37: With praise, you can include me, but any blame goes to Dave

We have shipped a new feature since we last spoke, right?

Indeed we have.

Well, kind of. I say we.

It's neither of us that shipped the feature.

So what we're talking about is the feature that went live on the site, was it last week,

I think it was, which is to explain our internal package score on the page that we currently have

for package maintainers that shows you various little bits of metadata about your package.

And it now includes a breakdown of how we are representing packages with our internal score

that goes towards the search result placement. So our search results are not entirely ordered

by package score, but package score goes into the mix as well as relevance of the query,

of course. And the most significant part about this feature that's gone live is that it was

developed by Cindy Chin, who did it as part of this year's Swift Mentorship Program.

I think we've talked about the fact that Cindy was working on this on the podcast in previous

episodes, but it's nice to mention that it's now shipped. The Mentorship Program is finished for

this year. It's been an absolute pleasure working with Cindy, just from start to finish, amazing

attitude, incredible coding skills, just a great experience start to finish. And the nice thing

about it is that this feature has now shipped on the site and is live for everyone to look at.

And one thing, just to talk about the Mentorship Program for a second before we dig into the

feature, which we do want to talk about, but to dig into the Mentorship Program for a second,

it was really nice this year because in our initial call that we had to kind of define

the scope of what Cindy was going to tackle for this project, she was very keen to tackle one

feature end to end. And so that meant, like, obviously we picked something together that

was either, it was actually ended up being from the current list of issues, because this has been

on our minds for a little while. But we didn't, we hadn't really designed the feature. And so

the Mentorship Program this year started with, well, let's have a think about what this package

score, how do we actually represent it? Where do we put this information? How do we make people,

because package score has been a little bit of a sensitive subject in the past, but there's been a

few conversations around whether, you know, how, whether you even should be ranking packages by

some kind of internal score. And so when approaching the feature of exposing this data,

we definitely talked quite a lot about how to make it obvious what was happening, but also

being aware that some people might actually disagree with the whole idea about package

scores. So we did some design, first of all, and thought about how the feature would work.

And then Cindy kind of went ahead and made several modifications. So not only exposing

the package score, but also adding two new factors to the package score. So two new metrics

that packages will be scored on, or are currently now scored on. So adding two of those, and then

visualizing that package score on the maintainers page. Finally, obviously, including testing and

all the rest of it, finally designing the front end side of it. So she wanted to do some HTML and

CSS work. So that was representing the score on the page. And then finally, and I really do mean

end to end when I say it, she wanted to write the blog post that launched the feature. So that blog

post went live last week, written by Cindy, and the feature went live as well. So it's been an

absolute pleasure working with her this year. And I think we've actually got a great feature out of

the end of it. We absolutely did. And I'd add, finally, finally, she also got featured in one

of the most popular, if not the most popular, IRIS newsletters last week, didn't it? So it was really

how on earth did that happen? Yeah, that's amazing.

Well deserved, because I think that's a great feature. And I think I love the whole approach of

wanting to do it end to end and doing it in that time frame. And not as your main thing, she has

other work to do, right? So this is a side project. So it's quite amazing. Really nice, really well.

Yeah, she works at Mozilla, working on Firefox. I mean, she has a full time job. And so yeah,

this is 12 weeks of, you know, a couple of hours a week to get this done, which is remarkable work.

Really nice. I'd love to see that come together. And really just across the whole spectrum with

everything. Really, really nice. And it's been well received. I actually got some questions.

Yesterday afternoon, I believe it was about the feature, which shows how interested people are in

the score and wanting to know, you know, how it's computed now that they can see it. The next thing

that's happening is, well, why does this package have this score? Right. And so this is what we

expected. Yeah. And I think these are fair questions. Yeah. We mentioned this in the

blog post, actually, but this score has technically, and I'm going to lean on the

word technically very heavily here, it's technically always been open because the score has actually

been isolated in one class in our code since the beginning. We launched day one, this score

was there in some form. And so technically, that score has always been transparent.

It's just that it's unreasonable for us to expect people to go and look at the source code.

And that's what this really does. But we knew that this issue would come up as soon as we ship it.

It's kind of like in Hitchhiker's Guide to the Galaxy, where the demolition of Earth

was published ahead of time on Alfred Centauri or somewhere.

People could have protested, but you know, just didn't get around it.

Yeah, I mean, and it's fair to ask these questions. And it's great to have them,

just keep them coming. If there's anything you want to ask us about, let us know. I love that

I got this question ahead of time and that we can address it now, rather than me typing some

back and forth answers. This is much nicer to be sort of broadcasting it to more people,

which probably, you know, some of you might have the same question. So one question was obviously,

and this is an example of one metric, what's the rationale to give zero points for eight

dependencies? So this package has eight dependencies and in the listing, it then has

no points for the number of dependencies because the, you know, I think five or less get some

points and two or less or fewer, rather, you get some more points. And, you know, that's obviously,

if you have eight dependencies, you know, you get no points. If you had fewer, you'd get some

points. And the question is, well, I can't really shed the dependencies. How did we arrive at those

points? I should rather say and direct the questions towards you, because I think, I know

you came up with these figures. What was your rationale around those?

Dave Yes, all of the scoring has been,

you can lay all the blame at my door here.

Mason Praise you can include me,

the blame goes to Dave.

Right. Okay, sure. So yes. So before I answer this question, I would be much more comfortable

with this metric if we were able to exclude test only dependencies, but we cannot. And therefore,

we do the best with what we can, what we have, sorry. I think it's valid. So generally,

the way that I think about score is that it should be all positive things. There shouldn't be really,

there should be no penalties included in the score. And in fact, the way that it works is

that everything is just an addition to the score. It's just that it happens to be dependencies

calculation is where it's less than something instead of greater than something. So it's kind

of inverting the positivity really. But so generally, it's all ways, adding on something

for doing something that makes your package better. And that also is a very important part of

this is what I always hope will happen with the score and we live in an imperfect world. And so

we can't be guaranteed, you know, we can't be absolutely correct with this. But what I hope

that if anyone tries to gain their score and increase it artificially by looking at the

rules and doing things to kind of increase their score, that actually that just makes a better

package because that's ultimately what we're trying to do here is put higher quality and

better maintained packages higher in the search results. That is the intention of this score.

So things like having many releases, that's one of the factors that we score packages on.

If a package has been around for a long time, it's more likely to have more releases.

And therefore, we give more points, not based entirely on how many releases,

but there are some thresholds. So I forget what the numbers are. But if you go over

two releases, you get a couple of points. And if you go over five releases, you get some more,

and you go over 50, you get some more or something like that.

Mason So in terms of those, in terms of those

thresholds, specifically for the dependencies, like five and two, did you look at the distribution?

Or did you just sort of eyeball the numbers? Did you just come up with a number? How did you come

up with the numbers? It's a mix, right? Yeah. So I certainly do look at the data when I'm coming up

with these numbers. And don't forget, a lot of these numbers were come up with three years ago.

So I forget exactly how I came up with some of them. But certainly, one approach that I definitely

use is that, like, I don't even know whether those numbers I gave were correct, but I would

imagine they would be something like that. Because what I tend to do is, you'll get a few points for

just kind of doing anything towards that metric, a few more when you go over, you know, a medium

amount. And then the more releases, like if you have 1000 releases, you're not going to get any

more points than if you had 50 releases or something like that. Generally, it's diminishing

returns as we go up. So certainly, if you look at the, like the metric that we give points for

number of stars, so you only get zero additional points if you have less than 25 stars on a

repository. From 25 to 100 stars, you get 10 points, which is actually quite a large amount of

points. 100 to 500, you get 20. 500 to 5000, you get 30. 5000 to 10,000, you get 35. And then if

you have more than 10,000, you get 37. So you're getting two points for potentially 20,000 stars

at the end there. So certainly, it definitely takes into account diminishing returns. Generally,

I like to also factor in how important the metric is in terms of how, what the maximum score for it.

So it's not like every metric has the same maximum score. They do have different maximum scores.

And in the case of dependencies, which is what the original question was around, we could finally

get him back to the original question. The total number of points you can get for having a low

number of dependencies is five compared to 10 for having 25 stars, which 25 stars is a relatively

low number of stars. So just to put that into context, and this was deliberately because this

metric is first of all, not ideal because it includes test only dependencies. And secondly,

I certainly do think there's a case to be made that a package with a zero or very low number

of dependencies is a mark of a package that I would want to consider using. So I think having

that metric in there is valid. But the fact that that metric isn't quite perfect in how we are able

to calculate it right now is why it has a lesser score. And when we're able to do test only

dependencies or exclude test only dependencies, we may also increase the total, the kind of the

weighting of that score. So there's a follow up question. But that's an interesting question.

Would you agree? Well, actually, before we move on to the follow up, would you agree

with my defense of that? Yeah, yeah, yeah, definitely. I mean, plus, I think people

sort of focus on the score quite a bit, I would say perhaps a bit too much, because

what you need to bear in mind, this is a tiebreaker in search results. If you search for

something, you have a name match or, you know, the term, your search terms are good. Right.

Your readme has the terms, you'll show up in the list. And this is just, you know, give you a bit

of a higher ranking in that list. It's, you know, we don't have recommendations or discovery or that

sort of stuff where that would otherwise appear and have an impact. So the best thing to actually

do is have a package that has proper keywords and stuff and, you know, a readme that explains what

it is and then make sure that terms that people would search for to find it are referenced there

in these in these places. And then you show up and we show 20 results on the first page. And,

you know, with given the number of metrics we have in this score, maybe in one of them,

it won't be ideal. But, you know, if it's a good package and has a lot of the other metrics right,

you know, having a few points fewer there isn't going to destroy your discovery on that page,

I think. So I think that's something to bear in mind there.

Toby Cunningham But Cindy and I had an interesting

conversation around one of the new metrics that Cindy added was, does the repository have a readme

file? Because that certainly is a mark of a, you know, a package which I would want to look at. If

a package doesn't have a readme file, I think it should certainly have less points than one that

does. And of course, most packages do. But the scoring on that check of does the package have

a readme, not looking at the content of the readme, not trying to evaluate how long the readme is or

how much information there is in there, but which we can and may also do in the future. But just

does it have a readme? We scored that at 15 points, which is the exact same score as does the

package have documentation. So initially, my gut feeling when we were talking about having it at 15

points was well, documentation should be more important than a readme because clearly someone's

put some time and effort into documenting their package. But actually, I think I feel really

comfortable in the end with what we decided on to have them at the same score. Because again,

the documentation, we're not giving any kind of measurement of documentation quality with this.

This is just a Boolean. Does it have documentation? Does it have a readme? And actually,

I think those, the reason we actually decided on 15 points for both is that some people use

their readme as documentation. And so they are almost fulfilling the same thing. Now, if you have

both a readme and documentation, then you're going to get double points, which I think is also fair

because it's more work that you've done towards creating a better package. But that's why

initially my feeling was to say the readme should be less points than documentation.

But the more we thought about it, the less that made sense.

Mason Mendez Yeah. Yeah. I think also the readme often

fulfills the role of sort of a getting started page in the documentation. Sometimes it's even,

you know, it's a duplicate of that, which is fine. I think it's great to have it in both places. But

the readme sort of serves that purpose more of explaining what it is about and what the entry

points are into the package. Whereas documentation often is at first, especially at the first pass of

the documentation is just API reference documentation, which is useful, but not

great if you want to understand how to use a package, how to get started with it.

You said we had a follow up question.

We do. Yes. And that's quite specific to that package. But I think there's a couple in that

area. And the question is, it's tough for a Swift on server package to achieve this,

because Neo, a very common foundational server side Swift library already has four dependencies.

So by using Neo, which you almost certainly will be when you're writing or publishing a

server side Swift package, you start off at a, you already passed the two that gives you

maximum points. You're very close to the five that gives you the next step. And you're almost

out of the scoring range with that. And those are real dependencies, not test only dependencies.

So they would not be fixed by if we at some point will detect test dependency. So this is a real

problem. Yeah. Well, is it? I think that actually comes. Is it though? Because, well, so I think

that actually comes back to the same thing that I said earlier, which is the total number of points

that you are gaining or losing in this case here is only five points. This is ranked,

you know, it's a third of a readme file. Yeah. But I think there's also another reason why

this isn't that important because these scores are relative. We're using them in ranking search

results for a thing. And if you're searching for a server side Swift package, all these packages

will have Neo as their dependencies pretty much because it's such a foundational library. So I'm

pretty sure if you made a survey across the Swift package index across server side libraries,

none of them will have points for dependencies because they're all up in the

five, 10 range because they're very much, you know, if you use Vapor as a dependencies,

you're done. You're way past any of the limits there. But that's true for all your

in quotes, competitive, you know, competitors in the package ranking space. They all have,

you know, Neo or Vapor or, you know, a package like that. So you're still being compared on

equal terms and, you know, compared to an iOS package, yes, you'll have a lower score,

but that doesn't really matter because someone shopping for a server side library won't be

looking at iOS libraries. It's not going to go, well, actually the score of this is less. So I'm

going to use SwiftUI instead of server side Swift. Yeah, yeah, exactly. I mean, you're

looking for something different. Yeah. And this goes back to, you know, the most important thing

is going to be your search terms. Have something that is sure to be referenced in your readme

keywords and stuff. You know, if it's an important thing that describes your package well,

has very strong association with your package, put that in somewhere and you'll land at the

top or near the top, certainly on the first page. And that's the most important thing, really.

Were there any more questions? No, that's the two that I got. We'll see if we have some follow-ups.

So the last thing that we should mention here is, because I don't think we actually said how

to find this feature. So the first thing you should do actually is read Cindy's blog post

on the Swift Package Index blog, which you can get to just by hitting the blog link on the home

page of the package index. And it does explain in that post how to find the feature, but I'll also

just quickly say it here. So if you go to any package page on the right-hand side, underneath

the versions, the current versions of the package, there's a little bit of small text that says,

are you this package's maintainer or something like that. And there's a link there, which goes

through to a specific page for package maintainers, which has information like how you can add those

badges to your readme to display your platform and Swift version compatibility, how to add

documentation if you have documentation in your package. And then at the bottom of that page is

now this new package score page. So that's where it is. And the other thing that I want to mention

is that we are absolutely not saying that this is a complete and total representation of package

score. In fact, I would describe this as the bare minimum of a package score. For example, we're

not doing any analysis of how documented or how good a readme file is or anything more than the

total number of dependencies or anything like that. All of these, there's a metric for does

the package include tests and the trigger for that metric is does the package include a test target,

which is a fairly low bar for passing that metric. So what we're saying here is that this is what we

have currently. And we are actively listening to ideas for amendments and additions to this. And

in fact, at the bottom of that page, just underneath the package score, there is a link to

a always open discussion thread on our repository where this is already being discussed. And so

just a declaration that we don't believe this is a completed package score feature.

This is always going to be a work in progress and that we are listening if you have ideas and

opinions on new metrics, how we could make it better. Exactly. A living score. And it always

will be. Yeah. Yeah. Do we have anything else or should we do some packages? I think that's it. In

terms of news, we should do some package recommendations. I can start us off this week

with a package called DirectJSON by Mertol Kasanan. And this is a package that makes use

of the Swift function dynamic member lookup. And what it does is it allows you to access on

extend the string. And if that string includes JSON content, like if the contents of the string

is a JSON object, it allows you just to basically dot into the properties and navigate through

the JSON in that way. So, for example, the example from the readme here is a string

called the cars of 2023, which is a potential list of cars or something like that. It doesn't

actually have the data in the readme. And so it says the cars of 2023 dot JSON, which looks to

see if the property is JSON, like it is the string JSON dot EV dot popular bracket zero dot brand.

So you're effectively saying no, no codable, no JSON parsing, just access properties inside JSON

as if they were already parsed. And then the dynamic member lookup will turn those method

calls into lookups inside the JSON and there we go, return the values. And I think this is an

interesting package, but it's probably not one that I would suggest using in actual production.

Stuart Jensen Here we go again.

Jason Kilgore Yeah, this is my thing, right? Here's a

package. Don't use it. Well, let's see if you agree, right? Let me say what I'm going to say

about it. And then again, we'll see if you agree. But I think the reason I wanted to highlight this

package is not because it would go into a production application. But actually, if you

want to write some Swift code, and just very quickly look at the contents of some JSON,

you actually end up having to do quite a bit of work with codable. And yes, you could decode it

into a dictionary and do it that way. And that's fine. But if you want it in a typed way, then

you're going to be doing quite a lot of typing to get that. If you just want to very quickly

just see what's there, experiment with something before it goes in properly.

And so I think that's where this package potentially lives is for experimentation.

I think that the downside of this is potentially that if you did ship something with this,

and your JSON ever changes, then that's going to be harder to work with than it would be with

something like codable. It reminds me of Ruby, actually, because the first time I came across

this kind of approach was with Ruby, which has a method called method missing, which is the same

as dynamic member, whatever it's called, dynamic member lookup, where it turns the method name

into a parameter on method missing. And that's the first time I came across this approach.

So would you agree? Would you agree with my assessment of this package?

Mostly, yes. Although the first thing I thought of was actually Ruby is a good point,

because I thought this is going to be nice for scripting, right? And I have been using Swift

more and more for scripting. And I do love codable there, because it's very easy even to drill into

structs, because you don't need to spell them out completely, right? If you drill into a nested

JSON, all you need is the container types. You don't need to spell out all the properties you're

not interested in, right? So I wouldn't necessarily agree that you have to do that much typing

to unpack a JSON into codable. However, if you don't know what the structure is,

or the structure is perhaps dynamic, then you're out of luck with codable. You have to use JSON

serialization. And I guess that's what this is using under the hood. And then this certainly

is a much nicer API to unpack something that is dynamic. And it certainly is. It doesn't need any

typing, right? You don't need any struct or declaration to decode. You can just drill in.

I think that's really nice for that kind of purpose.

I actually came across a situation, it was with codable on a YAML file rather than a JSON file.

But I had a situation this week where the same key in the YAML file could be either a string

or an array of strings. So I had to write a custom decoder for that, which first attempted

to decode an array. And then if not, then it attempted to decode a string.

Yeah. On that note, one of the features I love most about recent Xcodes, I think it might be 15,

is that you can generate a codable implementation. Because writing your own codable

implementation always, I have like snippets lying around to look it up. Or I used to, because now

it's so much easier because you can just generate it and then modify it to do what you need it to do.

That's such a great feature.

That would have been useful. I didn't know about that. Where is that feature? Is it in refactor?

Yeah, it's in the refactoring stuff. You can generate a codable implementation.

You learn something new every day of the school day.

So there you go.

My first pick is a really interesting package that I came across a couple of weeks ago,

and it's called Swift Summarize by Stef Kors. Did you know about

Core Services Framework Search Kit, and in particular in there, the SK Summary type?

Only because I also read about this.

I had no idea this existed. So what this does, effectively, it gives you like a local version of

one of the aspects of chat GPT. You can, with this thing and with this package, give it a string,

and then offline and on device have it summarize that string you put in.

I tried this with a couple of paragraphs from our blog post about the Apple announcement

when we had our sponsorship. And the result I got was, so these are like two, four, six

very short paragraphs. I don't know how many characters that is, but it's the meat of our

blog posts. And the summary is, Apple support and the community support we already enjoy via our

GitHub sponsorships have set us on a path where the Swift package index can be a project that

fully supports our work financially. And I think we can just have much shorter blog posts in the

future because this is the meat of it. I did not realize that this was a framework that you can use

and that it's on device, it runs offline. So that's a really interesting framework that I

discovered via this package. And it's great to have this as a little Swift package. I could just

stuck it in a playground without trying to playground feature. And that was a great way

to play around with this and see how it does. Yeah. So I also tried this actually, because

it was going to be one of my package recommendations today, but it didn't make

it into the final cut. I did try this and you're right that having it not need a network connection,

not need API calls that cost money is a huge advantage to it. But in the examples that I

tried, because we've been doing some work with summarization of package information,

using chat GPT. And so this is a subject that I've spent a bit of time looking at. And

in the testing I did, it's impressive what it does, but it's not a patch on what you get out

of GPT for the same input text. So it is good. And it's certainly the fact that it is an on device

calculation, an on device summarization tool is a huge difference. And so they shouldn't really

be compared, but we do live in a world where chat GPT exists. Another thing that I really liked,

I'm not sure if I mentioned that already, is that the results seem to be stable. So I've run this,

you know, multiple times, right. I left some time in between in case there's some caching going on,

but you do, apparently you are getting the same result back, which is a nice feature,

actually, because the way we've been using it...

Which is a disadvantage of GPT.

Yeah, we the way we've been using that is sort of, you know, you run it again,

you get something different, you sort of have to pick a result at some point.

Yeah. Although I did, I don't know whether you you listened to or watched the recent keynote from

OpenAI. But they're talking about now in the current latest version of the API, you can also

specify a random, a consistent random seed to get the same output from the same input again.

Okay, that's nice.

I don't know whether that's shipped yet, but that was something they talked about.

Right. So that was Swift summarized by Steph Kors.

So my next package is Memberwise Init by Galen O’Hanlon. And this is a Swift 5.9 macro package

for automatic memberwise init statements. So if you create a struct, you want to generate a

memberwise init for it, rather than having to type out that or use any kind of automation to

create it. I know there are lots of ways to automate the creation of these things. This

takes it and puts it in a macro. So above your, for example, if you're doing on a struct, if you

above your struct, you add the attribute memberwise init. And then in this case,

the example is dot public, and it will create you a public init that takes every property and gives

you an initializer that adds that. And so nice little time saver is something that you end up

doing quite a lot in Swift. But again, I must stop recommending packages that I then recommend not

using. It is definitely becoming a habit of mine. I certainly, this package made me think more about

macros than I have done in the past. And it's certainly a nice little time saver to not have

to generate and not have to write a memberwise init for your struct. But at the same time,

and this was always the problem with C macros is it hides what's happening. And so for some things,

where there's a lot of code that you might want to generate or something complex that you want to do,

maybe that, although, I mean, do you want to hide complexity? I don't know. I think there's,

I think there's a genuine question about macros that this made me think about, which is,

are they actually a good idea? And I'm not saying they're not a good idea before anyone,

or anyone thinks that's what I'm saying. But I certainly, it makes me think about like how much

would I import a package that has a macro to generate a memberwise init when the amount of

typing in a memberwise init is actually not that much really. Yes, it's repetitive, and it's not

something we really want to have to do. But at least once you've typed it, it's there and you

can see it. And I know that Xcode can expand the macro and show you the code that it generates. And

there are definite pros and cons to this whole approach, but it did make me wonder of like where

that line lies in terms of would I add a macro to do this job or that job or some other job? And

I think this is an interesting package. I think I'm sure it will save some people some time,

but I'm not sure that I would bring it in. Would you? I think I would. And here's why,

because we have actually, we have this problem in a couple of places. Vapor uses,

Vapor models, most of the properties are, or many of them are optional just due to the way

it's often set up. And you do need to specify initializers for all these. And they often

default to nil. And we had a couple of cases where we, and you can very easily generate the

initial initializer, right? There's a, again, under the refactoring tools, you can right click

on your name. That one I do know about. Yeah. And then it generates that and it does that,

but it only does that the first time, right? The next time you add a new member or remove one,

you have to remember to update your initializers. And that is something that you can't forget if

you have a, if you add an optional property, then you don't need to initialize it and to spell it

out in that list. And there can be drift in what members you have and which ones you actually

initialize. And I guess the big advantage of something like this is that it would track

and always have a fully specified initializer. There's no missing of members and making sure

they're all assigned. And the way this bit does was, if I recall correctly, we ended up, you know,

saving stuff to the database. It wasn't actually saved because we never updated the initializer

where that field was passed through and actually written to the database, which is, you know,

that is not something you discover like weeks after. It's just something you discover at an

inopportune time, like an hour later. It's not a huge problem, but it's a bit of a nuisance. And

it's a lot of silly updating of initializers that isn't really interesting work, right? I love,

yeah, taking stuff out of the picture that is just busy work. And there's nothing, you're right,

hiding complexity is a problem, but I don't think this is complexity that is bad. Like this is just

noise, really, because everyone will understand what this initializer does and why it's there.

You know, sometimes you need it. You don't often don't even need it, right? If you are

internal to a package, you don't need to write the initializer. So, and it's still there, right? Swift

still generates that internal one that you never even see, but you can initialize your type fully,

you know, with all the properties. Why is that? Well, it's because it's all internal and it's not

exposed. You don't see it, but it's still there. How is this different? All it does, it gives you

a way of having that same automated way of generating it and you can make it public and

then it works across module boundaries and that. So in that sense, I think it just, you know,

elevates that to a different access level. And I think in that respect, it's absolutely fine as a

complexity. In fact, I think the only complexity is that you need to import that as a package.

And I know that there's been a pitch to have something like that as a language extension. And

I think, I don't recall where that discussion ended. I'm pretty sure it came up in the discussion

where that should just be a macro. And I'm very sure that there will be a set of macros that

eventually end up in either in the standard library or in a, you know, Apple foundation

package or something where these things will become commonplace and I use just like any other

annotation that we use right now, you know, like observable and whatnot. And it'll be one of those

where it offers that and we will use it and forget about it. All right. Yeah. Yeah. I mean, all very

good points. And I should just say as well, that there are lots of options with this macro for you

to customize various bits that you talked about there. So you can specify that a property should

be escaping or public or give it a different label or, you know, and combine those things.

You could have a customized label and the fact that it's public and things like that. So I should

say that there's good support for creating the member wise initializer that you would like to

create rather than just the same one for every type. So, yeah, I think it's, and that's the reason

I didn't hesitate to talk about it here because we call these recommendations and they are of

sorts, but actually what they really are is as with any real world dependency situation where

you're considering adding a dependency is it's actually, it's a decision that comes down to

trade-offs in the real world. And so when we talk about them, we should talk about those trade-offs

too. Yeah. I mean, mine are recommendations. Yours are mentions. That's not how I want them

to be. I just think, well, you got to try harder, Dave. You got to try harder. Yeah, I do. You're

right. I do have to try harder. That's right. Because you wait till you hear my last one.

Oh God, here we go. All right. I'm bracing myself. All right. Let me, let me squeeze in a

recommendation before we get to that one then. And this next one is called Typhoon by Nikita

Vasilev. And that's a really nice retry library. And I came across this because I actually had

need of something like this recently. I have my own version of it, which is a little module that

I'm using. And if I had discovered this before, I might've actually jumped on it. It looks really

nice. So what this does, it gives you an API where you can pass in an async throws closure

and it'll retry it as the name of the package says, or the description says. I'm not sure

of the name Typhoon, how that ties to retrying, but that's what it's called. The nice thing is

you can set retry policies. So there's a couple of things that are listed. I'm not sure how

extensive it is, but obviously you can specify the number of retries, whether they are just,

you know, on a constant time. And it also supports exponential backoff where

subsequent retries will be at a longer period. You know, it'll do one second, two second, four

second, eight seconds. And you typically do that to avoid hammering a service. You know, for instance,

if you're running on a network, you don't want to constantly hammer the service at the same time.

I'm not sure if it has random jitter, but it would be a nice extension if it doesn't.

Looked really nice. Also something you can test in a playground to get a feel for it.

One really nice thing I found is it didn't actually work in our Try in a Playground feature

because it was referencing Vision OS in the platforms, Preamble and Arena. The underlying

tool didn't manage to pass the manifest, but by the time you listen to this, or actually already

it's fixed. So we have shipped an update. I saw this pull request go through. Yeah. I'm so keen

to try these packages that whenever they don't work, I get really annoyed and I need to fix it

straight away if I can. So that's Typhoon, a retry package by Nikita Vasilev. So my third package is,

I love this package and I love what it says about the Swift package ecosystem, which is that we are,

we have everything from something that will generate you a member-wise initializer for

Astrux, which would be valid in any Swift program that you could write, pretty much.

Two packages like this, which is called Swift ZPL by, well, I don't think it's a name,

I think it's an abbreviation, but the abbreviation is S-C-C-H-N, but this package is a Zebra

programming language enhancement for Swift. So it allows you to write this Zebra programming

language faster, easier, and safer is the description of it. Now, do you know what ZPL

or Zebra programming language is? I have no idea. I saw the package and I just briefly looked at it,

but it didn't explain in the readme, so I didn't have the time to drill in. I just saw some

further down, some barcode stuff. I drilled in. And so Zebra programming language is a command

language used by a lot of printers, and it is a way to tell printers what to do, right?

And so this is a way that you can write code to control a Zebra, a ZPL compatible printer.

So you can say, change the alpha default font to this and have it use 50 heights. And then you can

have a field and put some data in that field and you can define what to tell these printers to do.

And I think, I mean, obviously this is a extremely niche package. This is not going to be

included in many people's projects because it does a very specific thing. But actually,

that's what I love about this package is that this is going to make somebody's day, right?

Somebody is going to have this task. They're going to go, I wonder if package, there's a package for

it. They're going to search Swift package index, and it's going to make somebody incredibly happy.

It's only going to make five people happy in its entire life, but they're going to be so happy.

And that's why I want to talk about it because I think a thriving and kind of

comprehensive package ecosystem includes stuff like this that can

take a ZPL compatible printer and generate a barcode in three lines of code.

Yeah. I mean, you can see this be super useful if you have that sort of printer and need to

output a barcode or a QR code. I mean, this looks great. There's even a Swift logo further down

that they printed. Nice. This is a recommendation. It's just a recommendation for a small number of

people. Yeah. Nice. And the Swift code is bang up to date. The ZPL, I would imagine, has been

around for a very long time, but the Swift code, it uses result builders to build up the syntax for

the ZPL programming language. So you just, you open up some braces and you start putting commands

in there just like you would with Swift UI. Wow. That's amazing. So 37 episodes in,

and we have a recommendation. That is fantastic.

Yes. I need to work harder. You're right.

My third pick is called Obfuscate Macro, and it's by our return guest, p-x9. I'm just double

checking. No, there's still no further name. We had a package recommended before or mentioned

before. I'm not sure whichever. Yes, I recommended one. I'm sure it was a recommendation.

There we go. So this is obviously, as the name says, it's a macro package and it's a package to

obfuscate strings in your binary. So you might know if you embed something in your code,

like a static string, like a configuration variable that you don't ship from the server

and you embed it in the library because it, for instance, never changes. But it's still something

you don't want to leak. For instance, say you have, I don't know, some key for a symmetric

signing or something or a passcode or something that can be found and printed. I think strings

is the command you would use typically to see the text segments. I'm throwing around words here. I

hope that makes sense. I've never tried it, but I know you can get it strings in a binary.

Strings definitely does that, yeah. And so what this does, it scrambles these and you can

just annotate your variable definition with a macro obfuscate and or rather not annotate it,

you can use a macro command to assign it to a variable and then you can just let it do its

thing. It picks an algorithm, I think, by random. You can also specify a specific algorithm that

you want to use and there's a couple of quite a handful of options like bit shifting, base 64,

AES, that sort of thing. And then it just generates some data and obviously also embeds a way to

reverse it back into the string when you run your binary. And the result of that is there's no plain

rendering of your string in the binary. If someone looks, they won't see it that way. They'd have to

do more to find out what's going on. And my understanding is this isn't a foolproof way to

actually make that operation safe. As the name says, it obfuscates the string in your binary

and makes it harder for someone to reverse engineer it. It's still possible, but it probably

puts up a high enough barrier to deter most folks from poking around and doing stuff with pulling

out an API key or something for a service that you don't want them to be messing with.

So yeah, there you go. Obfuscate macro by p-x9. Fantastic. And so I think that brings us to

a close again. We're actually going to be back in three weeks this time and the next podcast will be

the last one for 2023. So one more before the end of the year. But yeah, we'll be back in three

weeks time and we will speak to you all then. All right. See you in three weeks. Bye bye. Bye bye.

Creators and Guests

Dave Verwer
Host
Dave Verwer
Independent iOS developer, technical writer, author of @iOSDevWeekly, and creator of @SwiftPackages. He/him.
Sven A. Schmidt
Host
Sven A. Schmidt
Physicist & techie. CERN alumnus. Co-creator @SwiftPackages. Hummingbird app: https://t.co/2S9Y4ln53I
37: With praise, you can include me, but any blame goes to Dave
Broadcast by