frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Tinder Wants Your Camera Roll and Calls It Chemistry

https://reclaimthenet.org/tinder-wants-your-camera-roll-and-calls-it-chemistry
1•wakawaka28•4m ago•0 comments

Show HN: Gempix2 – AI Image Editor and Generator Powered by Nano Banana 2

https://gempix-2.co/
1•nicohayes•4m ago•0 comments

Copy button added to Stack Overflow

https://meta.stackexchange.com/questions/414573/results-of-the-october-2025-community-asks-sprint...
3•exploraz•10m ago•0 comments

BBC '100% fake news', says Donald Trump's press secretary

https://www.theguardian.com/media/2025/nov/08/bbc-100-fake-news-says-donald-trumps-press-secretary
1•beardyw•10m ago•0 comments

AI Anki Generator

https://ai-anki.top
1•namewyf•13m ago•1 comments

My friends and I accidentally faked the Ryzen 7 9700X3D leaks

https://old.reddit.com/r/pcmasterrace/comments/1orc6jl/my_friends_and_i_accidentally_faked_the_ry...
2•djrockstar1•17m ago•0 comments

KI-Chatbots Destroying the Internet

https://gnulinux.ch/zum-wochenende-die-geister-die-sam-rief
1•Vreak-o•18m ago•1 comments

Vigorlong [pdf]

https://facilities.med.wustl.edu/app/uploads/formidable/55/VigorLongapprove-rt46gf.pdf
1•danaevanr•19m ago•0 comments

Always Be Ready to Leave (Even If You Never Do)

https://andreacanton.dev/posts/2025-11-08-always-ready-to-leave/
2•andreacanton•20m ago•0 comments

Who's watching the watchers? This Mozilla fellow, and her Surveillance Watch map

https://www.theregister.com/2025/11/08/mozilla_fellow_al_shafei/
2•defrost•24m ago•1 comments

SpaceX launches 28 Starlink satellites from California's central coast [video]

https://www.space.com/space-exploration/launches-spacecraft/spacex-starlink-11-14-b1093-vsfb-ocisly
1•ashishgupta2209•25m ago•0 comments

Cara pesan tiket bus Rosalia indah // 0813"5342"3753

1•djkurek•26m ago•1 comments

At the Border of Fantasy and Reality

https://desa.pl/en/stories/at-the-border-of-fantasy-and-reality/
1•jruohonen•27m ago•0 comments

Screenshot Editor – Minimalist screenshot editor

https://www.screenshoteditor.live/
1•dikshant_shah•30m ago•0 comments

Largest web with 111k spiders discovered in a remote cave in Greece

https://subtbiol.pensoft.net/article/162344/
1•tchalla•31m ago•0 comments

Show HN: Conversational Hindi tutor for Indian diaspora kids (5-9yrs old)

https://www.hindispeakingtutor.in/
1•shubham13596•39m ago•0 comments

The Tech CEO 'Making No Apologies for the Work with ICE' (Alex Karp)

https://www.politico.com/news/magazine/2025/11/06/alex-karp-book-michael-steinberger-trump-evolut...
2•giuliomagnifico•42m ago•0 comments

Harbor – a framework for evaluating and optimizing agents and language models

https://github.com/laude-institute/harbor
1•piebro•55m ago•0 comments

Visualizing Intersecting Sets

https://upset.app/
2•vismit2000•57m ago•0 comments

Ask HN: What's a Purchase You Regret?

1•znpy•58m ago•1 comments

Vue-Transify v1.3.0

https://github.com/Redskullvue/vue-transify
2•redskull422•1h ago•0 comments

New spyware exploited a Samsung 0-day delivered through WhatsApp messages

https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/
3•notmine1337•1h ago•1 comments

I help people build SaaS MVP from scratch in just $2499 fully

https://cal.com/alwassikhan/mintmvp?user=alwassikhan
1•alwassikhan•1h ago•0 comments

Animation: What is sync.Pool and how to use it properly

https://www.youtube.com/watch?v=fwHok9ZhQaY
1•valyala•1h ago•0 comments

Show HN: What do you hate most about data analysis?

1•akshayjadhao•1h ago•0 comments

Ask HN ,what do you hate most about data analysis?

1•akshayjadhao•1h ago•0 comments

Jelly Slider

https://docs.swmansion.com/TypeGPU/examples/#example=rendering--jelly-slider
3•rishikeshs•1h ago•1 comments

AI Business Idea Generator – Generate custom ideas for profitable side-hustles

https://aibizgen.net
1•vkastei•1h ago•1 comments

The Art of Leadership

https://rodgercuddington.substack.com/p/the-art-of-leadership
1•freespirt•1h ago•0 comments

Profiling tools I use for QEMU storage performance optimization

http://blog.vmsplice.net/2025/06/profiling-tools-i-use-for-qemu-storage.html
1•todsacerdoti•1h ago•0 comments
Open in hackernews

Apple's "notarisation" – blocking software freedom of developers and users

https://fsfe.org/news/2025/news-20251105-01.en.html
117•DavideNL•6h ago

Comments

moi2388•5h ago
I still don’t see why you would want your parents to run untrusted software on their devices, but you do you I guess.
Propelloni•4h ago
I still don't see why you would want Apple to have a say in what you run on your device, but you do you, I guess.
MagicMoonlight•4h ago
Because they have thousands of employees who have the time to look at the source code and determine whether it is malicious.

Nobody else would bother. That’s why meme language repositories continuously lead to hacks and vulnerabilities.

rkomorn•4h ago
Apple employees have access to the source code of apps on the App Store?
BoredPositron•3h ago
Technically yes, if they want it you have to give it to them. The dev agreement and TOS is pretty broad.
rkomorn•3h ago
Is that (Apple asking for source) a frequent thing?
BoredPositron•3h ago
We don't know.
aeonfox•2h ago
App developers do know. I can't say that I've ever worked on an app where this request has been made. Neither the App Store Connect Agreement[0] nor the Apple Developer Agreement[1] stipulates that the developer can be compelled to surrender their source code.

[0] https://appstoreconnect.apple.com/WebObjects/iTunesConnect.w... [1] https://developer.apple.com/support/downloads/terms/apple-de...

All the relevant agreements can be found here, so if there's something that specifies this kind of overreach, I'd both be very surprised and interested.

https://developer.apple.com/support/terms/

BoredPositron•2h ago
“If you are required by law, regulation, or court order to disclose any Apple Confidential Information (which can include requests related to legal investigations or audits), you agree to give Apple prompt notice and to cooperate in seeking a protective order or confidential treatment of such information”
rkomorn•2h ago
What part of this says Apple can compel developers to share their apps' source with Apple?

Edit: oh, are you saying that such requests would be "Apple confidential information" so nobody would say if it happened?

robertclaus•4h ago
Apple absolutely does not manually read all the source code they notarized.
realusername•3h ago
You are mixing up with Fdroid, Apple doesn't do any source code reading and the tests they do are very basic.

Right now you have a lot of piracy apps which are disguised as a "note taking app" and they passed the appstore review without any issues.

heinternets•2h ago
Do you have any examples? Asking for a friend.
moi2388•2h ago
They don’t. You can still run any software you’d like. You just get warnings, so people like parents don’t just randomly open malicious programs from the internet.

Which is exactly as it should be

whatsupdog•2h ago
Tell me how I can side load apps on iphone? Even with warnings and stuff.
owisd•1h ago
If you compile it from source yourself using Xcode you can deploy to your own device without an Apple developer subscription.
lanyard-textile•1h ago
It unfortunately goes away. Last I checked you get 7 days before the app expires. The subscription makes it last much longer, but not forever.
djantje•4h ago
It should be a setting (like macos) otherwise full control of all the devices is always at the mercy of Apple.
realusername•3h ago
Implying the software in the appstore is ""trusted""
wiseowise•3h ago
Who said anything about parents?
noir_lord•2h ago
They are using it as a proxy for "people with low technical skills" (which is a specious argument since it was a friend of my parents who got me into programming and he remains one of the best I've ever known) and making the usual argument that we should limit control of our devices to make it safe for them.

I actually don't have (much) of an issue with walled garden approaches as long as the wall has a gate that is easily opened, give me an OS level toggle with a warning of "Here be dragons" and I can live with it - it's not ideal but it's not a terrible trade off.

It's something Android has had previously (but they seem to be trying to lock that gate) and iOS less so.

graemep•1h ago
Which is something I find very annoying, because I know a lot of people who are parents (or adults) or grandparents which have greater technical skills than their children.
brabel•45m ago
I can run anything on my Mac the way you described: go to security settings and tell it know what I am doing. Is that changing somehow?
rogual•2h ago
It's funny how "think of the parents" is the new "think of the children".
owisd•1h ago
It’s tragic how many are baffled by the idea someone might genuinely accept a minor inconvenience to benefit their community.
saubeidl•2h ago
Because they're adults that can make their own decisions and not mentally challenged patients under a megacorps guardianship?
gregoriol•2h ago
Sadly about 98% of real world users are going to fall into scams, ransomwares and stuff. They are not mentally challenged, there are just so many traps/fakes/tempting stuff that we as IT people are more aware of (but even we still fall into some).

We also can't count on every person being able to check every single thing they do: how do you check if some food or drug you get is good or not? you can't really, you have to trust someone who knows.

saubeidl•2h ago
> how do you check if some food or drug you get is good or not? you can't really, you have to trust someone who knows.

Yes - the democratically elected government, not a monopolistic entity with capital interest.

userbinator•1h ago
Then that's their own fault and responsibility. You can't build up immunity without exposure.
owisd•1h ago
It’s a bit like the Elizabeth Warren toaster analogy. If you bought a toaster with shoddy wiring and it caught fire and burned down your house, everyone would blame the manufacturer and not sneer at you online for not learning electrical engineering and not checking the wiring yourself before using it.
tacker2000•1h ago
This argument is in the same vein as “chat control because of child safety”.

Its a smokescreen.

You want less liberty because of the “least competent” user?

tgv•1h ago
Software freedom, at least for end users, is a smokescreen, too. I can revert your argument: "you want more ransomware because of a few OSS enthousiasts?" What we need is a way to curb the excesses, such as high entrance barriers to the store.

A phone/tablet is a tool, with very intense usage, and huge privacy value, not an engineer's toy.

idle_zealot•20m ago
The real smokescreen is this freedom vs security false dichotomy. If you give up freedom for the promise of security, you get neither. Look at the App Store. It's full of harmful garbage designed to extract value and waste your time by any trick necessary. It's one step short of ransomware. Oh, unless you use an app for your important documents, then it comes under new management and demands you start paying monthly or lose your stuff. Suddenly that lack of freedom to continue using an old version of the app or to dig around its internals and pull out your data becomes a loss of security. It's fine though, because this type of ransomware is totally legal and inline with your benevolent platform dictator's policies.
Ray20•2m ago
Your argument falls apart when you consider iPhones' 60% market share. People have spoken out about whether they want dangerous, uncontrolled third-party apps on their phones.
charcircuit•3h ago
DMA is about increasing competition of app stores. It is not about giving "freedom" to people. Notorization is an independent process from running an app store on Apple's platform.
mort96•1h ago
Well, it gives Apple editorial control over non-Apple app stores.
invaliduser•3h ago
The same thing exists on Windows, developers have to code sign their binaries. It's even worse in my experience because you have to use a token (usb key with cryptographic signing keys in it) and that's impractical if you want your ci/cd to run in a datacenter. At my company we had a mac mini with a windows VM and a code signing token plugged in just for the purpose of signing our macos and windows binaries.

Another solution that is not mentioned in the article is that users of both macos and windows should be able to easily integrate the certificate of a third-party editor, with a process integrated in their OS explaining the risks, but also making it a process that can be understood and trusted, so that editors can self-sign their own binaries at no cost without needing the approval of the OS editor. Such a tool should ideally be integrated in the OS, but ultimately it could also be provided by a trusted third-party.

tumult•3h ago
Nope. Notarization is not code signing. It’s an extra step, after code signing, where you upload your software to Apple’s servers and wait for their system to approve it. It’s more onerous than code signing alone and, with hindsight, doesn’t seem to have been offering any extra protection.
jeroenhd•3h ago
It's not the same, but in practice it's also not so different. Microsoft keeps track of how many times a certain executable has been run and only after a certain threshold does the executable become openable without hunting for tiny buttons. The kicker: this also applies for signed binaries.

Microsoft will upload these executables to the cloud by default if you use their antivirus engine ("sample collection").

In a way, Microsoft is building the same "notarisarion database", but it's doing so after executables have been released rather than before it. Many vendors and developers will likely add their executables to that "database" by simply running it on a test system.

On the other hand, SmartScreen can be disabled pretty easily, whereas macOS doesn't offer a button to disable notarisarion.

makeitdouble•1h ago
Microsoft's notorisation sounds fully automated and transparent, while Apple's is more political and hands on. Individual apps getting their notorisation slowed down to a glacier pace because the platform owner doesn't like them doesn't seem to happen in Microsoft land.
Earw0rm•1h ago
The bigger difference is that Apple isn't just checking for malware, it's checking for conformance with various APIs, manifest requirements and so on. Not as strict as the iOS App Store, maybe, but it will refuse to notarize if it detects use of unsanctioned API calls.

You don't even need signing for Microsoft's system to do what it does - it can operate on unsigned code, it's all hash based.

makeitdouble•50m ago
> it will refuse to notarize if it detects use of unsanctioned API calls.

Or really any reason. They're not supposed to exert editorial control but that's how it has been happening in practice.

hkpack•1h ago
I have the opposite experience - on macOS you can guarantee what users will see when you distribute your notarized app, while on Windows you cannot for undefined time.

How often do you notarize your apps? Why does the speed matter at all? In my cases it takes 2 seconds for the notarization to complete.

makeitdouble•39m ago
The article is about iOS, and getting your notorization in 2 seconds or weeks is IMHO a big difference.

There's obviously simple cases where the iOS notorization also flies in 2 secs, but there seems to be enough tougher cases:

https://www.reddit.com/r/iOSProgramming/comments/1l9m7jd/how...

mort96•1h ago
Wasn't there even a story some time ago about how some completely legit, legal, above-board app to virtualize old (pre OS X) versions of Mac OS got rejected by Apple's notarization process?
makeitdouble•55m ago
Yes. Probably this story ?

https://9to5mac.com/2024/06/19/iphone-pc-emulator-block-ille...

Earw0rm•1h ago
It's more akin to an enforced malware scanner, at least in principle, kind of mandatory VirusTotal with a stapled certificate.

In practice though they use it to turn the screws on various API compliance topics, and I'm not sure how effective it is realistically in terms of preventing malware exploits.

anang•3h ago
Just FYI, you don’t have to use a USB stick, you can also use HSM like azure key vault and sign using azure signtool.
nickf•1h ago
Azure Key Vault - even in the ‘premium’ HSM flavour can’t actually prove the HSM exists or is used, which doesn’t satisfy the requirements the CA has. In theory, it shouldn’t work - but some CAs choose to ignore the letter and the spirit of the rules. Even Azure’s $2400a month managed HSM isn’t acceptable, as they don’t run them in FIPS mode.
Xiol•2h ago
I struggled with a similar problem recently. You can use osslsigncode to sign Windows binaries from Linux. It is also possible, with some pissing about, to get everything to work hands off.

In the end we went with Digicert Keylocker to handle the signing, using their CLI tool which we can run on Linux. For our product we generate binaries on the fly when requested and then sign them, and it's all done automatically.

scosman•2h ago
Highly suggest trying Azure Trusted Signing on a CI system with windows boxes (I use Github). Windows signing was an expensive nightmare before, but is now relatively painless and down to $10/mo (which isn't cheap but is cheaper than the alternatives).
amaccuish•2h ago
Last time I checked it's still US/Canada only. Luckily I only needed code-signing for an internal app, so we just used our own PKI and pushed the certs over MDM.
fmajid•2h ago
You can see it in action. I have a M1 Ultra Mac Studio, an insanely powerful machine, and when building open source software, actual compilation flies but the autonomy step crawls because IIT has to build test binaries to test OS features and notarization slows that down dramatically.
scosman•2h ago
Notarization is completely optional when building any OSS software on a Mac, and not part of any default build process I know. A Mac can sign builds for running locally, a process which is fast, completely local, and does require building test binaries or anything like that. Even a Mac building for an iPhone in developer mode has a local cert it can use, and doesn't require notarization.

Notarization is only needed when distributing binaries to others. Personally I do it once a month for the Mac app I distribute.

kkfx•2h ago
Mandatory FLOSS and open hardware is SERIOUSLY the sole way we can evolve positively.
scosman•1h ago
Mandatory != free/libre
idle_zealot•26m ago
Free/libre refers to user freedom. Mandatory licensing would restrict developer freedom in favor of user freedom, a common feature of consumer protection laws.
donatj•27m ago
I stopped releasing binaries for a number of my tools because I didn't want to pay the $100 a year for the right to do so, and I got tired of explaining how to run them without signing.

The post I wrote to point people at anyway:

https://donatstudios.com/mac-terminal-run-unsigned-binaries

SurceBeats•11m ago
Suffered that back in the day with an Electron desktop app. Not to mention that the notarization and signing integration itself is completely broken. The first time you submit a binary it can take DAYS to process, and setting everything up to work properly with GitHub Actions CI/CD is absurdly time-consuming. It's ridiculous, and if you add this new notarial verification policy on top of that... In the end it's just Apple being Apple.