←back to thread

Bitchat – A decentralized messaging app that works over Bluetooth mesh networks

(github.com)
770 points ananddtyagi | 2 comments | 07 Jul 25 00:05 UTC | HN request time: 0.418s | source
Show context
lxgr ◴[07 Jul 25 00:34 UTC] No.44485515[source]
Very nice! Could this be published in the App Store, or does it use any APIs Apple considers off-limits?

I'm regularly frustrated by modern phone's complete inabilities to allow any communication when outside of mobile network or Wi-Fi coverage, not even within the two large walled gardens.

It would be so easy for Apple to extend iMessage to work peer-to-peer, at least between people that have already messaged each other before and while both screens are on. That's literally how AirDrop works, and having to send a "Notes" text back and forth is just silly.

replies(3): >>44485812 #>>44486152 #>>44488069 #
dzhiurgis ◴[07 Jul 25 01:26 UTC] No.44485812[source]
I'd much rather Apple allow running something like this (open source) myself rather than use their "just trust me bro" store.
replies(2): >>44485848 #>>44485918 #
OsrsNeedsf2P ◴[07 Jul 25 01:44 UTC] No.44485918[source]
I've never understood this argument. Apple spends billions of dollars vetting their store for high quality apps. You can't even verify the build you get off Github was compiled from the same posted source.

As much as people want to be "leet" and run 3rd party software, it's inherently insecure and that's why Apple shuts it down.

replies(6): >>44486044 #>>44486062 #>>44486065 #>>44486329 #>>44486547 #>>44487482 #
1. __MatrixMan__ ◴[07 Jul 25 02:58 UTC] No.44486329[source]
> You can't even verify the build you get off Github was compiled from the same posted source

Sure you can: build it and check the hash. If the maintainer prepared for such a check ahead of time it can be as simple as:

    wget https://github.com/owner/foo-project/releases/download/.../foo
    sha256sum foo                       # make note of this 
    nix build github:owner/foo-project
    sha256sum result/bin/foo            # it should match this
A pinky promise from a corporation can never be more trustworthy than something that we can all verify locally.

Of course there's still the should-you-trust-this-code part of the problem, but at least bad guys in that case must operate in public view, which is--once again--a stronger deterrent to shenanigans than anything that happens behind closed doors at Apple.

replies(1): >>44491734 #
2. Tokumei-no-hito ◴[07 Jul 25 16:03 UTC] No.44491734[source]
OP was referring to apps downloaded from the app store.

you can't get a build hash from a downloaded app to then compare to a source build.