Location: California
Remote: Yes
Willing to relocate: No
Technologies: QuickBooks Online, Xero
Resume/CV: available upon request
Email: jananyoung (at the popular email service hosted by Google)
My mother is a Certified Public Bookkeeper (CPB). She has decades of experience as a bookkeeper and controller and has been working with startups in particular for the past decade.
Notable experience: bookkeeper for Segment (YC S11) for 2 years (eventually helping them transition to an in-house team as they grew). Also worked with Stellar Development Foundation and Sense HQ.
We’re looking for an additional client. With an expected workload of ~1-2 hours a day, at ~$50 / hour.
I was curious about this given what happened with SDCH.
Here is what Wikipedia[0] says
> Due to the diffing results and the data being compressed with the same coding, SDCH dictionaries aged relatively quickly and compression density became quickly worse than with the usual non-dictionary compression such as GZip. This created extra effort in production to keep the dictionaries fresh and reduced its applicability. Modern dictionary coding such as Shared Brotli has a more effective solution for this that fixes the dictionary aging problem.
SDCH was removed when SPECTRE became a thing (CRIME/BREACH) because it was open to side-channel attacks.
Yes, it had other problems, not the least of which was that it would block the processing of a response while a client fetched the dictionary, but the side-channel attacks were what killed it.
The compression dictionary transport work addresses all of the known issues that we had with SDCH and we're cautiously optimistic that this will be around for a long time.
That is the worst case outcome of penalties, and it carries significant risk of whistle blowing. The default case will be compliance, because compliance is simply cost of business, something businesses understand well.
Meanwhile, currently businesses are doing shit all about data breaches except handing out the absolutely useless "2 years identity monitoring", so from a consumer view it really can't get much worse.
In general, the idea that penalties make people hide their bad behavior, so we shouldn't penalize bad behavior, is just extremely misguided. Because without penalties, we normalize bad behavior.
Are strong whistleblower protections what’s needed to balance this?
As an Australian I am absolutely horrified that we continue to put people in jail who have blown the whistle on the government here, and it makes me think that large organisations are absolutely terrified about strong whistleblowing protections.
This all suggests to me that whistleblower laws would be very effective.
David McBride and Richard Boyle. Both tried the official channels then whistleblower channels. Both made some mistakes but all in the public interest. Aussie gov treated them shamefully.
Witness K and Bernard Collaery came to mind when I was writing it. They blew the whistle on illegal espionage used to pillage the resources of our tiny neighbour, and the government threw the book at them. Absolutely shameful.
I understand that Wikileaks is controversial but I don't think there is any dispute that he has acted in the role of whistleblower to some extent. But that's not really the point I'm trying to make, so I've removed the reference.
I think I'd argue for a sui generis classification, which does partake somewhat of the whistleblower, but it seems like calling Napoleon a general. He was certainly that, at times. Apologies for the nit-picking in any case.
Another example would be David McBride who was in the Australian military and blew the whistle on war crimes. He recently got sentenced to jail while actual exposed war criminals are free.
Make laws that protect whistleblowers from civil and legal penalties, punish those who attempt to illegally hide data breaches, including jail time in the worst cases. That would solve it. Individual employees don't care enough to hide it (they just work there), and leadership wouldn't dare risk a whistleblower which would cause them to face criminal penalties.
So you make it a crime to hide the existence of a data breach for more than X amount of time for the purpose of figuring out exactly what happened. I don't know off the top of my head how long X should be. 30 days? 60?
Which should result in even larger penalties, hopefully those penalties can also be levied against the individuals that were associated with hiding the data breaches. Mid level manager that gets an email from Snowflake saying that there's been unusual activity who then hides that information or doesn't look into it? Fine 'em (and AT&T). Mid level manager tells a random engineer that DOES look into it and finds that they've been hacked but hides it? Fine AT&T and this person even more!
"Confidence is belief in yourself. Certainty is belief in your beliefs. Confidence is a bridge. Certainty is a barricade." - Kevin Ashton, "How To Fly A Horse"
As I recall that book used the example of Franz Reichelt, who "is remembered for jumping to his death from the Eiffel Tower while testing a wearable parachute of his own design" https://en.m.wikipedia.org/wiki/Franz_Reichelt
Location: California
Remote: Yes
Willing to relocate: No
Technologies: QuickBooks Online, Xero
Resume/CV: available upon request
Email: jananyoung (at the popular email service hosted by Google)
My mother is a Certified Public Bookkeeper (CPB). She has decades of experience as a bookkeeper and controller and has been working with startups in particular for the past decade.
Notable experience: bookkeeper for Segment (YC S11) for 2 years (eventually helping them transition to an in-house team as they grew). Also worked with Stellar Development Foundation and Sense HQ.
We’re looking for an additional client. With an expected workload of ~1-2 hours a day, at ~$50 / hour.
If I recall correctly, sometimes there are laws that put a % cap on yearly rent increases.
They're intended to protect existing tenants, but they also discourage landlords from reducing rent if they think rents will come back up in the future faster than they're aloud to raise them.
> This product injects source code derived from copyrighted sources into the software of their customers without informing them of the license of the original source code. This significantly eases unauthorized and unlicensed use of a copyright holder's work.
It appears that GitHub wishes to address this issue via UI changes to Copilot. A quote from a recent post on GitHub[0]:
> When a suggestion contains snippets copied from the training set, the UI should simply tell you where it’s quoted from. You can then either include proper attribution or decide against using that code altogether.
> This duplication search is not yet integrated into the technical preview, but we plan to do so. And we will both continue to work on decreasing rates of recitation, and on making its detection more precise.
That post is also on the Hacker News front page right now[1], but has 10% of the upvotes as this post so it's less visible.
I'm hoping all the criticism will encourage GitHub to make a better product.
Notable experience: bookkeeper for Segment (YC S11) for 2 years (eventually helping them transition to an in-house team as they grew). Also worked with Stellar Development Foundation and Sense HQ.
We’re looking for an additional client. With an expected workload of ~1-2 hours a day, at ~$50 / hour.
We’re NOT looking for: she does not do taxes.