I don’t think that’s necessarily the case. Exposure and discovery aren’t that tightly correlated. Maybe there’s a small effect, but I think it is outweighed by the fact that blast radius and spread is reduced while buying time for discovery.
As a rule, I commit the input to the code generation tool, i.e., what the GPL refers to as "the preferred form of the work for making modifications to it", generate as part of the build process, and, where possible, try to avoid code generation tools designed around the assumption that its output will be maintained rather than regenerated from modified input.
As for LLM code assistants, I don't really view them as traditional code generation tools in the first place, as in practice they more resemble something in between autocomplete and delegating to a junior programmer.
As for attribution, I view it more or less the same way as "dictated but not read" in written correspondance, i.e., an disclaimer for errors in the code, which may be considered rude in some contexts, and a perfectly acceptable and useful annotation in others.
They may want proof that you, the human filling out this form, are authorized to publish apps, communications, etc. as the company you say you represent.
How does a passport solve that? Most small private companies are entirely opaque. A government ID doesn't help you determine authorization. It won't even help you determine ownership since anyone doing things sensibly will be using a registered agent to hold the company on his behalf.
The correct approach here (AFAIK) is to punt the trust decision to the bank by requiring payment with a method that you can confidently trace to the company.
Yeah I would imagine that the value the get out of a passport is not anything to do with validating a company (they’re cheap and easy to make anyway) but validating the person (which is not a throwaway entity)
However that invites those bad scenarios where someone gets blacklisted by BigTech in some manner, later gets hired by a small business, the new employer adds an association to the blacklisted account, and suddenly the company app is banned from the app store seemingly without reason. At least a few such stories have appeared on HN over the years.
I feel like pay to play ought to be sufficient because in addition to being a barrier to entry it also provides funds for moderation efforts.
There are better ways to do it but Google has long demonstrated they’re not primarily concerned with accuracy or user experience, but instead, whichever solution can be automated and effective.
>suddenly the company app is banned from the app store seemingly without reason. At least a few such stories have appeared on HN over the years.
Which is not that unreasonable even. If a person is flagged for making scam apps, them having publishing rights in a reputable place makes taints the reputation of such place.
You should be able to appeal of course and the oauth should not be towards google in the first place, but being associated with known fraudsters and scammers is not what you want.
That seems at odds with how our society is structured. We treat employees as interchangeable cogs. If someone commits a crime they are tried but their family, friends, and coworkers are not. Guilt by association without any act having been committed seems wholly incompatible with both our principles and common practices.
It's even more nefarious when it comes to BigTech because you can be blacklisted without having committed any actual crime and without anything resembling a trial.
Individual accounts and employee accounts are conceptually distinct. Permitting anything less gives large companies free reign to run roughshod over the individual by unilaterally depriving him of his livelihood.
>It's even more nefarious when it comes to BigTech because you can be blacklisted without having committed any actual crime and without anything resembling a trial.
Crime is not the only thing that exists in a law. One can work in a regulated profession and lose a license for not adhering to the rules. Such person can in theory go and do something that doesn't affect the society negatively and this isn't exactly a punishment for a crime. Now if someone employs such person again after they lost their license, that new employer maybe be sanctioned as well. All of that usually comes with some kind of appeal mechanism.
> If someone commits a crime they are tried but their family, friends, and coworkers are not. Guilt by association without any act having been committed seems wholly incompatible with both our principles and common practices.
This is no longer the case, see the example of Hüseyin Dogru, a journalist who faces political EU sanctions (no trial) and now cannot transact with EU citizens or travel. Authorities have now siezed the bank account of his wife and are treating her as if she is sanctioned, even though she is not, so their family is now broke and cannot even pay for food. Because they are not allowed to travel they cannot return to Switzerland.
This kind of blacklisting also comes up in non-sanctioned contexts with de-banking and political de-platforming based on government pressure. The world is headed to a very dark place.
My government ID card expired and I was too lazy to renew it but I had my passport at hand so why not?
BTW both the id card and the passport have cryptographic authentication and you are able to open a bank account or use govt services completely online by scanning it with the phone Rfid . They could have make me scan that, scan my face and be done with the identity verification. My identity is already verified and tied to my company the same way and also
listed in the companies registry which means they could have had skipped all the other company verification stuff too.
That all makes perfect sense but consider that if they simply punted to the bank as I described they would still get the same benefits only with even less complexity. The bank fundamentally has to do robust identity verification. Any party that needs to handle payments while also lacking a reason to be good at performing in house identify verification really ought to make use of the bank because you are highly unlikely to be better at it than they are.
The entire cumbersome process you describe can be viewed as Google doing a significantly worse job of verifying your identity than the bank would have.
As an aside, I suspect that leaving it to the bank would also provide additional legal protection. Specifically anyone attempting deception will most likely be forced to commit fraud against the bank which will probably be taken much more seriously than otherwise.
I agree, in Europe(EU, UK, Turkey and other countries) banks are considered perfect for proof of ID. In UK a bank statement is as good as an ID, in Turkey for example, you can sign in into the government portal through your online banking and it is considered higher level secure authentication and you can take high risk actions(like signing legally binding contracts) that you can't do by signing in just with password and 2FA.
The bank has to perform the authorization and identity checks, but the bank will not make them for you, they do them for themselves based on their own risk analysis. The scope of authorization could also be different based on who it's presented to.
The authorization is not transitive so to say.
>As an aside, I suspect that leaving it to the bank would also provide additional legal protection
If it would, they will have to pay the bank for it and the bank should also be willing to accept the liability (spoiler alert -- the will not be willing to accept the liability)
That's all fine, they can want their wants, but then, once the bad cop writes them strongly worded letter and they start throwing tantrums over "regulation".
> The bank has to perform the authorization and identity checks, but the bank will not make them for you
We aren't talking about authorization, only about identity verification. I'm no domain expert but it is my understanding that banks provide these sorts of services. They certainly already have all the necessary information on hand both for practical reasons (security) as well as legal (KYC and AML laws).
> If it would, they will have to pay the bank for it ...
For the identity verification? Probably, depending on how you went about it. What's the issue? This is already a paid process we're talking about here.
For the additional legal assurance that I described? No, that doesn't cost extra. Please read what I wrote more carefully. It's a transitive property due to the penalties involved in addition to the degree to which the legal system and the bank care (at least assuming my understanding of that legal environment is correct).
From the point of view of the bank the problem is usually defined as
"how do we asses a complex situation where identity of the person X is one of the signals (but maybe not the strongest one) with enough certainty to balance a probability Y of bad something happening that will cost us Z and still make money"
Most of the time Y and Z are defined because the other department said so and we trust our colleagues, dus the answer is computable (somebody somewhere has it open in a spreadsheet right now).
If you add a transitive property to the system, then, unless there is some regulatory magic that caps the possible value space of Y and Z, the answer is (by default) no.
While I don’t think the new meaning is incredibly widespread yet, it’s not uncommon for words to change meaning over time. I wouldn’t be surprised if a decade or two from now, the original meaning has been mostly forgotten.
Large (non software) enterprises. Mostly. Government departments. That type of thing. Like I said in another thread; have a wander with me over to Shell, Barclays and stuff like that; entire bags of (many outsourcing/external) 'programmers' who don't know how variables or loops work.
The issue isn't the vendors themselves necessarily but the quantity of them. Plenty of boring things over the years have had security vulnerabilities that end up with data getting leaked, so each additional one is just more risk even if you trust them not to be actively malicious. All it takes is one well-meaning but careless vendor to make the whole house of cards collapse.
I've worked for years at companies that only use Google Sheets.
For 99% of people (sometimes we let Finance folks have an Excel license), it's more than enough. Google Apps Script is also reasonably useful, and the newer Smart Chips are a nice addition.
It's not, because it's a conspiracy theory. They'll make tenuous connections between unrelated things and extrapolate some grand scheme to match their fiction.
reply