The team you interviewed with wanted you there three times a week, that's not a global policy across the company. Go look at roles in the security org for example and you'll see nearly every one of them lists Remote, United States as the location.
I've been in northern Nevada for the last 30 years and it's always been that way. When there's a boom in California it gets a little worse or the impact is felt a little more with things like housing, but it's not new. The best part is you get people that move here for the lower taxes complaining about the lack of services or the quality of the schools without the realization that those things are typically paid for with taxes. On the other side you have locals complaining about the "Californians" moving here and changing things to be more like California. I hear the same things from friends in Idaho that moved a decade ago to get away from the increasing housing costs here.
You aren't wrong to be skeptical of the author/purpose of the article but the claims that are being made are very likely to be true. I have a friend in my states unemployment office and another friend in a different states department of labor. Both have been complaining about the rampant, and obvious, fraud for months. Early in the pandemic someone tried to file a claim in my wifes name and it was shut down during employment verification but the federal funds may have been sent anyway.
I've been working from home for even longer and working from home when my children were born was awesome. Being able to be a bigger part of the first year for both children was great for our whole family. Having the flexibility to do so was great. I definitely adjusted how and when I worked but I wouldn't have traded that for anything.
Based on my reading there are two laws in question:
* Tax Reform Act: This seems to only penalize supporting an existing boycott by another country of a third country [1]. As there is no government boycott of Russia and China (at least not in countries these clients are from I'm guessing) this shouldn't apply.
* Export Administration Act: This also specifically says it related to boycotts conducted by a country against another country the US is friendly with [2].
I'm open to someone pointing out my misreading of these laws but it seems that they only apply to government mandated boycotts. So, to me, clients are free to require restrictions if there are no government boycotts in place.
The violation may have been the lack of appropriate reporting. [1] mentions that "unsanctioned boycotts" must be reported.
Later in the comments she mentioned that the contract in question was screened and found to not actually be considered a relevant event for anti-boycotting laws. So whatever her initial concerns were, they were allayed by an actual review of the relevant request.
Reading through the conversation as a whole, it appears that the customer/contract in question didn't explicitly request Gitlab to take the course of action they decided on. Gitlab proactively decided that the action just happened to be a crude but effective way to comply in a timely fashion with the data restrictions the customer wanted, since their infrastructure itself currently doesn't have granular enough security controls around data access to comply with what the customer request was.
GitLab is hosted in the US and also must comply with the same US laws. When GitLab moved to GCP this issue came up because Google geo fences the embargoed countries: https://about.gitlab.com/2018/07/19/gcp-move-update/
I use the Steelcase Gesture and I would definitely try before buying. The single thing most of my guests dislike is the tilt of the seat. If I had to do it again I'd probably go with another Leap or the Humanscale Freedom.
Go through the password reset process with google and it's worse than most people think. The first thing it asks you is:
> Enter the last password you remember using with this Google Account
Which of course the attacker knows because they changed your password. If they don't know that you can click try again and go through the various two factor methods set up (hardware token, totp code, sms) and then the very last and also terrible option is putting in the date the account was created. If your account has been owned the attacker likely knows this too. Advanced account protection is pretty much the only option if you've had your account breached at any time.
>> Enter the last password you remember using with this Google Account
> Which of course the attacker knows because they changed your password.
The site asks for the last password you remember using, not the last password that was used (presumably by the attacker). I don't think this is as bad as you think; the attacker doesn't likely know the previous password, or else they would not have needed to hijack your phone number.
