The real reason f.lux was pulled


    The f.lux Xcode project wasn't the source for f.lux for iPhone – it contained a pre-compiled app which would then be installed on your phone. The project didn't check that it was the right IPA, and so you could use it to side-load any precompiled software, even malicious software.

    There is a very simple fix for this: post the actual Xcode project for f.lux for iPhone. Take it open source. If you're not willing to do that for your free software, then you have no-one but yourselves to blame. There are many other free and open-source projects that provide the same functionality.

  • Open source has been discussed several times over the years. They have their reasons--most likely they don't want knock off programs to toake their code. They want to keep their code, and well, it seems it will stay that way.

    When I two person team invests in about (just for this ONE device, not including monitors, monitor accuracy, colorimeters, etc etc) $10,000+ for a spectrometer, I think they're serious about what they do. They have their own reasons, and I don't think they would put malicious code in the program because they would lose their license.

    I'd see it happening like this "Oh, rememeber when you all REALLY wanted f.lux on iOS and we forced the isssue and lost our license? Well we have an update but we can't push it to you. Sorry :(" So yeah.

  • I'd like to hear a statment from the f.lux dev-team on this issue:

    • Is there a security risk for third-party malware if one sideloads the app?
    • Are you planing to re-release in a apple-conform manner?
    • Can we support you or this process in any way?

    Thank you very much!!!

  • I'd just like to point out that there are only two people behind f.lux: Lorna and Mike. They are a husband and wife team, and they're doing the very best that they can. I anticipate that they will be able to figure this out. How quickly? I have no way to know.

    So, there is no one else working on f.lux. It's just Lorna and Mike.

  • Thanks for posting your thoughts everyone.

    There is absolutely no risk that we know of - but now that we aren't hosting it, the unverified file is all over torrents. There's a pinned post in this forum with the SHA-1 and MD5 of the official iflux.proj so it can be verified.

    We'd love to release it in an Apple friendly way. We have some thoughts on what to try next - we don't want to upset them at all which is why we pulled the files right away. We want them to love us a whole lot, enough to help us get into the app store. The open source question is interesting, but I'm not going to address that right now - lots of developers use f.lux and it's always been our goal to open up more as we go along, but as far as I'm concerned that's not the immediate issue. With f.lux, we want to create a beautiful product that feels good to use, gets the science right (and helps advance it whenever possible), and is available for every person who wants to use it.

    The support from everyone's emails and messages has been amazing. We don't intend to stop supporting iOS as long as we can find a good way to do so. It was incredible to see so many people download and use Xcode for the first time just to try it out. We're taking the weekend and maybe a little longer to think over the right next steps.

    If you haven't already let Apple know you'd like to use f.lux from the real app store, please let them know:

    thank you....

  • @lorna

    Thank you very much for your kind and detailed answer! I wish you and the project all the best!

  • Sounds to me that the answer is as simple as don't distribute it as a compiled binary. This isn't an Apple vs f.lux issue.

Log in to reply