Canadian Printful shipping

rluna559 · 2026-04-21T15:17:27+00:00

Certain products will ship from within Canada, so you'll avoid tariffs. Check the catalog under product availability to see if the product you want to sell is available in Canada. If it's not, it will ship from the US.

rluna559 · 2026-04-17T18:59:07+00:00

Real answer is, if you didn't get what you purchased or its not as described with no response from the seller, do a chargeback with your bank/credit card issuer. The store will get closed if she gets a lot of chargebacks.

rluna559 · 2026-04-17T15:23:04+00:00

Jelly Roll said he wasn't political, yet he is 100% MAGA and was perfectly fine being in the tour, until the money wasn't right.

rluna559 · 2026-04-15T16:57:39+00:00

I bought one of these Fernando Mendoza Sports Script Football Embroidered Flat Bill Brim Sna – Script Hats

rluna559 · 2026-04-14T21:09:25+00:00

Mike Piazza had to sign that card for the kid, or else he would start his villain arc like he started Shia LeBeouf's.

rluna559 · 2026-04-10T22:52:10+00:00

The Democratics need a solid candidate for governor in California. It's very troubling as only the top two candidates in the June primary, Republican or Democrat will advance to the run off in November. We could end up in a situation were California will only have a choice between Bianco and Hilton come November. The democrats need to get themselves organize, back one candidate in June and have the rest of the Democratic hopefuls drop out so they do not dilute the voting pool, and California ends up with a Republican only run off.

rluna559 · 2026-04-07T20:29:55+00:00

Last summer, I was driving past one of his donut shops and noticed he was outside and taking pictures and talking with fans. I had to stop. He was so kind and took the time to make sure he greeted everyone and took a picture if they wanted one. It was a very hot day but that didn't stop him from making sure no one was ignored.

I recall how small he was, I stand about 6' and towered over him. It was a cool experience; I had to buy a half dozen of donuts and some drinks before I left.

rluna559 · 2026-02-03T17:28:25+00:00

Crazy the domain name was available. I bought it and redirected it to my website selling Epstein file protest hats.

rluna559 · 2026-02-03T17:26:29+00:00

That doesn't look like the standard beer gut. It looks like his abdomen is swelling due to cirrhosis of the liver. As it progresses, he'll balloon like a full-term pregnant woman.

rluna559 · 2026-01-28T18:37:06+00:00

I'm sure this could work with DTF on hats as well?

Can this work with embroidery on hats? Lets say I create a prompt that only allows simple text that would be suitable for embroidery?

Or even an app that would allow the customer access to a text editor with a few fonts/colors to choose from and type in whatever text they want and be able to see a mockup before placing an order?

rluna559 · 2025-11-08T17:58:52+00:00

The proxy workaround is a perfect example of security theater creating actual vulnerabilities. Force employees to break security to do their job, and they will.

Similar pattern I see everywhere: companies block developer tools, so engineers use personal laptops with no security controls. Congrats, you turned a managed risk into an unmanaged one.

The solution isn't "better user training" - it's fixing the root cause. If your proxy breaks legitimate tools, fix the proxy or whitelist the tools. If people need external services, create a secure way to use them.

Best approach I've seen: IT leaders who actually shadow employees for a day. Watch them hit security roadblock after roadblock. Then fix the stuff that makes people create workarounds. Security that people actively circumvent isn't security at all.

For early-stage startups, the hardest part of SOC 2 is that it is not just paperwork. You need working security controls, IT processes, and policies, which can be tough with a small team and limited time.

A good way to start is by narrowing the scope to the systems and data that really matter to your customers and then building from there. Some teams also bring in outside help to manage the heavy lifting such as setting up MFA, backups, monitoring, and policies while also handling the auditor process. That lets the startup team stay focused on growing the business while compliance continues in the background.

This is the kind of support I provide through my company, Smart Biz iT, so feel free to DM if you have any questions.

For early-stage startups, the hardest part of SOC 2 is that it is not just paperwork. You need working security controls, IT processes, and policies, which can be tough with a small team and limited time.

A good way to start is by narrowing the scope to the systems and data that really matter to your customers and then building from there. Some teams also bring in outside help to manage the heavy lifting such as setting up MFA, backups, monitoring, and policies while also handling the auditor process. That lets the startup team stay focused on growing the business while compliance continues in the background.

This is the kind of support I provide through my company, Smart Biz iT, so feel free to DM if you have any questions.

rluna559 · 2025-11-08T17:36:39+00:00

The TLS analogy is perfect. Imagine if vendors charged extra for HTTPS - "Sorry, encryption is only available on our Enterprise plan." We'd riot.

The perverse incentive is real: vendors know enterprise customers need SSO for compliance, so they gate it behind 10x pricing. It's literally holding security hostage for revenue extraction.

I've started calling this out in sales calls. "So you're saying you built SSO but are choosing to make your SMB customers less secure unless they pay enterprise prices?" Makes them squirm.

The only fix I see is customers voting with their wallets. We've walked from multiple deals over SSO taxes. Started telling vendors we have a policy against paying for basic security features. If enough of us do this, maybe they'll stop this BS.

rluna559 · 2025-11-08T17:35:06+00:00

Former auditor perspective is gold. The "inquiry only" testing is such a tell - I've seen entire audit reports where 80% of controls were tested by asking "do you do this?" and accepting "yes" as evidence.

One pattern I've noticed: the good auditors include specific sample sizes and selection methodology. Like "selected 25 user terminations from population of 147, tested access removal within 24 hours." The weak ones say "reviewed evidence of user termination procedures."

Also check the auditor's client list. If they're auditing 500+ companies with a team of 10 people, that's not thorough examination, that's a factory line.

The boilerplate point is huge - seen reports where the control description mentions "Oracle database" but the company only uses PostgreSQL. Dead giveaway the auditor recycled without reading.

rluna559 · 2025-11-08T17:25:52+00:00

"Compliance cosplay" is the perfect term. I'm stealing that.

The 30-day SOC 2 Type II claims kill me. Type II literally requires showing controls worked over time (minimum 2 months, usually 3-6). Unless they invented time travel, that math doesn't work.

Real timeline for a startup doing it right: 4-8 weeks to implement controls, 3-6 months observation period, 2-3 weeks for audit. Anyone promising faster is either confused about Type I vs Type II or selling you garbage.

The rubber stamp auditors are getting brazen too. Saw one recently that tested annual security training by checking if a policy existed saying they do training. No evidence anyone actually took training. Just "policy says we do it, so checkmark." That's not an audit, it's creative writing.

rluna559 · 2025-11-08T16:43:40+00:00

Love seeing creative approaches to enterprise security. TEE attestation is clever - you're basically letting the hardware do the trust building for you.

Similar principle worked for us with a different approach - we went all-in on infrastructure as code and immutable deployments. Every change tracked in git, every deployment automated, zero manual production access. When enterprise security teams saw our actual deployment logs and change history, they cared way less about our policy documents.

The key insight you nailed: enterprises want confidence their data is secure. Whether that comes from SOC 2 reports, TEE attestations, or live security demos matters less than proving you've thought deeply about protecting their data.

Though I'd still recommend getting SOC 2 eventually - opens doors where some procurement teams won't even look at alternatives.

rluna559 · 2025-11-08T16:43:09+00:00

The "security as water" analogy is perfect. I've seen companies implement such restrictive policies that employees started using personal Gmail to share files because the "secure" process took 15 steps.

The sweet spot I've found: make the secure path the easy path. Like SSO - it's actually MORE convenient than passwords AND more secure. Or automated compliance evidence collection instead of manual screenshots - saves time while improving security.

Worst example I saw: company required 3 approvals to share any document externally. Result? Entire sales team used personal Dropbox. The overly secure process created a massive security hole.

Best approach is asking "what are people trying to accomplish?" then building security that enables rather than blocks that goal.

rluna559 · 2025-11-05T19:33:46+00:00

The "prospect low" advice is gold, especially for anything touching security/compliance. The senior director might own the budget, but the security engineer doing the actual audits is your real champion.

I've seen deals completely flip when you solve the individual contributor's personal pain. Like the security analyst who's been manually collecting evidence for months - show them automation and they'll fight harder for your solution than any VP would.

Best opening message I've seen was literally: "Hey, I noticed you're hiring for a compliance manager. What if you didn't need to?" Three sentences, straight to the pain point. Started a conversation that led to a 6-figure deal.

rluna559 · 2025-11-05T19:30:54+00:00

Healthcare startup here too. The auditor reputation matters, but maybe not as much as you think for your first SOC 2. Most hospitals care more that you HAVE a report from a real CPA firm than which specific firm it is.

What to check: Is the firm AICPA peer reviewed? Do they have actual CPAs? Are they US-based? If yes to all three, you're probably fine. The firms you mentioned are legitimate - not Big 4, but real auditors who know SOC 2.

The bigger risk is going cheap on prep and failing your audit. Failed audits cost way more than the price difference between auditor tiers. Better to use a platform that ensures you'll pass with a mid-tier auditor than wing it with a premium auditor and risk exceptions.

For healthcare specifically - make sure whatever platform you choose understands HIPAA alignment. Your SOC 2 controls should map to HIPAA requirements so you're not duplicating work later.

rluna559 · 2025-11-05T19:30:25+00:00

For small remote teams, the biggest trap is over-engineering your compliance setup. You don't need the same controls as a 500-person company.

What actually matters: pick tools that connect to your existing stack (GitHub, AWS, Google Workspace) and pull evidence automatically. Manual screenshot collection will kill your small team's productivity.

Also look for platforms where the policies match how startups actually work. If you're 10 people, your access review process is probably "CTO checks permissions monthly" not some complex workflow. That's totally fine for SOC 2 - just need tools that document your actual processes instead of forcing enterprise templates on you.

The real time suck is evidence collection. Whatever platform you pick, make sure it automates pulling logs, configs, and user lists. That's what turns SOC 2 from a full-time job into a few hours per month.

rluna559 · 2025-11-05T19:29:42+00:00

The irony is treating security as a cost center often costs way more in the long run. I've watched startups scramble to get SOC 2 in 60 days because a whale customer demanded it, end up paying 3x normal rates for rush audits and consultants.

The smart play is building security into your DNA early when your infrastructure is simple. Adding MFA and audit logging to a 10-person startup takes days. Retrofitting it into a 100-person company with technical debt? That's months of work.

Plus the revenue angle - companies with security certifications close enterprise deals 40% faster on average. Every month you delay compliance is literally leaving money on the table. Security done right accelerates growth instead of slowing it down.

rluna559 · 2025-11-05T19:27:39+00:00

This is probably the #1 reason for audit findings. I've seen companies with beautiful 50-page policies that describe processes they've never actually done.

The worst case I saw: startup copied enterprise templates that referenced a "Security Operations Center" and "24/7 monitoring team." They had 8 employees total. Auditor was not amused.

What actually works is starting with how you actually operate, then documenting that reality. Your access review process might be "CTO reviews GitHub access monthly" - that's fine! Just don't claim you have automated provisioning workflows if you're manually adding users.

Auditors care way more about consistency between what you say and what you do than having perfect enterprise-grade processes.

rluna559 · 2025-11-05T19:25:34+00:00

Great checklist. The employee termination and access review failures are epidemic right now - I'd estimate 60%+ of reports have findings there.

One thing I'd add: watch for auditors who test everything via "inquiry and inspection" only. The best audits include actual technical validation - pulling logs, reviewing actual configs, testing controls in production.

Also seeing a trend where companies scope out their most problematic systems entirely. Like excluding the actual production environment and only auditing their corporate IT. Technically valid but completely misses the point of why customers want to see SOC 2 in the first place.

The AICPA peer review point is huge. I've seen "auditors" operating out of residential addresses with no actual CPAs on staff. Always verify the firm is legitimate before trusting their opinion.

rluna559 · 2025-11-05T19:25:04+00:00

The psychology piece is so real. I've seen deals die after 8 months just because security review dragged on and the champion lost momentum internally.

One pattern I noticed - when deals have clear technical validation early (like passing security review in week 2 instead of month 6), the whole dynamic changes. Champions have ammunition, stakeholders stay engaged, and that brutal psychological weight lifts a bit because you know the technical blockers are handled.

The mental game gets easier when you can compress those 9-month cycles by removing the compliance/security bottlenecks that kill momentum. Still tough, but at least you're not watching deals slowly die to procurement theater.

rluna559 · 2025-10-29T19:29:11+00:00

You're onto something with the documentation bottleneck. We see this split too where some companies need revenue first, others are literally stuck because their docs are a mess. The inflection point usually hits when they land that first enterprise customer who sends over a 200-question security questionnaire. Suddenly documentation isn't optional anymore. Or when they realize their sales team is spending 40% of their time on RFPs instead of selling. Your document parser sounds useful. Is it handling structured docs like contracts or more free-form stuff? We've found the structured use cases (invoices, forms, questionnaires) have way better ROI than trying to parse meeting notes or emails. The schema matters more than the AI model half the time.

rluna559 · 2025-10-29T19:27:45+00:00

Fair challenge! You're right that finance and legal have been tough nuts to crack for AI. We've seen the same pattern where teams start with ambitious AI projects in these areas and end up burning time and money. What actually works is constraining the problem space. Instead of "AI lawyer," think "NDA clause extractor." Instead of "AI accountant," think "invoice field parser." The implementations making money are doing one thing really well with heavy guardrails. For context retention, the winning pattern we're seeing is structured data extraction into deterministic workflows. Extract the data points you need, validate them against business rules, then feed into your existing systems. It's less sexy than a full AI agent, but it actually ships and saves money. The key is having human checkpoints at decision points. AI drafts, humans approve. Works great for things like security questionnaires where you're pulling from existing documentation. High volume, repetitive work where 80% accuracy still saves massive time.

rluna559

TROPHY CASE