←back to thread

770 points ananddtyagi | 2 comments | | HN request time: 0.418s | source
Show context
lxgr ◴[] No.44485515[source]
Very nice! Could this be published in the App Store, or does it use any APIs Apple considers off-limits?

I'm regularly frustrated by modern phone's complete inabilities to allow any communication when outside of mobile network or Wi-Fi coverage, not even within the two large walled gardens.

It would be so easy for Apple to extend iMessage to work peer-to-peer, at least between people that have already messaged each other before and while both screens are on. That's literally how AirDrop works, and having to send a "Notes" text back and forth is just silly.

replies(3): >>44485812 #>>44486152 #>>44488069 #
dzhiurgis ◴[] No.44485812[source]
I'd much rather Apple allow running something like this (open source) myself rather than use their "just trust me bro" store.
replies(2): >>44485848 #>>44485918 #
OsrsNeedsf2P ◴[] No.44485918[source]
I've never understood this argument. Apple spends billions of dollars vetting their store for high quality apps. You can't even verify the build you get off Github was compiled from the same posted source.

As much as people want to be "leet" and run 3rd party software, it's inherently insecure and that's why Apple shuts it down.

replies(6): >>44486044 #>>44486062 #>>44486065 #>>44486329 #>>44486547 #>>44487482 #
1. __MatrixMan__ ◴[] No.44486329[source]
> You can't even verify the build you get off Github was compiled from the same posted source

Sure you can: build it and check the hash. If the maintainer prepared for such a check ahead of time it can be as simple as:

    wget https://github.com/owner/foo-project/releases/download/.../foo
    sha256sum foo                       # make note of this 
    nix build github:owner/foo-project
    sha256sum result/bin/foo            # it should match this
A pinky promise from a corporation can never be more trustworthy than something that we can all verify locally.

Of course there's still the should-you-trust-this-code part of the problem, but at least bad guys in that case must operate in public view, which is--once again--a stronger deterrent to shenanigans than anything that happens behind closed doors at Apple.

replies(1): >>44491734 #
2. Tokumei-no-hito ◴[] No.44491734[source]
OP was referring to apps downloaded from the app store.

you can't get a build hash from a downloaded app to then compare to a source build.