iOS generally lets you reject any permission an app asks for. This would certainly be "risky" enough that iOS would require explicit user permission, and you would be able to say no.
On top of that, the app is completely optional: if you aren't comfortable giving it those permissions, don't install it?
> you can actually learn a LOT by being given the answer, if you actually care to learn.
Even if you "actually care to learn", this is a huge mental shortcut and you're deceiving yourself if you think deep learning is happening from looking at the answer.
On top of that, the pressures to just finish the coursework and move on to your other homework due tomorrow seems pretty high. Your suggestion means we're no longer coddling/shielding students, but we also aren't actively helping them, are we?
Not from simply looking at the answer. From knowing the answer and reverse-engineering or understanding how to arrive at that answer in the first place. It's not always the best way of learning, but it definitely is a great way to learn if you care to actually understand why it is the answer and how you would have arrived at it.
> Your suggestion means we're no longer coddling/shielding students, but we also aren't actively helping them, are we?
My suggestion is just the former, it doesn't imply the latter.
- the way the wood looks and feels.
- it has been fairly tough. I managed to stain it with an overnight pen leak, but it's mostly easy to clean, and stands up to minor impacts from computers and cups. Also, no water marks so far.
I dislike:
- the curved front, which looked cute in the pictures but makes it a PITA to fit a keyboard tray. That was a mistake. I wish I'd gone for the straight edged desk.
SELinux will stop any process in android from loading kernel modules, that’s not allowed. The android permission model as a whole is ultimately backed by SELinux.
Locking down a desktop OS to modern standards really requires what Apple did with macOS, which requires a degree of central coordination that's beyond the Linux community. It mandates huge changes in almost every area of the OS stack, and all apps have to be sandboxed by default out of the box.
Developers don't like mandatory sandboxing. It has to be forced on them. So you can see the difficulty of doing it in the open source community, which has for decades now had the worst security of any desktop OS platform (even Windows is better).
To solve the issue from the source, you need to enforce security through means like mandatory access control. The problem is that existing desktop and server systems are too mature for that to be practical, you'll have to rework almost everything and users will certainly reject it violently due to the breakages.
Apple have shown it can be done with macOS. Not only is every app sandboxed in a usefully robust way (even ones distributed outside the app store) but this has been done in a way smooth enough that users didn't revolt.
Not sure what specifically they're referring to, but Android (and iOS) add a lot of sandboxing to ensure that each application can only access its own files, can't access hardware willy-nilly (bluetooth, scanning wifi, etc), can only link against certain libraries, etc.
Imagine if Linux only let you run stuff from Flatpak, and if stuff didn't work in Flatpak then too bad for you. Most Linux users would hate it and it would be a mess a lot of the time, so, for user experience (UX) reasons, they don't do it. Android can get away with it because that's been the app paradigm for decades now.
I don’t think that’s necessarily the case. Exposure and discovery aren’t that tightly correlated. Maybe there’s a small effect, but I think it is outweighed by the fact that blast radius and spread is reduced while buying time for discovery.
As a rule, I commit the input to the code generation tool, i.e., what the GPL refers to as "the preferred form of the work for making modifications to it", generate as part of the build process, and, where possible, try to avoid code generation tools designed around the assumption that its output will be maintained rather than regenerated from modified input.
As for LLM code assistants, I don't really view them as traditional code generation tools in the first place, as in practice they more resemble something in between autocomplete and delegating to a junior programmer.
As for attribution, I view it more or less the same way as "dictated but not read" in written correspondance, i.e., an disclaimer for errors in the code, which may be considered rude in some contexts, and a perfectly acceptable and useful annotation in others.
They may want proof that you, the human filling out this form, are authorized to publish apps, communications, etc. as the company you say you represent.
How does a passport solve that? Most small private companies are entirely opaque. A government ID doesn't help you determine authorization. It won't even help you determine ownership since anyone doing things sensibly will be using a registered agent to hold the company on his behalf.
The correct approach here (AFAIK) is to punt the trust decision to the bank by requiring payment with a method that you can confidently trace to the company.
Yeah I would imagine that the value the get out of a passport is not anything to do with validating a company (they’re cheap and easy to make anyway) but validating the person (which is not a throwaway entity)
However that invites those bad scenarios where someone gets blacklisted by BigTech in some manner, later gets hired by a small business, the new employer adds an association to the blacklisted account, and suddenly the company app is banned from the app store seemingly without reason. At least a few such stories have appeared on HN over the years.
I feel like pay to play ought to be sufficient because in addition to being a barrier to entry it also provides funds for moderation efforts.
There are better ways to do it but Google has long demonstrated they’re not primarily concerned with accuracy or user experience, but instead, whichever solution can be automated and effective.
>suddenly the company app is banned from the app store seemingly without reason. At least a few such stories have appeared on HN over the years.
Which is not that unreasonable even. If a person is flagged for making scam apps, them having publishing rights in a reputable place makes taints the reputation of such place.
You should be able to appeal of course and the oauth should not be towards google in the first place, but being associated with known fraudsters and scammers is not what you want.
That seems at odds with how our society is structured. We treat employees as interchangeable cogs. If someone commits a crime they are tried but their family, friends, and coworkers are not. Guilt by association without any act having been committed seems wholly incompatible with both our principles and common practices.
It's even more nefarious when it comes to BigTech because you can be blacklisted without having committed any actual crime and without anything resembling a trial.
Individual accounts and employee accounts are conceptually distinct. Permitting anything less gives large companies free reign to run roughshod over the individual by unilaterally depriving him of his livelihood.
> If someone commits a crime they are tried but their family, friends, and coworkers are not. Guilt by association without any act having been committed seems wholly incompatible with both our principles and common practices.
This is no longer the case, see the example of Hüseyin Dogru, a journalist who faces political EU sanctions (no trial) and now cannot transact with EU citizens or travel. Authorities have now siezed the bank account of his wife and are treating her as if she is sanctioned, even though she is not, so their family is now broke and cannot even pay for food. Because they are not allowed to travel they cannot return to Switzerland.
This kind of blacklisting also comes up in non-sanctioned contexts with de-banking and political de-platforming based on government pressure. The world is headed to a very dark place.
>It's even more nefarious when it comes to BigTech because you can be blacklisted without having committed any actual crime and without anything resembling a trial.
Crime is not the only thing that exists in a law. One can work in a regulated profession and lose a license for not adhering to the rules. Such person can in theory go and do something that doesn't affect the society negatively and this isn't exactly a punishment for a crime. Now if someone employs such person again after they lost their license, that new employer maybe be sanctioned as well. All of that usually comes with some kind of appeal mechanism.
My government ID card expired and I was too lazy to renew it but I had my passport at hand so why not?
BTW both the id card and the passport have cryptographic authentication and you are able to open a bank account or use govt services completely online by scanning it with the phone Rfid . They could have make me scan that, scan my face and be done with the identity verification. My identity is already verified and tied to my company the same way and also
listed in the companies registry which means they could have had skipped all the other company verification stuff too.
That all makes perfect sense but consider that if they simply punted to the bank as I described they would still get the same benefits only with even less complexity. The bank fundamentally has to do robust identity verification. Any party that needs to handle payments while also lacking a reason to be good at performing in house identify verification really ought to make use of the bank because you are highly unlikely to be better at it than they are.
The entire cumbersome process you describe can be viewed as Google doing a significantly worse job of verifying your identity than the bank would have.
As an aside, I suspect that leaving it to the bank would also provide additional legal protection. Specifically anyone attempting deception will most likely be forced to commit fraud against the bank which will probably be taken much more seriously than otherwise.
I agree, in Europe(EU, UK, Turkey and other countries) banks are considered perfect for proof of ID. In UK a bank statement is as good as an ID, in Turkey for example, you can sign in into the government portal through your online banking and it is considered higher level secure authentication and you can take high risk actions(like signing legally binding contracts) that you can't do by signing in just with password and 2FA.
The bank has to perform the authorization and identity checks, but the bank will not make them for you, they do them for themselves based on their own risk analysis. The scope of authorization could also be different based on who it's presented to.
The authorization is not transitive so to say.
>As an aside, I suspect that leaving it to the bank would also provide additional legal protection
If it would, they will have to pay the bank for it and the bank should also be willing to accept the liability (spoiler alert -- the will not be willing to accept the liability)
That's all fine, they can want their wants, but then, once the bad cop writes them strongly worded letter and they start throwing tantrums over "regulation".
> The bank has to perform the authorization and identity checks, but the bank will not make them for you
We aren't talking about authorization, only about identity verification. I'm no domain expert but it is my understanding that banks provide these sorts of services. They certainly already have all the necessary information on hand both for practical reasons (security) as well as legal (KYC and AML laws).
> If it would, they will have to pay the bank for it ...
For the identity verification? Probably, depending on how you went about it. What's the issue? This is already a paid process we're talking about here.
For the additional legal assurance that I described? No, that doesn't cost extra. Please read what I wrote more carefully. It's a transitive property due to the penalties involved in addition to the degree to which the legal system and the bank care (at least assuming my understanding of that legal environment is correct).
From the point of view of the bank the problem is usually defined as
"how do we asses a complex situation where identity of the person X is one of the signals (but maybe not the strongest one) with enough certainty to balance a probability Y of bad something happening that will cost us Z and still make money"
Most of the time Y and Z are defined because the other department said so and we trust our colleagues, dus the answer is computable (somebody somewhere has it open in a spreadsheet right now).
If you add a transitive property to the system, then, unless there is some regulatory magic that caps the possible value space of Y and Z, the answer is (by default) no.
On top of that, the app is completely optional: if you aren't comfortable giving it those permissions, don't install it?
reply