I’ve been indie for about four years now. I wouldn’t trade it for anything else, but it does come with its own kind of hell. The lack of security and the fear that everything could disappear overnight is always there. Some days feel euphoric, and some days everything feels dark.
At one point I even built a live sales dashboard[1] to keep my dopamine in check, but a year later I realized it was a mistake. It started shaping my motivation instead of supporting it.
I guess the main lesson is that the ups and downs are normal, and you get better at riding them over the years.
> the fear that everything could disappear overnight is
I feel the opposite. I was more fearful of losing my regular job because that could be taken away from me overnight at the whim of a bad manager. However it would take a lot longer for everything I've built up to crumble away.
Border radius has been one of the best things to happen to CSS. If you've done web development during the Internet Explorer 6 era, you'd know what I mean.
I am building LookAway[1] - an antidote to seductive screens. Many people have been facing issues like eye strain, digital fatigue, CVS, posture issues, and more due to prolonged screen use and I aim to solve it with this product. I believe managing screen time is as important as managing sleep (if not more).
They only check if your mic is on, not what you're saying (they can't hear you unless you've granted mic permission). They also look at your network traffic to see if audio is being sent (otherwise you can get a lot of false positives). Using mic + network data is a common way to spot meetings -- my app LookAway[0] does something similar to pause reminders during calls.
I thought you had to give explicit permission for an app to monitor network traffic in macOS? I'm assuming your app asks for this, but it sounds like Notion does not if the GP was surprised by the monitoring.
No, that’s the new "Local Network" prompt which started appearing since macOS 15.
Any app that opens a multicast/broadcast socket (mDNS, SSDP, WebRTC ICE, etc.) now has to ask. Electron apps (including Notion) do this by default, so you see this dialog.
> Feels like a bad default, it teaches user to ignore and say yes.
I believe that, broadly speaking, from all but the most scrupulous app developers' point of view, it is a good thing for users to blindly agree to permissions. This is obviously true if they are doing something nefarious, but even true if not, since every user who denies a permission to your app is a user who might be writing a nasty review about such-and-such an advertised feature that doesn't work. I hope very much that my OS will make it easy for me to behave in a security-conscious way—a hope that is almost always disappointed!—but I do not even bother to have such a hope for all but my most beloved apps, which are often beloved for exactly that reason.
"Hey, head's up, this doesn't work because you didn't give us permission to {...}, needed because {...}. [Fix this]" would not be the end of the world.
> "Hey, head's up, this doesn't work because you didn't give us permission to {...}, needed because {...}. [Fix this]" would not be the end of the world.
You don't need to convince me, as a software user, but the app developers! And it's hard to blame them. I'm a teacher, and I rail against students who won't read the plain instructions before working on an assignment, but I also see it in myself: when I'm rushing through what I have to do, to get to what I want to do, I can stare right at a block of text and simply not register crucial parts of it. So such a plain instruction seems straightforward, but you'd still get users somehow managing to click it out of the way and then saying it doesn't work, and even one such user is a user that you wouldn't have to deal with if you made the permission opt-out.
That's interesting. Although I wasn't able to find any confirming info that allowing the "locate local devices" permissions allows for network monitoring. It seems to only allow Bonjour and multicast DNS. Anyone know for sure what it allows?
This would certainly be news to me as well. Packet capture (even local) has historically required superuser perms, but I'm not up to speed on how MacOS permissions work in this regard since the launch of System/Network Extensions.
After writing the above, I've just reviewed [0] - as much as I could in 5 minutes - and as far as I can tell it confirms our understanding. To do packet filtering or interception or reading, you'd need to do [1].
Yeah, non-sandboxed apps can iterate over open file descriptors. It's quite useful to detect eg. which app on your local machine is connecting over TCP. I hope they don't lock it down. It doesn't allow intercepting traffic, but you can see what connects where.
I'm working on the next major update for LookAway. I'm improving the wellness reminders to be smarter - instead of nagging you on a timer, blink and posture alerts now only trigger when you actually need them.
Also adding productivity stats so you can see how taking proper breaks during prolonged screen time affects your work output.
reply