Unripe Fruit: What we don’t want to see

Things that would be weird to release without a major OS update: Apple’s music streaming service

Apple is expected to release their music streaming service next week — a strange announcement for a developer conference, and a strange announcement for the middle of a product cycle. It makes more sense for the streaming service launch to be a flagship feature of iOS 7 than to get released as a point-update to iOS 6 or as a stand-alone app. Our guess is that iRadio is a stand-alone app on iOS and a new feature in iTunes on OS X — maybe the only feature added to iTunes in the past five years that actually fits.

Things with limited actual benefit: UIKit for OS X

Allowing iOS apps to be ported directly to Mac seems like a good way to recreate the experience of the current dev tools simulator. iOS games that are ported to Mac already have issues with poor user experience due to the low quality porting done to bring them to the Mac. Making it easier for developers to port from one to the other would be nice, but a UIKit compatibility layer has all sorts of implications for low quality end products.

Things that just aren’t going to happen no matter how much you want them to: Apple TV SDK

A new way of interacting with the Apple TV is a necessary prerequisite to real Apple TV apps. It would be great for Apple to sell subscription-based “apps” that give users access to custom Apple TV channels from HBO, etc., but those custom channels, if they do someday exist, won’t be full apps. That would be an innovative way for Apple to get content providers to provide support for the Apple TV, but the prospect of paying 30% of subscription revenue to Apple probably can’t compete with a cable monopoly in the lizard-brains of network executives.

If you want to see the Apple TV SDK that Apple has, but hasn’t felt the need to make public, look no further than Matt Thompson’s excellent write up on Back Row, the internal SDK for Apple TV.

Things that don’t fit into the hardware release schedule and may not even exist: Low-cost iPhone

Jony Ive would never appear alongside a device primarily created out of an inferior material such as plastic.

Things that would be incredibly useful but just aren’t Apple’s bag: A custom web backend as part of iCloud a la Windows Azure

This might be controversial, but we don’t see Apple adding features like Parse, Deployd or Windows Azure to iCloud, as nice as they are. We hope they improve all sorts of things about iCloud, but we just don’t think adding developer-customizable server-side components is within Apple’s comfort zone.

Things that you don’t need to show to your competitors three months before launch: New UI Chrome for iOS 7

Showing off a new UI three months before it ships doesn’t fit Apple’s normal way of showing off their products, but the reportedly extensive UI changes planned for iOS 7 might be an exception. The changes will get revealed eventually in the developer betas — Apple can’t save all the UI changes for the iOS 7 release candidate, which generally coincides with their official hardware announcement. So some of the UI overhaul will be on display at WWDC, but expect to see more changes as the release gets closer. How much gets revealed at WWDC may be a test of how much Apple cares about a) increasing pre-release excitement for iOS 7 and b) Apple’s stock price over the next few months. And no matter how nice iOS 7 looks, pleased don’t install the first beta on your phone while 2000 miles from home.

✍ Ben: I did that once in the days of my youth… and lost the ability to receive voicemails for the balance of WWDC + traveling back home.

Things that we know will be released in the fall: The next normal-cost iPhone

 

⚛

 

Ready for Pickin’: What we want to see

Things that would be appropriate for a developer conference: New Mac Pro

Made in teh [sic] USA baby! An announcement regarding a radically new Mac Pro would definitely garner some positive press amidst low level negative coverage about the e-books lawsuit and congressional testimony on Apple’s tax avoidance schema.

Things Ben would like to buy: An updated Retina 13-inch Macbook Pro with Intel’s new Haswell processor

The update to Haswell will be great across the board for integrated GPU performance; that performance matters most in the 13-inch Macbook Pro, which is missing a dedicated GPU and a four-core Intel chip. If the rumors of an updated, slimmer form factor are accurate, this will be a sickeningly beautiful and fast Mac.

Things that build on iOS’s core features: Incremental API improvements that expand Apple’s strongest APIs

Expanded access to features from the iOS 6 Maps App via MapKit, SceneKit on iOS — here’s a nice Open Radar regarding SceneKit’s potential benefits — and more applications and flexibility for Passbook are three areas where iOS could expand existing Apple APIs to provide developers with more powerful tools.

Things that Apple actually needs to catch up on when compared to Android and Windows Phone: Expanded inter-app communication, hopefully via the UIActivity framework

Apart from iCloud Core Data, this may be the biggest missing functionality in the Cocoa Touch framework. We hope it gets strong enough to compete with Windows 8’s Contracts before Windows phones start [Windows phone market share joke removed out of empathy]. More robust inter-app communication in iOS will strengthen the network effect within the App Store ecosystem, and that’s a strong reason for iOS’s perceived dominance among developers. The shortcomings of iOS in this arena are a limitation that many users run up against on a frequent basis — at least, we do.

Things that happen every year at WWDC: Updates to Xcode and Interface Builder that are great to demo but sometimes are hard to get working for actual complicated apps and sometimes you wonder whether Apple really uses these tools for apps like iPhoto or even Find my Friends.

✄

Ben: I’m thinking we’re going to look pretty silly on the iRadio one.

Bob: It will come out… but does it make sense?

Ben: They’ve had 10 years to think about it, so it had better.

To celebrate the upcoming nerdery scheduled for June 10-14th somewhere near the House of Shields, the folks over at AgileBits are putting their products, which we recently recommended, on sale for a whopping 50% off.

Seriously, if you didn’t purchase 1Password due to it’s price tag before, you have half the reason to object to it that you did last week.

1Password for Mac ($24.99)
1Password for iOS ($8.99)

Ben

I recently had the opportunity to guest on another podcast — iPhreaks with Charles, Pete, Rod, Ben & Co. (actually there’s no company, I think that’s all of them). In the show, we talk about prototyping iOS apps and some of the tools available for designers and developers to use in the early stages of defining and building apps. I’ve spoken on this topic a couple times at CocoaConf but this was a nice opportunity to talk about it in a laid back conversational way. In the second half of the show we also get into some of the thought processes and methodology that can make prototyping cleaner and more effective.

Lastly, I somewhat repeatedly recommend Briefs 2 throughout the course of the conversation. Rob and the team over at MartianCraft did a bang up job on it and I can not recommend it enough.

Listen away.

✍ I really like how this podcast’s show notes are done. Each link is listed along with the time it’s mentioned, which makes it super easy to jump into the show and listen to a snippet about a certain topic or tool that interests you (for instance, the three places we talk about Briefs).

Bob

One of Ben’s many faults is that he keeps his passwords in his system keychain, like an animal, a small creature of the forest, hiding nuts for winter. Today I’ll try to get him to start using 1Password or some other password-management app. This will make his life better by giving him secure passwords he can access from anywhere, easily transfer between Macs, and by giving him an easy place to safely and securely store other sensitive information — server info, financial data, etc. Ben, are you ready to switch?

Ben

I think I am. But I’m unsure of the day to day consequences of doing so. It seems scary to give my passwords to a service, no matter how into security they are, and the idea of not knowing my own passwords is unsettling. On the flip side, I don’t actually know all my passwords, leading to resetting passwords more often than I like.

Password security is a rather difficult thing. Eight characters was once the golden standard for strong passwords, then eight or more characters inclusive of a numeral, and more recently eight or more characters including a numeral, an uppercase character, two punctuation marks and your best friend’s three favorite emoji. This makes it really hard for users to memorize compliant passwords due to the limitations of human short-term memory to around four ‘chunks’ of information¹.

Bob

Right. Maybe we should back up a bit and think about password security in general. In the past, I’ve had some good passwords that I remember, but it’s hard to have great passwords for every different service, so I end up either a) using passwords that aren’t secure or b) using the same password on multiple sites. Even after switching to 1Password, I have three or four secure passwords that I remember and know by heart, and use for my go-to services: Dropbox, iTunes, and 1Password. That’s a comprehensive list.

Ben

I have to say, the services I use on a weekly basis stretch beyond those mentioned. Passwords I use every single day are really only my computer’s password, Apple and Google. But there are probably 5-10 other services that I use several times per week.

Bob

I don’t mind remembering passwords for a few things, but I have trouble remembering 10 different secure passwords for 10 services I really want to use and really want to stay secure. For example…

✍ Ben: Bob, are you sure you want to list all the services you use? It seems like a security risk or something. You know, because of the Hackers. But I guess you’re pretty convinced that your password scheme is really all that.

Good point. Uh, I use Shmemail, Gwitter, and Blamazon.

That’s one problem 1Password and like services fix: they make it easier to use better passwords for those 10 important sites. The other problem that 1Password solves: there are 100 other sites that I have a login to that might not need to be incredibly secure, but I’d still rather not use a single password that I share with all of them — I want those sites to have their own passwords, and have those passwords be pretty good, but I have no intention of memorizing them. Keychain would work for this, but Keychain doesn’t sync to my iPhone or iPad.

Ben

But I’m still unsettled by the notion that I might not be able to access my password for a given service at some future moment in time when I’m on a device that isn’t my own. How does that pan out?

Bob

If I don’t have my iPhone, iPad, or Mac, I can’t log in to services that I don’t remember the password for unless I want to do a password reset. That’s still a problem, but it’s one I’m OK having. Do you have any potential qualms about using 1Password?

Ben

Sure. My biggest one is simply that I don’t like installing software on my computers. I’m a bit of a grumpy person about it. I’d rather use built in solutions when at all possible–it makes my life more simple and I have less “operator knowledge” to manage and keep up to date on, not to mention making it easier to set up a new Mac when I upgrade.

Bob

You can use OS X’s built in password creator to make secure passwords and store them in your system keychain pretty easily. But there are two problems that I can’t figure out how to solve using the built-in keychain: I don’t have access to my passwords when I’m on iOS, and I don’t get the advantages of auto-fill for services where I have multiple logins. Are those problems for you, and how do you manage them without a password manager?

Ben

They are. On iOS I find myself using a somewhat smaller subset of my service passwords. Generally the ones I access most often and am most likely to have memorized. I don’t use the same password for all of these or anything close to that. This is because passwords can be quite memorable while still being strong. It’s obvious that a password having the largest amount of entropy per character will be strongest, and that means a password utilizing a selection of all available characters in a random pattern will be most secure. However, all we really need to do is create a password good enough that it can’t be broken quickly — say in the next 10 years. There has been good research on this topic as far back as the dawn of consumer internet security awareness (we’ll call that circa 2000) and it has continued over the past decade. Thomas Baekdal wrote a phenomenal analysis of phrase based password security in 2007 which outlines the benefits, and strength, of using multi-word, dictionary-based phrases for passwords. If you only read one link from this article, make it that one. Unfortunately there are still many services that limit passwords’ character count² making this type of password only useful in certain circumstances.

✍ Ben: For instance, an online banking interface I use had a limit of 10 characters until about 2 years ago. This pointed to both clear text password storage and made it harder for close to useless for phrase-based passwords.

So, it seems like this is the right way to do things:

• Have a few good strong, yet memorable, passwords for the services you use most regularly.
• Store these and the myriad of other service passwords in a high quality password management service.

You’ve thrown the 1Password name around a lot, are there alternatives, or are they the only game in town?

Bob

1Password does have competitors, like LastPass or DataVault, but I wouldn’t recommend them. The LastPass Safari extension, for example, doesn’t have a “binary component”, so it won’t do nice things like log you out of LastPass automatically after you’ve been idle. That’s fine, but it suggests that they’re not a Mac-first company. And I’ve run into the 1Password guys a few times at conferences; they’re incredibly bright and admirably paranoid about password security.

Ben

If you’re counting, that’s one more smiley face in the 1Password column. Ok, so 1Password it is. I know I can handle this and probably should have done it long ago. Just let me cough of up the dosh for it…

… $68 for both Mac and iOS!? Too expensive. Should be 99¢. One ★.

In all seriousness though, not everyone ‘knows about computers’ like we do, and can see the value in a $70 solution. Is there a lower cost solution that is workable for the masses?

Bob

I’m not sure whether there’s any solution that’s perfect for everyone. I haven’t recommended 1Password to my Mom. I’m not sure she needs its features, and I don’t want to add complexity to her life. But it’s not too difficult a program to use.

Ben

But what do we suggest to our friends and family? Password issues are prolific across the internet and as both you and I know, most people use a single, very low strength password. Using a fairly expensive password management service isn’t going to fly for most regular consumers. So what will?

Bob

Using one good password would be a good step up. People might also consider having one password for random services, one (better) password for more important services, and one really good password that’s only for financial stuff. But that’s still not a better solution than using 1Password.

Ben

Agreed. My go to recommendation for the past few years has been this three password approach. But in a world where services are hacked more and more regularly, unless the user is very self disciplined about which password is used for which type of service, service to service escalation is very possible. With high security services often having more rigorous password requirements which, as we’ve discussed, make for poor password memorability, we go down the road of many password resets and simple to remember/simple to crack security questions. Thus, I am more and more convinced that this advice isn’t particularly sound. That’s assuming people actually adhere to it, and they don’t.

So it’s a password manager or bust. Get out your wallets, folks.

N.b.: Some of the other services mentioned above are significantly less expensive than 1Password. If cost is an inhibiting factor for you or your password-feeble friends and family, do explore the other services — they might just work.

We here at Nice Mohawk received a nice invitation to be on a podcast—Debug, hosted by the insouciant and thoughtful Guy English and the prolific yet friendly Rene Ritchie of iMore.com. We talk about mohawks, robots, the forthcoming Mac version of Ita, and indie developer life in Ohio.

Take a listen.

Ben

Gus and Kirstin, over at Flying Meat, just released Acorn 4, which I used to refer to as a “lightweight image editor.” Had it been released a few days earlier, it would have definitely made our recent Things We Like post. That said, you can’t really call Acorn a lightweight editor any more. Straightforward and powerful is more like it.

We use Acorn a lot when developing apps. It’s a really great tool for post-processing an asset once we pull it out of a gargantuan mock-up PSD and want to down-sample it, prepare it to be stretchable or create variations on it. It’s also really nice for quick repetitive tasks. For instance, we used it a ton for compositing App Store screenshots (Ita has 25 separate screenshot assets¹ for each supported language²) until we found an app that automatically adds perfect status bars to our screenshots (Status Magic, which we’ll talk about at excruciating length some other time).

Gus has a nice intro video for one of the headlining features, Layer Styles and Filters, which are now completely non-destructive, directly editable on the canvas and super great.

Go get it now — on sale for $29.99 for the month of May. Sweet!