Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
xfactorial 6 hours ago

I think the idea is wonderful, but a not-audited application that uses things like the camera is a “no go” for me.

Get it notorized and ask for some money! I will gladly pay it (and I hope others will do it as well).

Awesome concept: ergonomics and/or posture monitoring is a market opportunity for heavy users.

alin23 6 hours ago | parent | next [-]

Notarization is mostly a glorified malware scan. There's no Apple engineer auditing what's being sent for notarization. Even clever malware can evade notarization scans and be distributed as a notarized binary, it has happened in the past [0]

There's no better way for auditing such an app than having the code easily available and looking through it, and compiling it yourself. Which is already the case here.

[0] https://thehackernews.com/2025/12/new-macsync-macos-stealer-...

burnerthrow008 6 hours ago | parent [-]

Your link says that Apple revoked the certificate used to sign the malware by the time the story was published.

xpasky 6 hours ago | parent | prev | next [-]

It's literally a single .swift file. Ask your LLM to audit it.

micromacrofoot 6 hours ago | parent [-]

then I need to get someone to audit the LLM, which is considerably more difficult

StilesCrisis 6 hours ago | parent [-]

Do you expect this programmer is in cahoots with Anthropic?

saagarjha 5 hours ago | parent [-]

The opposite, actually: that the code tricks the LLM.

tjohnell 2 hours ago | parent | prev | next [-]

Posturr is now notarized!

wizzwizz4 6 hours ago | parent | prev | next [-]

While I disagree with you, thank you for sharing your decision-making process: you're probably not the only one who thinks this way.

In general, would you pay for a notorised build of free software, if you had use for that software, even if an un-notorised build or the source code were available?

IshKebab 6 hours ago | parent [-]

I seriously doubt that he actually would. And in that unlikely event he'd be in a miniscule minority. Not a good open source monetisation strategy.

tananaev 6 hours ago | parent | prev [-]

Are you serious? It's open source. And there's less than 1000 lines total. Get Codex or Claude to review it if you're paranoid.

Alejandro9R 6 hours ago | parent | next [-]

The thing is that how do you know at the end of the day that the compiled binary hasn't been tampered with "extra code" besides what's in the repo?

I don't even think notarization gets rid of this problem neither, so the best you can do for this is compile it yourself. Maybe I'm wrong!

alexford1987 6 hours ago | parent | next [-]

Compiling it yourself is the best/only thing you can do if you really want to know what code went into a binary.

prmoustache 5 hours ago | parent | prev | next [-]

What prevents you from compiling it if it is open-source?

That's what I do with every project delivered as docker image. I rebuild the app and the image.

5 hours ago | parent | prev | next [-]
[deleted]
5 hours ago | parent | prev [-]
[deleted]
encom 6 hours ago | parent | prev [-]

Go easy on the guy. Mac users are so used to overpaying for trivial functionality.