SOC 1 & 2 compliance with outsourced development team?

My company just hired a team in India for development work. They will have full access to our network via VPN. They will not have access to client data directly. My question is…

Are we required to follow the same controls for offshore contractors as we are for fulltime employees? ie… background checks, NDAs, Policy Approvals, Security Awareness.

How To make Quality Shopware Development and Design?

Bay20 offers complete Shopware development and design services to customers, including Shopware Consulting, Shopware Theme Design, Shopware Extension Development and Integration, Shopware Custom Development, Shopware Migration, Community Version Updates and Enterprise Shopware, Shopware on Amazon EC2, Shopware Maintenance and improvements and more.

Guidance on programming personal development [on hold]

Hope this is the right place for this…

I’m an engineer, mostly self taught in programming, mainly using MATLAB (although I was formally taught Python at a basic level). I’ll write something pretty much every day and I want to further my capabilities and dig more into computer science.

In the same breath, I have applications that I want to be able to spread to people outside MATLAB, and whilst MATLAB allows for that, starting the runtime can be prohibitively costly (why spend minutes starting a runtime for a ten-second program?) on some systems. For this reason I’ve been looking into compiled languages, partly because I don’t necessarily need users to install additional software, and also because I’d like to understand why x,y and z are considered bad practice (pretty sure MATLAB does a very effective job of protecting me from doing bad things).

To this end I’ve ended up with Rust (I like the fact it forces you to anticipate/deal with error states) but I’ve reached the point where I can’t really continue satisfactorily on my own (partly due to time constraints). My company is pretty open to personal development so doing some kind of formal training, but it’s finding the training that will actually be useful. I suspect that many basic items in computer science would be confounding to me!

So my questions are this: 1. Do you consider Rust a decent language to learn about the nitty-gritty and also make useful progress with applications/Is there a generally better option? 2. Best way to take up structured learning in the UK (Midlands)? I tend to learn by being shown something, trying to do it, and then working through why it didn’t work with someone, as opposed to “Here are some examples, go through them and then an automated system will give you some hints”.

Thanks in advance!

Job title for product manager who also does development

I’m moving into a new role in my organisation. The role will be a combination of product manager and software developer creating new products.

I’ve been asked to come up with the job title for this role. Looking for something that represents both the product and development side of the job.

I haven’t been able to find anything that quite fits. So keen for suggestions.

Test Driven Development Roman Numerals php

I just learned about Test Driven Development on a podcast yesterday. So I decided to try it out today by writing a roman numerals to integer converter (per their suggestion). I’ve never written Unit Tests before today.

My process

I wrote the test class with the runAll() function, then I started writing my tests one at a time, from top to bottom, if you look at the RomanTest class below.

Between each chunk, I significantly changed the intVal() method of RMC.
testI through testM, I merely checked hard-coded values in an array
testII through testXVII, I looped over all the chars and added values together
testIV through testIIX required a conditional modification to intVal()
testXXXIX (to the end) took a complete rewrite of intVal() leading to the code posted below

Before writing the next test, I always confirmed the previous test was passing. Except, I wrote testLtestM all at once as those were VERY simple after getting testI-textX working.

At points, when re-writing intVal, my older tests broke. Then I would get all my tests passing again before continuing to the next test.

I never altered any previous tests when trying to get the new tests passing.

My questions:

1.) Is this a good work flow for TDD? If not, what could I improve?
2.) Did I run enough tests? Do I need to write more?
3.) Is it okay that, during intVal() re-writes, previous tests broke? (considering I got them all passing again before moving to the next test)

I am asking for a review of my TDD code & process.

class RomanTest {       public function runAll(){         echo '<pre>'."\n";         $  methods = get_class_methods($  this);         foreach ($  methods as $  method){             if ($  method=='runAll')continue;             $  mo = $  method;             while (strlen($  mo)<15){                 $  mo .='-';             }             echo "<b>{$  mo}:</b> ";             echo $  this->$  method() ? 'true' : 'false';             echo "<br>\n";         }         echo "\n</pre>";     }       public function testI(){         $  rmc = new RMC("I");         if ($  rmc->intVal()===1){             return TRUE;         }         return FALSE;     }      public function testV(){         $  rmc = new RMC("V");         if ($  rmc->intVal()===5){             return TRUE;         }         return FALSE;     }     public function testX(){         $  rmc = new RMC("X");         if ($  rmc->intVal()===10)return TRUE;         else return FALSE;     }     public function testL(){         $  rmc = new RMC("L");         if ($  rmc->intVal()===50)return TRUE;         return FALSE;     }     public function testC(){         $  rmc = new RMC("C");         if ($  rmc->intVal()===100)return TRUE;         return FALSE;     }     public function testD(){         $  rmc = new RMC("D");         if ($  rmc->intVal()===500)return TRUE;         return FALSE;     }     public function testM(){         $  rmc = new RMC("M");         if ($  rmc->intVal()===1000)return TRUE;         return FALSE;     }          public function testII(){         $  rmc = new RMC("II");         if ($  rmc->intVal()===2)return TRUE;         return FALSE;     }     public function testIII(){         $  rmc = new RMC("III");         if ($  rmc->intVal()===3)return TRUE;         return FALSE;     }     public function testVI(){         $  rmc = new RMC("VI");         if ($  rmc->intVal()===6)return TRUE;         return FALSE;     }     public function testVII(){         $  rmc = new RMC("VII");         if ($  rmc->intVal()===7)return TRUE;         return FALSE;     }     public function testXVII(){         $  rmc = new RMC("XVII");         if ($  rmc->intVal()===17)return TRUE;         return FALSE;     }           public function testIV(){         $  rmc = new RMC("IV");         return ($  rmc->intVal()===4);     }     public function testIIV(){         $  rmc = new RMC("IIV");         return ($  rmc->intVal()===3);     }     public function testIIX(){         $  rmc = new RMC("IIX");         return ($  rmc->intVal()===8);     }        public function testXXXIX(){         $  rmc = new RMC("XXXIX");         return ($  rmc->intVal()===39);     }     public function testXXXIIX(){         $  rmc = new RMC("XXXIIX");         return ($  rmc->intVal()===38);     }      public function testMMMCMXCIX(){         return (new RMC("MMMCMXCIX"))->intVal()===3999;     }     public function testMLXVI(){         return (new RMC("MLXVI"))->intVal()===1066;     }  } 
class RMC {      private $  numerals;      private $  vals = [         'I' => 1,         'V' => 5,         'X' => 10,         'L' => 50,         'C' => 100,         'D' => 500,         'M' => 1000,      ];      public function __construct($  numerals){         $  this->numerals = $  numerals;     }      public function intVal(){         $  tot = 0;         $  lastTot = 0;         $  lastVal = 0;         foreach (array_reverse(str_split($  this->numerals)) as $  nml){             $  value = $  this->vals[$  nml];             if ($  lastVal<=$  value){                 $  tot +=$  value;                 $  lastVal = $  value;             } else if ($  lastVal>$  value){                 $  tot -= $  value;             }              $  lastTot = $  tot;         }         return $  tot;     } } 

And to run it:

$  test = new RomanTest(); $  test->runAll(); 

Should product scopes and/or project scopes be considered for small internal development work

tl;dr: I work at a small company with a development team of 5-10 people, lately we have been asked to present “scope documents” for effectively all of our work before we carry out the actual work, with seemingly no regard given for the magnitude of work required.

I worry that I am often spending more time writing scope documents about small enhancements than I am actually performing the enhancement.


Before I explain my question better, let me establish a few baseline viewpoints on the situation.

I understand creating these documents can be considered training exercises for when the team grows larger and the current members take on lead roles. I am not against this and I think it’s a valuable training experience. I just feel that the documents aren’t always necessary which may lead to wasted time, being a small company it feels we are already pressed for time and resources.

I understand a product and/or project scope is absolutely necessary when beginning an endeavor on an entirely new product, I can also recognize the importance of the documents in maintaining order in a structured and distributed development team (many team members + project leader). And of course scopes are absolutely mandatory when dealing with 3rd party customers wishing to contract our development work.

I understand the need to ensure that a developer fully understands the request before engaging in work, however I am left asking myself whether or not these small enhancements, even if misunderstood, could end up taking more time than it takes to write, review, revise, and signoff the respective scope documents.


With the above understanding in mind, excuse the length of this post, but to describe my issues:

My questions come about in situations where our development team is applying relatively small enhancements to our own internal software. Small enhancements such as adding a single new button to a web UI that performs a simple operation, or adding a new action handler (basically 1 function) to a backend system.

These small enhancements may indirectly bring in revenue as they increase the value of our product, but we aren’t directly selling these new enhancements independently. This leaves little room for any sort of scope regarding cost vs return.

All that is left is a scope detailing the expected outcome, why we’re doing it, and the expected hourly work breakdown (which is often hugely over-estimated). These documents will sometimes go back and forth with discussion over small issues which could often have been applied to the enhancement after it was completed anyway, revisions will be made to the documents to reflect the decisions made in this process.

I can’t help but feel like we are wasting a lot of valuable developer time writing these documents, where the minor enhancement could go through a first iteration of development in the same amount of time it takes to write the initial document. Then the time spent reviewing the document could instead be spent reviewing the code, and instead of revising the document time could be spent revising and finalizing the code — the end result in this situation (to me) is a enhancement which took almost exactly as long as the scope/documentation phase would have taken.

My main questions being: (In the context of a small development team)

Are we taking the right approach to scoping/planning and developing?

Is there any rules of thumb that we should be following with regards to these processes?

Is there any red flags in anything above which indicates I should be looking to adjust my viewpoint on the situation?

Is there any way I can improve the situation while keeping everybody happy?

All insight would be greatly appreciated.

Set up SFTP/FTP for development purposes

  1. I have 18.04 Ubuntu Server running (via VM) and using it for development (Mongo, Express, Node) purposes
  2. I would like to introduce some code others have written. Some of it I can install via npm, others are available on Github
  3. What is the best way I can incorporate such code into my application?
  4. Suppose I need to download the code onto my host computer, then transfer it to my server, what is the simplest way I can set up this transfer mechanism. I have permitted root login but it seems it only works for SSH, but SFTP transfers always fails (though I can see the files).