What's in those widgets that needs to be protected? My initial thought was that generally widgets (assuming static js/html/css) shouldn't need to be protected. Unless you're charging $$$ for the applications, end-users have access to them anyway. But I could definitely be missing some context.

Ok. I guess one of the concerns I have is that this thing will be a form parameter going over https. So do I have to worry about someone grabbing it off web router logs or man in the middle or something, then having my key? Is POST over https basically safe?

I guess in a perfect world the code would be seeded by day of the week, or hour - so that codes more than X old wouldn't be valid.

I realized that we can limit the domains allowed in the cross-domain headers coming from the server to only our white-listed app domains. But is that good enough for security? IE - can domains be spoofed?

POST over https is generally safe from man-in-the-middle attacks, provided that endpoints and certificates (and chains) are not compromised.

Domains can definitely be spoofed but this depends on whether you're protecting against hostile clients or merely against XSS attacks by hostile scripts/sites on otherwise uncompromised browsers. This should be fine against the latter but not against the former, I believe.

I finally have an offer now but the #s are kind of bad. I think I can negotiate this up to an acceptable level - they seem to be expecting me to negotiate - but this is a bit of a letdown. I did another onsite and that seems to have gone well - the recruiter already reached out to let me know that the feedback was great - but I don't think I'm all that interested in this opportunity. This whole thing should wrap up shortly though and hopefully I can muster up more enthusiasm in coming weeks for the new job.

They always expect you to negotiate a little. When I want from contractor to full hire my company basically had $5k sitting on the table that I almost didn't take because I am the world's worst negotiator. I probably could have gotten $10k. Which 5 years later would be like $30k more in total salary.

Mihkel, if it was a misdemeanor to lie on resumes, there would be a line of police cars sitting in front of every office on interview day. I'd say 50% of everyone I've interviewed has fluffed, bluffed, or straight up lied to me in interviews. Some were slick enough to get to phase 3 before I finally managed to expose them.

The challenge is to not become schadenfreude and obliterate everyone that walks into the door, even if it is easily justifiable in many cases. Hiring and interviewing would be relatively easy if there was a real legal threat in place for lying, or at the least, you could safely assume liars are anomalies.

A liar who gets in is a fairly easy fire since they are bound to fall flat or do something stupid fairly quickly, but this should be a rare case. Regardless, the claim of misdemeanor is your burden to show. Believe me, if it was, I would certainly put a link to that law in my job ad, and I'd hazard a guess that many others would as well.

Edit to ad: many professional resume writers will tell you to put typing speed at 40wpm matter what your real typing speed is. I suppose we should start charging them with abetting and enabling a crime.

Certain industries throw out crazy prices to start with on a product and then work their way down because a certain percentage of people will pay those crazy prices without question.

I feel like pricing things out really depends on how badly you suffer from imposter syndrome. For example, going from $30 to $150 an hour is really just a matter of thinking you're worth $150.

Usually you can get more $$$. Why not? Just curious.

Ok I think I may have written that in a way that's confusing. I was talking about two distinct opportunities there - the one with the bad offer is the one I'm more interested in, provided that the numbers can move up somewhat - this was one of my top choices. The one where I just did an onsite (and potentially expecting an offer this morning) is the one I'm not as interested in. It's just the nature of the position and the company. Probably can't mention too much without giving it away - there are only so many companies in NYC that are hiring tech talent aggressively.

cb can you talk about ballpark $$s at all?

i went from 10+ years of working with linux in companies with less than 200 employees to working with windows in a company with more 10,000.

i've never felt like my hands were tied behind my back all the time, now i do.
i never felt surrounded by mediocrity, but now i do. instead of trying to raise great performers to excellent i'm trying to tell the adequate how to be good (maybe we should use version control, hmm?)
and i get paid more and have better benefits.

what a weird world..

I think the dividing factor between the two is more likely to be the 200 vs the 10000 (rather than linux vs windows). Big companies is where bad developers go to hang out. When you're on a team of 5 guys and the total programming staff is like 30 people, it's way harder to hide your sucking.

Hey so a friend and ex-coworker of mine got headhunted and recommended me instead. The job is for a first time CEO of a startup in Sydney. Here's the profile if anyone wants to Google it up:



In our phone conversation he brought up the fact that they'd had trouble with the previous developer they hired. He referred to him as a "fruitloop" and said he was thinking of filing a police report. While all this may be true, what's the verdict on bringing that up on a first phone convo with a potential hire? Seems weird, right?

You Aussies have a pretty wild tech scene from the little I know. A lot of people who want to be a part of tech companies who seem to actually want to be a part of spending other people's money to say they have a startup.

The details he provided you are sufficiently weird that I would avoid the guy.

That guy has a scary face.

weird is understatement.

i'm hanging up the phone within 30s and writing the guy off completely after i hear that. anyone competent is presenting that situation to a potential candidate as, "we're looking for a new tech lead, and want to find someone great who is invested in the success of the company and is reliable."

they are probably not even bringing up the previous **** up unless asked about it, and if you do ask, they will answer briefly and diplomatically.

I've heard that Aussies are exceptionally direct. Maybe that translates into some weird honesty sometimes?

ChrisV, massive red flag.

It could mean they hired the developer to deliver a bunch of magic beans and fairy dust with poor direction and hopelessly vague requirements. Instead of standing up and saying he didn't know how to do it/wasn't being given clear instructions - he just bull****ted them until he finally had to show something and couldn't.

Or something along those lines resulting from very bad management.

Is fruitloop similar to fruit or are those different slurs? Either way yea I don't like that at all unless I'm desperate.

Weird yes, how much are they paying?

Not here but I can answer some of those types of questions over pm.

Yeah this was pretty much what occurred to me. My impression wasn't enhanced by the fact that he said the site had originally been done in Wordpress (this is a greenfields application, Wordpress wtf?) and finding online posts from him saying the site would be live in Feb 2016, etc. Also he said their VC had agreed to work for free as their CTO given the dev problems they'd had and yet I'm being vetted by the tech-clueless CEO instead? The whole thing seemed like a giant "wat" so I'm going to dump it, having sanity-checked myself on here. Thanks to everyone who replied.

I don't know tons about the online streaming market, but I feel very confident as a paying subscriber to many of them that YouTube Red is the ****tiest, absolute worst excuse of a "streaming service" of them all.

I've been paying $9.99/mo for the last 5-6 months, solely for the background play functionality.

Got a gs7 and the background play options are functionally useless.

The other ways to background play are to use unsupported versions of youtube and unsupported 3rd party apps (inconsistent experience, unstable at times) or just going to another streaming service.

I want one piece of functionality on top of YouTube, and am willing to gladly pay 9.99/mo for it, which is an absurd rip-off at scale to what maintaining that feature should cost. Yet somehow,I get a new phone and they don't appear to be supporting it, and I have to dig for a fix.

To make things better, the galaxy s7 defaults to having you "disable" apps instead of uninstall/delete them.

Oh, and if you Google search this, you get tons of random "for all android devices of all time, here is a neato trick to background play, and 10 things we love about phones" - which if they don't have 10 pop-up ads and subscription offers before you read a sentence, obviously provide zero value.

What do you use background play for - music?

It is a crazy world out there.

I still just cannot fathom the way that these companies have so much money and run so poorly and so inefficiently and yet do so well.

On one hand, I see it as the confirmation that many of the VC/Sam Altmans of the world may be right, that increasingly strong waves of technologically-focused companies are going to keep going after big companies and being successful.

It is hard to imagine that these behemoth companies won't eventually face competition. On the other hand, they are doing something right.