No, I hadn't heard of COSS! Thanks for that - reading up on it now. Seems like exactly the framework I'm thinking about.
I love the Cal.com story. What gives me some pause is that they're VC-backed. $25M Series A. The free tier might be great, and I might come to rely upon it. But they're expected to produce an outsized ROI, and the traditional SaaS play is to give it away for free to capture the market and then raise prices. I'd much prefer a community-driven effort where we have no ROI expectations, so it can remain low-cost forever as we're just splitting overhead.
hey, peer here, cofounder of cal.com. We are quite fortunate to have a growing enterprise business that is subsidising the free plan.
we will never raise prices for the free plan, free stays free, especially since it's open source which means if we were to raise, it would compete with the self-hosted product and we really dont want that
rest assured, we are comfortable providing a free product with enterprise customers
What is the bar for a "legally binding digital signature"? Is this a very complicated topic - or is it quite simple?
I can sign a PDF with OSX Preview for free. I can pay a bunch of money to sign with Docusign. Both produce a PDF with a digital image of my signature. I assume both documents constitute a legally binding agreement, so long as I actually preformed the digital signature. What justification do the e-signature SaaS companies have for their exorbitant prices? I understand the "audit trail" angle - that's just collecting my IP every time I interact with the document.
> What justification do the e-signature SaaS companies have for their exorbitant prices?
They will defend their digital signature in court.
I was shocked to find these "click here to sign" contracts manage to do it all without an ounce of cryptography, but the fact is lawyers don't need cold hard math, they need a warm body to be a subject matter expert to explain to a jury that unless you're claiming someone else has access to your inbox, you're the one that clicked the button.
Yeah, I find it funny to see technologists being surprised that in most cases judges won't mind that the signature wasn't done with quantum-resistent cryptography stored in a blockchain or whatever. Technical solutions to political problems...
I had to get a notary to sign my I-9 form for a new remote job. The process of identity verification involved a seemingly 19 year old dude looking at my ID and then signing a piece of paper.
A website sending you an email and tracking your IP and keeping a log... seems to be about the same level of trust to be honest.
Ageism aside, you are describing a system where an unrelated third party who has experience validating state/federal identity documents validated yours, visually compared the person presenting the documents to the picture on the ID, then signed a log in his possession that he’d testify to in court if needed.
That feels like a pretty damn good system to me, and far beyond the system you handwave at. Where’s the complaint?
Notaries are personally responsible for any misconduct with up to a felony criminal case for violations. Including not sufficiently verifying the identity of the person in front of them. Sure, most states will just slap them with a $500 penalty, but they'll also revoke the notary status pretty quickly.
I would like to re-emphasize personally. It's not a business risk, it's a personal liability.
Not really applicable, in that situation there were local court rules requiring physical documents and "wet" signatures (i.e., signed in person with a pen). The UST specifically noted that absent those rules DocuSign would have been acceptable.
Of course it is applicable. The Docusign users failed to use it in a way that would be legally valid.
If you have a more recent case that seems relevant or invalidates that result, post it. Otherwise I'm not sure what being 7 years old has to do with anything.
You're attempting to make a mountain of a single instance, years ago, of an electronic signature being rejected by a non-judicial officer in a quasi-judicial proceeding and trying to make it out like a general policy when it is so rare an exception that no court before or since has ruled against the consensual use of electronic signatures by the parties.
If you have any evidence that electronic signatures can't be used in court proceedings, and not just in the limited circumstance of one US Trustee's meeting room, the onus is on you.
I never claimed I did, and I have no interest in talking to someone intent on making up crap that I never said, so I'm going to ignore you now. Life is too short to put up with bad-faith bullshitters.
See the recent Canadian case of the thumbs up emoji signature [0]. The bar for a legally binding contract is much lower than what most people believe. The main thing you need is to be able to prove that the other party actually did express their assent to the contract. In the thumbs up case, who sent the text was not disputed, so the issue hinged on whether a reasonable person would interpret thumbs up emoji as expressing assent.
Mostly yes.
In the EU at least, the rule is "An electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic signatures."
However, the burden of proof is higher if you dispute a "qualified electronic signature". To be qualified, there's no specific technical requirements, e.g. use of cryptographic signatures, but you'd need to be certified and registered as a “Remote QSCD” according to ETSI EN 419 241‐2 PP.
Self-hosting this solution (or using PGP) won't magically make you a certified QSCD trust provider. You need to convince some certifying body that everything is nice and safe, which will mostly involve a lot of paper work and (evidence of) processes being in place.
> Self-hosting this solution (or using PGP) won't magically make you a certified QSCD trust provider. You need to convince some certifying body that everything is nice and safe, which will mostly involve a lot of paper work and (evidence of) processes being in place.
This! Just like a self-signed SSL certificate for a website: yes, the traffic will be encrypted but you cannot be sure that the website is who it says it is.
Docusign makes it easy to collect lots of signatures from lots of people. That’s the use-case from my POV. 1 signature on 1 doc, use any PDF tool—no problem. When a board needs to approve 4 docs and you need 5 signatures on each, it needs to be easy.
Whether that’s worth Docusign’s pricing or if there’s better alternatives, up to you. But it’s objectively a helpful tool.
> Docusign makes it easy to collect lots of signatures from lots of people. That’s the use-case from my POV. 1 signature on 1 doc, use any PDF tool—no problem.
Collecting lots of signatures isn’t Docusign’s value prop.
The value is signature certification, and a proven track record in court.
A single signature on a PDF is not technically difficult. The machinery to reasonably guarantee (edit: verify is a better word here) that it was you who signed the PDF is the thing that matters.
The value increases from there as the complexity of the document being signed increases.
DocuSign doesn't really do anything to reasonably guarantee that it was any particular person who signed the PDF. Not that it really matters. If there was something worth suing over then usually there will be plenty of other evidence as to who signed the agreement.
Really the only thing that DocuSign does is timestamp the actions on the document. In order to get that a self hosted implementation would need some kind of third party system to act as a witness.
They’re capturing more than just timestamps. If possible, they’ll associate a signature with a DocuSign profile, which itself has a history of interactions with DocuSign servers. They also capture associated emails, IP/browser info, drop cookies, location data if enabled, etc.
None of this guarantees Person A signed the doc, but the point is to systematically collect as much info as possible to be used if someone does sue, and to check the boxes that customers need checked in a consistent manner that they can sell as an effective solution that stands up in court.
I’m not saying they’re doing anything unique here, but customers - especially enterprise customers - buy it for all of these things, not just because it makes coordinating many signatures easier.
The typical “no one gets fired for buying DocuSign” adage applies here.
Depends on country how much verification DocuSign is able to do, and also the higher levels of verification are opt-in. In some countries it can be backed with fairly strong auth schemes, in other places stuff like video calls are used.
This link has list of different IDs they support in different countries:
I know that I can sign things on a brand new device without making an account. They can log what any web site can log. None of it really proves anything, except as other commenters pointed out - if I sign tons of stuff with the same browser/session, with an account I made, or if I used some premium ID verification they offer. (which I've never done)
My point that it doesn't really matter that much. If I DocuSigned some contract, delivered work described in the contract, maybe got paid for some of that, and then later some dispute comes up.. at that point we're arguing about terms or other facts.. Neither party is going to be in any position to argue "oh I never DocuSigned that agreement" because all of the other work and communication and transactions are enough to prove that's not true.
As always, it depends on the jurisdiction. The EU has the eIDAS [1] which allows simple signatures such as these for most form-free-contracts (the majority). There are however some, which need a digital cert and have to be encrypted.
And Switzerland ZertES: https://en.wikipedia.org/wiki/ZertES - There are not normally various levels of trust with afaik only QES (Qualified Electronic Signature), the highest level to legally be on the same level as a hand signature.
I had same feeling when I build a free tools to unlock the password protected pdf. It can be easily done with OSX Preview. Then I see that people who don’t have technical knowledge and tools, they can easily unlock pdf from browser itself.
I think there's more to that. A proper digital signature requires you to obtain some certificate/key from an authority which you can then use to sign documents (this doesn't even require an image of your physical signature in the document). This proves that it was actually you who signed the document. The document also can't be altered afterwards without rendering the signature invalid etc.
Just adding the image of your signature to a PDF is probably fine for unimportant things, but it certainly isn't enough to be legally binding (at least in the EU).
The legal rules around formality are somewhat complicated. To give you an idea, here are the broad laws in England and Wales.
Not a lot of formality is required for most contract signing, and so long as the other side of a contract is sure that you signed it, a PDF signed in a standard PDF editor like Preview is almost certainly fine.
For property transactions, there's still an issue in use of e-signatures. There's a statutory scheme for "e-conveyancing" set out in Part 8 of the Land Registration Act 2002 which gives the Land Registry the ability to set up provision for using e-signatures for formalities that previously required wet ink signatures. They never got round to actually implementing this up until COVID restrictions made it somewhat impractical to get wet ink signatures so made a temporary change to allow it. When the COVID restrictions were lifted, they've gone back to the old practice but have promised that they're totally going to sort out a permanent solution. Whether they will is another matter.
I've personally used an iPad with an Apple Pencil to sign and have attested a (non-company) deed that had to comply with the LP(MP)A requirements and nobody seemed to have any trouble with it.
I suspect the target audience of a lot of e-signature SaaS products are companies where there are teams managing a lot of documents being signed across multiple jurisdictions, and juggling between sales, in-house legal and so on. Most of the problems those products are solving are likely business process issues rather than strictly legal requirements.
I think about it more from the perspective of "building stuff that is useful and interesting". I can very quickly build a lot of cool, useful stuff with JS + Node + React + Postgres.
Yeah there is a lot of overbuilding and BS in our industry, but I don't think we're unique in that regard. It is safe to block out the noise and focus on what excites you.
When the company I worked for was in the process of being acquired, our codebase was frozen as well. I'm pretty sure this is just standard practice, no?
1. No user facing feature releases for the time being the deal being agreed and becoming effective (plenty of backend systems, performance optimisations, etc. still got released)
2. Don't touch anything on the day of the deal, in fact, take a free day off.
3. No major feature removals for 3 months after the deal.
Code freeze and 'legal documents freeze' are 2 different. There is no way to prove that any traces of biased decisions taken over the past few years were gotten rid of immediately after those decisions were taken.
Look at any FAANG/MAANA and ask the same question.
If I had to guess, most of them have so much cashflow that mid and senior level managers are able to do engage in organizational silo-ing by hiring a large amount of expensive engineering talent without much pushback.
If this is the case, there's likely a large pool of talented and highly compensated employees doing work that doesn't touch on either a profit center or high-impact research & development. And what work is being done is likely influenced by Parkinson's Law.
Whatever engineers do when their company is acquired in such a fashion: Loitering around the cafeterias and coolers after sending their resumes and scheduling their interviews.
Presumably you could still apply some changes. If there was a critical vulnerability Twitter could make the changes necessary. If those changes are allowed, maybe not so critical changes could be made as well.
The only question is raises is how incompetent is this journalist. the source code is locked. It's not everyone is committing stuff...
What I'm learning from this how little anyone posting shit on the internet actually knows. Misinformation from incompetence or just trying to be a know it all everywhere.
i don't really have an incentive to do that, i just wanted to comment on how inaccurate this was written and share a thought about our "news" based off my knowledge. The author shouldn't have written this if they don't understand what they're writing about. Or cant verify their leaked information.
Probably most news is misinformed if you think about.
But a public company has higher public transparency obligations than a private one. Why do you think being afraid of Elon will make them more transparent than being afraid of the SEC?
Cynically, the SEC will only issue fines in most cases. Elon will (according to accounts from friends who have worked at his companies) fire leadership without hesitation and possibly publicly shame them, too.
You accidentally hit upon what "free speech" means when used by whales. If Musk berates and bullies an employee with endless racist and sexist slurs, he'd get in trouble. But if he points his mook armies at that same employee and subjects them to the same abuse, it's all good. Just freedom of speech.
This is missing the point so badly it seems almost intentional. Public outcry at the actions of the government is entirely different from incited bullying of individuals with no public presence.
She has a pretty big public presence. She was on the Joe Rogan podcast with Jack. Calling someone out for being terrible never seemed to bother anyone until apparently 5 seconds ago.
"incited bullying of individuals with no public presence"
Elon Musk never even mentioned her - he simply referred to Twitter's actions as "obviously incredibly inappropriate" and linked to an article that happened to mention her.
> "bullying of individuals with no public presence"
You can't be serious. This person is literally responsible for burying the Hunter Biden laptop story and is personally responsible for banning Trump. That's a public position whether you like it or not. I don't think anyone would think we can stop criticizing Putin the moment he exits office.
Imagine if Jack Dorsey ran Twitter without a Twitter account. That would not negate your ability to criticize his leadership even if he never spoke.
1. This "employee" is in a very high position and makes $17 million/year.
2. She is in charge of Twitter's censorship team. She can send an email and block and ban every single account that tweeted something abusive at her.
This "employee" is also the very person who chose to A.) Block President Trump and B.) Ban the story about Hunter Bidens's laptop from the New York Post, which was declared real by the NYT two years later.
Furthermore, Elon did not berate her by name or handle, he just said that what Twitter did was "obviously incredibly inappropriate" with a link to a story mentioning her, even though he did not mention her by name.
She's calling it abusive, not because Elon called her names (he never mentioned her, just the story) even though she was behind the biggest bans and censorship. She's upset that her power has been exposed and she might have some accountability for her decisions.
For how powerful she is, imagine if we weren't allowed to criticize the President, or a member of Congress, or Jeff Bezos, or even Elon Musk himself because it might hurt their feelings. When you are in a position of that much power, criticism must come with it, and you don't get to complain about that.
Yes, this is totally bizarre. You have enormously powerful people shaping the public discourse not only crying foul at idea they might face the slightest bit of accountability, but also successfully lobbying other people to defend them from any public criticism. Then we have to listen to them sanctimoniously talk about how "disinformation" threatens democracy, or whatever! Faceless Twitter employees shaping political discourse during an election get a free pass, though?
Meanwhile, these same people have no problem with using their power to shape and weaponize discourse against other people! For example, the news media regularly unmasks regular Twitter users simply for having a huge following with non-media approved opinions and then shrugs when they face death threats. But...don't you dare talk about the journalist that did it!
It should be noted that trump had just attempted a coup against the United States when he was blocked. Preventing him access to his bullhorn was and is a good idea.
If that were true, someone would have been charged by now, and I'm not talking about the desperate misdemeanor charges they've been pulling out of their asses to save face.
It should be noted that trump "attempted a coup" without any weapons. It should be noted the only deaths on January 6th were trump supporters. It should be noted that trump's last tweet that got him banned was "let your voices be heard, and go home in peace". I should start watching Netflix and marvel comic movies again so I can exist in your reality.
Attempted murder is a crime. Failing at your attempt to overthrow the government because you tried doing it without weapons does not shield you from consequence. I'm not even talking only legal consequence here; it is completely reasonable to look at what Trump tried to do and refuse to engage with him.
Counterargument: If you hire someone make a painting of your dog, would you hold their work to a higher standard than if you had done the work yourself?
I expect leaders to lead by example and to not punish others for behaving the same way leadership does. Leaders trashing workers isn't them doing the job they are paid to do.
The main feature I want from a window manager is the ability to save my OSX workspace (applications open and tiled per Desktop, per monitor) and reset it to that state instantly. I haven't found anything that does this yet. Does Karabiner, yabai, or any of the tools mentioned here do this?
I'll spend significant time setting up my window environment just how I want it (grouping chats on Desktop 1, localhost browsers on Desktop 2, terminals on Desktop 3, etc.) Then after unplugging my Macbook, my workspace gets all messed up and I have to re-organize everything! I'm surprised this isn't a more commonly discussed issue.
Every morning I hit Command+Option+W (W for work), which opens Slack, Teams, Email, Dashboards, VPN, and terminals with ssh connections, plus all windows open where I want them automatically. Then when I’m done for the day I hit Command+Option+Shift+W and all my work stuff magically disappears. It’s straightforward to set up with good documentation, but you must architect your own system for automating tasks like this. Hammerspoon can be pretty powerful for MacOS quality of life automation.
I'm sure this is possible with yabai, but I still haven't yet migrated from slate [1]. I have multiple custom layouts similar to what you've mentioned and can trigger them with hotkeys or when specific display combinations are detected.
I've been using Stay[0] for the past year and it works well. It can save and restore window and application configurations for different monitor layouts, and automatically repositions everything when you attach or detach displays.
I'm a big fan of Rectangle Pro. I just got a new MacBook and it only felt like it was really "my machine" after installing karabiner + rectangle. Thanks for making it!
Hi Ryan! I’ve been using Rectangle since Spectacle stopped being supported. I didn’t know about Pro. You should post demo videos of the various features to make it easier for prospective users to see why it’s so awesome.
Thanks for the feedback! This is definitely in the works, I just have to force myself to stop getting excited about coding new features and ideas and finally get back into video mode :)
I agree that switching to asynchronous communication as default is critical for remote/hybrid offices.
However, I've found it very difficult to champion this change at my workplace. Many (most?) people don't like communicating over chat. There seems to be an overwhelming preference to schedule video meetings, which don't get recorded or notated. I wonder if we'll get better at this over time, or not - in which case, will this become cause for a "return to work" mandate.
Right, and accuracy of ~9m makes sense for this application. The smaller supported ESP32's, however, don't have onboard GPS. Does it use RSSI or need to be paired with a phone?
Not that it's really relevant here, but I'm wondering if the LORA RSSI can be used to determine distance inside 9m.
I love the Cal.com story. What gives me some pause is that they're VC-backed. $25M Series A. The free tier might be great, and I might come to rely upon it. But they're expected to produce an outsized ROI, and the traditional SaaS play is to give it away for free to capture the market and then raise prices. I'd much prefer a community-driven effort where we have no ROI expectations, so it can remain low-cost forever as we're just splitting overhead.