magento2 – how to change address information format in invoice, shipment and credit memo?

I want to change the address information format in shipment, invoice, and credit memo. Right now the format is Magento address information format like this

enter image description here

I want to display the area and subdistrict. I tried to check the core file. And for displaying the account and order and address information is bundled in this line <?= $block->getChildHtml('order_info') ?>. I find out about the parent class of this block to check the getChildHtml but I have not found the root class to bundle all those information. anyone knows how Magento bundle all of this information? or is there another way to change this address information format?

accessibility – Is alt text required for an image if the information is present elsewhere on the page?

If a sighted user can view the image and derive any kind of context or detail from it that relates to the text of the page, then you should not treat the image as uninteresting or purely decorative.

If it does have context, then to the vision impaired user of course it’s important that there is an image of the described item. After all, you wouldn’t have put it on the website if it wasn’t of some value to the sighted reader. To deny the sight impaired reader at least a description of it is a potential cause of frustration.

To not give it an alt text is to say to the reader, “It’s not important for you really – don’t worry about it.” And to the reader, this is very well may be a source of frustration. It’s not unlike a hard of hearing person getting the frustrating response, “Forget it” or “Never mind” by someone who’s asked to repeat something. Do not deny the person relying on the alt text the experience others may have who can see.

As to what the alt text should be, it depends a lot on the appearance of the item being described. If it is something like an original historical document, then you should describe it to the viewer just like you’d describe it to someone verbally. E.g., “An image of the original document, hand written on tattered paper yellowed with age”, or “Typewritten pages from diary with tear repaired with clear tape”, etc. In the case of a document also fully quoted in the page (per your example), it might help that the alt text also state that the contents of the document are available in the page.

Lastly, irrespective of context, if the image can be clicked on and a higher resolution version be viewed, both the low res/thumbnail version needs alt text, as well as the high res version. The thumbnail should describe the item enough to let the vision impaired reader have as much a reason to be interested in the detailed version as a sighted reader. And of course the detailed version should have a detailed description.

vulnerability management 101 – Information Security Stack Exchange

Looking at a typical vulnerability scan report from Nessus or Qualys most people are terrified, lost, and basically with more questions than answers. For example, how on earth am I going to deal with all these findings? From what I was taught, a vulnerability management process can be broken down into 4 steps (not mentioning its close relation to patch, change, risk management):

  1. Identifying vulnerabilities
  2. Evaluating vulnerabilities
  3. Treating vulnerabilities
  4. Reporting vulnerabilities

Vulnerability scanner scoring/risk rating and how does it match your org.

While the scanner provides its own risk ratings and scores such as CVSS, and I guess these are somehow helpful in telling org’s which vulns require immediate attention, but do they really reflect the true risk? I mean a vulnerability can depend on some other factors beyond the mentioned scores and vulnerability scanners do not have the intelligence to tell whether the finding is a true or false positive (to a certain extent, e.g. issues with backported patches), whether there are any security controls that would reduce the likelihood and/or impact of this vulnerability being exploited, how would it impact confidentiality, integrity and availability of the exploited system, data, how would it impact your business, what your org’s risk management strategy is and many others.

So I guess that vulnerability scanners, like any other security-related software, are not perfect, but still, they provide us with a large amount of information (sometimes valid, sometimes not) and here’s where we as human beings take over to produce something more meaningful that will aim to increase an org’s security posture and lower its risk exposure. I guess that’s step 2 in the process, vulnerability evaluations.

While exploring the topic, I hear voices like “your vulnerability management needs to be risk-driven, so that you make informed decisions” or “your vulnerability management needs to be threat-intelligence-driven, to learn and predict how an adversary might strike”.

How to evaluate, prioritize, remediate?

So what I’m looking for is maybe not a recipe but direction or guidance from experienced members on how to:

  • not waste unnecessary time on findings, because they are false positives anyway (e.g. backports). Should the first step be verification whether it’s a false positive or not?

  • select the correct ones to address first (I’m looking here for suggestions on whether vulnerabilities should be first grouped based on their nature, e.g. injection vulnerabilities or any other criteria. What I know, that it’s generally recommended to export or filter scanning results by plugin ID instead of IP’s so that we will have only a few hundred vulnerability groups that will have x amount of systems in those groups). I’m aware of the CVSS scoring system, so could or perhaps should I use it to conduct a more accurate assessment based on my org/environment?).

  • I really would want to avoid a situation where I’m only the guy that bothers others with calls and emails asking whether given vuln’s have been addressed but would rather want to make an impact on the security posture of the organization where I’m currently working. Other than that, I could possibly go through the list of all the findings and provide information in form of advisories on how to verify and patch a given vulnerability, but in some cases my ability is limited I guess, meaning I don’t know all the details about a given system, so just providing a recommendation to upgrade to the latest PHP version where a number of functions were deprecated is not going to help the concerned system owners.

PS. If there are any books one could recommend, I would greatly appreciate it !

mysql – Creating an ER diagram on a database that stores information on both Soccer Teams

I was making an ER diagram of a database that stores information about each person employed by the
team. For eg: players, coaches etc. All of the employees have common attributes name, DOB, address and salary. Players however, have an additional attribute called Notes.

So far I have:

Created an Employee Entity and have an isA relation with the Players Entity which would mean in a table, Player would store the Notes only. If the name, address of the Player has to be known, then Employee table will be used.

I have a Teams Entity in relation with the Players Entity.

My question:
How can I design this database such that I am able to store information on the opposing team and players as well?

Since the Players Entity is a child of the Employee entity, it would be inheriting the employee information from the Employee entity and thus, the opposing player information cannot be stored in Players Entity.

If anyone can resolve my confusion that would be amazing. Please let me know anything you need to further clarify my question.


These are my requirements:

The database should be able to store information about each person employed by the Chargers(name of the team)

Need to store information on other teams as well, including each of their players. The main purpose of this is to collect notes on other teams and players to be used in match planning.

Planning and analysis requires that some notes be kept on players, both in general and specific to each match that they play in

information – VR users, how much time do you spend sitting & standing during non-game apps?

Would you be able to mention the percentage of time you spend seated or standing while using non-game VR apps, and also your experience level with VR?

Please only describe this info in terms of use with non-game VR apps, i.e. creativity, productivity, web-browsing VR applications.

standing – 50 %, seated – 50 %,
experience: beginner, intermediate, advanced


information architecture – Evolution of authentication-based navigation

Consider the case where an unauthenticated user sees a main navigation with a few items:

Wireframe of navigation with three tabs

In the old days, someone with admin privileges might log in and simply see additional items exclusive to their role:

Wireframe of navigation with five tabs

In some systems, all of those items would be dumped into an “Admin” menu.

It seems this isn’t what is done anymore – it obviously creates a confusing experience for a user who is inadvertently in an unauthenticated state and doesn’t recognize it.

What are better alternatives to role-based or authentication-based items in the same menu? Adding secondary/utility menus seems to be a popular solution, but even that seems like a dated pattern. Are admins now taken to their own highly differentiated “admin experience”, and is this practical in most cases? What if the admin only needs access to one additional function, such as managing users – is it worth creating a wholly unique experience for that user?

information architecture – Tree testing during a redesign – which answers are correct?

I’m working with another UX person on reorganizing the information architecture for a large website. The IA work may eventually lead to a complete redesign of the website and will certainly impact its content.

I am the researcher running the studies on the IA. We have run a series of tree tests, including benchmarking, but the one we just ran has a mostly new set of tasks for a different audience. Some tasks have had multiple people nominate the same answers that we had originally thought were incorrect. Just like in the Atlassian wiki’s guide, we’ve needed to add some new correct answers that we had missed initially.

We are still undecided about some other answers that we have frequently seen.

For example: There’s a page called Contact Us. Let’s say it has only a generic contact form for the entire organization in question. The task in the tree test involves finding someone in a specific department, which participants outside our organization would recognize (at least very generally). The correct answers initially dealt with that department, but about 20% of users nominated Contact Us. (This affects several other tasks too, but these are more complex, and changing the content on the pages would require more significant discussions with stakeholders.)

I’ve been saying that Contact Us is not the right answer for this task, based on its current purpose. Users won’t find what the task is asking for on that page, and there is no cross link to pages where they can contact more specific people.

The other person (who designed the IA) is saying that Contact Us should be a right answer because the site is in a redesign and, if users are saying the content should be in that place, we should change the site to put it there. I’m concerned this may be a slippery slope, but I’m not sure.

In studying tree testing, I haven’t seen anything on how to handle defining correct answers when the site’s content itself is open to change. Are there any previous studies or best practices surrounding this?

documentation – Policy for Information: “information relevance duration”

We want to create a small policy in our company about where to store information.

It depends on something which I would call “information relevance duration”. I don’t know if this term exists. Example:

  • short-term: Daily messages are in our chat or mail messages. Relevance duration: up to 4 weeks.
  • mid-term: Tickets or office docs should be used for information which is longer relevant than 4 weeks. (Usually project related stuff)
  • long-term: If information is relevant for more than three months and not only related to one project, it should be in the central wiki (for example HR policies)

Now to the question: Is “information relevance duration” the right term?

I tried to find similar guidelines/policies with my favorite search engine, but I failed. I guess I used the wrong terms.

flash – HDR creation on flashes without exposure information

There is a challenge to shoot HDR of a subject in a studio, but the problem is that the subject is illuminated with flashes that flash momentarily in complete darkness. Because of this, it is not possible to change the exposure on the camera. Therefore, it was decided to change the flash power between shots for HDR. But we faced the problem that the software for creating HDR from a series of images requires information about the exposure of the camera. In our case, we only changed the flash power, and the camera settings remain unchanged. Therefore, it is not possible to calculate HDR.

As a result, the question arises, is it possible to calculate HDR in some software without information about the exposure of the images? Or does it all make no sense, and is this information required? And if necessary, then there are suggestions on how you can shoot HDR in such conditions?