I see a CAPTCHA opportunity here. Show the line item and ask people to type both the dish name and price in two boxes. Or may be give a couple of options that the end user must confirm before they can proceed.
Yep, anyone remember having to key in house numbers from street view photos? Similar idea. But I think human/bot differentiation no longer demands so much effort of users lately, so this labor pool could be a relic of the past.
Dogfooding: eating your own food. Is refer to the practice of using you own product as your main service, being your own customer.
As example, there's a story where every Android (OS) developer where given basic Android phone with low RAM as their main device, they where aiming to decrease the resources the OS required and using the phone by the developers allowed them to experience first hand what low income/cheap phone owners felt IRL, thus allowing them to better focus on improving the product on real pain points experienced by themselves
Even patent trolls wait till you are able to pay if you infringe their 'supposed invention' i.e. In other words focussing upon growth is a rational decision, when you get big you'll know if you are in the radar of trolls or genuine inventors.
This applies only when you truly don't know whether you're infringing IP, if you're explicitly copying an invention; unless you are in a country which has no regard to international laws and actively encourages its citizens to copy inventions of other countries, you are at the risk of patent litigations.
Hey folks - I’m a product manager at BrowserStack. Thanks @pulkitsh1234 for the shoutout!
SpeedLab is a free tool that our team built to help you test website speed across multiple browsers and real devices. You’ll get a cumulative score of your website’s speed across desktop and mobile browsers, so you can identify browser-specific or device-specific page speed issues.
We encourage you to take it for a spin. Questions and feedback are welcome!
EDIT: added that it is a free tool. No need to create an account too!
BrowserStack | Product managers and product strategists | Mumbai, India | ONSITE | https://browserstack.com
We’re looking for geeks who are passionate about developer focused products. This will be perfect for you, if you:
- Have significant experience writing code and love building things for fun
- Try out the latest developer tools and have a list of things you like and hate
- Can discuss tech concepts, architecture and trade offs with developers from the best tech companies in the world
- Can quickly create customer specific prototypes and present it to them with conviction
- Are curious to learn about different problems people face in the testing space and want to influence the way those problems are solved.
We’re also hiring kickass engineers (backend, frontend and platform - usually with great Ruby, React, networking skills) and solutions engineers & architects.
Might be an unpopular opinion, but I think H1B should slowly move to something like an EB1, where candidates can file a self-petition (but without immigration intent, and apply for a regular GC after a few years if they really want to immigrate). They can set some criteria for testing 'high skills'.
This way, a candidate can choose a company based on their interest and skill set match, rather than filtering by whether a company sponsors a H1B.
Sure, even EB1 is being gamed, but at the very least this is a fair chance to candidates.
- Eliminating the not-so-random 'lottery'
- Avoiding the body shops or the so-called fake consulting companies where students go for their OPT
- Eliminate the need to succumb to the whims of employers just to get a visa sponsorship
- Companies, big or small, need not worry about not hiring skillful employees, just because 'it is a looong and random process'
- Not entirely based on higher salaries. Sure, a high salary is a pseudo metric to indicate high skill, but what about early stage startups? This eliminates that unfair advantage
I don't think you can self-petition for an O-1 without job offer (at least that is what I remember). Just checked again, just to be sure [0].
I didn't suggest a new category in EBX, I said something similar for a visa where one can self-petition without a job offer, get the visa and work for whichever company she wants to work for, all without a need for an employer sponsorship. "self-petition without a job offer" being the key phrase.
Technically you need a registered company to "sponsor" you, but it can be your own company, where you are CEO and have 100% ownership. In the end, it's just a formality, the visa is granted on a personal basis. Compared to H1B where USCIS relies on a company to establish your credibility as a skilled worker, with O-1 they evaluate credibility themselves via multiple factors mostly involving peer validation (i.e. publications, articles, etc).
So yes, technically you need a job offer for O-1, but it's just a formality. Personally, I agree that it doesn't make much rational sense either, but then again barely anything makes sense when it comes to (US) immigration laws.
I don't completely understand how they do this without exposing the DTMF tones / digits pressed to the carriers.
For example, when I key in my card number, my phone carrier will know it, the routing carriers know it before it reaches Twilio. How is my card information safe? I guess I'm missing something here.
PCI doesn't currently consider telephones to be public networks. That's why they are okay with fax machines sending CC details, provided they are in a secure area and a few other non tech requirements. Not sure I agree with the practice, but it is what it is.
DTMF is being pulled out of band by Twilio (or more likely the underlying CLECs they partner with), thus the agent should not hear it. This is very common for most VOIP carriers, DTMF is carried in the signaling messages rather than in-band in the audio stream. The only person being protected from having access to your card data is the agent who asked you to key in your card.
I know they do pull it out to a separate band but many VoIP providers log the DTMF sent as digits to debug things - most evident in IVR use cases.
So, if attackers wants to get card details, they need not attack the business or Twilio (because it might redact these when they see <Pay>, but they can simply access logs of the middlemen for DTMFs. Concatenate all those per call, and there we should have all card numbers, expiry dates and CVC/4DBC.
Not sure how Twilio is doing it though. Unless they use some awesome encryption method to encrypt all these numbers so no one in middle can see them.
Not really sure how these things work so this is an honest question:
Why would they be receiving the tones once the connection is made? Isn't it the same as me just whistling at particular frequencies? I didn't think it was sent in a different manner.
Or do you mean it goes through the carrier just like if you spoke your card number over the phone to someone?
AFAIK, there are two ways in which the tones can be sent.
1. In the regular audio stream (AKA in-band) so anyone who can listen to the phone call, can also listen to these tones. These tones can be mapped to the digits pressed.
2. In a separate RTP payload (AKA out-of-band) so not everyone can read / listen to this stream of signals / tones. RFC 4733 (earlier it was RFC 2833) specifies the format of this RTP payload. This is what the payment via phone systems might be using.
There is a secure RTP with encryption support, but I am not sure if it can be implemented end-to-end to avoid anyone in middle (not a man-in-middle attacker, but a genuine carrier / network) to see these DTMFs. Just unable to imagine how this works :)
