We've had to go through this process for the app I have, and it definitely was cumbersome and makes the process a huge pain. Fortunately, after a while Google often lets you switch to a Tier 1 assessment, which involves using various tools to analyze your code and make improvements without shelling out a ton of money.
At the same time, Google is in a tough spot here. The files and documents in your Google Drive (or Gmail) are incredibly sensitive. One possible solution is using the https://www.googleapis.com/auth/drive.file OAuth scope, which only lets you access files a user has explicitly shared with the app. I'm curious if iA Writer has limitations that makes this a bad user experience, but from a user security point of view, I can see why I want the apps that get to see my whole Google Drive audited too.
As a user of Google drive, I’m so glad it works like this. I have a ton of random apps that store stuff in my drive that I don’t fully trust, and it’s very reassuring that they only have permission to read the files that they created.
I’m certain that if the full drive access was easy to get, they would all use that as the path of least resistance. And some of those apps would be sucking all of my data out to some random server.
I'm very sympathetic to that approach. But I think it has to be tempered at least a little bit with reputation. iA has been making Writer for 12 years now and it's always been a premium, highly user-respecting app. If they can't get through that bureaucracy, it probably can't be done.
Granted, past performance doesn't mean they'll be perfect forever. It's not a guarantee. It should carry some weight, though. I can't think of many devs I'd trust with my data as much as iA. Omni Group, I guess. Agile Tortoise. There's a set of devs who stake their business on their sterling reputations. It should be possible for that gang to at least contact a human to answer their questions.
It's not clear why they even need full access to users drives without the users input. Drive offers plenty of apis that let you store and access files that don't require these hoops. There is no security audit required if you pick the scope that only lets you open files the app created. You can also let the user use the OS file picker to open any file.
I get that it's a pain for them to rewrite the integration to use these new scopes, but it's ultimately a huge win that this free for all access has been locked down.
It feels like a situation where we just need laws to make it illegal to do a data grab like this and apps in country's without those laws should get the scrutiny.
I think a random phone app WOULD do that because there are no repercussions for doing so. Facebook, LinkedIn, and then late comers ruined the phone ecosystem by doing all the shady things they did when you wanted to do one simple useful thing. I should be able to grant contact information to an app so that it can connect me with my friends on the service. I should not have to worry about all of my contact information being harvested for spam and sold to anyone the company thinks they can make a buck from.
But I also can't imagine using a program on my computer that was prevented from having full access to my file system if I wanted it to have it. MacOS slowly killing the system is making me considering switching to a different OS for the first time in over a decade
It already is illegal to write malware that steals your files. But software is global. Anon individuals in shitty countries don't care about your countries privacy laws.
So we get both privacy laws, and technical restrictions that put the user in control of their files.
Yup. And it needs to be something that has to be done regularly, either every time the app updates or on a fixed schedule. Otherwise you would get a similar ecosystem that happened with some browser extensions, where a benign developer goes, writes an useful app, gets the permissions for that and a user base, then some shady company comes and acquires the app and updates it to use the permission to suck up all data.
Sure it's an annoying process for developers, but Google has to think of the user privacy when creating the policies around these kind of permissions.
This is a bit of an unusual choice, but I recently was trying to use Webflow, and its videos are both highly informative and funny! Engineers often thumb their noses at videos, but they really show how to do it well:
OpenLLM in comparison focuses more on building LLM apps for production. For example, the integration with LangChain + BentoML makes it easy to run multiple LLMs in parallel across multiple GPUs/Nodes, or chain LLMs with other type of AI/ML models, and deploy the entire pipeline on Kubernete (via Yatai or BentoCloud).
Just to be clear, the "capital" here is not really money, but instead, machines and equipment. Think a car company (e.g., Tesla) buying a used car factory (i.e. the NUMMI plant [1]) or a biotech company buying equipment cast off from Genentech or Pfizer.
> To document the interaction between firm and machine age, we lean on 1.56 million transactions covering 70,000 models of machines. Across a wide range of industries and equipment types, young firms acquire older capital, whereas older firms are more likely to buy new capital
This seems to line up with what I've heard from friends in biotech and mechanical companies. One friend lamented that "at Apple, we had the best of everything: suppliers, equipment, machinery. Here, we make do with what we've got and find creative ways to work with them." Similarly, on the YC forums, we often see used lab equipment listed for sale, and there are whole industries around this.
Pretty neat! Definitely a part of the startup or industry network effect I haven't thought of before. I wonder what other examples of startups working with super-janky second-hand machinery are out there.
I'm sad to see all the hate this article's getting in the comments, but also can't say I expected anything else.
Most of the hate I'm seeing here is focused around work-life balance, but even the author acknowledges that "I don’t think people should cry or feel like impostors or skip their vacations regularly." There's so much more here! Kudos to Brie too for really putting herself out there like this.
Taking apart what the article mentions, the fulfillment she felt at work came from:
- A sense of shared mission: of the mission statement, "it was a little abstract, but we believed in it enough to recite it with pride"
- Being pushed to do better: "My work was meticulously but warmly critiqued by my peers and leaders alike, and my work got better and better because of it"
- A community and culture: "It felt like magic, but there was deep thought, care, and intention behind everything. I had a tingly feeling that I was part of an organization that had cracked something about creating a great culture"
Forget work -- think about a side project, a hobby, a sport -- anything that you've applied yourself to. Does it feel good to hold yourself to a high standard, in the company of other peers who are into the same things?
That sounds like something we can all get behind!
Stripe may not have been perfect, but let's not throw the baby out with the bathwater here.
> "it was a little abstract, but we believed in it enough to recite it with pride"
I have worked for companies that had a mission I believed in, although from my position I was far from moving the needle in any direction.
Maybe that gave me an extra kick at times; maybe I stayed up late a few times without complaining because it was necessary to finish off some crucial work.
But rest assured that I have never proudly recited a shared mission statement written by someone (the "company"-- its executives and vice presidents and so on) who would have no hesitation to let me go--with great sadness--because there are hard times coming. "But," they would say, "it has been great working with you, we wish you the very best."
Everyone is focused on work-life balance because so much of the article praises the idea that dedicating your life to work is what makes companies "incredible sources of community and self-actualization."
Imagine you are a young adult with a young child, and your partner also works. How is any of the following tenable?
"Everyone stayed for dinner every night [..] there was no way I was going home before my neighbor was."
What about a family?
"my manager asked me to reconsider the vacation I had been planning because my team needed me. “If you go, who will cover your work?” I looked around at my colleagues who were also regularly working 15-hour days and decided to stay put."
What about your family? What about your colleagues' families?
"Call me masochistic, but I have to admit that it felt good to care about anything that much."
But this only works if you don't have other pursuits in life that you care about that much.
"But I am still nostalgic for a time when the gravitational pull of work was strong. For me and everyone around me."
As a husband and a father, as a manager, I want to create a place that allows people to do their best work, and then go home and give their best to their families without feeling pulled constantly back to work.
"It’s more about missing that universal agreement that it’s really, really cool to devote yourself fully to your work."
10 years from now most of us are not going to be working for the same company. 10 years from now most of my kids will be grown and I'll have lost the opportunity to invest in their lives and our relationship. I'm devoted to my work, but not at the expense of my wife who I promised to share my life with, or my children who I literally brought into this world. If I'm not there for them, present in their lives, who will be? I want to build that community. I want children who take to me when I'm older. I want a family that shares values. That only happens if I surge enough time with them, over time, to know what they value, to show what I value, to grow together as they change.
How many of those coworkers will we be sharing and creating close community with ten years from now? Are we really building a lasting community around this mission?
You say:
Forget work -- think about a side project, a hobby, a sport -- anything that you've applied yourself to.
And I agree with you about the value of having a performance oriented community focused on a meaningful mission,
but if we work the way the author is advocating through her examples we won't have time/energy to apply yourself to any other pursuit.
Life insurance is actually surprisingly common a perk; I remember even Stripe had it! I guess it's nice to know that your employees' family will be well provided for regardless of their original financial situation.
Maybe this is a healthy dose of paternalism? I feel like there would be more people who regret not buying life insurance in this case than people who regretted the minimal $250 outlay
Let's be real, it isn't a perk, it is a marketable asset for insurance companies to make more money.
A lot of dental insurance falls under a similar category. It is often more expensive to pay for the insurance than it is to pay out of pocket. But then you wonder about what happens if something really bad occurs? Well, a lot of the dental insurance policies (especially for smaller companies) have yearly maximum limits. You're still paying out of pocket.
A lot of small business dental plans cost the company nothing extra to offer to employees because the cost is passed onto the employee directly. It is an optional 'perk' that is offered by the insurance company, but it is almost worthless in value. A lot of employees don't do the math and just tack on the extra monthly fee. But, if you do the math on them, it often doesn't work out to opt into that perk, even in an emergency case.
Correct, larger plans get it factored into the overall costs and hidden from you. When my company grew in size and we switched plans, suddenly I got dental as well for free (I had previously denied it cause I did the math). It may not even be something your employer pays for as it might be a perk added in by the insurance company. Depending on what the coverage actually is, it still may or may not be worth it. Hard to say... it is all so nebulous and poorly defined.
> For example, the platform draws on historical support tickets and even Reddit activity to anticipate future volumes of customer requests (by queue, channel, and site).
Wow, do companies now use Reddit for support? I'm curious how exactly Reddit comes into the customer support volume estimation process
> If the employer is a good one, they want the contract to be fair, and if the contract is unfair it's probably by accident.
This definitely sounds about right -- I'm pretty sure most places I worked and most other Y Combinator companies in my batch just took the standard forms from somewhere (e.g., the Orrick forms library) and used them, without thinking too much about the terms. [1]
If there's something in the terms that actually seem objectionable, it's likely the hiring manager, recruiter, and other people in your recruiting process have never thought about it either. By pointing it out, you're often educating them too on what the offer letter says, and providing valuable feedback for the recruiting process.
Also, good contracts are difficult to write. There are templates for most contract types but it can take a while to work out the kinks. IP clauses around open source, for example, are incredibly hard to get right. We've had multiple iterations on this topic at my company.
Yeah, that's pretty much it -- usually nobody stress-tested this before they just sent it out in a rush to employee #1, who's probably a referral anyways
This 100%. In travel, we see Google constantly tweaking its algorithms, and compared to Bing, Google surfaces a ton more small, well-written travel blogs [1]
Not only that, Paul and Michael have seen plenty of startups, and at least in recent memory, the number of vertical search and consumer startups that Y Combinator has funded hasn't been that high
As a consumer startup, I know this issue firsthand. Paul and Michael assume that if you build a better product, they will come! That's simply not true these days.
Instead, you need to:
- Build a better product
- Option 1: Figure out a channel with enough growth on an existing platform. This likely means you're doing SEO for your new search engine
- Option 2: Get your customer lifetime value high enough so you can pay for ads. This is tough, since it's a bit of a chicken and the egg problem since most search engines are monetized with ads
As the founder of Wanderlog (YC W19; https://wanderlog.com), a consumer vacation planning app [1], I definitely remember the idealistic days when I thought the best consumer product on its own would win! But growth doesn't just come, and the same can be said of vertical-specific search engines.
[1] Try searching "[your city] itinerary" on Google vs. Bing: it's much more likely you'll find a small blog rather than Lonely Planet or the local travel bureau as the top result
Hi! I used Wanderlog to plan a recent month-long group trip, which was definitely the most complex vacation I've had to plan. For context I am very active when traveling (e.g. multiple activities each day); so not sure how my experiences map to others.
The best part of it was (going to a foreign country) being able to find / identify all the attractions relative to each other, so I could go to cluster A on Monday, cluster B, on Tuesday, etc.
The hardest part of it (and why I needed to create a separate google sheets anyways) was--once I figured out opening hours of different locations, hard-to-book activities with limited reservations--the ease of moving things around more fluidly e.g. cluster B on Monday, cluster A on Tuesday, etc. and having a more information-dense view so I could see larger portions of the itinerary at once.
It would be cool to have an "input everything" --> "input time restrictions / unmovable things" --> output planned activity cluster type workflow.
Interestingly Google didn't have a top-result ad and the google.com/travel carousel is 4th from the bottom.
For the actual results, both thefearlessforeigner.com and paigemindsthegap.com seem to be actual travel blogs (the pictures didn't appear in a reverse image search, so they are probably organic), but they're clearly geared towards being a 'faq' for visiting the city and have affiliate links where appropriate. Bing went straight for discoveratlanta.com, and frommers.com is well-thought-out but not a personal travel blog.
>> - Option 2: Get your customer lifetime value high enough so you can pay for ads. This is tough, since it's a bit of a chicken and the egg problem since most search engines are monetized with ads
nonoonononooonono. No.
Don't monetize anything for the first 10 years. That's the only way it can work.
Then you can go monetize it and buy an island and not give a shit if you destroy what you created.
I think it's interesting that the author mentions the Playstation Portable as an example: it seems like the reason it doesn't work actually _isn't_ a fault of the device manufacturer:
> You might think that a 15-year-old gaming console wouldn't even be operating, but Sony's build quality is such that, with the exception of a very tired lithium-Ion battery, the unit is in perfect condition. It runs but can't connect to modern Wi-Fi without an update, which it can't access without an update to its firmware (a classic catch-22).
In this case, developers seem to actually have provided updates, but it just doesn't work! Reminds me of when I booted up an old laptop to find that the old root SSL certificates don't work for sites today and everything's HTTPS now ¯\_(ツ)_/¯
It really points to an issue with net-connected tech (and yes, the PSP actually benefits from being online unlike certain ridiculous IOT devices): really, even if the manufacturer designs with long term support in mind, the rest of the world doesn't. So I don't know quite how tractable a problem this really is in the Internet age; the solution might be just better electronics recycling rather than indefinite updates
That is great flexibility and design! Also, it might be possible to either find an older access point, or configure a modern one to use an older standard, so all hope should not be lost. :)
At the same time, Google is in a tough spot here. The files and documents in your Google Drive (or Gmail) are incredibly sensitive. One possible solution is using the https://www.googleapis.com/auth/drive.file OAuth scope, which only lets you access files a user has explicitly shared with the app. I'm curious if iA Writer has limitations that makes this a bad user experience, but from a user security point of view, I can see why I want the apps that get to see my whole Google Drive audited too.
[1] https://developers.google.com/drive/api/guides/api-specific-...