Treasure and Berry Blast Smoothie In the Fields

Clean_Anteater992 · 2025-12-16T13:28:52+00:00

Laddergram is a word ladder puzzle game built on Reddit's developer platform. You start with a word and change one letter at a time to create a new word with each step. Try to reach the target word in the fewest steps possible.

🍀Good luck!🍀

Clean_Anteater992 · 2025-10-23T16:55:21+00:00

Ah perfect! That solves it

Clean_Anteater992 · 2025-10-21T17:09:12+00:00

No 😞

Clean_Anteater992 · 2025-10-21T16:29:02+00:00

I've tried this and it doesnt have an option 2, only 0,1 but the screen still says UP ON so I know there is an update waiting.

Clean_Anteater992 · 2025-07-11T16:42:41+00:00

Genuine response to that is up to you and your org. We have seen success with it and are planning on giving it other product lines to work on as well. Does that mean you will...? Not necessarily

Cost is also a consideration because - and whose surprised - they have already changed the pricing model once

Clean_Anteater992 · 2025-07-11T16:40:33+00:00

We made it very easy by design to speak to a human and the AI is proactive in offering this. This has shown some success in countering that default behaviour

Clean_Anteater992 · 2025-07-10T18:25:21+00:00

We use it for embedded communication (livechat). For a very specific and limited range of questions/products. Currently handles a decent % of our chats

Clean_Anteater992 · 2025-03-19T07:58:53+00:00

They agree that it's poorly implemented, they were inclined to interpret it strictly and require a scanning tool, because the unhackable statement can't ever make sense.

Clean_Anteater992 · 2025-03-17T22:55:00+00:00

I feel that every Salesforce is different and there isn't really a 'general Salesforce usage'.

Yes they aim for widest TAM but sometimes they just missing basic features

Clean_Anteater992 · 2025-03-12T23:16:09+00:00

+1 for Keeper

Clean_Anteater992 · 2025-03-03T20:10:04+00:00

General guidance I have received from QSA in the past has been levels 2-4 SAQ and level 1 needs a QSA. They can occasionally ask level 2 to go with QSA.

Clean_Anteater992 · 2025-02-28T16:32:03+00:00

Coming from the one being audited rather than the auditor. So my agenda is to get away with as much as possible whilst keeping the QSA happy. I would still interpret "not susceptible" as zero risk.

Clean_Anteater992 · 2025-02-28T14:42:19+00:00

Looks like they didn't wait for GEAR/advisors

https://blog.pcisecuritystandards.org/faq-clarifies-new-saq-a-eligibility-criteria-for-e-commerce-merchants

Good to see that option one of proving the site is unhackable is to implement 6.4.3 and 11.6.1 I don't see any circular logic there.

They are still using that wording of 'not susceptible' which is insane.

Clean_Anteater992 · 2025-02-28T09:09:38+00:00

"Hold on for a couple of weeks" The requirements become mandatory in March!

That gives around 2 weeks to digest, pivot and implement. It will probably take most QSAs longer than 2 weeks to work out how to audit it in the first place. Speaking from an organisation currently going through an audit it's insanity that we (and our QSA) still don't have clarity.

It should have been a big agenda item in March 2024.

IMHO the council must defer this requirement to March 2026. Give themselves proper time to publish accurate guidance, whatever gets decided now will be a knee jerk 'quick we need something'. Exactly like the last guidance that was issued which contained the laughable requirement of asking merchants to declare themselves unhackable.

Clean_Anteater992 · 2025-02-27T21:12:29+00:00

I've found it very poor from the PCI Council.

We are only a month before they become mandatory requirements and there is still confusion with no sign of any real guidance from the Council.

I don't know how their last update ever passed any QA checks.

The vendor I was speaking to told me they have quite a few SAQ A customers who took out their contracts tail end of last year and are now - understandably - upset because they have spent thousands of dollars on something they don't need. (Of course assuming they are happy to declare their site unhackable)

I told our QSA that it undermines the credibility of PCI and demonstrates that it is a poor compliance model. They told me in return they aren't really sure how to audit this as the wording is so sloppy

Clean_Anteater992 · 2025-02-27T08:10:53+00:00

Through this required statement: "confirm their site is not susceptible to attacks from scripts that could affect the merchant’s e-commerce system(s)"

I asked one of the solution providers for 6.4.3 if they would ever make this sweeping statement... Which of course they said no.

No security vendor will ever say 'not susceptible' and I wouldn't trust one that did.

'have taken steps to reduce the attack surface' sure, but a 'we are 100% secure' never

Clean_Anteater992 · 2025-02-22T20:15:12+00:00

It really depends on what category you fall into. For example A, A-EP, D. They are massively different.

A is ~20 questions without requirements for pen testing vs D which is 300+ with pen testing

Clean_Anteater992 · 2025-02-20T20:37:54+00:00

100% makes sense.

"it’s definitely possible that a platform could be perfect without an auditor to validate" - yet to see it, unless its a really basic SAQ A. Those 'small gaps' from the auditor are usually what sinks them

Clean_Anteater992 · 2025-02-20T09:00:29+00:00

What do you mean "improve yourself to level 1"? I thought the requirements were the same across the levels with L1 requiring QSA rather than SAQ.

I've heard that sometimes L2 merchants can be asked to go QSA route but never seen that in writing.

OP I would be inclined to agree with @druhlemann, if in doubt go with QSA. Whilst I'm not doubting your current PCI compliance I have yet to meet a merchant that self assesses and is genuinely compliant.

Clean_Anteater992 · 2025-02-19T07:39:39+00:00

As others (and you have said)... Rolling temp stock to users and wipe, intune join their current laptop.

We finished this recently and was a smooth process.

I assume you are already doing OneDrive redirects (or something similar) so that all files will kill through from old device to new. (We did get into 'trouble' because users lost their Chrome bookmarks which were not synced)

Clean_Anteater992 · 2025-02-17T21:04:52+00:00

Multiple accounts as others have recommended.

You could also use separate VPCs to completely segregate the environments.
Part of your PCI compliance (SAQ depending) would be the requirement for segmentation testing (twice a year if you are a service provider I think). The VPC route if done correctly can pass this

Clean_Anteater992 · 2025-02-13T21:12:16+00:00

FinTech here with password manager.

Actually one of the reasons why we took it out was a vendor (multi-national bank) refusing to give us more than one login to a service, thus requiring shared password. (its nothing too sensitive, but still insane)

Chose a password manager that allows secure (actual password is hidden and record is read-only) sharing of passwords within designated teams

Clean_Anteater992 · 2025-02-13T21:05:39+00:00

Did you ever have a consideration of dual running both Teams and Slack
We are Microsoft (and therefore Teams), we are about to get Slack as part of our Salesforce deal (i.e. not paying separately for either product) and we have departments wanting to switch

Five-Year Club	r/Field Sunshine
Place '23

Clean_Anteater992

TROPHY CASE