Full SSL requests still terminate at CloudFlare, and would still be vulnerable. It's just that CloudFlare's connection to your origin is also encrypted.
Flowdock was great until CA bought it. Now it's pretty much on life support. No support (it's all 'community' now, whatever that means), buggy as heck, no updates in years, the Twitter account is dead.
Full access is bad enough, but the really dodgy thing going on is that you never get asked to approve or deny that access for Pokemon Go when doing the OAuth flow. You just log in, proceed through 2fa, and you're magically logged into the app. Pokemon Go Release then shows up as an authorised app... except I never authorised it.
My theory is that they're injecting JavaScript into the web view to automatically press the 'Approve' button and hiding that from the user. If true, that's very worrying. They'd be effectively circumventing the whole OAuth framework by forging the user's approval of the app. Every user should have been asked up-front whether or not they wanted to approve or deny Pokemon Go's full access.
Checked my install of 2.9.0 from auto-update, it's clean (none of the suspect files are in Contents/Resources). According to a post on the Transmission forums, when a person was (probably) delivered an infected binary, there was a checksum failure as you'd expect. So it seems as though you won't be infected if you used the auto-updater.
So much this. If you include regular exercise you're way more motivated not to over-eat, you simply don't want to spoil the hard work you did since it's so easy to consume 500 cal but so much harder (relatively) to burn 500 cal. Combining both has certainly been effective for me.
I'm a PHP developer (reasonably experienced, in my opinion anyway). The only practical downside of PHP is the standard library is a bit iffy, because breaking BC that much is a big deal. Many experienced developers prefer PHP, it's not just a language for newbie web developers to get their feet wet in.
I think the reason you see a lot of terrible PHP code is because it has low barriers to entry, a lot of inexperienced people who really aren't programmers can jump in and build crap really easily. But there is _a lot_ of good PHP code out there too.
I haven't noticed a particular decline in Rails jobs locally here in New Zealand. In fact, a company has been looking for a Rails dev for over a year and can't find anyone. I work in PHP, and there's quite a lot of opportunity. On the other hand, there's no Node jobs around, perhaps because of its infancy.
It's a great idea. Only suggestion would be to make it easier to add cities and places and let the community report bad places, instead of what seems to be a review-first approach. I'd rather more content (and the ability to add content for my locals right away) than have to go through a "beta" phase to get the city up and running.