For those using Stripe to ship physical goods, can you please comment on how you're handling the fact that Stripe does not validate the billing address prior to the charge going through?
I'd love to implement Stripe on my website but very worried that this could lead to fraudulent charges.
Is there any documentation for this process? Our non-profit had to shut down our Stripe-based donation page because it was being used by credit card thieves to validate stolen credit cards. Stripe told us addresses are only validated when a charge is executed, meaning we would then have to issue a refund if address validation failed (and eat the transaction cost).
I spend about two hours commuting myself. For me, the worst part is the fatigue that hits you afterward and the affects of it that linger for many more hours that keep you from doing more productive things.
"As far as (non-mission critical)web frameworks go, I think these days you have two options: Python/Django and Ruby/Rails."
I wonder what the author means by "non-mission critical?" Someone considering writing a web app in Django/Rails that is used by thousands of customers might be scared off by that statement.
I read this to mean that after some level of complexity all generic frameworks break down, you have to rewrite parts of them to better address your requirements, be it functional or performance related. It's not a coincidence that some of the largest Python web shops build on top of Pylons instead of Django as it has smaller footprint and it's easier to customize.
I have always thought that "mission critical" software means that if something goes wrong, a human being might get hurt (ie: heavy machinery, missiles, etc.)
I don't think he needs to be. It's just a standard tactic at their blog. They always come off as being a bit contrarian for the sake of it. Or they just want more traffic.
While talking to Jason Fried after Startup School 2009, I realized that trolling on their blog is what they do instead of adding features to their products.
Everybody needs a creative outlet! Letting everyone at 37signals post directly to SvN is a way to keep the minimalists sane.
If people are finding out about these places using Yelp, Google, Groupon et al. is there really a need for a SEO friendly website? Many of these businesses don't care about a web presence because its effect would be negligible.
I suppose you could justify the cost of building out a website for the local dry cleaner, but seriously, does that help it gain any new business? I doubt it.
It probably would. Remember that we're a very mobile society (in the US) and towns have new arrivals every day.
If I just moved to a new town, I probably don't know where the nearest dry cleaner, or Thai restaurant, or carpet cleaner is. Rather than spend valuable time driving around searching, my first inclination will be to google it. If they get my business and do a good enough job, odds are I'll continue to patronize them for years. People rarely change service providers unless they move or there's a major problem.
If you Google it, you'll get a comprehensive list of dry cleaners/Thai restaurants with an accompanying map. And that list usually shows up at the very top rendering everything below meaningless. Try it.
I always have a question come to mind whenever I read these kinds of guidelines: what percentage of computer users have ever had their passwords compromised?
I'm guessing there's no real way to gauge this because I've never seen a study nor heard anyone else touting one and yet, complex password protection guidelines are always being recommended. Why?
I have no idea about the percentages. But I've been hit twice. One by a leak from a sizable gaming website, and the other time by gawker. Neither time I gave a shit because thankfully I was smart about my passwords.
There's always a risk, it's not expensive to defend against, so why not?
Those are interesting examples because you didn't lose the passwords, those websites did. So stuffing your password in your wallet, or making sure they were 12 characters long wouldn't do any good.
This guy sounds like a total dick and isn't a stickler for details, but he does touch on an important conundrum stated more eloquently by other social scientists like Jared Diamond in his book "Collapse."
The conundrum being that feeding people and providing them with vaccines, new crops and other means for a better life without checks on population growth can lead to some serious problems - competition for a limited amount of environmental resources probably being the biggest one.
How do we ethically balance our concern for fellow human beings who are suffering in abject poverty on the one hand, and what kinds of problems overpopulation can lead to because of those same efforts in environmentally strained areas on the other hand is a tough question to answer.
Entrapping impressionable people who otherwise have no history of terrorism, let alone a criminal record, has become the go-to weapon for the FBI. Virtually all other terrorism-related arrests made in this country since 9/11 have been made using this tactic.
Serves the FBI right for A) Ruining innocent people's lives, and B) Screwing over the very community that they claim to be partners with.
In the case of the recent Oregon terrorist, supposedly he was trying (and failing) to get into contact with terrorists because he wanted to 'go radical.' The FBI (supposedly) just stepped in pretending to be terrorists and provided him with the rope to hang himself.
I still think that there is a moral line that is crossed here though. One of my co-workers mentioned it like this:
If someone was a threat to himself or others, they would be sent to the
psych ward and medicated. If someone is a threat to masses of people,
the FBI tries to help them make an attempt at killing people, then send
them to jail for it.
When someone is still at the 'talking' stage, even when they seem to have made up their mind, it becomes morally ambiguous to help them attempt to commit a crime, then arrest them for attempting to commit that crime.
Something to bear in mind: these Groupon guys are some pretty business savvy dudes. They've started several very successful companies in the past and likely have a very good idea of where they're going with this. I wouldn't dismiss their rejection so hastily.
"Amazon cuts them off, then says the Lieberman call had nothing to do with it. We have no reason to doubt Amazon. It's consistent with their philosophy of not taking sides in political battles."
Seriously? Is there some memo addressing this self-evident truth that I missed? What Amazon did was politically expedient. That doesn't mean they didn't take sides.
"We have no reason to doubt Amazon" != "It is clearly obvious that their stated motivation is true." It's a claim that there isn't a lot of evidence for the claim that Amazon has bowed to politics in the past, which is not the same as saying that they didn't this time. I do not have enough evidence to judge the claim myself, I'm just observing what you're reading the text as is not what it says.
I would also point out that large service hosts also have a vested interest in resisting government intrusions, because it's bad for Amazon to have a reputation of trashing your service every time some government somewhere burbles something to them. Exactly how "expedient" this is overall is actually a tricky thing to judge and the evidence isn't all one-sided. Again, I don't have enough information to judge.
From the rest of the essay, I got the impression that he is giving them the benefit of the doubt, but finds it implausible, given all the other friction wikileaks is experiencing.
I'd love to implement Stripe on my website but very worried that this could lead to fraudulent charges.