frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Valdi – A cross-platform UI framework

https://github.com/Snapchat/Valdi
297•yehiaabdelm•11h ago•102 comments

Making Democracy Work: Fixing and Simplifying Egalitarian Paxos

https://arxiv.org/abs/2511.02743
43•otrack•4h ago•1 comments

Why is Zig so cool?

https://nilostolte.github.io/tech/articles/ZigCool.html
350•vitalnodo•12h ago•249 comments

Becoming a Compiler Engineer

https://rona.substack.com/p/becoming-a-compiler-engineer
234•lalitkale•13h ago•103 comments

Friendly Attributes Pattern in Ruby

https://brunosutic.com/blog/ruby-friendly-attributes-pattern
28•brunosutic•5d ago•13 comments

Myna: Monospace typeface designed for symbol-heavy programming languages

https://github.com/sayyadirfanali/Myna
280•birdculture•17h ago•134 comments

Immutable Software Deploys Using ZFS Jails on FreeBSD

https://conradresearch.com/articles/immutable-software-deploy-zfs-jails
86•vermaden•11h ago•31 comments

How to find your ideal customer, right away

https://www.reifyworks.com/writing/2023-01-30-iicp
48•mrbbk•4d ago•4 comments

How did I get here?

https://how-did-i-get-here.net/
225•zachlatta•15h ago•43 comments

Why I love OCaml (2023)

https://mccd.space/posts/ocaml-the-worlds-best/
334•art-w•21h ago•243 comments

Ruby Solved My Problem

https://newsletter.masilotti.com/p/ruby-already-solved-my-problem
230•joemasilotti•16h ago•91 comments

Local First Htmx

https://elijahm.com/posts/local_first_htmx/
48•srid•9h ago•25 comments

Running a 68060 CPU in Quadra 650

https://github.com/ZigZagJoe/Macintosh-Q650-68060
48•zdw•10h ago•18 comments

YouTube Removes Windows 11 Bypass Tutorials, Claims 'Risk of Physical Harm'

https://news.itsfoss.com/youtube-removes-windows-11-bypass-tutorials/
648•WaitWaitWha•14h ago•239 comments

A rats to riches story: Larry the Downing Street cat finds place in TV spotlight

https://www.theguardian.com/politics/2025/nov/08/a-rats-to-riches-story-larry-the-downing-street-...
10•zeristor•1h ago•1 comments

Apple's "notarisation" – blocking software freedom of developers and users

https://fsfe.org/news/2025/news-20251105-01.en.html
112•DavideNL•5h ago•57 comments

Venn Diagram for 7 Sets

https://moebio.com/research/sevensets/
133•bramadityaw•4d ago•33 comments

Reverse Engineering a Neural Network's Clever Solution to Binary Addition (2023)

https://cprimozic.net/blog/reverse-engineering-a-small-neural-network/
3•Ameo•4d ago•0 comments

Angel Investors, a Field Guide

https://www.jeanyang.com/posts/angel-investors-a-field-guide/
143•azhenley•18h ago•31 comments

How a devboard works (and how to make your own)

https://kaipereira.com/journal/build-a-devboard
71•kaipereira•12h ago•28 comments

Transducer: Composition, abstraction, performance (2018)

https://funktionale-programmierung.de/en/2018/03/22/transducer.html
97•defmarco•4d ago•5 comments

Ribir: Non-intrusive GUI framework for Rust/WASM

https://github.com/RibirX/Ribir
67•adamnemecek•15h ago•11 comments

FSF40 Hackathon

https://www.fsf.org/events/fsf40-hackathon
88•salutis•5d ago•2 comments

VLC's Jean-Baptiste Kempf Receives the European SFS Award 2025

https://fsfe.org/news/2025/news-20251107-01.en.html
364•kirschner•14h ago•66 comments

Show HN: Find matching acrylic paints for any HEX color

https://acrylicmatch.com/
24•dotspencer•4d ago•11 comments

GPT-OSS 120B Runs at 3000 tokens/sec on Cerebras

https://www.cerebras.ai/blog/openai-gpt-oss-120b-runs-fastest-on-cerebras
12•samspenc•8h ago•3 comments

James Watson has died

https://www.nytimes.com/2025/11/07/science/james-watson-dead.html
316•granzymes•16h ago•188 comments

Shell Grotto: England's mysterious underground seashell chamber

https://boingboing.net/2025/09/05/shell-grotto-englands-mysterious-underground-seashell-chamber.html
27•the-mitr•4d ago•14 comments

Can you save on LLM tokens using images instead of text?

https://pagewatch.ai/blog/post/llm-text-as-image-tokens/
22•lpellis•6d ago•8 comments

Helion: A high-level DSL for performant and portable ML kernels

https://pytorch.org/blog/helion/
140•jarbus•6d ago•47 comments
Open in hackernews

Apple's "notarisation" – blocking software freedom of developers and users

https://fsfe.org/news/2025/news-20251105-01.en.html
112•DavideNL•5h ago

Comments

moi2388•4h ago
I still don’t see why you would want your parents to run untrusted software on their devices, but you do you I guess.
Propelloni•4h ago
I still don't see why you would want Apple to have a say in what you run on your device, but you do you, I guess.
MagicMoonlight•4h ago
Because they have thousands of employees who have the time to look at the source code and determine whether it is malicious.

Nobody else would bother. That’s why meme language repositories continuously lead to hacks and vulnerabilities.

rkomorn•4h ago
Apple employees have access to the source code of apps on the App Store?
BoredPositron•3h ago
Technically yes, if they want it you have to give it to them. The dev agreement and TOS is pretty broad.
rkomorn•3h ago
Is that (Apple asking for source) a frequent thing?
BoredPositron•3h ago
We don't know.
aeonfox•2h ago
App developers do know. I can't say that I've ever worked on an app where this request has been made. Neither the App Store Connect Agreement[0] nor the Apple Developer Agreement[1] stipulates that the developer can be compelled to surrender their source code.

[0] https://appstoreconnect.apple.com/WebObjects/iTunesConnect.w... [1] https://developer.apple.com/support/downloads/terms/apple-de...

All the relevant agreements can be found here, so if there's something that specifies this kind of overreach, I'd both be very surprised and interested.

https://developer.apple.com/support/terms/

BoredPositron•2h ago
“If you are required by law, regulation, or court order to disclose any Apple Confidential Information (which can include requests related to legal investigations or audits), you agree to give Apple prompt notice and to cooperate in seeking a protective order or confidential treatment of such information”
rkomorn•2h ago
What part of this says Apple can compel developers to share their apps' source with Apple?

Edit: oh, are you saying that such requests would be "Apple confidential information" so nobody would say if it happened?

robertclaus•4h ago
Apple absolutely does not manually read all the source code they notarized.
realusername•3h ago
You are mixing up with Fdroid, Apple doesn't do any source code reading and the tests they do are very basic.

Right now you have a lot of piracy apps which are disguised as a "note taking app" and they passed the appstore review without any issues.

heinternets•2h ago
Do you have any examples? Asking for a friend.
moi2388•2h ago
They don’t. You can still run any software you’d like. You just get warnings, so people like parents don’t just randomly open malicious programs from the internet.

Which is exactly as it should be

whatsupdog•1h ago
Tell me how I can side load apps on iphone? Even with warnings and stuff.
owisd•1h ago
If you compile it from source yourself using Xcode you can deploy to your own device without an Apple developer subscription.
lanyard-textile•52m ago
It unfortunately goes away. Last I checked you get 7 days before the app expires. The subscription makes it last much longer, but not forever.
djantje•4h ago
It should be a setting (like macos) otherwise full control of all the devices is always at the mercy of Apple.
realusername•3h ago
Implying the software in the appstore is ""trusted""
wiseowise•3h ago
Who said anything about parents?
noir_lord•2h ago
They are using it as a proxy for "people with low technical skills" (which is a specious argument since it was a friend of my parents who got me into programming and he remains one of the best I've ever known) and making the usual argument that we should limit control of our devices to make it safe for them.

I actually don't have (much) of an issue with walled garden approaches as long as the wall has a gate that is easily opened, give me an OS level toggle with a warning of "Here be dragons" and I can live with it - it's not ideal but it's not a terrible trade off.

It's something Android has had previously (but they seem to be trying to lock that gate) and iOS less so.

graemep•58m ago
Which is something I find very annoying, because I know a lot of people who are parents (or adults) or grandparents which have greater technical skills than their children.
brabel•31m ago
I can run anything on my Mac the way you described: go to security settings and tell it know what I am doing. Is that changing somehow?
rogual•2h ago
It's funny how "think of the parents" is the new "think of the children".
owisd•1h ago
It’s tragic how many are baffled by the idea someone might genuinely accept a minor inconvenience to benefit their community.
saubeidl•2h ago
Because they're adults that can make their own decisions and not mentally challenged patients under a megacorps guardianship?
gregoriol•1h ago
Sadly about 98% of real world users are going to fall into scams, ransomwares and stuff. They are not mentally challenged, there are just so many traps/fakes/tempting stuff that we as IT people are more aware of (but even we still fall into some).

We also can't count on every person being able to check every single thing they do: how do you check if some food or drug you get is good or not? you can't really, you have to trust someone who knows.

saubeidl•1h ago
> how do you check if some food or drug you get is good or not? you can't really, you have to trust someone who knows.

Yes - the democratically elected government, not a monopolistic entity with capital interest.

userbinator•1h ago
Then that's their own fault and responsibility. You can't build up immunity without exposure.
owisd•1h ago
It’s a bit like the Elizabeth Warren toaster analogy. If you bought a toaster with shoddy wiring and it caught fire and burned down your house, everyone would blame the manufacturer and not sneer at you online for not learning electrical engineering and not checking the wiring yourself before using it.
tacker2000•1h ago
This argument is in the same vein as “chat control because of child safety”.

Its a smokescreen.

You want less liberty because of the “least competent” user?

tgv•48m ago
Software freedom, at least for end users, is a smokescreen, too. I can revert your argument: "you want more ransomware because of a few OSS enthousiasts?" What we need is a way to curb the excesses, such as high entrance barriers to the store.

A phone/tablet is a tool, with very intense usage, and huge privacy value, not an engineer's toy.

idle_zealot•6m ago
The real smokescreen is this freedom vs security false dichotomy. If you give up freedom for the promise of security, you get neither. Look at the App Store. It's full of harmful garbage designed to extract value and waste your time by any trick necessary. It's one step short of ransomware. Oh, unless you use an app for your important documents, then it comes under new management and demands you start paying monthly or lose your stuff. Suddenly that lack of freedom to continue using an old version of the app or to dig around its internals and pull out your data becomes a loss of security. It's fine though, because this type of ransomware is totally legal and inline with your benevolent platform dictator's policies.
charcircuit•3h ago
DMA is about increasing competition of app stores. It is not about giving "freedom" to people. Notorization is an independent process from running an app store on Apple's platform.
mort96•51m ago
Well, it gives Apple editorial control over non-Apple app stores.
invaliduser•3h ago
The same thing exists on Windows, developers have to code sign their binaries. It's even worse in my experience because you have to use a token (usb key with cryptographic signing keys in it) and that's impractical if you want your ci/cd to run in a datacenter. At my company we had a mac mini with a windows VM and a code signing token plugged in just for the purpose of signing our macos and windows binaries.

Another solution that is not mentioned in the article is that users of both macos and windows should be able to easily integrate the certificate of a third-party editor, with a process integrated in their OS explaining the risks, but also making it a process that can be understood and trusted, so that editors can self-sign their own binaries at no cost without needing the approval of the OS editor. Such a tool should ideally be integrated in the OS, but ultimately it could also be provided by a trusted third-party.

tumult•3h ago
Nope. Notarization is not code signing. It’s an extra step, after code signing, where you upload your software to Apple’s servers and wait for their system to approve it. It’s more onerous than code signing alone and, with hindsight, doesn’t seem to have been offering any extra protection.
jeroenhd•3h ago
It's not the same, but in practice it's also not so different. Microsoft keeps track of how many times a certain executable has been run and only after a certain threshold does the executable become openable without hunting for tiny buttons. The kicker: this also applies for signed binaries.

Microsoft will upload these executables to the cloud by default if you use their antivirus engine ("sample collection").

In a way, Microsoft is building the same "notarisarion database", but it's doing so after executables have been released rather than before it. Many vendors and developers will likely add their executables to that "database" by simply running it on a test system.

On the other hand, SmartScreen can be disabled pretty easily, whereas macOS doesn't offer a button to disable notarisarion.

makeitdouble•1h ago
Microsoft's notorisation sounds fully automated and transparent, while Apple's is more political and hands on. Individual apps getting their notorisation slowed down to a glacier pace because the platform owner doesn't like them doesn't seem to happen in Microsoft land.
Earw0rm•59m ago
The bigger difference is that Apple isn't just checking for malware, it's checking for conformance with various APIs, manifest requirements and so on. Not as strict as the iOS App Store, maybe, but it will refuse to notarize if it detects use of unsanctioned API calls.

You don't even need signing for Microsoft's system to do what it does - it can operate on unsigned code, it's all hash based.

makeitdouble•36m ago
> it will refuse to notarize if it detects use of unsanctioned API calls.

Or really any reason. They're not supposed to exert editorial control but that's how it has been happening in practice.

hkpack•58m ago
I have the opposite experience - on macOS you can guarantee what users will see when you distribute your notarized app, while on Windows you cannot for undefined time.

How often do you notarize your apps? Why does the speed matter at all? In my cases it takes 2 seconds for the notarization to complete.

makeitdouble•25m ago
The article is about iOS, and getting your notorization in 2 seconds or weeks is IMHO a big difference.

There's obviously simple cases where the iOS notorization also flies in 2 secs, but there seems to be enough tougher cases:

https://www.reddit.com/r/iOSProgramming/comments/1l9m7jd/how...

mort96•52m ago
Wasn't there even a story some time ago about how some completely legit, legal, above-board app to virtualize old (pre OS X) versions of Mac OS got rejected by Apple's notarization process?
makeitdouble•41m ago
Yes. Probably this story ?

https://9to5mac.com/2024/06/19/iphone-pc-emulator-block-ille...

Earw0rm•1h ago
It's more akin to an enforced malware scanner, at least in principle, kind of mandatory VirusTotal with a stapled certificate.

In practice though they use it to turn the screws on various API compliance topics, and I'm not sure how effective it is realistically in terms of preventing malware exploits.

anang•2h ago
Just FYI, you don’t have to use a USB stick, you can also use HSM like azure key vault and sign using azure signtool.
nickf•1h ago
Azure Key Vault - even in the ‘premium’ HSM flavour can’t actually prove the HSM exists or is used, which doesn’t satisfy the requirements the CA has. In theory, it shouldn’t work - but some CAs choose to ignore the letter and the spirit of the rules. Even Azure’s $2400a month managed HSM isn’t acceptable, as they don’t run them in FIPS mode.
Xiol•2h ago
I struggled with a similar problem recently. You can use osslsigncode to sign Windows binaries from Linux. It is also possible, with some pissing about, to get everything to work hands off.

In the end we went with Digicert Keylocker to handle the signing, using their CLI tool which we can run on Linux. For our product we generate binaries on the fly when requested and then sign them, and it's all done automatically.

scosman•2h ago
Highly suggest trying Azure Trusted Signing on a CI system with windows boxes (I use Github). Windows signing was an expensive nightmare before, but is now relatively painless and down to $10/mo (which isn't cheap but is cheaper than the alternatives).
amaccuish•1h ago
Last time I checked it's still US/Canada only. Luckily I only needed code-signing for an internal app, so we just used our own PKI and pushed the certs over MDM.
fmajid•2h ago
You can see it in action. I have a M1 Ultra Mac Studio, an insanely powerful machine, and when building open source software, actual compilation flies but the autonomy step crawls because IIT has to build test binaries to test OS features and notarization slows that down dramatically.
scosman•2h ago
Notarization is completely optional when building any OSS software on a Mac, and not part of any default build process I know. A Mac can sign builds for running locally, a process which is fast, completely local, and does require building test binaries or anything like that. Even a Mac building for an iPhone in developer mode has a local cert it can use, and doesn't require notarization.

Notarization is only needed when distributing binaries to others. Personally I do it once a month for the Mac app I distribute.

kkfx•2h ago
Mandatory FLOSS and open hardware is SERIOUSLY the sole way we can evolve positively.
scosman•1h ago
Mandatory != free/libre
idle_zealot•12m ago
Free/libre refers to user freedom. Mandatory licensing would restrict developer freedom in favor of user freedom, a common feature of consumer protection laws.
donatj•13m ago
I stopped releasing binaries for a number of my tools because I didn't want to pay the $100 a year for the right to do so, and I got tired of explaining how to run them without signing.

The post I wrote to point people at anyway:

https://donatstudios.com/mac-terminal-run-unsigned-binaries