startups, investing, and miscellaneous thoughts

Recently, I moved this site to be a static site (via Hugo), as well as moving to .com (instead of .org, which I’ve owned for a lot longer). I didn’t want to break previous URLs, but my new posts have entirely new paths, so a simple path-for-path 301 redirect won’t work. Most importantly, I wanted the redirection to require nearly no maintenance and be near free. To avoid running a small server, I considered serverless approaches that would handle the URL rewriting for me... (more) →

Essential Slick review

Essential Slick by Jonathan Ferguson and Richard Dallaway was recently updated to include Slick 3, which was a big update from Slick 2. Slick is a “functional relational mapping” library for Scala. Instead of focusing on Table ↔ Object relations, Slick uses functional programming concepts to build queries, bind data, and stream results. In Slick 3, the preferred API treats queries and IO operations (called DBIO) as values, which can be modified and stored without the presence of a database. This is familiar to anyone who has used scalaz’s Task or Haskell’s IO... (more) →

Slack Hide Typing

I’ve written a very simple Chrome extension that prevents the Slack site from sending typing indications while you’re typing. My primary use case is so that I can type longer messages and use the text as a scratch pad without making others think that a message is incoming immediately. .. (more) →

Startups often “move fast and break things” to get to market faster and test assumptions. However, they also often do not take security seriously enough. I’ve responsibly disclosed web vulnerabilities in sites such as Pinterest, Amazon, IMDB, and many more smaller startups. Typically, the issues were very simple and avoidable by having a culture of security. Recently, I was sent a link of a site that broke many of the guidelines below. Within three minutes, I had their database credentials. The site had many flaws, but I never even had to mangle query parameters... (more) →

Gambler's Verity?

Flip a fair coin four times. Consider the cases, if any, after a heads. Since you’re flipping a fair coin—you reason—you should notice no significant patterns in the flips after a heads, because flips are independent. However, you have heard of “hot streaks” or how random events become “due”, so you record your results. You flip H T H H, and record “tails” and “heads” (bolded the flips after a heads). You flip T T H T and record “tails” from the 4th position... (more) →