Yes, an LLC is the simplest way to protect yourself from personal liability, and a good idea if you plan on providing any sort of goods or services to others.
You should form an LLC in the state where you live. Here's a nice guide for how to do this in California:
If you live in the US and you're setting up an LLC just for yourself, it's cheaper & simpler to form the LLC in the same state in which you live, since a) you can act as your own registered agent, b) you'll still have to register with the state in which you live anyway, and c) it'll be easier to set up a bank account.
Delaware in particular can be more pricey than most states, since their infrastructure is oriented towards enabling third-party services (DelawareInc, IncNow, etc) instead of interacting directly with your business. Prepare to wait weeks for them to mail you copies of your documents unless you pay a third-party service to expedite.
The advantage of forming in Delaware is that there's lots and lots of settled business case law; but that's generally not relevant to a sole-proprietor LLC. (It is relevant, however, if you're forming a company with the aim of raising venture capital -- in which case you really want a Delaware C-Corp, not an LLC.)
Wanted to add on to this as it has a lot of useful info. Be very very sure before you create a C corp if you do go this route. Prepare to pay around $500 in incorporation fees, $400 Delaware franchise fees [1], ~$500 misc filing fees (foreign entity registration, registered agent, tax filing fees @ EOY).
If you're required to run payroll (to uhhh.. pay yourself since you're now an employee of a separate corporation / entity):
Gusto is ~$550/yr + the cash you need to pay yourself (which you have to now pay payroll tax on as well as personal income tax). Workers comp, disability and PFL insurance, unemployment insurance, yada yada. Since you're the only shareholder / executive, the minimum wage requirement probably won't apply to you [2][3] but your state might have a minimum requirement per quarter to be eligible for payroll.
All in all, expect around $low-single-thousands in expenses just for running and maintaining a C corp per year. You can purchase business items with your personal credit card to get off the ground as long as you keep a good accounting of them and reimburse yourself later but do not do the reverse. Read your corporate docs (bylaws etc), keep meeting minutes, even if by yourself and have a yearly shareholder meeting, even by yourself :D
Also, file your 83b election!
If this sounds like a lot, probably stick with an LLC in the state you live in :) Hope this helps and feel free to reach out! GLHF
Nice writeup. Allowing customer data and secrets to be exfiltrated is a pretty big fail, and will probably make a number of customers re-think their patronage at a time when supply-chain security is top-of-mind to many.
But three things mentioned in their report do give me some confidence about the way CircleCI has engineered their internal systems:
1. They use SSO with 2FA ("an unauthorized third party leveraged malware deployed to a CircleCI engineer's laptop in order to steal a valid, 2FA-backed SSO session")
2. They maintain reasonably good audit logging (they could identify that "the third party extracted encryption keys from a running process, enabling them to potentially access the encrypted data" which had been exfiltrated)
3. They can rebuild everything from scratch ("we rotated all potentially exposed production hosts to ensure clean production machines")
A lot of companies pay lip service to best practices like these, but don't actually implement them thoroughly (or at all). The fact that CircleCI could rely on them under attack makes me think they're doing a better job than 90% of the SaaS companies out there.
These sound like pretty standard interview questions to me. Would be a little weird if you're being asked to answer these in written form, though (instead of as part of an interactive conversation). Perhaps there's a bit of a disconnect between the person who came up with these questions, and whoever's running your interview process? Like these were written up to interview a more senior hire, but are now being repurposed as part of an entry-level test?
the written element was the weirdest for me. i get that as discussion points, they’re a great gauge of a candidates knowledge of systems in general and how to problem solve with limited info, but something was making me feel put off. thanks for your reply!!
I like the fact that your script is simple, and uses a ubiquitous library! But I do have a few suggestions:
1. You may be using an older version of openssl, but with modern versions, add the `-pbkdf2` option for much saner key derivation.
2. With modern versions of openssl, the `-salt` option is on by default, so you don't need to specify it explicitly (and you almost certainly want this option on, versus not using a salt or generating one yourself).
So I would suggest this for the encryption command (instead of `openssl enc -aes-256-cbc -salt -a`):
> openssl enc -chacha20 -pbkdf2 -a
Also, instead of using openssl, you might prefer to use `age`, as it uses modern crypto best practices by default (see https://age-encryption.org/). With it, you could substitute this encryption command for the above:
The 10.0.0.1 peer is a standard Wireguard server with masquerading.
I wonder if jumphosts could be achieved in Wireguard, so Peer A connects to Peer B, then to Peer C, while the connection from A to C is end to end encrypted.
This would be similar to SSH jump hosts.
To my knowledge, this could not be done with VPN, unless with additional software, eg, a mesh VPN. B could port forward A’s request to C. This may not be possible, since B might offer a VPN access not port forwarding. For example, you authenticate to a network by policy, and then to a server. A could run two instances of VPN, one to A, then another to C. This gets quickly unwieldy and the client software may not allow running more than one instance of VPN, eg, in phones.
> "This is a cartoon super-villain of an app," said Gennie Gebhart, the Electronic Frontier Foundation’s advocacy director. "The biggest red flag is the number of permissions required, which is unnecessary for the operation of the app and suggests they are trying to surveil attendees."
Big picture, Mastodon isn't just Twitter minus the moderation -- it's Twitter minus the algorithm for promoting the most "engaging" content. That's a big win, because it's the competition for the most engaging content that always ends up as a race to the bottom.
The dumbest, silliest, and rudest comments and commenters get promoted on Twitter (and Facebook etc), because that gets the most clicks. Get rid of all that manufactured promotion, and what's left is a quieter space where users can self-organize their own communities -- more like a chill party or friendly conference hallway than a staged political rally.
You should form an LLC in the state where you live. Here's a nice guide for how to do this in California:
https://feross.org/form-california-llc/