We just started using Asana a couple of months ago, but we're not seeing the performance issues some other folks are mentioning. I just hit Asana full refresh and it took 2-3 seconds to render all of the components in My Tasks. It seems pretty snappy in my opinion. Asana with a few Zaps has been great. Because I know they're watching...could you guys add a calendar view to the iOS app? =)
I own a coffee shop in addition to my tech work. Most people know having runway is important to any startup. If he had to declare bankruptcy 6 months after opening he wasn't set up for success.
If you make good coffee, choose the right location, and do a decent job of marketing you can get cash flow positive with time. Acquiring customers can be slow, but once they taste good coffee they will come back.
Much of the other comments here are true, you don't open a coffeeshop to get rich. The only way you can make good money is to scale into multiple locations.
This decision is getting a lot of hate here in Alabama and I'm surprised to see some support here. The knee jerk reaction is to think this a separation issue, but its really not. States can delegate authority for law enforcement to anyone they choose.
With that being said, its still a dumb idea. Our government is wasting time debating this issue when there are so many topics that are real issues. This church could hire full time security people or outsource to a security company. My alma mater had a university police force, but decided to contract the local police instead because it was more cost efficient.
And Christ never said life was going to be safe. He actually said the opposite.
If you really need the unemployment I would blow the whistle. Your livelihood is always more valuable than a reputation. I doubt your reputation will take a huge hit for reporting what sounds like a dishonest company.
>Your livelihood is always more valuable than a reputation.
I can't say I agree. There are plenty of instances where your short-term financial situation could be a whole lot less important than your long-term reputation within an industry.
Livelihood encompasses more than just financial. If it were just money most people could get by. The stress on a person and their family while job hunting, especially at the CTO level, can be pretty huge. I would much rather have some runway to find the gig I want rather worry about my reputation.
I don't want to get into a my framework is better than your framework fight, but I disagree with people who say flask can only be used for simple applications. Just because it's a micro framework doesn't mean it's only for micro apps. The trade off on framework size is how much functionality you want out of the box. If you want a bunch of features and are okay with doing it the Django way, Django is great. If you want more flexibility, smaller frameworks like Flask or Pyramid work fine.
If the developer writes code that handles credit card information, absolutely. Most organizations utilize third parties to handle credit card info so they don't have to be PCI compliant. Even then, it helps to know something about PCI because the developer may be storing more information than needed.
In general I think every developer should receive secure coding training. Most developers don't...
(generally - theres a lot of coding specifics involved) Authorize.net via their API absolutely requires PCI compliance and an SSL certificate on your site. Stripe recommends an SSL certificate with their basic JS code. And unless your sending a user directly to Paypal's website to login via Paypal, if you use their API, you should have an SSL certificate and be PCI compliant.
IE: if the CC info is entered on a page you built, on your server, yes - SSL and PCI. If your sending the user to another site (ie: Paypal or using Stripes JS code) - no, it's on them.
Most programmers should at least read the parts of OWASP that pertain to their language (https://www.owasp.org). If it gets entered into a form and stored in some sort of DB, you should at least code with basic precautions.
Most organizations utilize third parties to handle credit card info so they don't have to be PCI compliant.
That's not true. If you enable payment by credit card at all, you're subject to PCI. Even a SAQ A[1] category merchant (payment page entirely hosted and managed by a PCI-compliant, third-party payment processor) are required to formally confirm that their processor is currently PCI compliance, have written rules of engagement with the processor and obey the PCI data handling and retention requirements. And if you embed your payment page in your own page (technically, if any part of the payment page is served from your site and not the processors site) then you're a SAQ-AP merchant[2], and you'll be expected to conform to a lot more of the standard.
Yeah, I would make the SQL injection and command injections test a little less kinetic =). Using a simple SELECT test, like SELECT @@VERSION, would be a little safer... Edit: Forget to say thanks! This is a pretty cool list.
Not necessarily. If you do a test with good SQL and a second test with SQL Injection and compare the responses that can show SQL Injection exists without having to change the database. This won't work for all SQL injection tests, but I would rather take this approach first.
