That's actually the standard model for evaluating transport projects: aggregating small time savings across millions of people.
You basically take those millions of saved hours and multiply them by a government-standard 'value of time' (roughly £15/hr in the UK). That usually makes up the bulk of the benefits, though they also price in things like safety (a prevented death is worth ~£2m), carbon, noise, etc.
IIRC, if you hit a Benefit-Cost Ratio of 2.0 or higher, the project is considered 'high value' and has a good shot at getting executed.
This reminds me of a story I heard about a bus driver who would always pull away from the stop right on schedule even if a regular rider was running up. His calculation was the 30 seconds spent waiting for one rider was an aggregate of many minutes lost by the riders who were on time for their stops. What looked cruel to one was a kindness to many.
A bus can easily carry 50 passengers. 30 seconds times that many is 25 minutes. That's a lot of aggregate time wasted indeed.
Also assuming this 30 seconds delay is not compensated later, it can influence significantly more people than the bus capacity. And if someone misses a connection because of it that's even more time wasted.
Economic BCAs are typically handled by large eng firms like Arup, Jacobs, and WSP. However, the tricky task of modeling time savings (given that transport systems are complex) is often subcontracted to more specialized firms such as Steer.
Deloitte, KPMG, etc are usually more involved in writing the financial case (how to fund the project).
Postman allows for turning off history, keeping variables local, setting up a local vault all in the free product and in more advanced plans, there are secret scanning capabilities for IT and security teams.
These issues are not unique to Postman and apply to all cloud products like GitHub as an instance. Products that are “offline” just shift the burden to the user.
All good security measures, for sure, but the blog post you linked doesn’t mention anything about telemetry (ie request data sent to those *.gw.postman.com endpoints). As a user, it would be great to know exactly what data is sent to Postman servers (eg we send resolved query strings, we don’t send headers, etc), as well as to have an easy way to opt out of telemetry altogether.
At first glance, Google's e-signatures seems to check all the boxes for legally-binding electronic signatures: user consent to conduct business electronically, proper adoption of a signature symbol, and signed documents tamper-proof'd with a cryptographic signature.
(You'd be surprised how many e-signature platforms fail to meet the basic legal and jurisprudence standards for creating electronic signatures that can hold up in court)
I'm glad to see serious competition for 20-year-old dinosaurs like DocuSign, Adobe Sign (ex EchoSign), and Dropbox Sign (ex HelloSign). They've gone undisrupted for far too long.
Disclaimer: IANAL, but working at SignatureAPI.com I've been advised with the top e-signature lawyers in the US.
Offshore labor is already penalized: For tax purposes under Section 174, costs for US devs must be amortized over 5 years, while costs for offshore devs are amortized over 15 years.
And yet, many firms continue to offshore to Central America, South America, Eastern Europe, and India for technology labor (Africa as well for ML/AI data labeling). Lots of room for policy to run here.
We cryptographically sign (or seal) the document to meet the integrity and tamper-proof requirements of most regulations.
Here on HN, we know you can seal the document by signing the hash with a private key and a self-signed certificate. Technically, the e-signatures inside are OK, the seal is cryptographically valid, and the document is tamper-proof, but good luck explaining that to a layperson (like a judge) when they open the document in Acrobat and get a scary red alert saying the signatures are invalid.
At SignatureAPI, we seal the document with a certificate that has a trust chain ending in a root certificate in the Adobe Approved Trust List. This gets you a reassuring green checkmark and a message "the signatures are valid" when the document is opened in Acrobat or Acrobat Reader.
Not many e-signature providers offer this green checkmark. Docusign, Dropbox, and Adobe do, but most others don't even cryptographically seal the document—which should raise red flags about whether they really know what they're doing legally.
Our API lets you create and track e-signature transactions ("envelopes"), while the actual signing (the "ceremony") happens in a user interface we provide. You can customize, localize, and brand this UI, embed it into your web or mobile app, or send a link to your signers to sign.
Out of the box, we authenticate using email links, which is not the strongest method but sufficient for most cases and legally recognized.
You can also bring your own identity verification provider (eg ID card comparison with live video, biometrics, HSM token, etc) and integrate that verification into the signing process. Our API is flexible enough to support this.
We believe using an independent third party (like SignatureAPI, Docusign, etc) for electronic signatures adds value. If you host your own electronic signature platform instance, you act as both the authority and the signer/signee. In case of a dispute, this could make the signature difficult to defend.
That said, there may be cases where a self-hosted solution makes sense (eg in high-trust situations), and I always like seeing new electronic signature platforms come in and challenge the incumbents.
> Are all startups at my age generally side hustles that become profitable enough to quit my day job?
Maybe yes. But that's only the first step.
40yo here, married, 3 kids (5yo, 3yo, 1yo), and a mortgage. I am more in the risk-averse side.
I was a CIO ('I' as in 'investment') in a family office. In 2019 I started building a document processing service (eg merge, encrypt PDFs) as a side hustle. It grew slowly and steadly, until, in May 2022 I got enough recurring revenue to ask my employer to reduce my load to half-time, taking a paycheck cut.
In the other half of the day, I am working in a more ambitious idea. I expect that at the time I am ready to launch, the income from my document processing service will be near 100% of my full-time FO paycheck, so I am taking very little financial risk.
Two resources that would have helped me a lot when I was having the same questions as you are:
You basically take those millions of saved hours and multiply them by a government-standard 'value of time' (roughly £15/hr in the UK). That usually makes up the bulk of the benefits, though they also price in things like safety (a prevented death is worth ~£2m), carbon, noise, etc.
IIRC, if you hit a Benefit-Cost Ratio of 2.0 or higher, the project is considered 'high value' and has a good shot at getting executed.