I dunno, if you look at the legacy of DigiNotar it seems like you're dealing with a lot of potential headaches for a couple thousand bucks that your customers hate paying you anyway.
(DigiNotar, of course, famously gave out a fraudulent * .google.com cert and is now defunct.)
As a CA you're assuming a whole lot of liability for not that much money (not that much at the scale of even a small business, anyway), and that just doesn't seem like it'd scale to a wildly profitable venture, especially considering the kinds of people who are actually well equipped to run a CA can probably make a lot more money doing basically anything else in web security. When you add up the contingency risks, the opportunity costs, and whatever actual day-to-day business expenses, it does seem like you'd be looking for other ways to make more comfortable profits.
That doesn't mean CAs should charge more or anything, just that I could accept that SSL certs for standard websites isn't what anyone with a good vision for their business is really trying to hold onto.
"There is no advertising in the G Suite Core Services, and we have no plans to change this in the future"
etc.
Ultimately the biggest cudgel you have to wield here is in the sales contract you're signing, but my understanding is that the baseline privacy guarantees are standard for all customers at the strictest level -- people actually opt to reduce the restrictions on their data so that new features get built with their use cases in mind (otherwise we wouldn't know what those actual use cases were).
A lot of companies use G Suite and a lot of them have very strict privacy + security requirements. This is the same platform used by fintech companies, healthcare companies, MegaCorps, etc.
Sort of a thing with all non-web-search Google products: I can't fathom how people see the $5B/quarter "other revenue" line on our earnings statements and think that just doesn't matter and somehow we have to get the "real" money from ads. We definitely did ads-supported-consumer first and we've been doing it the longest and it makes the most money, but how many email providers would kill to have half of that quarter as their annual revenue? G Suite, Cloud, etc are very real businesses in their own right and that's even while being very young and coming from a company that didn't start with any inherent strengths in enterprise markets.
The answer is no. To the point where it's actually a pain in the ass for us because developing any ML-assisted capabilities for G Suite requires us to only get training data from specific subsets of customers who are under special contract conditions.
If you buy G Suite from a reseller then they might be doing shady shit but we'd terminate their reseller account if we found out about it.
I know people like to bitch about this kinda shit on HN but honestly I and my coworkers spend so much time on protecting our customers' data from literally everyone -- including ourselves -- that I want the chance to bitch back about how hard my job is.
Hospitals of reasonable size typically have an on-site clinical engineering team that handles those kinds of situations. Important (that is, capital expense category) hospital equipment will typically emit all kinds of warnings and alarms way before anything's actually a problem, because everyone would rather rely on the on-site engineering spending a little extra time silencing false positives then leave anything to chance.
It's weird to me you would treat this state of affairs as a static and universally-holding position. I think it's obvious (with several current examples coming to mind) that investors and business partners can be branded as "toxic" in a way that overwhelmingly devalues any money they could actually offer. In the same way the police will take a stolen watch from you after you buy it -- without much recourse on your part! -- you and your company can definitely be torpedoed by taking bad money if public opinion shifts that sharply.
These are the risks of working at the national and global scale; they have to be there, otherwise the rewards couldn't (sustainably) be so great. Even ignoring the moral arguments, the fact that anybody is making them changes the game theory perspective as well. The only way to truly stay on top is to make sure most people want you there.
These experiences also exacerbate the perception that I referred to before that can basically be summarized as "every previous attempt at making this better ended up being completely terrible". A whole slew of people want to improve things, but a lot of the time they don't take that responsibility seriously enough -- or know, fully, what that entails -- and when they bail that leaves the next would-be "disruptor" at a disadvantage.
Any theory of the current state of medicine that involves a cardio-thoracic surgeon feeling like they are not completely irreplaceable, one-in-a-trillion geniuses/minor deities, put here on this planet to spare us lesser mortals (as scheduling allows) seems... improbable.
It reminds me of Moneyball; in it, the author points out that the statisticians were frustrated by their inability to get traction within the MLB, but their pitch essentially boiled down to "you guys don't listen to statistics, you should listen to these new ones we just developed," which left unsaid that the statisticians made up new quantifiers because the old ones were ineffective. The MLB had the lived experience of those statistics being ineffective, so they knew Bill James et al were right about that, but the idea that the answer was more numbers that didn't make a lot of intuitive sense was a hard sell.
I would also add that my perception from working at a major east coast hospital has actually been that hospital IT clamps down on new tools more than anyone because of HIPAA requirements, etc, that the doctors ignore/don't care about as much as they should. It's a complicated, layered system.
The problem with sports analogies is that athletes typically actually matter to the success or failure of their organization, and that's both immediately visible to and recognized by everyone involved.
Even for athletes, though, you see more simple name recognition for NBA players than for, say, NFL players, simply because basketball teams are smaller and the individual players are so much more pivotal to the team's success.
To be honest I don't think the typical corporate strategy is irrational, either, because employees can be wrong about product and business decisions in exactly the same way that executives can be, and, ultimately, the construct of the corporation exists specifically so a pursuit can outlive any contributor to it. Endless discussion and fretting over every single thing hinders productivity, also.
But why am I supposed to feel good about being part of that system? And who decided that was the best we could possibly do?
19 years out from the release of Black On Both Sides and still all anyone wants is to tell me to try to have some fret in my heart behind the things that they do. I mean, I guess...
I don't have the context on the "engagement industry" or whatever that I think I need to appreciate this post as the specific criticism I think it's trying to be, but I think people really are bitterly unsatisfied with their jobs and saying the engagement "number has barely budged over the last decade" despite notable corporate success is sorta missing the point?
The idea that people's engagement or happiness -- or even just their general satisfaction at work -- is strongly correlated to their employing corporations' success is a persistent myth in tech that I just don't understand. People hate "sell outs" and they hate themselves when they sell out for a reason. You start as someone dedicated to a craft, you end up working somewhere that pays you a lot of money to do it but without giving you the chance to put yourself into that work at all, and then you end up making soulless work that not even you really like. But it made money so it keeps going like that until it absolutely blows up and everyone has to "rebrand" or another company slips in as the rebranded form in your place.
Steph Curry is happy when the Warriors win because he's on a team that is winning by playing the game his way. If the team made him go to dunk every time he got the ball I bet his satisfaction would be shit too -- and it probably wouldn't keep netting the Warriors more rings.
+1000. Working in the warehouse at the bottom of a hospital would get weird sometimes because you had absolutely no indication what time of day it was -- working third shift could feel like the middle of the day since it was always so well lit.
In my experience, good lighting is pretty much the only thing you're guaranteed at various warehouses. Heating huge spaces effectively is basically impossible, rugs and other "soft" surfaces are out since they just wear down too quickly, equipment will be used continuously until it's simply unsafe... but you need good lighting to know what you're doing and keep yourself out of harm's way. As noted, even the parking lots and immediate exteriors will be very well lit as a physical security measure.
Bad lighting is the exact kind of thing people complain about when maligning "hot shots who think they know everything" and all those etceteras. It ends up being penny wise and dollar stupid when you factor in both logistical mistakes and pay outs to worker's comp when people injure themselves on the job. The equivalent in programming would be making all your developers use laptops from 12 years ago running Windows XP because you know someone who got you a really good deal.
Binary files (arbitrary example: images used for golden screenshots in tests) have no line counts and are likely skewing the numbers here -- in the way you're (logically) looking to interpret them at least.
From a system design perspective, being able to handle a large number of files regardless of type is an interesting challenge, as is being able to handle a large number of highly indexed text files. All three of those statistics seem potentially interesting for different audiences that might read this paper.
(DigiNotar, of course, famously gave out a fraudulent * .google.com cert and is now defunct.)
As a CA you're assuming a whole lot of liability for not that much money (not that much at the scale of even a small business, anyway), and that just doesn't seem like it'd scale to a wildly profitable venture, especially considering the kinds of people who are actually well equipped to run a CA can probably make a lot more money doing basically anything else in web security. When you add up the contingency risks, the opportunity costs, and whatever actual day-to-day business expenses, it does seem like you'd be looking for other ways to make more comfortable profits.
That doesn't mean CAs should charge more or anything, just that I could accept that SSL certs for standard websites isn't what anyone with a good vision for their business is really trying to hold onto.