Finish the degree, it's amazingly helpful visa wise if you ever want to apply to jobs in other countries. I left the UK for Canada and it would have been way harder without a degree (I believe there's some amount of 'years in the industry' that adds up to a degree for work visas, my memories foggy but i think it was around 10 years..)
I'm just checking, you have sorted out a work visa yeah or already applied to jobs? As from what I remember you can only get a 6 month visitor visa, which means you have that much time to try and get a job and get a work permit sorted before you'd have to leave the country. It's doable but I would probably do a lot more research on the subject before moving my family over.
I haven't sorted out a work visa yet. I am during research phase on this subject, so far it doesn't look too hard. I'd like to find a job before I move out to Canada - I dont need to go there right now, I can wait some time. Thanks for advice I will focus on visa research.
There's a few places around Vancouver that I would avoid and seems like you found one of them....sorry to hear that.
As others have said the Linkedin issue is ridiculous, just change it to shut him up.
The issue of overtime is something else though, if this was never mentioned before then my spidey-sense would be tingling about how the future will go at this place. I'm obviously not familiar with your exact situation (do you really need the job etc) but if you can risk moving on then I would have a honest chat with the PM...if it sounds like a no go then I would just be ready to move on.
2 of my now friends started work at a place in Vancouver (seperately) and left within 3 weeks due to the unrealistic expectations.
The LinkedIn request is ridiculous. Even it would shut his PM up, he shouldn't change it. If he caves on such a stupid request, his PM is going to wonder what else he will cave on. Going through life letting your employer bully you around is a good way to be stuck forever doing the grunt work.
(To be fair to the company it's hard to say whether it's the employer doing the bullying or just this mid-level employee whose doing it.)
The reason I suggested just doing the LinkedIn update is that it's so plainly ridiculous and easy to fix that if the PM truly thinks that's a measure that's important then give it to him. But then stand firm on whatever views you have on the OT.
Basically my gist was spend your energy and time fighting about something you care about, and at the same time show you're a 'team player' as you changed your linkedin status.
But it's all subjective, I continually change my views on how to handle issues like this in the work place, I tend to swing to each extreme as time goes on....I figure I'll get it right by the time I retire :)
But really...If I had other opportunities then I'd get the hell out.
I humbly disagree, if you say to the user that the username was correct but the password was wrong then you have leaked information to the user that they should not have access to. i.e. If email is used as a username and I go to a porn site and type in my wifes email address and a random email and it comes back 'username right, password wrong' then I now know she has an account there which she was trying to kepp secret.
It's not only bad from that point of view, but also the attacker now knows you have a account there and so could try social engineering techniques to gain access to your account, it basically provides a attack opportunity that it doesn't have to.
I think you're missing the point, which is that that information is already unavoidably leaked by the signup form. So leaking it from the log in form doesn't change anything.
Yep, the only way to really leak no information is to just always say that the action (sign up, forgot password) was sucessful, which is awful from a ux perspective. Don't forget to go through the motions of registration/recovery to stave off timing attacks as well.
I have actually worked on systems where the signup form allowed multiple users to have the same user name, and the log in process consisted of checking for the existence of a (username,password) pair. Needless to say, I regarded this as a major design flaw and fixed it (except for the existing non-unique users). But there is, for all the reasons it shouldn't be done, a situation where the signup form doesn't leak usernames.
That's a very binary way of looking at it. Depending on the sign up flow, it may be much more difficult to discover the existence of a username or not, than it is in the login form. (For instance, if the signup flow involves payment details before the username step.)
Are you going to enforce uniqueness of payment details? And if so, what part of those details must be unique? Will you require a unique credit card number?
If so, you will have to maintain either a bloom filter or a list of hashes for all eternity to ensure that nobody signs up twice with the same CC number. [Edit: actually, you could keep the scrambled CC data for a finite length of time if you're just trying to rate-limit, but still see below]
So suppose you've done all that. Are you going to do a test charge to see if the credit card number is valid before allowing the user to choose a username? If you don't, your efforts are wasted, since anyone can just use a CC generator (they're used for testing) to sign up for new accounts all day. If you do, you've probably driven away 99% of your users with your ridiculous signup process.
If you're using a third-party payment provider like Authorize.net or Braintree to store CC numbers, you'll be given a unique token from the provider when you add the CC number. When you add the CC you can also have the provider run and immediately void a dummy transaction to verify the card is real, too.
Leaking emails is bad. Leaking site-specific user-names seems like less of an issue, particularly when they're exposed anyway through simple use of the site.
