47MB for the UI & boilerplate around the business logic.
I get that this may be the easiest way to develop and publish an application today, but it's sad that this is the direction we have taken in recent years.
aeonik
Modern app bloat in one analogy:
Business logic size: ~20 bytes
Total app size: ~47 MB = 47,000,000 bytes
Bloat factor: 47,000,000 / 20 = 2,350,000
Let’s scale this up and say the business logic is 1 pound.
Then the whole app would weigh:
1 lb × 2,350,000 = 2,350,000 pounds
What weighs ~2.35 million pounds?
- A fully loaded Boeing 747-8: ~987,000 lbs
- Another fully loaded 747-8: ~987,000 lbs
- A blue whale: ~330,000 lbs
TOTAL: ~2,304,000 lbs
The business logic is like shipping a 1 lb object (a book, a flash drive, whatever) by loading it into two fully loaded 747s and strapping a blue whale on top.
Just to run 20 bytes of logic.
WD-42
This is a cool visualization, thanks.
aquafox
On a related note: Transporting a human in a car is (in relation to weight and size) like using a standard shopping cart to transport two 1L bottles of water. So the next time you walk through a pedestrian area, imagine everyone carrying a bag would use a shopping cart instead. That would be a huge traffic jam -- exactly like what you see on the road!
And to top it off, the dual flights and whale would need complex orchestration too!
We just call it Kubernetes…
anon7000
Well, if you COULD ship something across the world on a private 747 with extra features to protect your cargo, and it has nearly no environmental downside and has no meaningful downside vs a smaller airplane… you’d probably do it! There’s no incentive in software to get a smaller, more efficient plane, and plenty of incentive to use the big thing for free that has all the extra features
GTP
> it has nearly no environmental downside and has no meaningful downside
I think this is not the case. E.g., we replace our computers every few years, but not because the new ones can do things that you can't do with your current computer. It's because the software you use to do the same things keeps getting more resource-hungry.
People usually think that but when it comes to attack surface, change management, upgrade issues, etc —- the extra stuff isn’t entirely free…
Upgrades shouldn’t ever break things, bugs and vulnerabilities never exist, and Rube-Goldberg machines should work 100% reliably day in and day out.
Unfortunately reality doesn’t work that way…
al_borland
Even Rube Goldberg sometimes included a simple alternative at the end of his machines. If the opossum or woodpecker get sick, there is a knife handy to sharpen the pencil.
> Well, if you COULD ship something across the world on a private 747 with extra features to protect your cargo
Qatar might even give you a plane!
numpad0
This has to be Soviet Shoe Factory Principle in action, not just ignored negative externalities. Everyone relies on shipping more code for their employment, rather than more values, which incentivizes that behavior.
I think you're conflating "no incentive" (which might be true) with "no downsides" (which is not).
m3047
Very nice. Maybe that should be submitted to The Register for their units of measurement menagerie.
shepherdjerred
How many 747's can the average person fit on the 128GB+ smartphone in their pocket?
rajnathani
The commenter messed up on mentioning that a flash drive can be 1 pound, this would be more so the weight of a hard drive.
foxglacier
Human time is money in software, more analogous to mass in physical goods. So you should calculate the time savings for all the people using the app vs entering the code themselves.
Mass is a nonsense analogy that doesn't reveal anything useful.
tucnak
The proposition that Electron apps are somehow "saving time" is preposterous!
Of course, the real cost-saving is in labour—web development presents a radically lower barrier to entry compared to even non-native, cross-platform UI/UX platforms such as Qt, or Flutter, or what-have-you, let alone simply managing multiple native applications.
So this is not a bill-of-materials kind of analogy, it's a statement about talent.
Web leaders have grown complacent; at times, it seems they don't take things seriously. I mean, just take a look at something like SvelteKit. I'm not a web developer, however I happen to like Svelte a lot, but also despise SvelteKit equally as much.
While I appreciate criticizing bloat (why are we packing Chromium in every app again?), I would like to warn against watching every "pound". Images, for example, "weigh" a lot more than code but that doesn't mean they don't serve a purpose and add value.
That being said, the fact that quick maths can give you a 6 orders of magnitude difference between functional code and the package is probably reason for concern.
BestHackerOnHN
OMG you win HackerNews today with this comment! Super HackerNews!!!
bognition
This is an absurd way to think of this. Following this same train of thoughts for humans:
The business logic for humans is a single reproductive cell.
A single sperm weighs 2.3 x 10^-11 grams. If the average male weighs 75kg the. The bloat ratio for a human male is 3.2x10^15
Getting back to the app there is huge value in not needing to run the command yourself. Sure it’s wrapped in a UI that comes with “bloat” but honestly who cares. When was the last time someone needed to worry about hard drive space, when it comes to a 40mb file.
m11a
Well, the apps often come bundled with a bunch of other stuff. Automatic updates, background workers, telemetry …
All of which sucks up your compute resources and battery. Repeat for every such little utility app you have on your Mac. Some may implement that random stuff inefficiently (eg very frequent telemetry), which sucks even more. Some of it may even be wrong, vibe coded, or copy pasted.
Personally, puts me off installing random utility apps, even if the single utility would be useful.
Dylan16807
In the human analogy, the human has to be the entire computer too. It's all functional, not much bloat. For the app, the computer is external. It really is bloat.
dbalatero
To be fair, the author didn't make this to impress people with byte optimizations, they probably just wanted to publish an app quickly that is useful, and was familiar enough with Electron or JS to do so.
righthand
It’s not the easiest way just the most evangelized. A Qt app even would be a few lines of code, but we’ve done a good job scaring people that learning other languages is bad because we can’t ship features fast enough with non-evangelized frameworks.
anthk
Even TCL/TK would be smaller.
righthand
Every framework under the sun gives you a `main()` func to call your program code. But if all you’ve ever used is blogs telling you how to hack together an electron app, you’d probably assume electron was the gold standard for simplicity sake but in reality is the gold standard for Google’s sake (and whatever marketing company’s).
PaulHoule
Yuck! Funny though I wrote a program for making red-cyan anaglyph stereograms using TkInter/Python. Stereograms work best when you can put important objects at the plane of the paper/screen and this is done by sliding the left and right images relative to each other.
Tk has no color management, unlike newer frameworks, which was good in this case because I asked for (255,0,0) and got (255,0,0). When I exported to JPEG and views on a web browser though I got something like (186, 16, 16) because on my wide gamut monitor the native primaries are more saturated than sRGB primaries so some white gets blended in to make them less saturated. Turns out in Windows, screenshots are in the color space of your monitor! It’s something you’d never notice unless you made stereograms because that little bit of green and blue goes to the wrong eye.
ryandrake
I so strongly wish more developers gave even a single shit about this. The current state of desktop app development is truly an embarrassment.
LauraMedia
There is a deeper problem in this: The DX for native applications is too annoying, undocumented or hard for most people.
I tried to build some of my tools without Electron, it's always a battle of multiple documentations for multiple systems and creating a bespoke system or having to deal with UI documentations that are glorified API references without examples.
The last few tools I built used PhotinoNET, which gave me an electron-esque framework but not bundling it's own chromium, instead using the browser already on the system. And even that required a complicated build script so I can just export a simple flatpak, exe and dmg...
malnourish
Who is embarrassed? What are the realized harms?
PaulHoule
Microsoft seems to have given up on guidance for how to write desktop apps, Windows 8 had that Metro thing that got rejected by the world. I guess you could use Win32, WinForms, WPF or something else. The incoherence is second only to the Linux world, I remember how developers were crazy about theming in Win32 in the ‘95 age so something like Back Orifice or the app for your scanner looks atrocious. WPF added really great support for theming but at the point everybody was burned out in theming so it hardly ever got used.
I keep thinking that this could be solved by just building Electron into the OS as a shared framework so we don't have to have a separate copy for every app, but the more I dig into it, the more I realize I'm just reinventing the web browser.
thisislife2
There is something called the "WebView" in all the major platforms. The idea is that it allows you to use the browser engine only for creating the UI. But people complain its not "enough" because it is not the same on all the platform (it is if you use it just for UI), restricts access to some browser APIs (ignoring the fact that the OS often offers the same, even and more APIs) and Javascript (a crappy language for creating software applications).
You are describing PWAs, but they'll never have the same API access & permissions as a native app.
mistercow
Yeah, and I think it’s worth asking why there. Why do we not just have a standard for PWAs with privileged OS access?
There are two obvious answers. The first is portability. And sure, but Electron provides an answer here, so why can’t we provide one with PWAs? We could even have OSes define this interface for different browsers to target in a standardized way. Yes, you need platform specific code, but that’s often the situation with Electron too.
The other answer is security. But how is Electron / any other installed app any better? Because we require more explicit consent before installing a “real” app than for installing a PWA? OK so, just let’s just do that for PWAs too.
lxgr
Wow, they optimized the minimal Electron app down to 47 MB?
runlaszlorun
Sadly this was also my reaction.
kzrdude
And notice the other abstraction too.
This is not 'an app to change MAC address' but an app to 'overcome WiFi time limits'.
PaulHoule
A few years back I did an eval of ways to make cross platform apps, specifically to escape Electron, and came to the conclusion that ‘they all suck’ except maybe JavaFX.
Thing is, most x-platform frameworks still require a big download. Java and Python runtimes are in the same ballpark as Electron.
thwarted
Those who don't learn /usr/bin are destined to reinvent it, poorly.
tomrod
What does this mean? I've always understood /usr/bin to be the storage dump for system binaries. Do you see or use it another way?
GTP
They likely mean that you already have in there all what is needed to change your laptop WiFi card's MAC address, without needing an additional application.
ncr100
Cough, AI Training Models, Cough
There's great power in abstraction. Disagree?
Your point is that an operating system, and its shell, all running on a machine, and a collection of apps, are somehow smaller than a wrapper application.
I'm curious the amount of bytes the entire stack, minus the chrome which is the complaint I believe, how many bytes that is. I would say probably a gig.
unixhero
Yes but you need a space station OS (Unix) to enjoy the terseness of 47-200 bytes of business logic.
ps: I love both space stations and Unix
amlib
The solution to this problem requires you to interact with the OS, so a solution that requires tools found in the OS itself isn't a bad one. Its so simple you can have a script triggered by a desktop shortcut and be done with it.
That all said, a simple GUI API provided by the OS for simple programs like this would be nice, just to give the user better feedback on the process. Is it done? Is it doing anything? Did it run correctly? Etc.. Zenity on linux kinda does that but is not guaranteed to be installed...
kjkjadksj
Why do you need that in gui when you already have it in cli through pid?
yjftsjthsd-h
I guess, but the OS is a fixed cost that you already have
sli
It just seems to me like far less work to just write a real binary that execs this static command than it does to setup a whole Electron project.
runlaszlorun
And sadly my reaction to 47MB these days is "hey not bad" given that I see 6 or 700 MB apps not doing much .
CommenterPerson
Are they doing something additional with the 47MB - 200 bytes? Like selling you to the brokers?
WJW
Not even. It's just overhead.
rafram
Why does a Mac-only app that shows a menu bar icon and a notification popup need to be Electron…? That’s 30 lines of Swift, max.
ajsnigrutin
1) the dev only had a hammer and he nailed the screw in
2) the dev has 64gigs of ram and a newest CPU and doesn't care about performance issues for people on older computers... that's why you need gigs of ram just to read a weather report online.
jeroenhd
If you don't know Swift, but do know Electron, it's easier to do it in 30 lines of Javascript.
People who don't like the developers work can always write and publish their own application, of course.
whatevaa
It's hard work writing free stuff for others, much easier to criticise stuff instead of getting your hands dirty.
pwdisswordfishz
It's hard work learning programming tools and optimizing, much easier to use a one-size-fits all framework that wastes the end-user's resources.
I just asked ChatGPT to write a Swift program to renew MAC addresses with a menu bar icon and it had no problem with it. Just over 50 lines.
k4rli
Looks like ai-generated bloat. It even has deps for deb+rpm builds yet is mac only.
Honestly would not expect anything more from js devs who use macs/windows. I see this so often.
eddd-ddde
Those deps are just electron's boilerplate. If you create any new electron app from a starter that's likely what you get.
JimDabell
I’ve asked AI to build macOS menu bar apps and it’s generated perfectly reasonable Swift, nothing like this.
SR2Z
If you want a frontend for you app, you probably just use Electron and get it over with in a few minutes instead of digging through the docs for Qt or some other framework.
Is it worth it? Probably not, since this is a single-platform app to start with, but JS+HTML are easy to theme and customize, and Qt is... not quite as simple.
rafram
Where did you get Qt from? This is, again, a Mac-only app that doesn’t even have any windows. It’s just a menu bar icon and a notification. That’s incredibly simple to build with plain old Cocoa and Swift.
anthk
Or AppleScript maybe.
nsonha
Did you forget XCode? How many GBs is it these days?
righthand
No one has to dig through electron docs though right? There is nothing simple about an electron app regardless how little logic you personally programmed on top of it.
juancroldan
Now that you can build such an app with AI in under 20 minutes with a manageable codebase you can properly understand and control, I don't think that's a good excuse anymore
whatevaa
If you don't know the language, how can you properly understand and control it?
therein
In 2025 you unfortunately just vibe with the code nowadays.
paxys
> with a manageable codebase you can properly understand and control
Yeah, that definitely describes every AI codebase I have seen..
outofpaper
People forget to think about Swift let alone tools like Platypus.
encom
Because that's all anyone knows, and PC development is dead.
>content-length: 47262814
Sigh...
thisislife2
It doesn't need to be - on macOS, it could even just as well have been a simple Xbar Plug-In! ( https://xbarapp.com/ ).
rafram
Or Alfred script, Raycast plugin, Shortcuts shortcut, shell alias, and the list goes on. There are a lot of decent options; "50+ MB Electron app" is, in my opinion, not one.
palata
Electron is an overkill way to not have to learn how to do stuff properly, if you ask me. And people love not to learn.
WJW
Send in a PR then?
ipaddr
A pr that deletes the repo and bans the person from github?
Is ActionScript still a thing on Macs? I feel like that tech was almost criminally overlooked while being the backbone for a lot of processing pipelines back in the day.
rafram
It (AppleScript) is, and you can actually write JS instead these days, with a criminally underdocumented Objective-C bridge (JXA).
al_borland
I was preparing for the death of AppleScript and was shocked when I stumbled around their addition of JS a few years back. I thought that would have been big enough news to hit my radar when it happened, or that Apple would have made a big deal about it at WWDC. Of course, that would require them to fully support AppleScript in their newer apps, while instead they seem to really only care about Shortcuts, since that’s easier to sell on mobile, I assume.
latexr
> with a criminally underdocumented Objective-C bridge
The documentation is the Objective-C docs, I use those all the time. You do need to understand the basics of how to translate from the Objective-C APIs to what JXA (or AppleScript) expects, but once it clicks you can do it for essentially anything with the same logic.
gopher_space
Ahh thanks! Went down a brief rabbit hole with JXA and had forgotten how opaque Apple is when you're developing for them.
mattl
You mean AppleScript?
WJW(dead)
[flagged]
CamperBob2
I mean, these days, you ask an LLM and it spits out code that will, for something this simple, probably work the first time.
This will generate a multicast MAC 50% of the time, which will usually work, but can theoretically cause problems if there's a multicast-aware Ethernet bridge in your path. Ideally, the LSB of the first octet should be fixed to 0 to indicate a unicast address.
alias randommac='sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport en0 -z && sudo ifconfig en0 ether $(openssl rand -hex 6 | sed "s/../&:/g; s/:$//")'
commandersaki
So I tried this out on macOS 26 and the `airport` command is no longer there.
There is a `airportd.sb` file, which appears to be some permissions based thing in s-expression/LISP. Weird.
Edit: Spun up a macOS 15 VM and I got this:
WARNING: The airport command line tool is deprecated and will be removed in a future release.For diagnosing Wi-Fi related issues, use the Wireless Diagnostics app or wdutil command line tool.
I guess they weren't kidding.
bc569a80a344f9c
Looking around briefly, you can replace it with this:
`networksetup -setairportpower en0 on && [... set MAC ...] && networksetup -setairportpower en0 off`
I think it's pretty safe to assume that modern Macs will always have en0 as the WiFi adapter, but if you wanted, you could use `networksetup -listnetworkserviceorder` to find the associated device.
JonathonW
Modern Macs do not always have en0 as the WiFi adapter (it's en1 on current iMacs and on the Mac Studio; en0 is the ethernet jack).
But you're unlikely to be taking one of the machines that has built-in ethernet to the airport or coffeeshop.
bc569a80a344f9c
Duh, also true on my Mac Mini. But yeah, “modern Mac laptops” probably makes the statement correct enough and still describes the entire set of targets.
commandersaki
So this doesn't work if your wifi nic is associated with an SSID. `airport -z` disassociates the SSID.
Can't seem to find a CLI command to do the same in macOS 26, but I haven't looked too hard either.
I feel like using Electron for such a little thing is way overkill. The newer laptops are very powerful so I don't think anyone would have any performance issues, but on older macbooks, having too many little Electron apps running in the background makes the fan go brrrrrrrr
virtualritz
And you could ask an LLM to whip up the Swift code or whatever to wrap this line into a Dock app etc., if you want that convenience.
hk1337
What exactly is that doing? Is there some backend limitation for WiFi interfaces that making it think it’s Ethernet is faster?
sodality2
It just resets the MAC address, making the router believe it's a new device, thus not subject to the "x minute" free WiFi.
dizhn
That won't circumvent the sms code requirement most free wifi services use.
I think they are extremely rare, and I would rather just use my mobile data instead of giving them my phone number.
Definitely does not happen on "free trials" on in-flight Wi-Fi for obvious reasons.
dizhn
A now deleted comment reminded me that this is mostly for in-flight wifi where it makes much more sense. Mostly no SMS there either.
rixed
Or the voucher obtained by scanning your boarding pass in some airports.
chipsrafferty
I've never seen "x minute free wifi". What countries is that common in?
sodality2
I’ve seen it at a few places in the US, typically somewhere they have a paid unlimited/fast plan but a free tier for a limited time to be able to say they offer “free wifi”. So places it costs money to offer wifi. Maybe a flight, cruise, etc
nine_k
Fine, Electron is a complete overkill for that.
What would you use instead to build a macOS GUI program with comparable ease? SwiftUI? Python + Tk (using the ancient system Python)? Something like Red?
cozzyd
the hilarious thing is it shells out for the random mac...
101008
Wow. Don't you need to pay a Apple license as well to distribute apps in Macs?
tengwar2
Not for Mac. MacOS is an open garden: there is an app store; or you can install signed apps (requires Apple cooperation); or you can install unsigned applications. MacOS gives you a nudge to the app store (which has genuine advantages) and a much stronger nudge away from unsigned non-app-store apps, but it is still an open garden. iOS is closed garden, which makes some sense for the security guarantees it can give for financial applications.
MattSayar
The best part is right after the money line: 'Please check ' + issues_url + ' for help.' where issues_url is a github.com link. How are you going to check GitHub if you can't connect to WiFi in the first place?
preciousoo
Is this possible on mobile (read iPhone) devices without root?
scarface_74
Settings -> WiFi -> choose your WiFi network -> private WiFi address -> set to “rotating”
It will change every time you disconnect/connect
ammar2
Glad this feature is built into most modern operating systems these days.
For MacOS (Sequoia+) you can just forget the network and reconnect to get a new MAC address [1].
Android's documentation for if it decides to generate a new address per connection is a little vague [2], but I'm guessing forgetting and reconnecting works as well, you may also need to flip the "Wi-Fi non-persistent MAC randomization" bit in developer settings.
On Windows, flipping the "Random hardware address" switch seems to cause it to generate a new seed/address for me.
Per [1], this only works once per 24 hours on new iOS/macOS versions, and only once per two weeks on older ones though.
km3r
Yeah I had to flip the developer setting toggle, but worked flawlessly for my flight (American Airlines has a watch an ad for 20 minutes of free internet that only works once per MAC)
fendale
Are you saying that on IOS 18 if you enable developer mode then each time you forgot the network it gets a new Mac? But without developer mode it does not get a new Mac each time you forget it? The Apple docs linked elsewhere in this thread suggest it only gets a new Mac once per 24 hours when you forget the network normally. I’m going on a long boat trip in the next week where this trick might work for me if so!
userbinator
I have a generic Android phone from many years ago where the manufacturer didn't even bother to program the WiFi NVRAM, so every time you load and unload the driver, you get a new randomly generated MAC address. Interesting that that has become a feature these days.
bapak
I think the rotating address is limited to 3, right? The script here generates one at random.
purplehat_
Here's an equivalent little script for Debian Linux (but should work on most distros), based on classhasclass's comment:
NEW_MAC=$(printf '02:%02x:%02x:%02x:%02x:%02x\n' $((RANDOM%256)) $((RANDOM%256)) $((RANDOM%256)) $((RANDOM%256)) $((RANDOM%256)))
sudo ip link set wlan0 down
sudo ip link set wlan0 address "$NEW_MAC"
sudo ip link set wlan0 up
You should replace `wlan0` with whatever you see in `ip link show` for your wireless interface, for me it is `wlp0s20f3`. I replaced the `openssl rand` command because it was generating some invalid MACs; this is hopefully only valid ones.
righthand
KDE Plasma has a “Random” button next to the MAC address field in the Network Manager UI. I’m on Debian Testing so not sure when it was added.
vachina
I used to strap 20 virtual eths to my Linux box because my dorm gave only like 512kbps per account, and then aggregated the 20 interfaces.
xrisk
How was the auth done? And for that matter what logic did the traffic shaping use?
vachina
Auth is username/password over captive portal. You could pay for more bandwidth. The system was so pwned I ended up giving myself unlimited bandwidth.
^ seems like the way to go. open source and more features.
mannyv
If you really want to screw with these set your MAC address to 00:00:00:00:00:00
It’s an illegal address, but most equipment will take it because test devices occasionally come from the factory with that MAC. But higher level stuff might barf on it because it’s technically illegal.
totetsu
I tired this once and it bypassed the captive portal and time limits entirely
edit: but this worked on my external NIC! Network wasn't happy though and DHCP didn't work. Ubiquiti had a funny note about this MAC: "Officially Xerox, but 0:0:0:0:0:0 is more common"
mannyv
If you stash the IP/netmask/router IP you might be able to get it to work by setting a static IP on the connection with a 0 MAC address.
As always, ymmv.
On some equipment this may cause a broadcast storm, depending on how they implement things. Cisco equipment with some configs will send a packet to all the ports if it receives a packet and can't figure out where it's supposed to go.
kazinator
This has been an option in Android network settings forever: randomize your MAC. I think it's enabled by default now?
It's a basic privacy feature; you can be fingerprinted by your device's MAC.
jck
Yep. Android does this by default, but each ssid gets a randomized MAC which persists. It is still straightforward to trigger a MAC change manually tho. It is useful for privacy but imo useless for the public wifi limits use case since they almost always require an OTP via SMS to log in.
rahimnathwani
For devices running Android 11 or higher, users can enable non-persistent MAC randomization globally for all Wi-Fi networks (that have MAC randomization enabled) through the developer options screen. The option to enable non-persistent MAC randomization for all profiles is found at Settings > Developer Options > Wi-Fi non-persistent MAC randomization.
matsemann
Could you describe how? Quick searching doesn't show it to be "straightforward" as far as I can find.
tengwar2
OTP via SMS: depends on the country. These days it's not very common in the UK. They often ask for an email address, but my experience is that most of the time they don't check it for validity.
hhh
you have both options in ios/macos, fixed random mac per ssid, and rotating
NoahZuniga
No, this setting randomizes your MAC address between networks, but you keep the same MAC for a specific network. So if you want the network to think you're a new user, you'll need to change this specific network MAC address, and this isn't a setting enabled by default (and oftentimes is not even a setting)
khimaros
GrapheneOS has per-connection (as an alternative to per-network) randomization which is enabled by default
rahimnathwani
Android 11 or later allows the choice in Developer Options.
netsharc
It's also in the Apple devices, you just have to "forget network" and reconnect for the device to tell the network of its new fake MAC address.
alt227
How does that work with MAC address conflicts and clashes? I naively thought every MAC address had to be unique.
BobbyTables2
They must be unique in a LAN segment. And only the lower 3 bytes in a MAC are “unique” as the upper 3 are the vendor ID and relatively fixed.
In practice people put fewer than 256 devices on networks (class C), so they have less than 1/65536 possibility of complete failure. And far less because they have a mix of OUIs.
But yeah, if you put a few hundred or thousand security cameras or other device from a single vendor, all on the same network, conflicts are certainly possible.
MAC conflicts are also a bit nasty to troubleshoot, and less obvious than IP conflicts.
kazinator
If your configuration doesn't randomize the MAC, that doesn't guarantee you won't be involved in a conflict. It only guarantees that it will go more badly for you, since you will be waiting on the other device to change their MAC before you get working networking. Whereas if yours is randomized, you will probably be okay after one reconnect.
MAC randomization does not have to constrain itself to the lower three bytes; you can randomize the OUI too.
What does Android MAC randomization do with the OUI?
According to this possible hallucination from Google Gemini 2.5 Flash, the OUI is partially randomized too:
- Locally Administered Bit (U/L bit): This bit (the 2nd LSB of the first octet) is forced to '1'.
- Unicast/Multicast Bit (I/G bit): The least significant bit (LSB) of the first octet is usually set to '0' to indicate a unicast address.
- Remaining OUI bits (and the entire lower three bytes): All the other bits in the MAC address, including the remaining bits of the first octet, the entire second and third octets (which are part of the OUI), and the entire last three octets, are randomized.
Me again:
So if two bits are fixed, everyone in the randomized space is randomizing 46 bits, which contains 7.03E+13 addresses.
Practically speaking, it seems that the only way you will ever see a clash arising from the above randomization strategy is if two devices are using the same very poorly seeded PRNG.
diggan
There are like 50 trillion possible addresses, unlikely to clash in one network :)
josh_carterPDX
This reminded me of an old app that would scan the MAC addresses of devices already connected to a paid WiFi network. You would then just change your MAC to one that already paid for the WiFi, and then reset it once you were done.
WJW
Wouldn't that lead to interference with the original device using that MAC address? Ie both of you getting packets meant for the other etc?
rafram
Yes. It’s a bad (maybe even illegal?) thing to do. The victim device will start losing packets, and it’ll look to them like the network is just unreliable. Eventually they give up and disconnect, and you take full control.
bongodongobob
Yeah. I think any network with STP/anti-flapping enabled will shut that down pretty quickly though.
bibelo
tried that in a hotel in Paris and it worked
glerk
Alternatively, disconnect from the wifi, use this command and reconnect:
sudo ifconfig en0 ether 02:11:22:33:44:55
Just ran into this on icelandair.
pcl
That’ll buy you one new turn of the crank; you’ll need to change numbers once every expiration period.
glerk
Pretty sure the electron app has the same limitation (popover notification says “join the network again for free wifi”, besides you wouldn’t be able to change the mac address if the network interface were actively in use)
netik
The trivial defense against this is time limited passwords for Wifi access. Deny all access until a valid password is entered, only permit that password and MAC address pair for n minutes.
Buy a coffee, get a new password, etc.
reaperducer
So "trivial" that this is how it was done years ago, but then coffee shops gave up on it because it turned it not to be so trivial after all.
Their employees' time is more effectively spent making coffee than repeatedly providing low-level tech support for random password problems.
pimlottc
On a technical level it’s trivial, but you’re taking about having a shop replace their wifi router and/or update firmware, create some way for staff to see the current password and/or integrate with POS systems to print it on the receipt, update signage, etc. Hardly trivial for the average non-techie business owner.
cactusplant7374
Doesn't Mac already have this with rotating MAC addresses? I also ran into an access point that detected this and required me to turn it off to continue.
myself248
I wonder how it detected it. Perhaps the randomly-generated ones are mostly in invalid/unassigned MAC space?
jasongill
There is a "local bit" in MAC addresses per RFC 7042, so MAC addresses that have their second character as E, A, 2 or 6 are "local" which effectively means "randomly selected by software". So my current macOS selected MAC address of 16:6a:d2:20:e6:eb is "local" due to the second digit in the address being 6
bapak
Oof, I wonder if this is the reason why I constantly have issues with my M1 Mac connecting to cafe hotspots. Regularly I find places that let me connect and then kick me off less than a minute later.
boston_clone
I had no idea about this; generally i thought it was done by OUI like the GP suggested - they have a small cached table of valid OUIs and warn on prefixes not in that subset. Thanks for sharing!
avidiax
I feel this would be more useful as a utility to manage your MAC addresses.
That would let you, for example, clone a MAC address or IP address between your computer and a phone, and maybe automatically resolve contention.
That way, you can split purchased WiFi (such as on a plane) between multiple devices.
userbinator
That way, you can split purchased WiFi (such as on a plane) between multiple devices.
You need a router for that, which fortunately is built in to most phones and computers these days.
jagged-chisel
That’s only going to work on one device at a time. Don’t think that your phone and laptop with identically MAC addresses are going to magically share the connection.
balls187
Haven’t ever encountered any place that had a wifi time limit. In the late 2000’s internet cafes had time limits but that was enforced on their own devices.
Is there a specific scenario where time limited wifi is common place?
mr_mitm
Besides airplanes mentioned in the other comments, this is also common in airports. Zürich Airport gives you four hours for free.
Stuttgart Airport has 60 minutes.
scarface_74
Virgin Atlantic lets you have 20 minutes of WiFi free and then you can pay for the flight or for an hour.
mcshicks
I think the name refers to the limits some airlines have. JAL for instance offers one hour free on some flights.
andy99
I was trying to understand how this could be used for flights. I've seen either having to enter your last name and seat, or loyalty plan number to get in-flight wifi. Are there really airline wifis that give every mac address a free amount of time?
A lot of airlines now offer free "messaging" - usually just text on common messaging apps like WhatsApp. I've been meaning for years to write some kind of server that could give me useful functionality over chat messages.
userbinator
I've been meaning for years to write some kind of server that could give me useful functionality over chat messages.
Pretty sure it will work on JAL at least right now. They just asked for an email. But it was also a new service so maybe to wanted people to try it. It occurred to me at the time that two devices with two emails should work for twice as long. For what I wanted to do on that flight, i.e. check and send a few messages the one free hour was fine. But yeah of course they could change it so that would not work.
josu
Airplanes. Some airlines offer 30 minutes of free wifi or something.
seemaze
I can't remember the last time I encountered this as an obstacle while flying. Don't you usually have to pay then log in from any device you choose?
The bigger problem is how utterly useless and unstable the connection is to begin with..
scarface_74
In the US, Delta and JetBlue offers everyone free WiFi.
gsibble
WOAH. MAC address spoofing is some old school stuff. I got in trouble for it in college.
I didn't realize you could spoof MAC addresses on....well....a Mac but it's not something I'd do lightly.
nixpulvis
I used to use this little macOS script at coffee shops.
Or you could just comply with the terms you tacitly agree to when using these services. Use this stuff or don't, but if you do, you don't get to complain about GPL infringement anymore.
jmtulloss
This is exactly how I managed to get my dorm room’s internet turned off in college. My roommate was unimpressed with my cleverness.
shlomo_z
Can you tell us more about it? I am so curious!
(Edit: punctuation)
neilv
This kind of thing can be a useful tool, including for privacy&security use cases that the page doesn't mention.
But be conscious and thoughtful when using it. Some terms to consider whether they apply to a particular use include "unauthorized access", "circumvention", and "theft of service".
boston_clone
Can you not manually set your MAC address in the network configuration portion of macOS settings anymore? Does this not accomplish that same task, just with an abstracted layer of “randomness” for address generation? Another commenter already de-bloated the entire application into a bash one-liner
jagged-chisel
“Randomness” and “one less thing for me to think about”
ClawsOnPaws
Since this is only available for mac, couldn't this fairly easily be solved with shortcuts?
johnebgd
Reminds me of Perfigo Smart Access before Cisco bought them. Network security with a MAC address whitelist. If you knew a whitelisted computer you’d have the same access it permitted. This was back before captive portal took off…
Beijinger
Like macchanger under Linux since 20 years? Must be cool to have an Apple I guess.
polivier
On Linux you can use `macchanger` to change your MAC address from the terminal.
A few years ago I saw a tip somewhere here on how to scan which MAC addresses are connected to nearby wifi and hijack their mac address and steal their internet connection.
crustycoder
On android it can be toggled on If Developer Options are enabled.
delfugal
AirPass? I had that wrong. Maybe because I just had lunch.
ndgold
Nice little helper friend
curtisszmania(dead)
[dead]
alpenbazi(dead)
[flagged]
satellite2
Fantastic. Now we're promoting script kiddies scamming airlines. That's a new low for hn
phyzome
Those poor airlines!
gsibble
If this site was really hackers, this wouldn't be considered news.
deadbabe
This is so unethical and no one gives a fuck, society crumbles when people just feel entitled to take more than their fair share.
chrisfosterelli
This is hacker news. Hacker ethos is rooted in the intellectual challenge of overcoming software systems and electronic hardware. It's the same ethos that stole long distance phone minutes, traded warez, and got free satellite channels. You don't have to do those things but you probably won't convince those who do that their 20 extra minutes of wifi will be the downfall of society.
bigfatkitten
In reality it’s mostly VC/Big Tech news. Hacker ethos isn’t something we see much of around here.
47MB for the UI & boilerplate around the business logic.
I get that this may be the easiest way to develop and publish an application today, but it's sad that this is the direction we have taken in recent years.
Business logic size: ~20 bytes Total app size: ~47 MB = 47,000,000 bytes
Bloat factor: 47,000,000 / 20 = 2,350,000
Let’s scale this up and say the business logic is 1 pound.
Then the whole app would weigh: 1 lb × 2,350,000 = 2,350,000 pounds
What weighs ~2.35 million pounds?
TOTAL: ~2,304,000 lbsThe business logic is like shipping a 1 lb object (a book, a flash drive, whatever) by loading it into two fully loaded 747s and strapping a blue whale on top.
Just to run 20 bytes of logic.
And to top it off, the dual flights and whale would need complex orchestration too!
We just call it Kubernetes…
I think this is not the case. E.g., we replace our computers every few years, but not because the new ones can do things that you can't do with your current computer. It's because the software you use to do the same things keeps getting more resource-hungry.
When you have so many processes on a modern machine competing for resources, when every app chooses to be bloated and slow it really adds up.
Upgrades shouldn’t ever break things, bugs and vulnerabilities never exist, and Rube-Goldberg machines should work 100% reliably day in and day out.
Unfortunately reality doesn’t work that way…
https://msl.cs.uiuc.edu/~lavalle/cs397/goldberg.html
Qatar might even give you a plane!
1: https://wiki.c2.com/?SovietShoeFactoryPrinciple
Mass is a nonsense analogy that doesn't reveal anything useful.
Of course, the real cost-saving is in labour—web development presents a radically lower barrier to entry compared to even non-native, cross-platform UI/UX platforms such as Qt, or Flutter, or what-have-you, let alone simply managing multiple native applications.
So this is not a bill-of-materials kind of analogy, it's a statement about talent.
Web leaders have grown complacent; at times, it seems they don't take things seriously. I mean, just take a look at something like SvelteKit. I'm not a web developer, however I happen to like Svelte a lot, but also despise SvelteKit equally as much.
Every major release is like "fuck you."
That being said, the fact that quick maths can give you a 6 orders of magnitude difference between functional code and the package is probably reason for concern.
The business logic for humans is a single reproductive cell.
A single sperm weighs 2.3 x 10^-11 grams. If the average male weighs 75kg the. The bloat ratio for a human male is 3.2x10^15
Getting back to the app there is huge value in not needing to run the command yourself. Sure it’s wrapped in a UI that comes with “bloat” but honestly who cares. When was the last time someone needed to worry about hard drive space, when it comes to a 40mb file.
All of which sucks up your compute resources and battery. Repeat for every such little utility app you have on your Mac. Some may implement that random stuff inefficiently (eg very frequent telemetry), which sucks even more. Some of it may even be wrong, vibe coded, or copy pasted.
Personally, puts me off installing random utility apps, even if the single utility would be useful.
Tk has no color management, unlike newer frameworks, which was good in this case because I asked for (255,0,0) and got (255,0,0). When I exported to JPEG and views on a web browser though I got something like (186, 16, 16) because on my wide gamut monitor the native primaries are more saturated than sRGB primaries so some white gets blended in to make them less saturated. Turns out in Windows, screenshots are in the color space of your monitor! It’s something you’d never notice unless you made stereograms because that little bit of green and blue goes to the wrong eye.
I tried to build some of my tools without Electron, it's always a battle of multiple documentations for multiple systems and creating a bespoke system or having to deal with UI documentations that are glorified API references without examples.
The last few tools I built used PhotinoNET, which gave me an electron-esque framework but not bundling it's own chromium, instead using the browser already on the system. And even that required a complicated build script so I can just export a simple flatpak, exe and dmg...
There are two obvious answers. The first is portability. And sure, but Electron provides an answer here, so why can’t we provide one with PWAs? We could even have OSes define this interface for different browsers to target in a standardized way. Yes, you need platform specific code, but that’s often the situation with Electron too.
The other answer is security. But how is Electron / any other installed app any better? Because we require more explicit consent before installing a “real” app than for installing a PWA? OK so, just let’s just do that for PWAs too.
This is not 'an app to change MAC address' but an app to 'overcome WiFi time limits'.
Thing is, most x-platform frameworks still require a big download. Java and Python runtimes are in the same ballpark as Electron.
There's great power in abstraction. Disagree?
Your point is that an operating system, and its shell, all running on a machine, and a collection of apps, are somehow smaller than a wrapper application.
I'm curious the amount of bytes the entire stack, minus the chrome which is the complaint I believe, how many bytes that is. I would say probably a gig.
ps: I love both space stations and Unix
That all said, a simple GUI API provided by the OS for simple programs like this would be nice, just to give the user better feedback on the process. Is it done? Is it doing anything? Did it run correctly? Etc.. Zenity on linux kinda does that but is not guaranteed to be installed...
2) the dev has 64gigs of ram and a newest CPU and doesn't care about performance issues for people on older computers... that's why you need gigs of ram just to read a weather report online.
People who don't like the developers work can always write and publish their own application, of course.
Honestly would not expect anything more from js devs who use macs/windows. I see this so often.
Is it worth it? Probably not, since this is a single-platform app to start with, but JS+HTML are easy to theme and customize, and Qt is... not quite as simple.
Yeah, that definitely describes every AI codebase I have seen..
>content-length: 47262814
Sigh...
The documentation is the Objective-C docs, I use those all the time. You do need to understand the basics of how to translate from the Objective-C APIs to what JXA (or AppleScript) expects, but once it clicks you can do it for essentially anything with the same logic.
https://en.wikipedia.org/wiki/MAC_address#Unicast_vs._multic...
There is a `airportd.sb` file, which appears to be some permissions based thing in s-expression/LISP. Weird.
Edit: Spun up a macOS 15 VM and I got this:
WARNING: The airport command line tool is deprecated and will be removed in a future release. For diagnosing Wi-Fi related issues, use the Wireless Diagnostics app or wdutil command line tool.
I guess they weren't kidding.
`networksetup -setairportpower en0 on && [... set MAC ...] && networksetup -setairportpower en0 off`
I think it's pretty safe to assume that modern Macs will always have en0 as the WiFi adapter, but if you wanted, you could use `networksetup -listnetworkserviceorder` to find the associated device.
But you're unlikely to be taking one of the machines that has built-in ethernet to the airport or coffeeshop.
Can't seem to find a CLI command to do the same in macOS 26, but I haven't looked too hard either.
Definitely does not happen on "free trials" on in-flight Wi-Fi for obvious reasons.
What would you use instead to build a macOS GUI program with comparable ease? SwiftUI? Python + Tk (using the ancient system Python)? Something like Red?
It will change every time you disconnect/connect
For MacOS (Sequoia+) you can just forget the network and reconnect to get a new MAC address [1].
Android's documentation for if it decides to generate a new address per connection is a little vague [2], but I'm guessing forgetting and reconnecting works as well, you may also need to flip the "Wi-Fi non-persistent MAC randomization" bit in developer settings.
On Windows, flipping the "Random hardware address" switch seems to cause it to generate a new seed/address for me.
[1] https://support.apple.com/en-euro/102509
[2] https://source.android.com/docs/core/connect/wifi-mac-random...
https://github.com/halo/LinkLiar
It’s an illegal address, but most equipment will take it because test devices occasionally come from the factory with that MAC. But higher level stuff might barf on it because it’s technically illegal.
As always, ymmv.
On some equipment this may cause a broadcast storm, depending on how they implement things. Cisco equipment with some configs will send a packet to all the ports if it receives a packet and can't figure out where it's supposed to go.
In practice people put fewer than 256 devices on networks (class C), so they have less than 1/65536 possibility of complete failure. And far less because they have a mix of OUIs.
But yeah, if you put a few hundred or thousand security cameras or other device from a single vendor, all on the same network, conflicts are certainly possible.
MAC conflicts are also a bit nasty to troubleshoot, and less obvious than IP conflicts.
MAC randomization does not have to constrain itself to the lower three bytes; you can randomize the OUI too.
What does Android MAC randomization do with the OUI?
According to this possible hallucination from Google Gemini 2.5 Flash, the OUI is partially randomized too:
- Locally Administered Bit (U/L bit): This bit (the 2nd LSB of the first octet) is forced to '1'.
- Unicast/Multicast Bit (I/G bit): The least significant bit (LSB) of the first octet is usually set to '0' to indicate a unicast address.
- Remaining OUI bits (and the entire lower three bytes): All the other bits in the MAC address, including the remaining bits of the first octet, the entire second and third octets (which are part of the OUI), and the entire last three octets, are randomized.
Me again:
So if two bits are fixed, everyone in the randomized space is randomizing 46 bits, which contains 7.03E+13 addresses.
Practically speaking, it seems that the only way you will ever see a clash arising from the above randomization strategy is if two devices are using the same very poorly seeded PRNG.
sudo ifconfig en0 ether 02:11:22:33:44:55
Just ran into this on icelandair.
Buy a coffee, get a new password, etc.
Their employees' time is more effectively spent making coffee than repeatedly providing low-level tech support for random password problems.
That would let you, for example, clone a MAC address or IP address between your computer and a phone, and maybe automatically resolve contention.
That way, you can split purchased WiFi (such as on a plane) between multiple devices.
You need a router for that, which fortunately is built in to most phones and computers these days.
Is there a specific scenario where time limited wifi is common place?
Stuttgart Airport has 60 minutes.
A lot of airlines now offer free "messaging" - usually just text on common messaging apps like WhatsApp. I've been meaning for years to write some kind of server that could give me useful functionality over chat messages.
Already done:
WhatsApp: https://www.hackerneue.com/item?id=33568994
Facebook Messenger: https://www.hackerneue.com/item?id=9203946
SMS(!): https://www.hackerneue.com/item?id=8304409
The bigger problem is how utterly useless and unstable the connection is to begin with..
I didn't realize you could spoof MAC addresses on....well....a Mac but it's not something I'd do lightly.
https://gist.github.com/nixpulvis/d83c0ae70a4c3a06797b
(Edit: punctuation)
But be conscious and thoughtful when using it. Some terms to consider whether they apply to a particular use include "unauthorized access", "circumvention", and "theft of service".
https://gothub.dev.projectsegfau.lt/alobbs/macchanger