This particular case is a bit harder since it's not purely using public data, but may still qualify since it's likely scraping with legally-obtained credentials.

I know of businesses (scraping for ride-sharing, scraping for business intelligence for retailers, scraping from LinkedIn - see HiQ Labs v. LinkedIn) that have continuously succeeded via scraping in ways that large businesses oppose.

The key is: you must make enough profit to justify dedicating engineering and legal techniques to defend your scraping.

- Scraping public data is legal, as affirmed by the Supreme Court in Van Buren v. United States [1] and HiQ Labs v. LinkedIn [2]. Defending yourself or suing the data owner in court are both expensive though

- Defeating anti-scraping via technical means is pretty much always possible, but can be costly depending on the scraped site's technical expertise and value in keeping their data private. The benefit to you must exceed the cost to you, and ideally should also exceed the cost to the data owner

- Mobilizing PR and internal resistance may also be effective, but it's usually hard to have outcry from a large enough group to change an organization's policies. In this case, the union can push for it, but AA may try to withhold improvements until the next set of union negotiations

1. https://en.wikipedia.org/wiki/Van_Buren_v._United_States

2. https://en.wikipedia.org/wiki/HiQ_Labs_v._LinkedIn

> This particular case is a bit harder since it's not purely using public data, but may still qualify since it's likely scraping with legally-obtained credentials.

No, it's easy: they're employees, they can be told they're not allowed to do that. Doesn't matter if the app's legally allowed to exist or not.

EDIT: I welcome anyone who wants to justify this ethically.

I think what the parent comment is trying to say is that their description of their approach here as "sophisticated bot detection" is a little bit like someone calling me a hacker because I have my terminal open during the flight. There is an intentional use of words here trying to make the app developer sound like the bad guy.

Suffice it to say, American Airlines IT are apparently a bunch of dicks.

Everything an employer might possibly try to say about using any other software or tools to collect, handle, and redisplay "their" data, applies exactly the same to a blind employees screen reader.

Hell it applies to glasses.

Thank deity for blind people and other disabilities making it actually illegal to be as huge dicks as some companies would be if they could be.

I do not understand the the desire to even try to defend AA's position here, but am glad it's a failed attempt at least.

If you are its employee, jolly good luck to you with your 'well if I were blind what I've been provided with while not blind would not be adequate and I might need to use a different tool to this which works similarly' argument.

Saying that the employer has the right to dictate those terms is literally and explicitly doing nothing else but defending their position that they have the right to dictate those terms.

It is perfectly reasonable for an employer to have a policy which states, "do not give your work username and password to a third party." I can't imagine a court ordering otherwise.

Providing an API for this data is a non-trivial amount of work, involving significant technical and compliance challenges. Employee schedules would be useful as a signal for trading in AA stock. How do you enforce that the third party is properly protecting that information, e.g. during SEC-mandated blackout periods around earnings?

The union might be able to negotiate for AA to hire lawyers and IT staff to work on such an API, but I really can't see the employees being automatically entitled to it.

Most large IT departments have a list of approved browsers and browser extensions. The scenario you described would fall under the same policy. If Chrome uploaded the content of intranet web pages to Google, I expect it would be banned as well.

Not only is it possible to build it this way but I think it's far more likely that it already is built this way. Since the app is pulling up schedules for individual users, there's no benefit to scraping the info on a server or caching any of it as it would be unique for each user. There's no reason for that info to leave the device. The content is pulled, formatted, and then displayed in a style that matches the rest of the app. This can easily be done on-device and would be less efficient to do off-device.

>Most large IT departments have a list of approved browsers and browser extensions.

This is completely irrelevant considering this is being done on mobile devices. On iOS, at least, it's all webkit and done within the app itself. I was just using Chrome as an example for how this process is done without sending the credentials to a third party. Unless the company wants to ban people checking their own schedules, there's no way they can stop someone from logging in to a web browser and having the content scraped. As an example, let's say they only allowed Microsoft Edge as the "approved" browser and they didn't allow any Edge extensions to be installed. The user can still pull up the page in Edge, save the content once it's loaded, and feed the folder/HTML file to the app to scrape the content. There's literally no way for them to prevent this other than by severely obfuscating the content (e.g., randomly adding invisible characters into strings to prevent string searches or adding bogus HTML elements to prevent searches for element patterns) or ceasing access to it completely.

But the scraping does appear to happen on-device, and it claims the password is not transmitted, so that's better than I initially thought.

[0] https://www.iubenda.com/privacy-policy/40331177

I'm doing some similar stuff to automate an app for personal use, I might at some point turn it into a paid for app, when I do so I would actually have to redesign the application to send personal information off the device. Which I suppose I would not do.

They're unionized employees. Someone running a company looking to make their life harder for no reason needs to think five times before they start making arbitrary and baseless demands for changes in policy. It could end up costing you tens of millions of dollars because you forgot that employees are still people and your demands will be met with demands in return.

It also works if you have philanthropic, non profit, or unconventional backing to pay for these defensive resources. If this app is providing substantial benefits to the AA crew around scheduling and QoL, their union might consider providing some backstop/support.

https://www.apfa.org/

Putting on my cynical prick hat for a moment, I would guess the union as an institution is far more willing to throw the app-oriented concerns of the junior members under the bus than the health care and pension concerns of the senior ones.

That's why web scraping is a huge SaaS market these days (I'm part of one too @ scrapfly.io).

Loads of our customers are tiny businesses and entrepreneurs that could no way afford the engineering effort required to scrape any of these websites and honestly empowering small folk against these giant, untouchable corporations is the best part about my job :)

https://yourmileagemayvary.net/2021/12/21/is-this-the-reason...

- build a 3rd part integration API, which opens up a whole can of worms. Not many tech-first companies can do it right, for an airline it’s a very challenging steps.

- build their own, but they already failed there if their employees turn to 3rd party

- ignore and let it run. This is basically unauthorized access to go and hope that the guy names Jeff won’t screw up.

- deny and prevent access. This is probably technically the easiest and safest from legal standpoint.

So? If the flight attendants have provided their credentials to the scraping software, they have essentially authorized the software to scrape the data on their accounts. It's just a custom user agent running locally and the airline company has no business blocking anything.

Every large company I've worked for had an IT department (or similar) that intentionally made developers'/sysadmins' lives harder. They don't care. So the good people leave, morale drops, productivity drops, management starts implementing crap policies to force more work to get done.

I naively went to them once with a suspected security intrusion event; they threatened to have me arrested. I couldn't convince them that I wasn't the one responsible.

Employees should not be bending over backwards to suit HR and IT workflows and policies. Policymakers should be bending over backwards to invent lean, effective processes.

Couple that with a CIO who wants to build an empire and second- or third-rate MCSE "Certified" personnel and IT inevitably becomes a huge impedance against the corporate mission.

This seems very removed from my own school days:

- find out what the children were doing at school: you couldn't, really, the curricula were not public. You could ask your kids after school, but I guess most parents were not really that interested anyway.

- what his children needed in their gym kit: shorts, t-shirt, sneakers. Every time. What else could it be?

- working out how to report them as sick: I suppose parents called the school in the morning(?) but as teachers were usually unaware of the reasons for a child's absence anyway they might as well not have done that at all. After the first term, the schoolmates would just inform all other teachers that X was sick, assuming so from the absence. Then, when X came back to school, they would bring a hand-written note from the parents explaining.

They send way too much useless shit, way too often, so you end up ignoring a lot of it; use way too many channels to do it; design sites poorly—how about the year's calendar on the first page for a given school, above "the fold", with a link to subscribe your preferred calendaring software to it, right there, office contact info off to the side, also above "the fold"? And no horrible excessively-complex half-broken themes making it difficult to navigate? Nah, that'd be too helpful; and everything's in several different systems, all bad, and all in various states of up-to-date or neglected, so it can be hard to guess where you need to look for something and hard to know whether it's accurate when you do find it (especially if the apparent signal is "empty" or "nothing there" or "no information"—is that true, or has it just not been updated lately?)

The reality is that some teachers are good about getting assignments and test results input in a timely manner. Some wait and do weeks worth of assignments in one batch. Others input all of the term's assignments at the beginning and add results as they get turned in/graded, meaning student grades gradually move from failing to the final earned grade once the last exam result is added. The grades shown on the online portal had nearly nothing to do with the reality in the classroom and ended up being counterproductive. I'm glad I no longer have to deal with that system.

Worse yet, many parents of college age students expect their university to offer this same portal, despite the fact that it would be illegal for schools to do so without written permission from the student. It's been eye-opening to see parents on one message board I follow furious that they can't know their student's grades up to the minute. I can't imagine how awful those parent-child relationships must be.

Swimming trunks/swimsuit. Clean indoor trainers for basketball/volleyball/circuit training/etc, or scruffy outdoor ones for cross-country running, orienteering or anything muddy outside. In winter they may need to take something warmer if there's outdoor activities planned, some locations in the north or near mountains may even do skiing or cross-country skiing. In our school in winter time we sometimes did scottish country dancing, so you didn't really need "normal" P.E. class gear if that's what was on.

I don't know what this school in particular offered but there's a bunch of possibilities.

Man, sometimes I'll run into a reminder that I grew up poor as dirt, haha

I never got to go skiing as a kid, but in Central Europe (Czechia for sure, but probably Austria, Switzerland and Slovakia) and the Nordics (importantly where that story took place) it isn't just a fancy pursuit for rich people. I know people earning like 20000 CZK/month ($10k/yr) here who go skiing.

I just wore my regular clothes to class and gym class, although in winter I'd change into shorts instead of exercising in jeans. I had a coat that I wore on the walk to school and one pair of shoes. Sometimes I'd have boots, but my family could only afford/only knew about cheap crap boots that'd disintegrate pretty quickly.

It blows my mind again and again living in the SF Bay Area nowadays, watching a brand new BMW pull up to Starbucks and unload a bunch of teenagers who proceed to buy $40 worth of coffee and snacks. Those dang kids don't know how good they got it! I grew up near the poverty line in the USA, so I can only imagine what it's like for engineers who grew up in actual poverty in other parts of the world.

Downhill skiing is the bourgie hobby.

The swimming trunks argument still holds though.

[1] Which I would never do. My memory, as an eight-year old was, of course, infallible.

Welcome to the new world. Teacher submits attendance on the computer at the beginning of every class period; if the student is absent and there's no excuse recorded then the system immediately starts robocalling all the family contacts.

    For the public:
    -Past and future departure information for all airports
    -Past and future arrival information for all airports
    -Individual flight info lookup
    
    For flight attendants:
    -Flight specific info inflight
    -ETB alerts
    -Open time alerts
    -Flight alerts
    -Open time display
    -Sequence details
    -Calendar
    -Reserve call out list
    -Standby list
    -Crew chat
    -Save notes about crew members
    -Display prior sequences flown together with others
    -Layover weather forecast
    -Pilot sequence info
    -Legality checker
    -Hotel amenities and pickup locations

1. Wow, that looks like an extremely useful app if you're a flight attendant!

2. How is their employer not providing this functionality? I guess maybe they are, but only parts, or it's a shittier version. But still.

Reading between the lines, flight attendant scheduling is probably quite .. adversarial, as shift scheduling at restaurants can be. The employer would like employees to have the minimum information so they meekly accept the shifts they're given.

Violating "regulatory rules" should result in fines and the government coming down on you. I would think this is the worse outcome, but less likely than...

Violating "union contract negotiated rules" should result in grievances ending in legal action if the employer doesn't agree they broke the rules. This should be a lighter penalty but the union seems more likely to pursue the remedy than the government.

So which actually is it that the company considers worse?

I’m not suggesting they willfully violate the contract either. Many of the schedulers are simply ignorant of the nuances in the rules because they’re complex. They are just trying to get trips covered. When employees are armed with knowledge greater than the scheduler(tools such as this, or often just experience) you end up with phone arguments/discussions that cause delays and cancellations. The company would far rather that they keep moving the jets and settle grievances for the handful of people that catch issues after the fact.

This kind of old, hierarchical thinking from the 1950s needs to go away.

They've recently backed strikes and raised wages https://unitedafa.org/news/2022/1/21/solidarity-works-flight...

The rest is part of the contract - https://www.afacwa.org/flight_attendants_achieve_10_hours_re...

> Washington, D.C. (October 4, 2022) — The Federal Aviation Administration (FAA) today finalized a rule requiring 10 hours minimum, non-reducible rest for Flight Attendants between duty days – finally implementing a 2018 law that will make aviation safer for over 100,000 Flight Attendants and the passengers in our care. The rule will increase the rest period to 10 irreducible hours when scheduled for a duty period of 14 hours or less. Sara Nelson, president of the Association of Flight Attendants-CWA, issued the following statement ...

What would one have in a contract to help this issue?

That said, it does not prevent all exploitation. IIRC, the FA's in this story have a union and a contract, yet this form of exploitative behavior is not prevented.

"14 CFR § 121.467 - Flight attendant duty period limitations and rest requirements: Domestic, flag, and supplemental operations."

https://www.law.cornell.edu/cfr/text/14/121.467

This can get tricky when flying across time zones and date lines.

> Although the law was passed back in October 2018 and was meant to be implemented within 30 days, the Trump administration allegedly put the measure on the backburner and “on a regulatory road to kill it”.

> The previous administration initially blamed the delay on a massive backlog facing the FAA caused by a partial government shutdown and then the worldwide grounding of the Boeing 737MAX.

Compare that to every FA knowing every single time there's a breach, being able to compare notes etc.

I'll tell you how. It's because the app doesn't exist under the regime of a CIO and multiple layers of project managers, program managers, extensive regulatory requirements, fiefdoms, competing internal political interests, and the other various "enterprisy" crap that will kill off any entrepreneurial spirit.

That's why.

Currently, we have been flying out of a major Delta hub and we took for granted what an airline app should be.

Now as we are planning flights between Delta, American and United, I can confidently say that American has by far the worse consumer app of any of the major airlines or hotels.

I wouldn’t be surprised that their internal apps and websites are a similar shit show.

I'll take a flight on Delta with a layover over a flight on American that's nonstop. Of the majors, it's far and away the best. And their app is very good.

I’m on a lot of calls and travel within the US for work occasionally. While my company will fly me from anywhere and to anywhere in the continental US, I can’t ask them to fly me internationally

Travel outside of the US is mostly vacations and work just enough days so I don’t burn through my vacation days

In reality, you are basically relying on the fact that no one can tell when you open your laptop whether you check personal email or work email etc. But legislation wise you very well might be in breach of visitor conditions. And if you stay long enough, taxes might kick in.

Canada is a notable exemption because IRCC issued a note on What kind of activities are not considered to be “work”?:

> long distance (by telephone or internet) work done by a temporary resident whose employer is outside Canada and who is remunerated from outside Canada;

However, unless the relevant immigrant authority or legislation did this , the law still applies.

There are now numerous countries which issue special digital nomad visas. See https://travel.stackexchange.com/q/45092/4188 for more.

Well, that depends. For example, the United States has a B1/B2 visa where you can do business things like meetings. That's not work. But still, if you are a tourist aka you get a rare B2 only visa then no what he did was not legal -- and just because he is C level doesn't mean he won't breach the law in this. Might be out of arrogance or ignorance, even.

His answer sounds like "I am a rich man, laws, pfft" to me.

I'm not an employment lawyer, but I don't think it works like that.

In general, it’s not legal to be an unregistered digital nomad unless you have the right to work in the country you are in. If you enter a country on a tourist visa, the primary purpose of the trip must be tourism. If you enter on a tourist visa for the intention of being a digital nomad, you have violated the visa.

In practice, it probably doesn’t matter as long as you are discrete. it's difficult for governments to detect this practice and many countries even tolerate the practice. But since being a digital nomad is almost always technically illegal, travelers have had challenges when they are discovered by the wrong person.

The bigger concern is usually your employer. Working overseas without approval is usually a friable offense.

IOW, the chances of remaining employed will crumble.

This is true for my employer. We are allowed to work outside of the country for at most 60 days.

I'm not sure how this works in the reverse direction, or in Mexico.

It is complex enough that the only answer that is definitely wrong is "I'm just traveling for me so I can do whatever I want."

https://kansaspolicy.org/rethinking-taxes-around-remote-work...

> Kansas has policies that could deter remote work and are deterring greater interstate work with our neighbors. Kansas requires employer withholding for people working in the state just for one day, which creates an annoying hurdle for companies trying to operate even in a small capacity in Kansas. In 2020, the Kansas legislature considered a bill that would have extended the withholding requirement period to 30 days, but the proposal died

> The term “domicile” has a special legal definition that is not the same as residence. While many states consider domicile and residence to be the same, California makes a distinction and views them as two separate concepts, even though they may often overlap. For instance, you may be domiciled in California but not be a California resident or you may be domiciled in another state but be a California resident for income tax purposes.

> Domicile is defined for tax purposes as the place where you voluntarily establish yourself and family, not merely for a special or limited purpose, but with a present intention of making it your true, fixed, permanent home and principal establishment. It is the place where, whenever you are absent, you intend to return. The maintenance of a marital abode in California is a significant factor in establishing domicile in California.

As long as you're remaining transitory and not staying in a single, fixed, permanent home you should be fine.

Hiking the Pacific Crest Trail (takes about two to three months to get out of California) won't establish residency in California.

This is what worries me, say they start checking Air BnB contracts and start auditing vacationers.

https://www.palmspringstaxandtrustlawyers.com/working-vacati...

Thanks for the input.

If it turns out that the app was getting confidential information using flight attendants' access credentials, potential problems: (1) potentially leaking confidential information to other parties, such as app developer, partners, and other users; and (2) potential additional weakness in handling access credentials.

If it turns out that special credentials weren't required for security- and privacy-sensitive data, then maybe that's a problem.

If it turns out that flight attendants were entering information considered security- and privacy-sensitive, then maybe that's a problem. (Though it looks like the article might've been prompted by the app developer, to pressure scraping access, so presumably there's something from scraping that the app wasn't getting or getting as well from user-entered info.)

It's difficult to see why AA would allegedly want to block it since it seems like a net benefit for their employee's productivity.

Maybe AA IT hasn't yet combined all this into one big user-friendly app, and therefore they want to punish the perceived disloyalty of the flight attendants.

Imagine your company's official expense reporting system is a 35 year old Windows 3.1 application that constantly crashes and doesn't even integrate with payroll so underpaid assistants have to manually copy records over from DOS to ADP's system. One of those assistants comes up with a web-based app that scrapes the database and makes it easy for everyone. Most large companies I've seen are going to come down on that assistant like a ton of bricks, not reward them for their ingenuity. It's just the nature of power structure in large bureaucratic companies.

Management congratulated us on the initiative and asked to shut it down immediately. The reason: the users had to previously open a ticket to get their password changed (very secure, right?) and, with this app, the customer would see a 30% reduction in tickets and would probably reevaluate how many bodies they rented from the 3 letter company.

So yes, I fully agree that most large companies are not interested in helping their users or workers at all.

That is different from a business making things inefficient for its own workers, which would reduce a business's profits.

The former might even be expected, but the latter is just bad management.

One example: Seems like it sends information about the whereabouts of all the American Airlines staff via an unauthorised third party.

This one must be full of gold

Flight crews are generally only together for a couple of days at most, which means a lot of the time you go to work and have a whole set of new coworkers you've never met before - or wait, maybe you did? Like, last year? Do you remember him because he was a ton of fun or because he was an asshole? Should have written it down.

I'd love for an open third-party like this one. It'd even help with prioritizing features that we're missing in our first-party products.

So null-route the offending IPs on a [0]24-hour timeout? The problem you're describing isn't "scraping", it's "low-grade denial-of-service attack (that you suspect might be a result of attempted scraping)", and should be addressed accordingly. (The parenthesised part doesn't really matter.)

0: exponentially increasing up to -, for automated versions, but you're presumably already familiar with the current batch of offending source addresses.

Also, double check that your first-stage throttling actually increases the latency of the requests, such that a user-agent that doesn't issue multiple requests concurrently (but starts a new request immediately on recieving a response) will automatically self-rate-limit. This should be standard for any 'serious' HTTP server, but I've seen a few that incorrectly go straight from "serve 200 OK instantly" to "serve 429 Too Many Requests, also instantly" rather than "serve 200 OK after ~1 second", and sending 429 only when there are actually too many requests (in particular, more than one at any given time).

https://news.ycombinator.com/item?id=33015769

5.2.2 Third-Party Sites/Services: If your app uses, accesses, monetizes access to, or displays content from a third-party service, ensure that you are specifically permitted to do so under the service’s terms of use. Authorization must be provided upon request.

I echo the statement that I’ve never had an uneventful flight on AA. I fly a lot and can confidently say other major airlines are more reliable but usually also more expensive.

Despite the website feeling dated now it used to be one of the only airlines where the website accurately reflected the backend system (even phone agents couldn’t touch your booking if you had it open on the site) and their lounges were solid too.

These days I agree they’re towards the bottom of the stack sadly… everyone else caught up and they stayed still.

I mostly fly Delta now almost entirely for the on-time performance.

I actually much prefer AA’s website to United’s. AA’s may seem dated but it’s fast and the UI predictable. United’s feels like it’s fighting me.

I fly American between JFK and SFO regularly, including today. They have the best prices these days for an "international" business class on this route. The food is good, the flight attendants are friendly and good at their jobs...

Automobile manufacturers offer pathetic "center console" software compared to Apple, Google. American's in-flight entertainment system makes auto makers look like geniuses. They just don't understand software.

A possible solution: build your scraper as a Chrome extension and have legitimately logged-in users periodically hit that SCRAPE button.

Everyone in the industry uses this app. What is it for? Leaking passenger load data from internal systems to employees of other airlines.

Presumably all the data gets sold by the platform operators to some hedge funds for big bucks.

I don't think the law offers any direct remedy. The best thing for AA to do is force the app developer into court and make them pay legal fees if they don't want to contract with them, compete by making something better for their employees, or contract with someone else to provide the service. It's costly on all sides but table stakes for running a business in a competitive market these days.

If the current contract doesn't have any rules about it, then employees are just stuck with it until the next contract negotiation between the union and the company.

Thems the breaks.

"it displays information required by crew members to manage their rosters and work lives in a single app.

The app is particularly popular among the large number of ‘reserve’ flight attendants at American Airlines because it gives them more control over their schedules, and the app has other features such as a calculator to make sure crew are working to legal limits."

I would not underestimate how terrible internal legacy systems at a company like AA could be. It seems completely reasonable to me that this app could save FAs an hour a day or more. And if they're like pilots (who are typically only paid on time from wheels up to touchdown) that is likely an unpaid hour.

The same is true of flight attendants; they are paid from door close to door open. All that boarding and deplaning time is unpaid.

My source here is that my wife was an FA for many years. She has a couple stories of pilots deliberately not pulling all the way up to the gate if they know they're going to have to wait anyway, purely so the crew can stay on the clock (and it doesn't make any difference to the passengers either way). Though for every one of those instances, there are a hundred of being delayed in the airport or after-boarding-but-before-closed-doors or whatever that ends in hours of unpaid work time.

What's worse though is that inside the industry there's little awareness of the possibility of doing things differently. Everything is just layers of wrapping around the old system without any abstraction of the processes.

For the public:

Past and future departure information for all airports, Past and future arrival information for all airports, Individual flight info lookup

For flight attendants:

Flight specific info inflight, ETB alerts, Open time alerts, Flight alerts, Open time display, Sequence details, Calendar, Reserve call out list, Standby list, Crew chat, Save notes about crew members, Display prior sequences flown together with others, Layover weather forecast, Pilot sequence info, Legality checker, Hotel amenities and pickup locations

The flight attendants are not assigned a fixed schedule, but instead “bid” on specific trips: depending on their preferences, some crew might want flights of a particular length or on a certain type of plane, to arrange layovers in a specific city (or none at all), or even to work with/avoid certain colleagues.

They also alternate between periods where their bids set the schedule (“line”) and where they are on reserve/standby to fill in on flights where someone is missing. This could be because of illness, but flight delays and working hour restrictions (via safety regulations) add a lot of complexity. Another added wrinkle is that most crew don’t get paid until the flight doors are closed, so they really do not want to spend a lot of unnecessary time at the airport.

Thus, it’s a lot worse than managing schedules at a coffee shop, and I can totally imagine how a specialized app could help.

More: https://www.cabincrewchitchat.com/flight-attendant-bidding/

All of these features are available in the internal applications provided by the airlines, but they're not always that easy to use or flexible. Obviously, as a flight attendant, being able to get notified of new itineraries, book quickly, and perform complex searches is a big advantage to getting better flights, so there is a small but very motivated market for custom apps like these.

Of course, these apps aren't supported by the airlines, so they operate in a grey area and use techniques like credential passing and screen scraping to get access to sensitive internal data.

But HN can be more entertaining.

> ‘reserve’ flight attendants

These words aren't specific to flight attendants. They're just english words with standard definitions. You're reading this on a device with an internal dictionary as well as internet access.

What do you call that?

Also a reserve is something you have spare in case the original planned one can't operate. So a reserve flight attendant would be someone who is on call in case someone else is sick, etcetera.

A roster is a list of people and their roles. A schedule is a roster with chronological information.

Reserve is probably something people should understand but backup works as well.

I know what it is, but maybe the people that don't use schedule or timetable?

It is like argung they should make everyone wear mittens 24/7 so they can't write their passwords down.

This would be like claiming you have to use a company-sponsored to-do list app, or a company-sponsored git client, or a company-sponsored text editor, or a company-sponsored FTP client.

I'd hate to be at any job that enforces any single one of those. There are many arguments against this app, but this is not one of them.

I am permitted to use any client I like to perform SQL queries of our customer data, but if the client were to happen to route the data through a third party, I would be in employment-jeopardy breach of our security policies.

Similar rules goes for hardware: I can bring my own device for reading and locally storing our email and chats, but customer data is not to be accessed on any hardware not authorized by the company.

Roster data is not customer data, and there are reasonable arguments to be made that this is not an exact parallel. But in principle, I can understand a company wanting to have control over certain types of data and how it might be exfiltrated from the company, even if it is intended for employees to use to do their jobs.

Banning it would be like restricting certain sql clients, like allowing the CLI clients, but banning pgAdmin or MYSQL Workbench.

I also don’t really agree with the ban, and seriously doubt that they have any reason other than, “We dunno what this is, and are too lazy^H^H^H^H busy to think it through, give a decision, and deal this the precedent of allowing screen scraping and/or third-party clients.”

All I was trying to say is that while I may disagree with their call, I wouldn’t go so far as to say it’s “nonsense.” Just wrong :-)

They have been asked for one.

One side story. It is third party app that is not authorized by AA. Instead of get permission through a contract, the app developer scraped AA's data without AA's permission.

Copyright etc could restrict copying information displayed on a website, but if someone can legally write down information via pen and paper they can see then they can scrape it. The process being automation doesn’t inherently matter.

If it’s an app on apples App Store you do

If you then share confidential information with third parties your employer may (or may not) have a case.

It's not especially surprising airlines don't want unauthorised third party apps accessing and storing personal data from their intranets, even if the third party developer is very ethical about not leaking it to people without passwords and makes beautiful UX

Rule #1-1: especially if your product adversely affects the other business.

Rule #1-2: especially if the other business is much larger than yours.

As citizens we should oppose this concept of data ownership; you shouldn't be able to 'own' facts that the public and your employees already reasonably have access to.

It’s the backend that is getting blocked.