It's actually worth it if you have any kind of a commute. There are a lot of very fun games for it. And it's nice having a thing that isn't connected to the Internet to avoid the temptation of doom scrolling.
I bought mine pre release so it was like $50 cheaper even with the cover I think, but I would still pay the increased price for it. I thought it would collect dust, but it really is a great way to pass the time on the train. It scratches the original Gameboy itch for me without the needless stares from actually carrying a Gameboy.
I just wish they would release the docking station for it. I charge it next to my bed, so it could serve two purposes.
Most people only care about compliance if it stops them from closing a deal. I was at a startup where some enterprise said we needed a SOC 2. The founder talked them out of it by giving them a discount if they'd waive the requirement.
My company is tiny (just me) and at one point a client sent over a questionnaire that I needed to fill out. Half the things I already did, about 1/4th I did right then so I could check the box (added features/reports/etc), and the last 1/4th I looked into (including SOC2) and decided I’d rather lose the deal than try to do those things. I was completely truthful in the questionnaire and for those sections I just put “We can provide this but it costs extra”.
I ended up getting the contract and they never asked for those extra things. I guess that’s kind of the same thing your founder did but in reverse. Discount to skip it vs it will cost more to add it.
To be clear, I think most of the questionnaire was just “we want these answers on file”, I’m not in an industry where most of what they asked for is reasonable/needed. Though it scared the hell out of me when I got it because SOC2 (and some other things they asked about) is not cheap. Literally 1-2x the cost of the service I was selling. All for something I consider a _very_ small step about snake oil.
> I ended up getting the contract and they never asked for those extra things.
Same boat about 2 years ago: the compliance is a lot more flexible than you would think - it doesn't matter if you have a poor password policy, what matters is that you document you have a poor password policy.
Your client didn't have to get a compliant vendor to remain compliant themselves; what matters to their compliance is formal attestations from their vendor about where they are not compliant.
As a 1-man show I went through the same thing, still got the contract even though I had to formally attest to not having maybe 25% of those boxes ticked. The whole point is that it is recorded that you don't have MFA, or that you failed a pentest on these 5 items... or that you have a vendor who fails these specific 43 requirements.
In a way, this may be a good thing for the 'compliance' ecosystem because it will prompt people to actually read the report and check the evidence, as opposed to trusting a badge.
If you read through the report PDFs of affected companies, you'll find a lot of stock wording and phrases that don't even make sense.
reply