I use Mail.app on macOS as my daily these days, and it’s somehow even worse than this. Especially the search function, which works in even more bizarre ways.
It’s truly amazing that we have seemingly regressed in basic desktop functionality since the early 2000’s.
I think people overestimate 2000s desktop functionality. macOS's mail application is still the good old crap app that it was since its inception. Outlook Express, Windows Live Mail, and the Windows 8/8.1/10 mail apps are all terrible in their own ways. Thunderbird looks like a skinned version of a late 2000s mail client and works exactly like it. Search is quirky and unpractical, but in completely different ways Outlook's and Mail.app's are!
Just for fun, try installing an old OS in a virtual machine. Marvel at how fast the old OS runs at modern SSD speeds. Get frustrated at the random hangs, freezes, glitches, and plain bad behavior of the programs you know and love, because the slowness of computers at the time hid it all. 20 cores of unused CPU power, dozens of gigabytes of RAM laying at the ready, disk I/O hitting dozens of megabytes per second, but still loading screens everywhere.
I once tried to go back, for nostalgia's sake, just doing the things I do on an old OS for fun. The grass wasn't much greener back then, I just had lower standards.
I mean, it was common knowledge even back then that Outlook Express etc was far from the best email client. That's why people used alternatives, so much so that some of them were paid and yet had enough people buying them to remain in business - e.g. The Bat!
I am genuinely confused why search is so bad in the major email webapps/clients. Search is a well studied feature, and it seems like it's something that should just work but I can never find the thing I'm searching for in my email (especially O365). Knowing the date and then scrolling often seems to be the most accurate way of finding things...
I think search has been deprecated in general because it gives the user too much control over the output. Through search, people can quickly find what they are looking for, which is bad. The goal has instead become to feed people tiny scraps and hints of what they're looking for, while leading them on a long trip past any number of sponsors to where the thing they're looking for might be.
I have to assume that Outlook email searches have already been set up to have ads injected into them, when/if one day Microsoft decides to flip the switch. Actually, I'm so out of touch with Windows they might already be doing this.
> The goal has instead become to feed people tiny scraps and hints of what they're looking for, while leading them on a long trip past any number of sponsors to where the thing they're looking for might be
Search just seems bad in general in many applications. So many these days do not even support a verbatim (as in, find what I typed, exactly) search. They insist on ignoring certain characters, fuzzy matching, or treating everything as individual words and if it finds one it has done its job and earned a gold star.
I have a feeling it's based on tokenising the input rather than a string scan like we'd do in the old days. Harder to match a literal string if all you have is a tree of tokens or something, I guess.
Opengrok was the first time I ran into this years ago. We had a perl code base, perl syntax is well known as "an explosion in an ASCII factory", so it was a real pain trying to find exact text matches using it.
As I’m professionally working on a niche search engine, let me offer this: it’s a notoriously hard problem that seems simple at first, but requires catering to a bazillion different edge cases; every optimisation you do makes another case worse.
Having said all that: I also hate how shitty search almost everywhere is. It’s hard, but not that hard.
…which is the problem I was referring to: by optimising for that—your—use case, those of other people will invariably suffer.
We only have a single text field as the input; how are we supposed to guess whether you want to find an exact match of the phrase, a fuzzy match, at least one of the words provided, or any other possible variation? Also, are you interested in the content, the subject, the recipient, the sender address you used, a header field, an attachment, what have you? Do you want them ranked by the frequency of the word, or the position from the start of the text? Does it count those occurrences in quoted passages of previous mails downthread multiple times? What if it’s a stop word?
There are of course sensible ranking solutions and heuristics for these questions. I just want to highlight it’s not as trivial as it first sounds. Most mail clients probably don’t ship with a Lucene index—while they should.
I use Thunderbird and it's approximately 100x better at searching for emails than Excel. I just tell it if I'm looking in the subject, in the body, in the sender, whether it's fuzzy, etc, and then it pulls up the emails.
Whereas Excel doesn't ask shit and, in return, doesn't have a working search.
With mu4e (an Emacs package), you can have lightning fast searching across multiple mail accounts. And with a bit of work (https://stuff.sigvaldason.com/email.html) it will happily interoperate with Microsoft Exchange systems that require the OATH2 dance.
Haha, I love your reply because it brings up auth. You can't do the slightest search or action without first pinging a web server with an auth token. Yet another source of wasting milliseconds.
Spotlight search on macOS is in general kinda…spotty. Now that we have super fast SSDs it should be instantaneous very reliable. How hard can this be? BeOS seem to have figured it out 30 years ago. Apple missed a chance to fix this once and for all when APFS was developed, but they are fat and happy, no fire in their guts. Craig Ferengi must go.
On KDE systems, we have baloo which forms a filesystem index for universal (spotlight-like) search. It's very, very fast and the ranking algorithm for krunner is quite good. I think commercial software should have no issue matching this.
Do you really have trouble with Mail.app search? Because I find it STARKLY better than Outlook.
Granted, creating any kind of complex multi-clause query is a pain, but for simple searches it never lets me down whereas Outlook often just fails to find things I know are present.
As an update, I found that some of my issues were due to some bug in FileVault. My Spotlight would seemingly stop working altogether. The only solution was to toggle FileVault off/on.
I am using my mac with an LDAP (AD) user account, so I am possibly in the minority of people here.
I've given on on macos' mail app too, mailspring isn't perfect but I had mail crash and lose my emails and I couldn't have that happen again. never been an issue with mailspring
Everything Apple does seems to be designed to drive hardware sales. Why support external drives, when you can be up-sold for larger internal storage (at a huge markup)? The "Photo Library" could simply be a database file with references to photo locations, alas that might confuse Mac/iOS user with "files" vs "photos".
It seems to me that the Cybertruck has less of a blind spot in front of the hood than F-150. The "not seeing the front" is actually hinting at this, it's below the field of vision. The hood angles down agressively vs. huge
Large trucks/SUVs are infamous for poor pedestrian visibility right in front.
I would love to use and pay for your service, but it's inexcusable than a service that charges $100+ / year has so many trackers that uBlock shows 87 elements blocked just in the account signup flow (/signup/connect-spending-account).
A financial info aggregator is the one place where I would appreciate NOT having my data and behavior exfiltrated to third parties.
Hmm would be curious to know which block lists you have.
I'm only blocking 27 things with most of them being Split.io (for A/B testing I presume) Sprig, Stripe and Sentry.
Those aren't really third-party trackers (even though I am blocking most of them) in the marketing sense..
There's some analytics from Tiktok, Clarity, Reddit and Spotify(??), which make sense to block but don't feel that intrusive if they're tracking inbound referrals.
I don't even see 50 other things that I could be blocking.
Not arguing the point here, just wondering what I'm missing since I try to keep pretty extensive block lists myself.
> There's some analytics from Tiktok, Clarity, Reddit and Spotify
This is completely inexcusable from a fintech company. It shows me, as a potential customer, that they're not serious - either they're trying to get acquihired or they have no idea about privacy.
Yeah this is on the public inbound signup pages, not in the app itself (although I can't confirm that it's not in the app - I didn't sign up).
This is pretty standard stuff, and while I'm not a fan of trackers and I personally block them, I don't resent companies that want to understand their traffic and prospects.
As a business you want to know which paid channels are working and where your traffic is coming from.
A question for you then, if this is "completely inexcusable": How else do you propose that companies monitor their sales and marketing efforts?
> How else do you propose that companies monitor their sales and marketing efforts?
There are several ways:
- Have a specific URL for each entry into the sales funnel - you see this on YouTube with things like "go to blahblahblah.com/witty-tag to sign up and get my discount"
- Look at the referrer URL if you don't want separate incoming links per entry
- Ask for a referral code when someone is creating their account - this allows you to track entry from people referred into the product
- Have a field on the signup page where you ask this question instead of invading the user's privacy to get it
There are many ways that don't involve sticking a ton of trackers on a signup page, a page that by definition, all of your users must go through at least once and part of the face of your company. To me, it's not a good look that these trackers are there and invasive.
> A question for you then, if this is "completely inexcusable": How else do you propose that companies monitor their sales and marketing efforts?
By simply asking users how and where they found out about a service?
Sure there is a possibility that some users might not respond truthfully (or at all), but I believe that the quality of data collected in this (respectful) way still trumps that of data snitched from unsuspecting users but skewed by those who use adblockers (not unlikely in the case of a fintech service because of expected higher user awareness of privacy concerns).
So you're going to intercept and ask every single user who lands on your inbound signup page before you let them sign up?
That doesn't feel like a great user experience. As a user, I would just button past that pop-up or form.
The goal with these kinds of analytics is not to get referral information from only users who sign up, but for anyone who lands on the page - maybe just to read about you at first - so you have a sense of where they came from and how your marketing spend is doing.
Most paid traffic doesn't convert. If you want to know how much of it is converting, you need to also know how much didn't convert.
This is a good point. But it would mean more work on the Monarch side (and possibly more support for the analytics team when their customer messes up etc).
I would bet that the JS is an implementation shortcut, and a way for the analytics service to avoid doing customer-side implementation support. Keep things as simple as possible (which is a reasonable business goal).
Plus it means that the service you're using can refactor or change around how they handle things and you don't need to be updating your code all the time?
But the tradeoff is that you end up in this situation where people ask "why do you need to load a JS file from a third party?"
Tracking behaviour on a marketing homepage is a bit different than tracking in the app. It's probably just conversion pixels for ad networks (ie, you need to determine if advertising on tiktok actually works). Not sure if you need to install JS from their specific networks, probably not. But generally I'm not against the idea if it's restricted to marketing sites.
>> either they're trying to get acquihired or they have no idea about privacy.
This is my fear for any finapp I try now, as I was on Mint, and now left. At what point will Monarch be acquired and/or begin to sell me things I don't want to increase profits?
> begin to sell me things I don't want to increase profits?
What financial service, new or old, doesn't do this already?
90% of the communication from my bank is them trying to push additional services on me. It's never about what's good for me, it's what's good for them.
Is there any reason this would not work on a Mac and iterm2? I get the initial encryption effect, but sadly, no decryption :). I tried different fonts and iterm2 settings to no avail. I guess I could try the ncurses option, but curious to see this not work natively.
Edit: as helpful comments below me explained, you either have to press another key to decrypt, or launch it with the `-a` option.
It is an open secret that criminal groups also pay unscrupulous T-Mobile employees to assist with SIM-swap attacks. I am not sure at what scale this happens, as those instances _should_ be easy to trace and prosecute. But I have seen evidence of criminals reaching out and offering "side work" on the T-mobile subreddits, as an example.
In those cases, hardware keys for employees would not help.
> those instances _should_ be easy to trace and prosecute
I suspect that the employees aren't merely doing a sim swap attack with their work login credentials. Like you say, they'd clearly get fired/prosecuted for that.
Instead, I suspect criminal X buys a nice thing delivered to employee Y's house. Then, criminal X phones the helpdesk repeatedly till they get connected to employee Y during working hours. Then, they claim to own the phone number of victim Z, but have lost the phone, their id and everything else. But they manage to tell employee Y the answer to two of the secret questions "What is your gender", and "Did you use the internet in the last month?". The employee uses this, together with their judgement to proceed, according to company policy, and issue a new eSIM.
Later, when anyone finds out, the call is listened to, and the employee can legitimately say they were just following policy.
Out of high school I've worked a couple of years for A1 telecom(in Croatia) in customer service. When someone called, all I was required to ask is their OIB(Personal identification number) and they could literally ask me for anything if it's a residential user.
Want to cancel 20 numbers that still got 2 years until the contracts expire? Sure, let me do that for you. Want to change sim? Sure, just give me the new sim number. Want to add 5 tariffs to your plan? Sure, do you want phones with that?
That was 6 years ago but I still got friends I talk to there, and not much has changed.
On darknet diaries the stories told are a little more straightforward.
They just walk in to the store, steal a tablet out of the manager's hands, run away with it, and make all the changes they can with the logged-in session until corporate locks out the device.
People sell this as a service and supposedly have numbers on how long from a provider tablet is stolen until the device gets locked out. If I remember correctly T-mobile was/is considered to have the "longest" time from when the device is stolen, there for the most valuable.
Maybe T-Mo should consider using hardwired terminals again if they can't figure out how to geofence their POS tablets. This also might help with employee job satisfaction since they are less likely to be assaulted at work.
I imagine getting someone job-fair hired under assumed credentials and ghosting after one full shift of abusing their access, or giving a very poorly paid CSR just enough cash to make it worth the risk is probably more straightforward, but I don't know anything about that stuff. Most restaurants/bars I worked at had hourly staff working under 'borrowed' SSNs and names for years, though.
IIRC, on Darknet Diaries podcast they shared that one of the approaches is that someone comes to a location that services T-Mobile customers and has T-Mobile terminal (not necessarily a T-Mobile brand boutique shop). They come with a random request and wait for an employee to sign into the terminal and then pull it out of their hands and run away. They then run against the clock (whatever time it takes to report theft to central T-Mobile office and block the device) to perpetrate the fraud.
I guess a second factor confirmation on every modifying request would solve the issue?
I remember a that or a similar episode! And it was apparently even more intricate, the robber being only the lowest member of a whole food pyramid of criminals - after the robbery his only task was to grant remote access to someone who knew the terminal software (probably that would be the paid insider), while in some secret chatroom a third guy already started running an auction of who would get his sim swap processed while the guy who organised the whole thing was relaxing somewhere at the beach watching his percentage of the profits rolling in.
I was kind of amazed and shocked at the same time how there already seems to be an established sim-swap-as-a-service economy with specialized roles and plenty demand to warrant expansion...
This is a terrible decision just from the optics perspective - alienating those who are more likely to be power users.
But how many people do they seriously expect to install the official Twitter app instead? I, for one, will not; as the privacy page on the App Store basically makes me "steer clear".
Whatever percentage of 3rd party clients they get to switch over seems like a rather dubious trade-off to all of the bad press, and the terrible manner in which this was executed.
GOG offers a superior license (DRM-free), perhaps, but not client.
Steam's integrated multiplayer makes online games seamless, cloud save works better, the autopatcher beats offline installers anyday, its integrated Big Picture mode is great for TV or phone play, the built-in streaming works well, the built-in text and audio chat is useful, the Workshop allows seamless and fast mod installs vs having to use something like NexusMods, the reviews system is well implemented and waaaaay more informative than Amazon's, Proton is a godsend for Linux and the Deck, the built-in web browser overlay is handy for looking things up in the game, Family Share + offline mode is awesome despite having DRM, the sales are incredible (especially from 3rd party Steam resellers on isthereanydeal.com), the support is fast and human and very fair, GeForce Now integration is great when you're away from the gaming desktop, Valve is a gamer-centric and innovative company (Index, Deck, Controller, etc.)
And that's just for the player side. From the dev side the Steamworks API takes care of a lot of multiplayer and other stuff that normally is a huge PITA to reimplement.
As a client, it's just a MUCH better offering than either GOG or Epic or Microsoft or any of the other crap launchers. Like, not even in the same league... the others are just 90s-style download managers, while Steam is its own ecosystem. Despite not being a monopoly, they still continue to dominate the PC gaming landscape because they are just THAT good.
GOG is definitely superior as far as respecting the rights of consumers is concerned, but their web store and library client (Galaxy) doesn't offer nearly as many features as Steam. Things like hosting mods and making them super easy to download/install through Steam Workshop. Or things like streaming gameplay to a different device (or even streaming your normal desktop allowing you to use it from a different device so you aren't just limited to Steam games). Or WINE emulation on Linux with minimal configuration needed. Steam provides some legitimate value-add features that pretty much no one else does, making it much more than just a storefront.
IMO GOG is great for single-player games. For multiplayer, the Steam integration for some a nice bonus and others a necessity.
I had to re-buy Stardew Valley on Steam because the GoG version only had "connect to IP" (I cannot run GOG Galaxy on Linux) and all of my friends were using Steam versions that had other connect options.
GOG is a pretty good company with a good store and good management of classic games.
But steam, for a 30% cut of a dev's income, will provide; Free save backups, free multiplayer and friends list management and apis, workshop support for modding, free keys to sell on other platforms or give away, a store that actually managed to reduce it's serious junk clutter problems for many people, VR runtime, HUGE controller apis that bring incredible functionality for remapping and macros, a system for game streaming and remote coop play, easy steam deck distribution now, a complete patch management and distribution system etc.
Basically Valve exposes a lot of features to game devs when you release on their storefront, and a huge amount of those features are just straight huge wins for gamers and consumers.
> it doesn't ever crash and it sleeps and wakes correctly.
Maybe I have been unlucky, but I have experienced many panics across several different machines running recent MacOS releases. 2 of those being corporate machines, so I can blame the "security" software that gets deployed. My home Mac mini, does not have any crapware deployed, and it still managed to crash once or twice.
In contrast, my ancient desktop running Windows 10 has not had a single BSOD in the years since I built that Ivy Bridge machine. And this included running much more intensive workloads than the terminal/docker/text editor workloads on my Macs.
It’s truly amazing that we have seemingly regressed in basic desktop functionality since the early 2000’s.