"And this is where we run into the first bit of craziness. Amazon decided that they should model the Alexa app store after the iPhone app store. So there is a certification process to get your app into the store. But think about the difference: you are not uploading a binary file to the Alexa app store, you are simply registering an URL. So Amazon has no real control over your software. You could get an app approved, and then you could swap out the app for any other app, and the Certification team at Amazon would never know. They don’t control your code. Your code is not in their store, so they have no control over what you do. And yet they modeled this process after the iPhone store, where Apple does have control over your app."
But that doesn't get at how crazily broken the certification system. You have to read the quotes from the other developers to understand that.
You are assuming that the only purpose of certification is to catch actively malicious developers. I can think of many other perfectly good reasons to have one: to make sure server response times are fast enough, to make sure it fits the guidelines for types of content they want in their ecosystem, to make sure it doesn't blatantly violate any trademarks, etc.
I don't think the concept of a certification process is the problem, just the implementation is terrible (compared to the Apple process which is merely "poor")
You're definitely right that we don't actually know what checks they're prioritizing, but it's hard for me to believe they're actually doing any quality checking when this is the #1 skill you see in the app: http://i.imgur.com/Qp4Cv6k.png
The iOS app store was mired in fart apps in the early days. Many of them were very profitable. I think it's just a natural growing pain of any consumer-facing app store.
I remember those days vividly, what's different here is the Alexa Skills list is sorted alphabetically so this fart app is what every single person who enters the "store" sees first.
But that doesn't refute the parent's point: since the content at a URL is inherently mutable, they could judge that (at time of submission) some app is the type of content they want in their ecosystem, and then seconds after approval, it no longer is.
It could be that the client device validates a checksum against the approved list at the store before installing? Haven't tested if this is the case, just spitballing a mechanism that would allow for the control without the hosting.
Right. Like I said, it doesn't do much for a malicious developer actively trying to subvert the process. That doesn't mean it's useless. I would guess most problematic apps are not malicious, but are an honest misunderstanding or disagreement about what level of quality is acceptable or what types of services are allowed.
A moderately clever developer could sneak something past the Apple app store review too. Wasn't there a flashlight app that included a secret wifi tethering tool?
This is actually not an issue at all, because even with native apps you can still load content from the web which apple has no control over, which is similar to Alexa.
But the big deal that no one talks about is that Alexa is not compatible with EC2 backends, this is the most bizarre limitation I've ever seen, you can host An Alexa app on your own PC at home, but not on EC2.
This is incorrect - you can absolutely host in EC2. Our two skills are running off of a single EC2 micro instance.
There is one really weird thing where you can't use US West to do an Amazon Lambda passthrough to your server, but as far as I know EC2 instances in any region should work for Alexa to call out to.
Man, that's weird, I wonder what was different between our implementations. Our original POCs were about 4 months ago, and they were on EC2 at the time. We had plenty of other technical issues (don't get me started on SSL), but running on EC2 was never one of them.
That said, I'm curious how you managed to get an email conversation going with the team - the whole crux of the original article by Lawrence (and the forum thread which it cites) is that there's no way to have a direct conversation with anyone representing Alexa, so certification is a crapshoot.
Yes they could. They could have a daily check to see if the content at your URL has changed.
Also, you can similarly get around the iPhone cert process buy only having certain code run after a certain date, or when you trigger something remotely.
I think it makes some sense. They know Apple won't just approve any app (malicious, useless, etc) so they only do the additional checks for the app that are specific to them.
Amazon has just as much reason as Apple (or any platform provider) to want to restrict the types of apps that get published.
As for the effectiveness of that control, there's little practical difference between "simply registering an URL" and uploading a binary; both can load external content or be modified (in terms of what the user actually sees/experiences) almost entirely after the initial review. There will always be apps that try to abuse that possibility, and they usually get reported or re-evaluated, but it's probably a very small number of apps that will do that.
The point is to simply filter out a larger number of spammy, malicious, or otherwise offensive apps at the onset rather than spending more resources constantly monitoring everything after the fact. That said, it's unfortunate when the review process is as flawed as it seems to be in this case (poor communication, inconsistent policies, etc).
There's a huge difference. An URL is an absolute black box, a binary that you have to give Apple for certification on each change and that has to call Apple APIs to do anything useful (like network) is not.
Apple will scan your App to check for basic violations, that's all automated. For instance is there a specific flag that you can initialize a socket with to listen in background. This is only allowed if your app is supposed to stream music in background or do some VoIP thing. So if you're app is not that and the software detects you have that flag set anywhere in the code no way you will get it through the certification. There's simply no possibility for such analysis with a URL.
It sounds like you're assuming the majority of (iOS) App Store rejections deal with using unofficial/restricted APIs. My guess is that's relatively rare.
Most of the apps caught in the review process are probably those that fail other guidelines (usefulness, privacy concerns, illegal/inappropriate content, poor UX/quality, excessive crashing, etc). Most of those things can't be caught by automated means, and the content-related things can certainly be changed after initial review.
I've personally worked on several apps that significantly modify app behavior after being published - not so much to bypass any review requirements, but rather to adapt to changing business needs without waiting to publish a new release.
There's a big exception to the automated checking. You can download new JavaScript code any time after your app is approved, as long as your app runs the code under the built-in WebKit. I don't think there is any automated checking of what your new code does - how could there be? It's just a violation of the terms of service if you change the app into something completely different:
> 3.3.2 An Application may not download or install executable code. Interpreted code may only be used in an Application if all scripts, code and interpreters are packaged in the Application and not downloaded. The only exception to the foregoing is scripts and code downloaded and run by Apple's built-in WebKit framework or JavascriptCore, provided that such scripts and code do not change the primary purpose of the Application by providing features or functionality that are inconsistent with the intended and advertised purpose of the Application as submitted to the App Store.
Another interesting thing about iOS- they enforce code signing on the page level. You cannot create a RW page, write new code (from the network) into it, and then remap it as RX; every instruction needs to be approved by Apple. So changing behavior at runtime in a way that's subtle enough to pass certification is a lot harder than it would be on some hypothetical walled-garden Android (where you can, AFAIK, pull down a JNI extension over HTTP and load it.)
This is kind of missing the whole point. Which is, as a developer, you can slip anything into the Apple appstore that you could have slipped into Alexa's, so the point the article is making about certification is silly. Of course there are more security implications in Apple's case, but the fact remains that numerous apps have done the bait and switch and were pulled after Apple discovered it much later.
Apple has tools to see whether your app is loading external content and modifying itself, though. I think you can deceive them by making it seem as though it does so in an allowed manner (e.g. no code execution) during review, but they'll definitely know that your app has the theoretical capability.
Apple's review process also sometimes felt arbitrary, especially early on, and there's been a long list of complaints over the years that sound just like these.
I used to work in games, and the approvals for Nintendo, Sony, and Microsoft were all super, ridiculously frustrating at times. We had experiences very much along the same lines of failing again for doing the very thing they asked of us in the previous rejection.
Anyway, usually it works out eventually. No problem with making some noise about it being bad, and hopefully they hear it, but it is not uncommon, nor unique to Amazon.
The point about registering a URL isn't entirely accurate, IMO; plenty of Apple App Store apps consist partially or entirely of webviews. Even for fully native apps, Apple doesn't really have "control" of the code in the sense described in the article. Registration and the approval process are primarily there to give the publishers control over what appears in their store, as well as identify the submitters in a way that attempts to keep a little bit of accountability should they do something bad. Those reasons for requiring registration and review are just as valid for a url as for a bundle of code.
My experience in games has been the opposite. As opposed to Apple and Amazon, the console certification requirements are set in stone. The documents are very clear about what you have to do.
The requirements are generally much better documented for consoles. But some of the requirements can still be subjective. Edge cases still pop up as well, and the requirements can change over time (especially early in the console cycle when everything is still getting ironed out - nevermind when switching between console generations.)
Even ignoring the edge cases and subjective items, they can be extremely picky about such important things as... leaderboard username terminology. Which will not necessarily be the same across all storefronts from a given company, even if they're all using the same service under the hood.
And then the moment you step into the territory of needing waivers for anything - better hope your publisher has a good relationship to secure those.
Or Amazon video on Android device I have -- in order to have play prime videos it told me to disable app source checking and side-load some .apk file, which will then help me get the Amazon video apk file... or something.
Yeah forget that. At first I thought it was a joke of some sort. But I guess that's how you are supposed to do it.
I'll just stick to Netflix and watch videos there. Somehow that manages to work without side-loading a bunch of crap.
Why is that Google's fault? Amazon could use the Play Store to update the app, the same way that Netflix, Hulu, etc. does. Amazon doesn't want to because they want people to use their own Android platform. Except their Android platform is awful. They have no idea how to run a store (which is a hell of a liability for an ecommerce company, but their infrastructure and fulfillment processes are so top notch and their margins so small that everyone just routes around it when it comes to buying books or whatever else). They make regular Android OEMs look prompt in how long it takes them to incorporate updates.
What's the threat model there? It's not like Amazon are going to start stealing customer credit card numbers - if anything they're one of the few companies I'd trust to get security right. Tick the checkbox in settings, install the APK, untick the checkbox again. It's really not a lot of effort or risk.
(The most sensible-sounding negative claim I've heard is that Amazon do that so that they can do more invasive location tracking than Google permits (though the same kind that Google does themselves))
* It reeks of incomptency ( yeah, go and disable that security check that looks like it is there to prevent malicious software to be installed on your device, yeah, yeah, that one ).
* It is a convoluted process.
* It leaves my device vulnerable. Let's not speculate (like you did apparently) but copy and paste from their own source:
I'm pretty sure you have to keep the checkbox unticked so that the Amazon app can install apks and even update itself. In fact Amazon's official documentation[1] for installing their app doesn't tell users to uncheck the checkbox. The way I see it, keeping the untrusted apks checkbox ticked is a massive security risk.
It's really remarkable how much Amazon's reputation has been self-destructing in the last year or so.
Even 6 months ago when I told people I thought Amazon was an all-around shitty company (having worked there) and shouldn't be mentioned in the same breath as Google, FB, etc., people looked at me like I was insane.
Somehow the stock keeps going up... I don't have any material insider info but just on a hunch I doubt that will remain true forever.
Their consumer electronics are getting more popular, which is making people aware of Amazon quality. Right now there's a Fire TV in front of me:
- If you can get something for free because it's included in Prime, it still offers the ability to spend money on it, right beside the 'watch now for free'. If you're not paying attention, you can pay for something you already own.
- Its killer feature is voice recognition. Say 'game of thrones' and it will play Game of Thrones. It also has apps. The killer feature doesn't actually work in apps though: if you say 'game of thrones' in Netflix, it kicks you out of the app and sends you back to the home screen.
There was a post a little while ago about people wrecking their lives while working at Amazon. I could understand, but not support, someone doing that at say Apple or Tesla. But Amazon?
My worst experience with Amazon yet is they've locked the Amazon video Android app from every Android TV device except a few select smart TV vendors and their own Fire TV devices. The result is I can't watch content I paid them for (and would continue paying for) on a device I bought through Amazon (Shield TV). They're treating lackluster Fire devices, which were supposed to be loss leaders to get you into their ecosystem, into privileged, Apple-tier garden walls. Since they lack the Apple polish and simplicity, the result is making customers like me, who are already in the garden, want to leave.
Between this, inscrutable device compatibility of Kindle content, and 2-day delivery becoming unreliable, I'm cancelling Prime after a decade because the value is gone.
BTW, Netflix lacks voice search in all of its apps. Normal Android TV is at least reasonable enough to just bring up the Netflix text search if you try to voice search, rather than kicking you out.
I agree with all of your points except for 2-day delivery becoming unreliable. I don't know where you live but they are still great, if not constantly improving in the Bay Area. Lately whenever I choose 2-day delivery, I end up getting it the next day.
Seattle (eastside) here. I frequently order things with "two day shipping" and it tells me right up front that "two day" shipping will have it here in > 2 days.
I'm curious if there isn't a misunderstanding here. Are you certain that the actual shipping time is going over what you paid for, or is it just the total time since order is greater than the selected shipping speed?
I suspect that the delay you see is in the time it takes their warehouse not only to package your goods, but to also privately deliver it through their network to the most optimal ship point. You also have to factor in whether the carrier they've chosen supports delivery on the days you expect the item to ship.
Amazon should really make the difference between processing and shipping clearer, and perhaps factor it into the delivery estimates when you purchase. I've also always wanted them to let you chose carriers if you pay for a certain delivery speed instead of picking one themselves. I always have to cross my fingers that I don't get USPS for that important item.
I find it interesting that a "killer feature" is talking to my TV. I find the Apple remote quite easy to use within Netflix for scrolling etc. and don't really have a problem using my iPad as a remote if I want to type things.
Perhaps I am just old but voice recognition is a great feature, but not one that would "kill" the competition or make me chuck my AppleTV 3rd. gen in the bin to rush out and buy an Amazon device.
I would therefore not label it "killer".
I think Amazon is just a more chaotic business model. Bezos is a more chaotic person than Brin, Page, or Zuckerberg. He is happy to keep his cards in the air (thus his finance strategy) and push people in destructive ways (thus his business practices). All he needs to know is that when the chips fall, he has a good shot at having something to control. He doesn't even seem to care if that ever happens, happy to spin his resources into wilder and wilder pursuits (thus Blue Origin).
If Google and Facebook are cities, Amazon is more like an army. Can be city-scale depending on the nature of the conflict. They have great power, and in some ways the very same kind of power as a government. But at the same time the power structure is more ad-hoc, and subject to falling into collapse or docility when not led by a strong leader.
In some ways, I think Steve Jobs realized the was more in he Bezos category, and that Apple couldn't really carry on without him. So he deliberately changed his management style, developing a leadership class and stronger cultural inertia in terms of process and values. He wanted to leave a city behind him, not a headless army.
A huge difference though was that the Jobs bullied for changes to get the iPhone produced.
Bezos on the other hand, made the Fire phone team answer to him (similar to Jobs bullying, without any of the mythical stories..) Yet the product he made them create was a total miss with consumers. As egotistical and deluded people might say Jobs was - he still had to be aligned with the needs of the average person to produce the iPhone, a masterful manifestation of usability principles.
Bezos is chaotic, sure. But more damning, he is out of touch.
Having worked there as well and recently left, I'm super surprised as well to see them considered with the likes of Google or Facebook, etc.
Shitty middle managers are rampant. The engineering culture is defined by Levels..Level 3, 4, 5 etc. Consistency is promoted over quality. Codebases were so horribly not DRY it makes me want to vomit.
Unit tests for constants -- unit tests for specific code inside of functions.
I can go on and on. But generally the place is ran like it's a sales company primarily. Not an engineering company.
Amazon has a cancer through out it. It's basically a shitty copy of Microsoft without any of the virtues..but all the vices.
Not to mention, it says a lot that they have no perks except "free tea." 12 Leadership principles, which are dumb shit like "Be curious", "Have instinct."
Amazon doesn't have the brightest or the best - they have sheep that get tangled in the middle, or assholes that somehow become management. The company is only surviving because it set its margins so low that no one else could compete.
But now market leaders are sprouting out. Chewy.com for pet food. Walmart.com for general goods. Drugstore.com / Soap.com / Walgreens.com, the list goes on.
With such a shitty internal culture, Amazon will fall. I will have a shit-eating grin when that happens.
---------------------------
Amazon Web Services was their saving grace. But having seen internally how each team has different practices, different tech..some that are arcane and esoteric. Theres no cohesion. Even the CSS for Amazon, theres no sheet that is shared. Each team has to hard-rip the colors and whatnot from other projects like the retail site.
Makes me totally re-evaluate AWS after seeing how its built internally.
The charm of AWS is that every service in that goddamn console looks like its a polished part of a pyramid of engineering sanctity.
Heh, wrong. Each service...written by a different team, with totally different methods, totally different tech. Some teams even use .NET and IIS... You can probably probe the endpoints to some of these services and maybe see it externally. But well, take my word for it.
Once a team has a decent AWS project, they slap together a new logo. Make the UI blend with the existing panel. And then scale it using existing AWS services. But it still is a hydra of mismatched code.
The whole thing is a frankenturd - they did a good job with the design, ui, and IAM policies to make these services look like they are all part of the same cohesive development. But it simply isn't the case. AWS is patched together like a paranoid android on the inside.
I suspect only EC2/S3 and their paired services (EBS, IAM, etc) gain enough use to qualify as "enormous" and thus receive wide attention for their failings. AWS has a lot of services:
The JIRA source code is available when you buy a license and it is not the pinnacle of good engineering. It is textbook Java enterprise beans gibberish engineering.
The same reason you should care about consistency of the way the car you drive is put together. If you use a utility, you don't want things going wrong when your life or business depends on it.
No one has any idea how to run an App Store. Even Apple's App Store is vastly inadequate to sell the gigantic number of apps available on it. Top N apps make out like bandits, everyone else is basically dying. It will always be power law, but IMO the tail could extend quite a bit further than it does today.
It's not clear who or what it serves right now. It stands to reason (from simple arithmetic) that the more money developers make the more money Apple will make as well. They do make billions off that store. Making more money means surfacing more apps to more users, adapting to user preferences, employing prediction, etc. Apple doesn't seem to be doing much (if any) of that.
I'm the same "Galactoise" quoted in the original story. I'm really happy to see the conversation that cropped up here, about the lack of value around trying to certify a mutable black box, and hopefully the power of HN is enough to get some action from the Alexa team.
It's pretty long, but the tldr is as follows:
We're all worked up about this idea of having to build switches into our code to meet arbitrary certification guidelines, only to turn them off the moment we are live in prod. It's worth noting, though, that Amazon pulls these sort of antics (bait-n-switches) on us regularly and without remorse, and that there's really no way we can even know it happened. This is arguably even more destructive to the quality of our products than trying to build for a set of capricious guidelines.
>However, the Amazon system is so broken that it potentially offers a fix for itself. When the Certification Team rejects your app, you don’t need to change the app. You do not need to respond to their requests. You do not need to make any of the changes that they demand. Since a new person reviews each submission, and since there is no limit on submissions, one way to get through the certification process is to simply roll the dice and spam the certification team. Submit an app 10 times, or 20 times, or 30 times. At some point you will probably get lucky, and someone will approve your app.
Amazon has clearly put a lot of thought into how this is going to work.
They also have no idea how to run a video streaming service; or they think they do, and just don't know how much it sucks. They also have started sucking in buying things, with things like "pantry" which require you to buy a box for $5 so you can get things like soap.
I canceled my prime and have been buying things from stores. I buy my videos (ala DVD) so I can watch them when i want and not be worried about them getting pulled by disney from the "prime" section and being forced to buy it.
Honestly, the only thing I have any respect for is AWS. But even that is severely lacking in polish in clarity, and it's almost a full time job trying to keep up with their additions and changes.
> They also have started sucking in buying things, with things like "pantry" which require you to buy a box for $5 so you can get things like soap.
Delivering batches of household goods of arbitrary size profitably is a hard problem that no one has figured out. Everyone is fiddling with business models trying to make it work.
I think at the end of the day shipping is expensive and trying to hide that from customers without incentivizing profit-negative transactions is nigh impossible.
Things will probably change when we have droids roaming the sidewalks, but until then these strange charges are going to keep popping up.
Delivering batches of household goods of arbitrary size profitably is a hard problem that no one has figured out.
Wait, wait, I think I've figured it out. Raise the price. Repeat until either the transaction is sufficiently profitable, or the customers go away.
That will work better for everyone than what Amazon has started to do lately, which is prevent you from buying certain items at any price until your order exceeds $25.
Basically, Amazon has started to tell their customers "No." That's new, and I agree with the other posters who call it a bearish sign.
I can only speak for myself. Seriously, are people actually defending Amazon's add-on items? I'd love to hear more about the business rationale, no snark intended.
The 'app store' is the adulterated form of the Linux package repository. No shock that when you remove community management, accountability, openness, verifiability and add in monetization things get shittier.
Exactly. I can understand uninformed consumers accepting this kind of bullshit because they don't realize it could be so much better. But it boggles my mind that people who have used a real package manager will put up with the exploitative, arbitrary, restrictive app store nonsense and put down real money for copies of software.
So much work in the phone ecosystem goes into trying to tame the beast of closed-source, untrusted, adversarial code trying to show ads, track the user, sell them in-app purchases, and so on. These are all unnecessary complications that a fully open-source phone ecosystem (with no app store, but a real open software ecosystem like Linux) would solve.
The NeXT Computer and the NeXTSTEP operating system was the platform used for creating the first App Store, originally demonstrated to Steve Jobs in 1993.
Yes, the bundle thing is also true. I found the bit about app stores while I was trying to find a year.
No screenshots. I just remembered that the bundle thing was something I was excited about wrt Next at the time. And booting from Cdrom, and display postscript. I wanted one so badly but by the time I had money they were very obsolete.
I only know really know about it from memory and even then it's from reading PC-World, not direct experience.
The Bundle was one of those great ideas for users that got kicked in the nuts by Copy Protection methods until signing and activation was bult into the OS proper.
Yeah, I get what you're saying about bundles, and I think they're a great idea, I just want to see if you have anything about what you said re: a place to buy bundles online.
Interesting timing: I just got an e-mail for a (free) app that I purchased in the Amazon app store. Only problem, I have never visited the Amazon app store. The Amazon rep on the live chat explains to me that this is because someone entered their e-mail address incorrectly when making a purchase. How does that make sense? Shouldn't you need to be signed in to your Amazon account (or some other account) to make an app purchase? It actually makes you type in your confirmation e-mail address manually? Can someone with experience in their app store comment? That seems like a brutal design decision...
I have an echo. I like it, but the skills store is awful for the consumer too. Too many silly apps (like the current #1 listing a fart app referenced below), and the app features a skills list, but no categorization, no option to filter apps by stars so unknown gems can be discovered, no stats on installs, no rating distribution graphs. All very strange.
Worse still, there's no standard vocabulary to interact with skills and the flexibility of the wording depends on the developer. You need to mention the app, which can have weird long names (e.g. Agog Reader) or near-duplicate names (e.g. three bitcoin apps).
All-in-all, the skills feature (and the skills store) feels like an after-thought.
> All-in-all, the skills feature (and the skills store) feels like an after-thought.
Joseph Jaquinta expressed a similar sentiment when he wrote:
"Amazon's traditional areas (everything on AWS) follows a different model. They are more like a utility. Minimal engagement. No direct support. They provide a service. You take it or leave it. While this I think is a workable approach for a wide audience in a mature area, I do not think it is a wise approach for Alexa. But, that's if they give a hoot about 3rd party developers and think they are going to add any significant value to their platform. We don't know if this is so, because they won't say."
"There’s no public tracker for tickets. Features and suggestions go off into the void, and you’re left guessing if they are ever going to happen. Releases come infrequently and unannounced. There’s no product roadmap. No indication of what’s coming up. Nothing to create a development plan against. There’s no bidirectional collaboration with the community. The closest any developer gets to the team is during skill certification. And, even then, names are hidden and you only get anonymous mails from the “Alexa Skills Team”."
Other than the operational issues, like not have a good way to contact amazon, this reminds me of a 900-number system we ran at MCI.
When you registered for a 900-number, you had to submit a script along with it. MCI would try to limit the possibility that you'd use it for some nefarious purpose, all CYA. They had a team (probably one person) that audited the numbers periodically. That didn't stop people re-using the numbers for bogus financial services and adult things.
We went through the same thing a couple years ago with an SMS short code. Had to submit a script (despite it being dynamically driven), set a max number of messages per month (despite it being user-initiated), etc.
The real kicker is we once got a massive nastygram from Verizon threatening us with shutdown - they claimed we were sending porn spam messages via the number. After quite some time auditing our entire stack we got a "our bad, one of our techs had malware on their Android phone" email.
I think the whole approval process is just a ToS legal scheme of "we did our part, so we can go after you and blame you if something happened." I don't know if will ever scan your URL for any intelligent malicious misuse but it may. If someone can explain exactly how "skill" works with Alexa... sounds like some kind of Pipe / IFTT kind of service.
The amazon music application is also one of the most appalling software too, it is messy, it keeps flashing, there doesn't seem to be any logic in how the screens are organised, it's impossible to know where you are or how to go back to one place. I love amazon, I buy half of my music on amazon music, but downloading the music is an unnecessary painful step.
Also they need to improve the quality of the samples vs itunes. When you buy a rock song, there is usually is only one recording of that song. But if you buy classical music there will be many recordings with very different qualities. With the quality of the samples available now, it's almost impossible to tell if a recoding will be of a good quality or not. Itunes has much better quality.
I've had a good experience with the web app [1]. It's a surprisingly well designed piece of software compared to it's competitors (e.g. Spotify or Pandora). The library could definitely use better curation though.
Follow-up, this post getting love on HN seems to have helped us get their attention. We had a conference call with them where we were able to work through a lot of the issues we were facing:
The post-approval switcheroo is similar to the Office/SharePoint app stores - really all the 'app' is is a delegation of permission. If your app can change and operate within the permission you're initially granted during 'installation,' you can really do anything you'd like in the actual application itself. A rather large hole.
Maybe they should add support for the certification process. They could price this in nano-seconds using utc time based on the region of the developer (except u.s east virginia). If you are rejected you could get max-support integration (4 pico dollars a parsec) to resubmit.
Overall, amazon's coherent pricing strategy and simplicity make it a pleasure to work with
From a practical standpoint, why would you not try to pass the certification process first with a bare-bones, minimally viable service designed specifically to pass certification? Then iterate on top once it is in.
The Firefox Marketplace does the exact same thing. One simply submits a URL, it gets approved, then becomes available. Any changes made afterwards go unnoticed by moderators.
For FirefoxOS "hosted" apps this is true, but they also don't have access to any significant APIs. Only "packaged" apps do.
This is also not true for add-ons (for desktop/mobile or FirefoxOS), these are packaged as zip files and can't be arbitrarily changed.
However, there is the problem however of the app or add-on downloading and running code from the internet unchecked, which is probably intractable to do in an automated way (at least for the current APIs exposed, and for a dynamic language like JS), manual review is required.
Mozilla requires manual review, and Apple disallows interpreters. I'm not sure what if anything Google does about this problem for Android.
This article gave me an enormous sense of deja vu, as a former Amazon employee. I managed the QA of user-submitted media for a service run by one of its subsidiaries, and the requirements for this service, too, were unreasonable and communicated very poorly.
Somehow, Amazon's "working backwards" principle always fails when it comes to establishing reasonable procedures, SLAs, and solid documentation.
The solution is to not try to verify the content of a rest service.
There is a lot of good that Amazon can do with their certification process - things like helping a developer figure out appropriate example phrases, or making sure that all of the appropriate fields are filled in (like providing a thumbnail for the appstore, etc).
Their weird pedantism about an arbitrary set of rules, however, serves only to scare off those of us who are actually interested in advancing the default user experience. Out of the box experimentation is frowned upon, and the result is that they're basically handing the ecosystem to the shovelware creators.
Actual title: Amazon has absolutely no idea how to run an app store
Why did the title change? It used to be the same as the original article, but now it's been needlessly editorialized to be kinder to amazon. Seriously? What the fuck. That's not HN's job, and is a disservice to the article, and the community.
The weird thing about the title change is that the new one isn't even true - they've been running the Kindle app store for quite a while...
The user "dang" posted further down in the comments saying that he changed it because the title was "over the top", which didn't seem like a good reason to me (but then again, I'm not a moderator). I can understand the desire to avoid sensationalism, especially if the belief is that this anger over third party Alexa skills is only about the problem in the article. In reality, though, this is just one of many issues that currently has the community up in arms, so I don't think the original title was as hyperbolic as they believed...
Yeah, they definitely changed the title to be less accurate. This new title is not only objectively worse, but pretty fucking cringeworthy in supplying an excuse to the company for no apparent reason. (And not even a true excuse!) Amazon can't stick up for themselves? The funny thing is that it's not like the original title is "sensationalist". Criticism is not the same thing as sensationalism.
To whoever changed the title of this: I hope Amazon is paying you a lot of money (under the theory that it's somehow better to be willfully corrupt than just stupid).
The HN Guidelines [1] state that submissions "should use the original title, unless it is misleading or linkbait." While I am sure the emotions of the developers affected by this are legitimate and strong, the original title borders pretty heavily on linkbait; though I appreciate there is some debate there.
HN may strive to provide intellectually superior content, but that doesn't make me any less susceptible to linkbait.
For one, I appreciate some effort to prevent the front page of HN from devolving into 30 completely unedited, but completely unhelpful titles. If I wanted that, I would just read ads.
IMO, "these people don't know what they're doing" isn't linkbait, it's a very specific criticism that the people in charge of the app store are either naive or incompetent. You could complain that's a pretty harsh take, but the truth of the statement has nothing to do with the harshness of it, it lies in the evidence they provide. You can even test it! Do they make good decisions or poor decisions?
I think there's a lot more "editorializing" going on by inserting an implicit excuse into the title, that wasn't asked for and wasn't needed.
I think it is precisely that harshness that pushes the original title towards linkbait. Again, I'm not questioning the legitimacy of the involved developers' emotions.
The point of a linkbait title is to elicit an emotional response that is disproportionately strong compared to that of the actual content. As such, they are worded strongly.
I agree that "relatively new" was a bad emendation. I probably just would have removed "absolutely" from the original title and left it at that.
I've always believed that "linkbait" is a MIDLEADING title or one that omits key information only to force you to click on an otherwise uninteresting title.
Linkbait: "You won't believe the disgusting thing this A-list star did in public!"
Non-linkbait version: "Tom Cruise accidentally stepped in dog poo."
The first is linkbait because it teases you to learn who the star is and what was the disgusting act (which was actually quite boring).
--
Linkbait: "This company sucks at app stores!"
Non-linkbait: "Amazon sucks at app stores!"
The first is linkbait because it forces you to click to learn which company it's talking about. It would most likely make the reader think it's about Apple, or maybe Google Play Store, both of which are probably more interesting than Amazon's store. The second title is NOT linkbait because even though it's inflammatory, it conveys enough information to let the reader decide whether it's worth a click. The reader immediately knows:
* It's about Amazon app store.
* It's going to be very negative.
If the HN reader is interested in how Amazon's app store is doing and how users are reacting, then it will stand out as a link worth clicking. If the HN reader doesn't care for an opinion about amazon's store, or doesn't want to read a strongly-worded one, they'll pass. There was no baiting at all.
---
I argue that the editorializing of the article created MORE of a problem, because it wiped away an important piece of information for HN readers: that this is a strongly-worded negative review. The edited title ("Amazon is relatively new..") conveys no information about the article. Frankly, it now sounds like a very dumb article.
Why is eliciting an emotional response bad? Sure, emotion devoid of anything else is just rage, but in this case the irritation the developers had was an important part of the story.
Removing emotional context doesn't make a story more "objective". If someone wrote a story like "russia invades china", and the story got edited to "russia parks some tanks in the capital of china", clearly even though both stories are "accurate", the second one has actually lost information.
Emotion is great. I want to understand other people's emotions, which means titles should express them if they are present. It's for precisely that reason that I appreciate tamping down "over the top" linkbait, if that's what this is.
Understanding others' emotions gets hard if everything is a life-threatening emergency†. It's like watching CNN during their worst years: every possible event got a "BREAKING NEWS" banner. It made it hard to stratify emergencies. If every title devolves into "THE INTERNET IS ABOUT TO EXPLODE because git just went to v2.8" HN would become useless to read.
† I'm not saying that's what this article is doing, just making an example.
who really "knows what they're doing" and made a software program they did not have to iterate on later? The problems with Xcode hurts me far worse than a hacky, easy submission process.
It's more an opinion than linkbait; an opinion which gets tossed by the way side because it is found to be disagreeable. Do authors have no say in what they call their piece?
linkbait is, at least to me, more along the lines of "you'll never believe what these developers made" and this post is nothing of the sort.
This is one of those squishy things that's hard to assess. For me, I would stop short of a title that would be unacceptable if you substituted a (private) person's name for the company/country/whatever mentioned. If it was "Susan has absolutely no idea how to ..." I would call it "over the top" myself, but I'm no moderator. The guidelines also discourage "gratuitous adjective[s]" in titles, of which "absolutely" applies.
> Do authors have no say in what they call their piece?
Absolutely. No one is asking smashcompany.com to change their title. But this isn't smashcompany.com either.
Calling something linkbait doesn't mean that that thing is factually incorrect, or even a bad title. It just means it's a superstimulus for off-topic debate. HN isn't a magazine; it's a forum. What the articles get labelled isn't about being accurate, or even evocative; it's about eliciting productive discussion.
Edit: Ok, since people feel so strongly about this, let's restore the original title minus the high-octane "absolutely". If I hadn't been in a rush earlier today I probably would have settled on that in the first place, but not every day can be a ponder these things deeply day.
Everyone should realize, though, that indignant denunciations are not in the spirit of this site and don't belong in titles here. They are a form of linkbait because, unfortunately, indignation always sells—mechanically and for reasons that have nothing to do with the intellectual curiosity that this site is supposed to be for. Upvotes due to indignation are reflexive; what we want HN to be is reflective. This isn't a matter of taste but of core values. To change that about HN would destroy it, so we're not going to.
It's reflexive because it's dealing with trust and the trust happens to be polarized due to the subject. We know the rules, but sometimes choose to break them when it matters. I think it's fine to call this out in the thread, for what it's worth.
I appreciate you for pondering on these things! Goodness knows I wouldn't want to moderate this place.
The submitted article and especially its title are both emotional to a fault and sensationalist. The arguments presented are backed up only by anecdote and cherry-picked comments from other people who have been rejected by Amazon. I've seen all this before. There's a reason why the article is scant on the details of the rejection. In the same way a rant about PayPal tends to exclude certain details that deflate the author's rage. His final paragraph is the icing on the cake. I'm glad to see the title change.
"There's a reason why the article is scant on the details of the rejection"
Did you click through the link to the page where the developers were discussing the certification process on the Amazon developer forum? This is the link the article above:
You say the final paragraph is the "icing on the cake". The final paragraph is a summary of what Joseph Jaquinta suggested in his longer post. The above linked blog post would be redundant if it simply copy-and-pasted everything that developers had written over at the Amazon developer forums. Like any blog post, it was written with the assumption that some people would click through the links to see the source material.
It's scant on the details of the rejection because it wasn't his skill that got rejected. His article is specifically about the uproar among the community at the terrible job they're doing.
As happenstance would have it, though, it was MY skill that got rejected that started the forum thread that he pulled quotes from. If you are actually interested in more details, I can provide them, but the point wasn't really about my specific rejection - it was that this has been an ongoing and growing pattern recently across the entire development community. These issues are well documented and individually enumerated (so as to not just be anecdotal, per your concern) on the Amazon developer forums, if that is what you're looking for.
Regardless, the title may be emotionally driven, but it is not sensationalist. They (the Alexa team) literally do not have a good understanding of how to run this app store. I think the context missing here is that we don't mean that in the sense of "we're angry because our opinion does not match Amazon's". We mean that in the sense that we (and every time I say "we" here I mean the Alexa developer community) has had to hand hold the Alexa team into doing even the most basic things just to get the skill "store" where it is now, because it has not been a focus of theirs.
It's apparently resonating with the HN audience. I've seen poorly presented material get flagged into null before, so why wouldn't that be the case for this article, if it t'were true?
I am _not_ glad to see the title change, as it goes against the stated rule of titles matching the title of the submitted content and is blatant editorializing that is supposedly verboten on HN. It's ridiculous and unwelcome from my perspective. Especially since it's a multi-billion dollar company involved who can certainly deal with some mild criticism.
Right now it's fashionable to dislike Amazon. Rants about Amazon are a formula for karma success right now. That's my guess as to why it hasn't been flagged to death. I wouldn't attribute a lack of flagging to legitimacy. HN isn't immune to BS.
That may be true, but to be clear, I love the things Amazon produces in general - I just take specific issue with this one team over the last couple months. I can't speak for the other two people cited in the story, but for my part I can say that I absolutely didn't start a rant in Amazon's developer community for the purpose of someone else blogging about it and getting karma on HN.
I'm more interested in the frankly absurd notion that there is this software giant who is supposedly super good at web services, yet is incapable of doing the simplest possible things to sustain its development community. It's an incredible dichotomy - the Mighty Amazon of Prime Now Shipping vs. the Meek Amazon of "How Do We Certify Like Apple?" - but it's one that needs to go away.
Good comment, never knew about this as a concept but I've definitely seen it play out. (and what an amusing source of origin!)
But you might be right. I've been on HN for 3+ years and i've never seen anything like this happen before. This is clearly an abuse of power and is not in any way an act on the behalf of the community.
dang is here as a moderator precisely "on behalf of the community." As in, he acts to facilitate productive discussion. You might disagree with his decision here, but I can't see any way in which he has different goals than you would want him to. At worst, he has made a mistake, and the backlash from it will make him not do it again. (At best, he is being "the hero we need" by attempting to stop a flamewar argument before it starts, even if that means taking the heat that that flamewar would have spawned entirely himself.)
You're talking about goals and motive; I don't know why. I took issue with the behavior, the specific act of editing the title, in a way that contrasts the actual articles title.
Because the GP comment was talking about HN "jumping the shark", and you were agreeing with them and adding that this was an "abuse of power"—both things suggesting that this action betokened bad things for HN going forward.
My point was that it doesn't, any more than a waiter asking after your mother's health when she's just died implies the restaurant is on a decline. That's not insensitive (therefore implying the restaurant is now hiring insensitive people); it's just a faux pas (therefore implying the restaurant is hiring regular ol' fallible humans.) The change to the article title here, likewise, was not an abuse; it was just an overly-hasty application of the regular HN guidelines—the thing dang does literally all day without anyone noticing when he's doing it well, done with slightly less care than usual.
dang is a regular person; regular people realize when they do things other people don't like, and then stop doing those things. Systems composed of regular people (i.e. not tyrants and sycophants) self-correct, rather than entering downward spirals. Not everything presages the end of an era. Most things, where conscientious people are involved, are just hiccups.
The first sentence of the article is, "Amazon is relatively new to the job of running an app store, and some of their mistakes are either hilarious or infuriating, depending on how much money you’ve lost trying to deal with them."
The decision to switch the submission title away from the article's actual title is unjustified. The decision to switch it to a selective edit of the article's first sentence is even worse.
There's nothing neutral about this -- the original title accurately described the posts content (IE: they were infuriated at amazon). The new title doesn't reflect that at all -- you could imagine all sorts of alternate ways the article could go. "Amazon is new to running app stores" could be a profile of how amazon has developed their app store, or it could be about the general challenges of companies starting an app store, etc. This new title is impressively vague as to what the article is actually about, it tells me nothing. The original title was obviously about some people that were very upset about amazon's policies. The outrage was an important part of the title! The point of the article is that people are upset. If you take that out, you're just obfuscating things.
The problem is that such titles routinely get upvotes, presumably because of some reflex they trigger in the brain. If we want to have a site that gratifies intellectual curiosity—which we do—we have no choice but to counteract them. That's a fundamental principle of this place.
I am sorry to say this contributes to the feeling that the HN rule about titles is entirely arbitrary. Most of the time the rule seems stupidly rigid and inflexible. After all, why can't developers highlight the aspect of the article that would be of most interest to the readership of HN? But then, suddenly, an exception is made, based on wholly subjective criteria. How do you define "over the top"? Have you tried to get an Alexa app certified? Do you understand how bad the situation is?
I'm in favor of flexibility regarding the titles, and if HN supported such flexibility, then your decision in this case would seem less arbitrary. But given the rigidness applied at other times, this seems like an odd exception.
I'll point out that the current title does not come close to expressing the level of frustration that developers are currently feeling regarding the Alexa app store. Shouldn't the title give some indication about the real conflict?
You don't understand what you are talking about. HN doesn't have a rule against blog posts with editorialized titles, instead, HN has a rule saying that the people who submit articles to HN can not editorialize the titles. Basically, the rule is that the title on HN should be exactly the same as the title of the blog post. Except here, Dang is breaking that rule. The initial title of this submission on HN was exactly the same as the blog post. But Dang is objecting to the title of the blog post. That is why Dang's actions seem arbitrary: Dang has decided to break HN's normal rules. And why? Because of a feeling that the blog post had a title that was "over the top".
Have you read the comment that Dang makes at the URL that you just posted? Dang says "Please don't editorialize the titles of stories you submit here." And yet, here Dang is editorializing the title of the story submitted here.
> You don't understand what you are talking about.
Please don't address a fellow user this way.
> Basically, the rule is that the title on HN should be exactly the same as the title of the blog post.
That's mistaken. The actual rule is to use the original title unless it is misleading or linkbait: https://news.ycombinator.com/newsguidelines.html. Had you known that, you'd have known that we were upholding the rule, not breaking it. It's standard practice, when a title breaks the HN guidelines, to replace it with neutral, representative language from the article.
Does that mean we get every edit right? Of course not, but if you're going to object, please do so on the basis of what the guidelines actually say.
The original title is correct in the literal sense - it is not an embellishment. There is ample evidence to support this assertion, and all of it is accessible in the Amazon Developer Forums. If you would like to make the claim that the OP is editorializing, the burden of proof is on you to show that Amazon does understand how to properly run this app store. Good luck with that, though.
this isn't OK. It's not HN's place to change the title because they disagree with it, or because it's harsh. If the original article changed the title, then there would be justification. But they didn't, so HN has no business injecting their editorialization into it.
Google Play does not have a "malware infestation". I have never once downloaded any malware, lookout has never detected any malware on my phone and I've never known anyone who has downloaded malware from Google Play. Anecdotal for sure, but given you said "infestation" you'd think I'd be crazy to download anything at all from Google Play. Absolute nonsense.
Actually, based in the stats I've seen in the past (I can go hunting for them if needed), you would be crazy to download "anything at all" from the Play store, in the sense that the probability of a randomly-selected app harboring malware or privacy-invading practices is much higher than in the Apple App Store. But this is also like saying that you'd be insane to follow a random URL from your inbox; any random link is probably a phishing site or spam Viagra store, but you are unlikely to select one of those URLs by intent. Likewise, the vast majority of dangerous Android apps aren't ever going to appear on your radar, but that doesn't mean they aren't out there, just that they're poorly-targeted. (The Windows store, by contrast, was at one point full of questionable apps impersonating major brands, which is a much more obvious threat model.)
> Google Play does not have a "malware infestation". I have never once downloaded any malware, lookout has never detected any malware on my phone and I've never known anyone who has downloaded malware from Google Play.
Seriously, what is the point of saying that? There are lots of articles about the problem, but you stick to your own experiences then!
Edit: I wonder what smut the down voters have been downloading that may have given them the malwares. Reputable apps are fine. And there's no infestation. Just stahp.
Malware-containing apps have millions of downloads, and there are/were thousands of them. One might argue if that is an "infestation", given the much larger number of apps in the store, but it also isn't something that has only happened once or twice.
And when it comes to e.g. games there isn't much of reputation information outside a very small set of hits. No need to download "smut".
You can google and read about lots of frustrated developers trying to get their app into the App Store. Nebulous responses from Apple, no response from Apple, rediculous response from Apple. It's all out there.
Well lets see... You have to pay $99 a year, you need an apple computer to add an app to their store, it takes weeks or months to add an app, and I'm sure there's more.
"And this is where we run into the first bit of craziness. Amazon decided that they should model the Alexa app store after the iPhone app store. So there is a certification process to get your app into the store. But think about the difference: you are not uploading a binary file to the Alexa app store, you are simply registering an URL. So Amazon has no real control over your software. You could get an app approved, and then you could swap out the app for any other app, and the Certification team at Amazon would never know. They don’t control your code. Your code is not in their store, so they have no control over what you do. And yet they modeled this process after the iPhone store, where Apple does have control over your app."
But that doesn't get at how crazily broken the certification system. You have to read the quotes from the other developers to understand that.