I think the idea is wonderful, but a not-audited application that uses things like the camera is a “no go” for me.

Get it notorized and ask for some money! I will gladly pay it (and I hope others will do it as well).

Awesome concept: ergonomics and/or posture monitoring is a market opportunity for heavy users.

Notarization is mostly a glorified malware scan. There's no Apple engineer auditing what's being sent for notarization. Even clever malware can evade notarization scans and be distributed as a notarized binary, it has happened in the past [0]

There's no better way for auditing such an app than having the code easily available and looking through it, and compiling it yourself. Which is already the case here.

[0] https://thehackernews.com/2025/12/new-macsync-macos-stealer-...

Your link says that Apple revoked the certificate used to sign the malware by the time the story was published.

After a different company detected it, figured out what it did, and reported it to Apple. The app was notarized on November 17, screenshots in the researchers' post are from December 16. That's a month of fully notarized distribution.

It's literally a single .swift file. Ask your LLM to audit it.

Do you expect this programmer is in cahoots with Anthropic?

The opposite, actually: that the code tricks the LLM.

if you use code you can't trust to audit code you can't trust, you're not doing an audit at all

personally I do not implicitly trust Anthropic or any other company

ok but who will audit your compiler?

While I disagree with you, thank you for sharing your decision-making process: you're probably not the only one who thinks this way.

In general, would you pay for a notorised build of free software, if you had use for that software, even if an un-notorised build or the source code were available?

It depends: having it notarized is a way to show someone with a certain reputation of "Hey! This is my code, this is me, if something happens, you can kill the switch".

If notarisation requires you some kind of payment, I would be okay with you charging me some money, if I obviously find your code has a good value for me.

I read comments around here about "Well: you can compile it yourself" or "it's open source! You can check the code by yourself".

And, while all of those arguments are accurate and valid, the point is "I do not feel like it" or, a little reminder, "The Great Suspender" was an example of a beautiful open source little app to suspend tabs on Google Chrome that, one glorious day, switched hands and, suddenly, after some time, someone noticed the repository and the code from the add-in were different, and those changes were made with nefarious intent.

Luckily, somehow found out, but some people do not have the time or the will to be playing that game.

A piece of code that requires access to my camera, regardless of size (<1000 lines of code) or build, it's something I just don't put on my computer without thinking it twice.

Thank you for the tone: I hope I responded to your question :)

I seriously doubt that he actually would. And in that unlikely event he'd be in a miniscule minority. Not a good open source monetisation strategy.

You may be severely wrong: I like to pay and contribute to things I use, believe it or not.

I love to buy small apps from indie developers or donate some money to things I use and I love: when I was a student, of course, things were different.

Nowadays, luckily, I can contribute and I do it gladly.

Posturr is now notarized!

Are you serious? It's open source. And there's less than 1000 lines total. Get Codex or Claude to review it if you're paranoid.

Go easy on the guy. Mac users are so used to overpaying for trivial functionality.

The thing is that how do you know at the end of the day that the compiled binary hasn't been tampered with "extra code" besides what's in the repo?

I don't even think notarization gets rid of this problem neither, so the best you can do for this is compile it yourself. Maybe I'm wrong!

Compiling it yourself is the best/only thing you can do if you really want to know what code went into a binary.

What prevents you from compiling it if it is open-source?

That's what I do with every project delivered as docker image. I rebuild the app and the image.

That is literally what i am observing lately with my provider: i have 2 bars and yet i do not have internet, where as my gf, using the same iPhone model, with a different provider, having 2 bars, has perfect data connectivity.

For what i know, IBM R&D is truly a marvel in terms of Innovation, but one thing is “we managed to Create a process to make xyz” and another is, indeed, putting it together at scale.

5 nanometer was something they worked on, but it was TMCS the one who actually made it happen.

Perhaps this is a good chance to put to work some of that research using AMD Manufacturing.

Let’s see how it goes.

One of the arguments to be made about locking components and enabling rapid software lock-in in case of theft to, precisely, break the economical incentive.

On the other hand, the trade-off of repairability, "right to repair" and all the things those businesses and people like Rossmann have been fighting for get affected by the component lock-in.

There must be some kind of middle ground: my bet should be full customer sign-out could then enable the parts to be re-used (anything else should render the device and its components unusable).

Consider the plot and consider it is loosely based on real events.

Also: it’s a highly quoted movie on YouTube where copyright has not been strictly enforced.

Every part of it is a specific area of the business: the lay offs, the move forward after them, the analyst crunching the data, the gathering after his discovery, the communication, the meetings and the decision making.

All of it from the perspective of a financial institution, knowing what we know: I wonder what would have happened if that movie happened 15 years before the crash and the public perception of the content (probably dismissed as “too Hollywood”).

It's also a phenomenal movie.