Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Little Snitch wants to inform you about everything. Radio Silence obeys silently. I guess "better" is a matter of preference. I wanted to create the simplest possible solution I could imagine.

They both solve similar problems, but from different points of view. I'm personally not a big fan of programs that constantly pop up alert windows.



Any lean app is always good in my book, but if it doesn't detect which app is 'phoning-home' and letting me know... it ain't much better than Little Snitch that I'm currently using.

I'm just attracted to the smaller memory footprint I guess and the simple UI. :D


Perhaps you can add a list of default applications that many people want to silence, and offer to silence them automatically once the user runs them.


That is something worth considering, but it would go against one of the design goals: a firewall without a single alert dialog.


I wouldn't consider a one-time dialog box (growl, of course) to be that much of an issue. It might violate your design principle, but in the grand scheme of things, I don't think it would annoy the user.


Is Growl a part of OS X?


A default list of applications to silence on the first run wouldn't ruin your strapline. Which apps should be silenced on default, that's harder to figure out.


Somewhere upthread someone mentioned an adblock-style collaborative/hosted block list. Having it follow one (or more) RSS feeds would allow anyone to offer a list, and any user could choose whether to use it or not, without any additional effort for the dev.


Is there a kernel extension involved ? What about blocking process e.g. from the terminal etc.


Yes, there is a kext.

Currently, it doesn't block non-app-bundle processes. The main reason for the app's existence is to block nosy apps that discreetly contact their home servers. I can't think of many (or any) terminal apps that do the same thing.


Why does it require/involves kext? I'm genuinely curious, since I thought OS X comes with powerful ipfw. Is it some stripped down version?


The main reason is to reduce the amount of dependencies to zero. I didn't want to enter the nightmare vortex of several applications managing a single firewall implementation.

Also, as I've lately been an embedded software guy, I saw no harm or fear in a little kernel code.


Is it possible to use ipfw / pf to control outbound traffic based on the process that is initiating the connection? I skimmed the man pages but didn't see anything that looked promising.


In addition to ipfw, Lion includes pf (off by default though, you need to modify a launchd plist to enable it).


Aren't kexts the main reason for upgrade issues between OSX versions?


Perhaps, but I'd say that it varies a lot. The kext here is more compatible with old versions than the UI.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: