scale obviously like
⏹️ ▶️ Marco I don’t know why somebody did this but the fact is my bike was indeed stolen in the stupid way that bikes get stolen
⏹️ ▶️ Marco here the air tag worked perfectly and it let me find it in 10 seconds
⏹️ ▶️ Marco after I started looking like, wait, where’s my bike? It’s not here. Okay, find my, boom, it’s a few
⏹️ ▶️ Marco blocks that way. Okay, walk right to it. It’s exactly where it says it is. So here is my success story
⏹️ ▶️ Marco with AirTags. If you happen to have the very strange needs and priorities that I do for bikes
⏹️ ▶️ Marco here, they work really well for that.
⏹️ ▶️ John Keep an eye on your bike, too.