startups, investing, and miscellaneous thoughts

Here are my ideas that are guiding personal investments, as well as macro views. I've noted where I have skin in the game with current positioning, which may be useful to project my relative confidence. You'll notice that I have an active portfolio, while I recommend that others stick to as boring-as-possible three-fund or inexpensive target-retirement portfolios. Later, I'll write about why I structure investments this way, but it very well may be a “do as I say, not as I do” position... (more) →

Crisis Investing

Move static content to static Jekyll has a rule that any directory not starting with _ will be copied as-is to the _site output. .. (more) →

Essential Slick review

Essential Slick by Jonathan Ferguson and Richard Dallaway was recently updated to include Slick 3, which was a big update from Slick 2. Slick is a “functional relational mapping” library for Scala. Instead of focusing on Table ↔ Object relations, Slick uses functional programming concepts to build queries, bind data, and stream results. In Slick 3, the preferred API treats queries and IO operations (called DBIO) as values, which can be modified and stored without the presence of a database. This is familiar to anyone who has used scalaz's Task or Haskell's IO... (more) →

Slack Hide Typing

I've written a very simple Chrome extension that prevents the Slack site from sending typing indications while you’re typing. My primary use case is so that I can type longer messages and use the text as a scratch pad without making others think that a message is incoming immediately. .. (more) →

Startups often “move fast and break things” to get to market faster and test assumptions. However, they also often do not take security seriously enough. I've responsibly disclosed web vulnerabilities in sites such as Pinterest, Amazon, IMDB, and many more smaller startups. Typically, the issues were very simple and avoidable by having a culture of security. Recently, I was sent a link of a site that broke many of the guidelines below. Within three minutes, I had their database credentials. The site had many flaws, but I never even had to mangle query parameters... (more) →