Thoughts on Facebook’s Ad Platform

Note to reader, please consider the following as a DRAFT only.  I’m still working on the software which will let you collaboratively edit it with me (if you so choose) without having to register.

If you listen to Facebook’s earnings call and you read the latest from the analysts then you already know that FB is looking for the technology which will give them the boost they need in mobile advertising.

Continue reading

Google Groups spam filters suck, and you can’t turn them off

Google Groups has been an amazing asset to me for the last several years. I use it, as I’m sure many do, as an archived listserv for various groups I participate in.  What’s great is you can setup the group as invite only, but allow anyone to post.  People outside the group send email in, but only members of the group can read it.

Incredibly common, incredibly useful, but recently on Google Groups, incredibly broken.

Continue reading

The Perfect Founders

For a while now, certain venture capitalists have had an unwritten rule: a good team consists of a developer, a designer, and a CEO. But I have news. It’s not a designer you need. It’s a system architect.

Continue reading

Security isn’t a feature. Security is the product

Why are sites insecure? Because security is treated like a feature.

Continue reading

BrowserID is a step in the wrong direction

Mozilla Persona, the public face of the BrowserID initiative, is a fresh, dead simple, and compelling vision for how authentication should work on the web. Unfortunately, it’s also poorly executed and fundamentally flawed. If you are considering using BrowserID for authentication on your website, the following is my personal assessment on the shortcomings, flawed assumptions, and inherent weaknesses of the current implementation as well as the overall architecture that Mozilla has defined.

Continue reading

Don’t trade a sure thing for a gamble

A guest post, from Shawn, in response to the NY Times article titled Goldman Sachs and a Sale Gone Horribly Awry

They made two mistakes.  The first, and smallest, was paying $5M to GS without understanding what they were getting in return.

The second, and major mistake was doing an all-stock deal.  Or else, in exchange for stock, they should have granted an exclusive license instead of selling the technology outright.

Frankly, I side with GS.  They hired GS to make a deal and GS made a deal that they accepted.  The fact that the deal turned out to be a bad one is not the fault of GS.  That whole due diligence kerfluffle is what you, yourself, would call 20-20 hindsight.

My point::  An existing product is a mostly sure thing and stock is a gamble.  You don’t trade a sure thing for a gamble.  You might trade a mostly sure thing for cash and a small wager.


Concluding: A better way to store password hashes?

There’s been a lot of discussion about hash collisions and birthday attacks in response to my previous post. If you have small children, you already know a birthday attack is a 140 decibel sonic weapon that spontaneously activates sometime between when cake is served and bedtime. In the course of discussing hashing algorithms however, a birthday attack is whole different matter.

Continue reading

A better way to store password hashes?

Note to reader, this is the first of a two part series.  You can find the second part here.

Ever get that dreadful feeling after doing a password reset, when a site kindly emails your password back to you in cleartext? Nothing is more exceedingly stupid than emailing a user their own password, and yet I encounter these sites with uninspiring regularity.

We all know passwords should be salted and hashed, with a hashing algorithm that runs relatively slowly on current generation hardware. Obvious choices are scrypt, bcrypt or PBKDF2, but this isn’t a religious debate on how to hash. What I’m interested in is, what do you do next?

Continue reading

“We found a Higgs boson”

I watched the CERN webcast live at 2:00am PST, but I’m still not sure
what exactly to think about the discovery they announced,
and the particle they are calling Higgs’.

We can say we found a Higgs boson, but not the Higgs boson.
Rolf Heuer, Director General, CERN

Physicists have been testing (and confirming) parameters of the Standard Model
for more than three decades now.
So hearing that CERN has finally found “a Higgs boson” is a little bit like
NASA’s gravity probe experiment confirming Einstein’s general relativity;
entirely unsurprising.

Continue reading

Going Public

There’s really two times a company goes public.  There’s the obvious facebook kind of going public, which we’d all love to get to, and then there’s day 0.  Today is that day for me, officially announcing TapLink.

TapLink is simply about creating incredible software. It will probably be online, web based, and mobile software, but no matter what it will be in a big markets, ripe for disruption, where I think I can make a dent in the universe.

Nice to meet you.  My name is Jeremy Spilman, and I’m the Founder of TapLink.