Pretty cool stuff, i know ive asked for some of these features as my team uses asana for as much as we can and jira was super slow and clunky back in the day - though i checked it out recently and it seems like a much better experience.
In the tool the modals could really use a X button to close the modal, the 2 or 3 seconds i second guessed where to click each time was annoying. It would be cool to discover if asana had some of these features all of a sudden but i think putting so many features front and center is going to hurt your adoption. Slack for instances can be easily underused as simply a chat application, later on the tech guy shows up and starts dropping in chat bots and cool helpers and what not. The relationship stuff is pretty cool i hope i dig more into this stuff later.
Also are you guys planning on expanding the signup options beyond google/microsoft? it was easy for me to signup just curious how much of a roadblock that is to the rest of the internet.
I love the uncluttered ui for the site you work for https://sumup.com/ sticks the message to the potential customer instead of shoving lots of blog/jobs/other links all over the place as in the top menu.
I notice at my job there were a lot of i need feature x to which we commonly replied i would like to build x but the horrible old y system is stopping me or we would just make things much worse to try and meld feature x into legacy/messy y system. I was a dev dealing with the legacy systems at my company for years and then i took over management and said we need to remove or clean up these legacy weak points so we can build features faster and more maintainable, so yes we started at the first day of this year cleaning up from the worst / weakest links first on. In 6 months we are done using 2 new hires to complete new work while 2 senior devs did clean up. 6 months compared to years of spinning tires was well worth it. Eventually the CEO gets sick of hearing excuses of why we cant build this or that or are wasting 50% of our time fixing bugs. Productivity is soaring now for multiple reasons at my company, testing, documentation, removing old systems and even though we have a small team every senior dev is leading a junior dev. Side note this is the first time we have hired junior developers at this company and its been a big pay off giving a lot more free time to the senior guys to work on the most important things.
I think the ridiculous thing is every mom and pop site and blog and website needs to be gdpr compliant? insane. If the true intent was to make sure large players have their system in check then they should have simply said if you have 50,000 or more users giving you data a month or something to protect anyone interested in software from being afraid of having 2 users because now they need to read every international law. I know someone will fire back at this but what stop the United States from coming up with some law as well on the internet against how logins should be and then filing a lawsuit against every other country company that doesn’t comply. A business should follow the laws of based on the owners location and if other countries don’t like it then that’s for allies to group up and ask that minority country for change. gdpr to me is of reaching on the internet in a scary way.
So how exactly it's O.K. for customers if their privacy is breached by mom&pop businesses but not O.K. if it's breached by businesses that have 50K or more users?
It's common theme here on HN to think that users are just some kind of resource and the regulations are anti-climactic things that slows down the party.
Seriosly, As a user, I don't want my information to be sold to random people that I have no information about even if the seller is a tiny business because my feelings are not against the business but against the practice. The size of the violator is irrelevant to me.
If not breaching my privacy and my rights makes your business unprofitable, then simply you don't have a business.
Users are people, not just pageviews or hits or goals - despite what your analytcs software says.
It's not just small businesses. The serious effort to fullfil this legislation and the constant threat that you still don't is simply too much for small non-profit organizations and personal websites. A lot of one person blogs that are inactive but a valueable source of information have been taken down because of that.
I also stopped hosting demos of my side-projects (just for github or cv links), because following this law for this kind of service is just unreasonable. And I do not even have to cause any kind of harm to be fineable in Germany.
If your demos required storing or using someone else's personal information, taking them down was the right thing to do (assuming you weren't going to put effort in to become compliant). If they didn't, you panicked and took down potentially valuable data of your own volition.
Just adding a legally correct data protection and privacy policy is often too much of a burden. Even for otherwise fully GDPR compliant websites. Especially as I can not be sure if it is legally correct without consulting a lawyer (that's one of the big pain points for non-profit and private websites).
One of my demos required multiple roles for the service and hence had authorization and authentication build in. I.e. it was storing email addresses (though I happily handed out prepared near full-admin accounts to everyone interested). It was on a subdomain with robots.txt set to disallow, so very little chance someone would find it by accident. Still making this GDPR compliant without consulting a lawyer was too much effort and risk for me.
I'm not even sure without consulting a lawyer, if a fully static pure html website would be DSGVO (the German GDPR) compliant without adding a privacy policy to it. After all I could still be tracking users by HTTP/TCP/cookies and would have to inform the visitor, if I do or don't.
The Information Commissioner's Office (the regulatory body in the UK) says:
Who needs to document their processing activities?
There is a limited exemption for small and medium-sized organisations. If you have fewer than 250 employees, you only need to document processing activities that: are not occasional; or could result in a risk to the rights and freedoms of individuals; or involve the processing of special categories of data or criminal conviction and offence data.
GDPR is designed to be easy for small organisations to adhere to. No documentation needed if you have only small, non-sensitive data flows. IANOL, of course.
Well, it depends. If you only enable access to the demo without storing any personal information, there is no prblem whatsoever.
If, in order to access the demo, you need to give your e-mail address, and you are harvesting e-mail addresses in this way, you need to inform the users you are doing so, and provide a separate unchecked box "Subscribe to the Newsletter". In this way you are honest with the users, with how you are using their data, and you stick to the letter and the spirit of the law.
> So how exactly it's O.K. for customers if their privacy is breached by mom&pop businesses but not O.K. if it's breached by businesses that have 50K or more users?
One of these has systemic effects, the other does not.
(I don't think small businesses should be totally unregulated. But the administrative burden should be considered, to prevent discouraging new entrants and promoting incumbency bias. GDPR does not take this into account.)
1) You claim that GDPR has a big administrative burden to small businesses but that's not the case as long as your business model is not based on invasion of privacy. If it is, well, tough life!
2) It devalues the individual, it's ridiculous. Small restaurants need to follow hygiene standards just as the big chains, despite the fact that your local burger shop won't cause health problems on the same scale of McDonald's. Do you know why? Because individuals matter too. Can't be bothered to clean your kitchen? Don't run a restaurant. Can't be bothered to take care of your visitor's data? Don't run an online business. The society or any individual doesn't owe you a profit or a business.
> You claim that GDPR has a big administrative burden to small businesses but that's not the case as long as your business model is not based on invasion of privacy
Have you ever dealt with a regulatory enquiry? Even if you have done nothing wrong, they are harrowing, time-consuming and--occasionally--costly.
> Small restaurants need to follow hygiene standards just as the big chains
Look at the food codes in most large cities. Multi-location chains have stricter standards than single-venue restaurants. This is because (a) multi-location complexity introduces new vectors for harm (and lets it scale faster) and (b) people are willing to accept greater risks from small purveyors.
Everyone isn't. But most people accept home-cooked meals without demanding municipal inspection.
Furthermore, the presence of looser food codes--in the U.S. and Europe--for small-batch and single-location vendors, in comparison to chains, supports the hypothesis that many people see the added risk worth taking for more variety.
My point is that people balance risk of food-borne illness against variety. Homes are virtually unregulated because we rely on individuals using their social networks. Small restaurants are more strictly controlled. Chains, stricter still. This is a common regulatory pattern for good reasons.
You’ll still have legal trouble if your food or drinks harm people.
Same with the web, if you’re coding for your own social circle GDPR is not something you need to comply as long as someone of your social circle is harmed and starts an action against you.
Also, different regulations for different sizes is due to the nature of the business. It’s not that small shops are allowed to be dirtier than the chains.
> different regulations for different sizes is due to the nature of the business
Bingo. The intent of the law is fine. But the administrative burden for small projects and teams is inappropriate.
In any case, you originally claimed “small restaurants need to follow hygiene standards just as the big chains” [1]. I was showing that is not true. They follow different rules stemming from common principles.
The nature of the chain business. Chains do things that small ones don’t and the extra regulations are about that. As I said, small restaurants are not allowed to be dirtier than the chains.
The same goes for the software, if you’re not doing things that Google does then GDPR affects you less than Google.
Seriously, the cost of GDPR compliance is not the same for Google and mom&pop businesses, just like the cost of food safety regulations is not the same for the chains and small restaurants.
I know right? But on the other hand, people are fine to ingest pills sold by a dude that barely can spell his name but will totally freak out if someone opens a hospital with fake doctors :)
How did you manage to deal with a GDPR enquiry? It's been less than a Week since it's introduction.
Something tells me that your reaction is not based on facts but pure ideology, an ideology that assumes that regulations are always bad the businesses will take care of the consumers if left to their own devices.
Pardon me, I did not mean to imply I have dealt with a GDPR enquiry. I was asking if you had dealt with any regulatory enquiry.
> an ideology that assumes that regulations are always bad
Quite the contrary. I like American and European securities regulation. I regularly call my Congresswoman for more privacy protections. (I had some luck getting a law I helped draft through committee in Albany. No further.) I've also consistently been of the position that Facebook should be broken up on antitrust grounds. My opposition to GDPR is purely on the way it is administrated.
Yes, I did, I had to comply with EU workspace regulations. Built a nice toilet marked the floor with yellow lines, paid a wage above the minimum wage, registered a company and the govt. people said it's all good.
It's really not that big of a deal.
I would have trouble only if I was doing illegal business, make people work in an unsafe and dirty environment, didn't provide the sanitary needs and paid them less than the national minimum wage.
The difference here is any (european) person on the internet that finds a website can put a significant burden on you. Even if it's not a business, but just a personal homepage, blog or small non-profit website of your favorite hometown sports club. Especially if they have an internal member area on their website.
Even worse in Germany, we have something called "Abmahnung" (https://de.wikipedia.org/wiki/Abmahnung). Every lawyer can send you a letter telling you to follow the law and request payment from you for the "service" of telling you that. This can be several hundred euros and you can then decide to go to court (and lose if they were right) or pay them. German law firms can pick up non-GDPR compliant websites using crawlers (e.g. just identifying pages without privacy policies accessible, is a simple one) and fine exactly the persons that are not targeted by the GDPR. It's absurd and it has nothing to do with these people doing any kind of damage.
It would be similar if you had to to put your workspace policy and data proving your fulfillment of workspace regulations up in the internet, so any single lawyer can check them and send you a bill, if they find something wrong. This can't be the right way to go for private websites, small non-profits and even small businesses. It's just insane.
Edit in response to the comment below as I can't reply for whatever reason: Multiple legal help pages about the German law say that you can get an "Abmahnung" even without proving that there is a client that is a competitor. E.g. here https://www.datenschutz.org/datenschutzerklaerung-website/#d... "Seit Anfang 2016 können nicht nur Mitwerber, sondern auch Verbraucherschutzverbände Abmahnungen wegen fehlender Datenschutzerklärungen versenden. Das bedeutet, dass diese Option nicht allein gewerbliche Websites treffen kann." It's limited to Verbraucherschutzverbände (probably translatable as customer protection agencies), so the risk for a private page is close to zero based on this, but I'm not a lawyer, I don't know what exactly changed here through GDPR/DSGVO and you still basically have to consult a lawyer to be on the safe side.
> You claim that GDPR has a big administrative burden to small businesses but that's not the case as long as your business model is not based on invasion of privacy. If it is, well, tough life!
There's something I don't get in your argument: How having a business model not based on invasion of privacy is protecting your business from receiving GDPR Subject Access requests requests, the legal fees a small business needed to spend to take care of those, and the handling of those?
In your food example it'd be more like as if a law required you to have an employee meeting with a health inspector daily. And that employee must not be a cook/staff. This seems easier for a big chain to comply than a small business.
Here, to monitor all their email, each social media pages, etc and spend time figuring out if each tweet/post is a subject access request is going to be much easier to scale for a big company compared to a small business.
Also one thing a bit off topic that's not clear to me is if suddenly a business needs to start handling and archiving sensitive information because of GDPR letters (for each request, there must be a proof of identity such as ID, passport scan, etc). You now risk having potentially non compliant businesses handle those. That seems like exposing yourself more to identity theft for each GDPR request you make.
If you die in a fire or building collapse it's equally bad whether that building was a large commerical building or a single family.
But we have two sets of building code rules because the regulatory burden is very different. The cost of complying with lots of regulation are fixed, and don't necessarily scale linearly with the size of the company. So to prevent these laws from wiping out small businesses they usually phase on these rules with increasing size.
Which locality are you talking about? Building codes vary quite a bit from one region to another. I'm pretty sure my municipality (Grand Rapids, MI, US) does not have differing commercial building codes based on the size of the organization utilizing the space.
You can respect everyone's rights and privacy and still be noncompliant, because most of the work of complying with the GDPR for most businesses is in the documentation, customer misinformation, and legal CYA work.
Okay, so add one more caveat—the business has more than 50,000 users OR it sells your data. Perhaps the vast majority of businesses affected by GDPR are not selling your data.
For me, main problem is not the compliance itself, but the legal part of it. If GDPR had clearly stated it ok to dismiss all these "nightmare letters" unless they come a set of official emails that handle it, and if/when such official letters come it would only be required from me to point to my legal pages and/or give access to the code/db to show I'm compliant, it would all be a-okay.
That is exactly the way it should be.
people should stop storing user data because they don't do anything to protect it for you.
Keeping user information just became so normal in the past few years. it is not just about ads but also security.
You have all your information all over internet. Websites without minimum security requirements store everything just because it is cheap to do it and they just believe they should store it even they don't need it because maybe they need it in the future.
Hackers can do way more than you can imagine with your data if they want.
Storing user data should be expensive. Companies should only store it, if they accept and understand the responsibility and they must feel accountable for it.
I think the issue here is that GDPR is really broad.
We have had our legal team review it to perform a cost/benefit analysis on whether we should comply with GDPR or block the EU region for the time being.
At the end, while we all agreed that the idea behind this law is reasonable, it would benefit us to ignore the EU region. (We reviewed our database to ensure we don't have any EU users currently on the system before doing this)
That being said, we branched out and started to slowly implement some GDPR requirements that can benefit our existing users privacy and we will certainly remove the EU blockage when the scope of this law becomes more apparent to our legal team.
I strongly believe software is due for some serious regulation, just like all other branches of engineering, we need to take responsibility for the systems we create and I feel like this is a sign that our industry is maturing from it's infancy stage.
Kudos to EU for making an attempt to keep Europeans safe.
>I think the ridiculous thing is every mom and pop site and blog and website needs to be gdpr compliant? insane.
The even more ridiculous thing in my opinion is that these mom and pop sites are not already GDPR compliant. What could they possibly be doing that makes not abusing a handful of user's privacy an insurmountable issue?
> The even more ridiculous thing in my opinion is that these mom and pop sites are not already GDPR compliant. What could they possibly be doing that makes not abusing a handful of user's privacy an insurmountable issue?
You are writing as though not abusing people's privacy is all that is necessary to comply with GDPR. This is incorrect. GDPR has specific requirements for any company handling certain types of data, and extra requirements if it's handling this data "at scale" (though it doesn't actually define what this means). Any data revealing any of the following is considered protected by GDPR:
> racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.
So, basically any user uploaded images or text can be argued to fall under this category since users might reveal their political, religious, or philosophical beliefs in this text. How about something as innocuous as a heart rate monitor? Well, apparently people have correlated 15-30 minute spikes in heart rates in the evenings to figure out people's sex lives so that's restricted by GDPR.
I could go on. The point is, it's not enough to just not abuse your user's data and cross your fingers to be GDPR compliant.
> If you run a public forum and people choose to reveal things about themselves in posts, that obviously cannot be what GDPR is about.
Yes it is what GDPR is about, the fact that people voluntarily share this information on a public forum doesn't nullify GDPR. Otherwise, Facebook wouldn't be under so much heat. Much of the data they collect comes from posts, comments, etc. all happening on a public forum.
> Even if it is, it doesn't concern any mom and pop site that isn't running a forum.
Say your mom & pop site has a comment section, where users can talk about blog posts they liked or disliked. Now all of a sudden you have to dedicate resources towards GDPR support.
Facebook is under a lot if heat because they actively try to encourage the user to enter PII and even have policies such as no aliases and all accounts should belong to one person. Can't remember if I even needed a phone nr confirmation or if that was Microsoft. The sole purpose of a Facebook account is to be a one to one mapping to a person, and everything posted or visited is obviously tied to such an account.
Not like hacker news where you don't even need an email address to sign up, creating a throwaway account if you want to post something private takes one minute. Good luck with that on Facebook.
The problem with forums is this: I'm upset with Jane Doe because she dumped me. I make an account called Jane Doe, from which I post some personal things about Jane Doe.
There is no way to police this stuff short of a total clamp-down on free expression.
The site operators must suspect every account is fake, and whatever that account says about itself is actually about someone else.
Since the protected information is extends to areas like political or philosophical beliefs and whatnot, nobody can discuss politics or philosophy.
Probably not. Definitely not any proactive monitoring. A small website could get away with waiting for users to report posts, and then following up with manual inspection.
> If you run a public forum and people choose to reveal things about themselves in posts, that obviously cannot be what GDPR is about.
The GDPR has explicit provisions for how covered information that is explicitly made public by its subject is treated (for instance, separate consent is not needed for processing such information); outside of those explicit rules for particular effects, though, such information is treated exactly like other personal information of the same subject matter under the GDPR.
> What could they possibly be doing that makes not abusing a handful of user's privacy an insurmountable issue?
Nothing. Doesn't mean they have nothing better to do than respond to letters and regulatory enquiries. (To be clear, I'm not disparaging regulators asking questions. I'm simply observing that such questioning-and-answering has a cost. That cost is reasonable for a large company. It may not balance favorably for something smaller.)
Like TFA describes pretty in depth, that response burden, for sites that have no saved data and process nothing personal can be as simple as a form letter response pointing to a properly detailed GDPR statement.
Or might have to be expanded on a bit, point is the response cost can be scaled as well.
It will likely be years before any small business gets a routine regulatory enquiry, unless there is a complaint. And that is how it should be, isn't it?
So, a pragmatic approach then. Everybody violates the laws a little (maybe without knowing) and regulators pick big violations first. Software developers like to handle each edge case up front - which is not possible on this scale I guess.
GDPR impose a few things to do as soon as you have a single PII, as well as doing this a certain way (opt-out are a no-go, you must be able to prove consent, you probably need a DPO and a DPA), and things that were just not done in practice until now (right to be forgotten for example is not exercised, and thus there is no tool to exercise it).
Just because you absolutely respect the spirit of the law (don't do shitty things with PII) doesn't mean you are GDPR compliant, unfortunately.
I very much agree with GP that small business should have more relaxed obligations, and more proportional fines (the minimum fine exceed the total revenue of non-negligible percent of small business).
Consent is usually not needed, since there are plenty of other lawful reasons for processing data. Small businesses will not usually need a DPO, and neither will many large ones. Small businesses will have proportionate fines, and probably no fines at all for accidental breaches of the law.
And no, there is no minimum fine set by GDPR, only maximum fines. Most companies will just get a warning to sort themselves out, if the past behaviour of the regulatory authorities is anything to go by — their emphasis is on getting compliance, so only egregious failures will attract fines, with others directed to carry out specified improvements to their processes.
The even more ridiculous thing in my opinion is comments like this that conflate a truth and proof of that truth. It’s the difference between saying that every even number greater than 5 is the sum of two primes, and being able to prove it.
> What could they possibly be doing that makes not abusing a handful of user's privacy an insurmountable issue?
Storing their HTTP logs on archived CD-ROMS would be a violation of the GDPR, unless that same mom-and-pop operation offered users a way to request that CDs be replaced with new versions at will.
I don't think that counts as an abuse of privacy, but it is a violation of the GDPR, which makes immutable logs which contain IP addresses illegal.
There is no violation of the GDPR in just holding data, especially data for which you have a legitimate business reason to process. It is probably PII, so look after it as you would other PII.
The GDPR give a number of reasons where the right to be forgotten does not apply, including for archival purposes, or when the controller was not relying on consent for the processing.
> What could they possibly be doing that makes not abusing a handful of user's privacy an insurmountable issue?
Perhaps they're busy running their business and don't have time to comply with baroque EU regulations, regardless of whether they're actually "abusing their user's privacy" or not.
Regulatory costs are a thing. Even if you're not violating the regulation, filing the forms or whatever to assure some bureaucrat that you're not violating it takes time and energy.
There's a reason why the startup scene in Europe is onlly a fraction of what it is in the U.S.
The intent is to give people a way to control the information which will be used to influence their lives instead of being at the mercy of every corporation, start-up or mom & pop operation which is trying to make a buck.
Private life is such an essential part of human nature and our societies, no matter what the "nothing to hide" camp will say. There will be collateral damage and that's unfortunate yet tolerable, given the extensive abuses.
> A business should follow the laws of based on the owners location
This cuts against centuries of sovereign tradition and precedent. GDPR's constraint to users in Europe is reasonable. (As is refusing to do business in Europe by blocking the continent.)
You need a DPO if you are a public authority (eg government body or public school) or if you carry out "regular and systematic monitoring of data subjects on a large scale or when processing special categories of data …".
If you receive data from Google Analytics that is aggregated into categories or regions (ie not identifiable) or on a small scale, then you are not in the realm of large scale, systematic monitoring, so no DPO needed.
Thanks. I mixed up the name, though, not the role.
Your link says that the requirement for an EU rep "shall not apply to: processing which is occasional, does not include, on a large scale, processing of special categories of data as referred to in Article 9(1) …"
Most companies will not need an EU Designated Representative, in the same way local companies will not need a DPO.
I was responding, specifically, to @rdlecler1 who claimed that "Yes, every US company must hire an EU representative to be compliant."
Many small orgs, even if serving EU citizens, will not need an EU Resident Representative. And if they do, they should be able to contract to an EU company to represent them, rather than need to directly employ an individual.
IANAL As long as there's no connection to a professional or commercial activity it should be outside of the scope of GDPR. This is identical to the previous legislation, directive 95/46 art. 3.2.
Note that any external service processing the data must still abide by GDPR.
I also think the requirement to provide the same service 'without detriment' if a user doesn't want personalized ads - should only apply to companies over 500,000 users. It should only apply to companies that are ubiquitous that people feel they can't live without.
We as the collective tech community brought this onto ourselves. We did not self regulate ourselves. We did not take out customer's privacy serious enough. Therefore, big government stepped in and regulated us.
In software, if you want to skirt the law, its easy to do so with small team/companies. Just spin up shell companies under the limit and use that to skirt the law.
It certainly defeats the spirit, but this is capitalism.. No holds barred, and do illegal moves till you get caught.
I was recently a lead developer and asked to manage the team by the team. I noticed running the team can't be generalized in one size fits all, some people just want clear descriptions of projects to work and and some people want to over engineer and make a 1 day thing a 2 month job no matter how you say it should be done. Problem is how do you handle a engineer that says something can't be done in 2 hours? Well so far I have sat down with them and showed them it can be done in 2 hours, beyond that argue with me enough and I may be forced to rethink your employment. It hasn't come to that yet. most of the room follows my instructions and we are kicking butt, there's a small part of the room that wants to be dramatic about everything, their computer isn't good enough "needs 64 gigs of ram for their command line", the tools aren't good enough etc etc - basically they have management envy and that's my only struggle right now.
Be aware that this works only because you were technical lead of the project and recently active in a hands on capacity. It will likely fail you once you are on a new project that you don't know technically and your skills are years out of date. So learn to find, trust and nurture the experts on your team instead.
We're no google but I have lead the software department on techical decisions and scaling for the past 3 years as the company/startup tripled in growth. We are a tiny power rangers sized team, I probably just have angst in my comment as there is one particular employee who was recently hired before me stepping on that goes left when I "and everyone else on the team" says go right.
You sound more like someone who let a modicum of authority go to his head and projects a lot than a good manager, here. It might work now because you're directly familiar with the inner workings of this project, but you can't expect that in general.
To be honest im a passive aggressive push over, I believe in jumping in, failing early and finishing early, I asked if i could have my job back of just throwing head phones on and working but the ceo says EVERYONE is happy with me and he likes the processes im putting in place unfortunately I spend my weekday drives thinking about how to deal with a certain someone on my team who wants to act like he is ALSO manager and thats sort of why this article/blog triggered me.
Not particularly directed at you, but it's certainly a dichotomy in that managers are the only ones responsible for "rethinking another's employment". I'm curious to know how often you would consider reflecting on / rethinking your own employment?
I say this because I was recently hired to work on a project where managers are obviously the only ones responsible for deciding how a developer should function within the organization. It is obvious the state of the project is anything but healthy at the moment. Attrition rates are astronomical and the code is beyond ugly in a lot of cases.
"rethinking employment" was a clever way of "firing someone who cannot take direction".
If you're suggesting a manager sometimes needs to self-reflect, sure, but a good manager does eventually have to make the call that someone isn't up to snuff.
There are several people in my department who probably should be "rethought" or let go, but management is too soft to make the call. It's actually more harmful to several, who could easily move on to other roles.
This is a much longer story than I jotted down on my phone as a comment, also a tiny mutli million dollar startup but after the mostly negative comments I recieved on this post I'm starting to think there is easily a phsycological US vs THEM mentality between devs and management. I miss being able to complain, I still did the work but there was something magical about us banning together to complain about horrible management & lack of leadership. If you're going to fuss about a comment about firing and if you havent noticed some weak links at your other jobs then most likely youve been the weak link and to be fair thats fine when your job or title fits you appropriately but im talking about someone making double or triple the guy busting his butt, i was the busting his butt guy and im looking out for the rest of those guys. Theres one of many reasons I didn't go into a software job for the government.
A lead developer is certainly not a manager and is in no position to rethink someone's employment. A lead developer can lead and guide, and generally make technical decisions, but must do so with humility and respect. I've been a lead developer and have never used my "authority" to dictate what people do, but that's just my style.
Whatever your job title might be if you are the eyes and ears that generate feedback for the CEO and other management teams what are your ways of leading and guiding a lazy employee? Software developers or not it seems like as soon as everyone gets a degree they forget that we can still have toxic people in our field that slip through the hiring process and just bring everyones day down. When I say I would let someone go I mean I would suggest it and only after many attempts of me and the rest of the team trying to get through to them which seems pretty standard to me. I'd rather not work in a corporate place where I'm forced to work under or over negative people without options. Though I'm sure I come off as a typical grumpy jerk online I have to deal with being a passive aggressive person at work and I have noticed that has led to a employee or two attempting to take advantage of my hospitality and I end up working crazy hours to get things done for releases because I'm not the type of person to demand you stay late or work weekends. Everyone under me has a laid back job, I would also have a laid back job if I swapped one bad egg with a good egg or rebranded his position. I feel bad for the guys destroying work left and right while this other employee wants a red carpet laid at his feet every week to write a line of code. Maybe the 10x programmer doesn't exist but people who read about silicon valley and think free cupcakes and energy drinks should be everywhere certainly do.
Restful? I thought it was dead and graphql was the new silver bullet for everything? On a serious note though this is seriously needed and I actually like the start of this API I would mind curling a device and seeing how easy it is to write 2 lines of code to email me if it dies without really having to read documentation and this is the real intent of the idea behind rest, discoverable network apis self documenting because they use links and http standards so I don't have to go look up some companies specific error codes.
Love the artwork and the work your putting into this. To be honest I'm in the middle of a graphql debate right now because our ad-hoc burger/salad endpoint said are how our API product are currently sold. Much like Burger King we don't grab cheese from a burger and put it on fries for you. This loose system does have its place but so do showing the customer a direct endpoint for burger and salad and letting them know if they want two trips they will be charged for burger and salad.
It would be scary if someone found a flaw in their API or data that exposed who went where from where everyday. It may not be stored that way but people who work at secure locations aren't allowed to bring in cell phones or workout watches but they still bring them to the parking lot showing who works where. If a flaw like this is discovered it would obviously be bad.
Would be good to read what steps Strava uses to anonymize this data prior or shortly following upload.
I'm also hoping they put some logic to prevent a single device trace from showing up on the heatmap regardless of frequency, and that 2 devices would need to converge within a radius for there to be a trace, but that might be wishful thinking.
This seems like it would be subjective but it actually tells a story. Most likely tickets aren't being broken down enough, one employee could be snagging easy bug tickets in the morning and another employee could be working on a epic feature.
On the other side of things I have a guy at work who rocks out 20 tickets and a guy at work who tries to go into super plan mode and take his time and make sure every semicolon is perfect 20 times. This is ok, it's what management is for I need to make sure the fast guy is a little more careful sometimes and I need to check on mr planner and make sure he speeds it up sometimes.
In the tool the modals could really use a X button to close the modal, the 2 or 3 seconds i second guessed where to click each time was annoying. It would be cool to discover if asana had some of these features all of a sudden but i think putting so many features front and center is going to hurt your adoption. Slack for instances can be easily underused as simply a chat application, later on the tech guy shows up and starts dropping in chat bots and cool helpers and what not. The relationship stuff is pretty cool i hope i dig more into this stuff later.
Also are you guys planning on expanding the signup options beyond google/microsoft? it was easy for me to signup just curious how much of a roadblock that is to the rest of the internet.