What Programming Language Should I Use to Build a Startup?

Often entrepreneurs ask me 'What technology should I build my startup on?' There is no right or wrong answer to this question. It's a decision every company makes for itself, depending on what it's trying to build and the skills of its cofounders. Nonetheless, there are a few rules that one should adhere to. We discuss them in this blog post.

Incident Response Policy

What happens in your company when a production incident occurs? Usually in a typical startup, you will see engineers running around frantically trying to resolve the problem. However, as soon as the incident is resolved, they forget about it and go back to their usual business. A good incident response policy can help bring order into chaos. We provide a sample template in this blog post.

Why Software Deadlines Never Make Sense

We discuss why software deadlines usually don't make sense.

Analyzing Front-End Performance With Just a Browser

We discuss a number of freely available online tools which can be used to analyze bottlenecks in your website.

Why Smaller Businesses Can't Ignore Security and How They Can Achieve It On a Budget

In this article, we show that security is both important and achievable for smaller companies without breaking a bank.

Sunday, December 19, 2010

Experimenting with Facebook API

I've got to be honest.
The Java API for Facebook was horribly documented and is out-of-sync with the current version of their library. The following code works for JAR version 1.7.*.
My goal was simple - login to facebook and download names of a person's friends.

public static void main(String[] args) {
IFacebookRestClient client = new FacebookXmlRestClient(API_KEY, SECRET_KEY);
try {
String token = client.auth_createToken();
String url = "" + API_KEY
+ "&v=1.0" + "&auth_token=" + token;
Runtime.getRuntime().exec("explorer \"" + url + "\"");

System.out.println("Use browser to login then press return");;

String session = client.auth_getSession(token);
System.out.println("Session key is " + session);

FriendsGetResponse friendsResp = (FriendsGetResponse)client.getResponsePOJO();

List friends = friendsResp.getUid();
System.out.println("ID List of Your Friends");

client.users_getInfo(friends, EnumSet.of(ProfileField.NAME));

UsersGetInfoResponse userResponse =
(UsersGetInfoResponse) client.getResponsePOJO();

List users = userResponse.getUser();
for (User user : users) {

} catch (FacebookException e) {
} catch (IOException e) {

Saturday, December 18, 2010

Wait for me - Moby

A really nice music video.

Wednesday, December 15, 2010


I discovered this nice tool for keeping track of latest security vulnerabilities. It's called Cassandra (
It allows you to specify the software that you use in your company and subscribe to security updates just about them.

Tuesday, December 14, 2010

Why Gawker was targeted

"We went after Gawker because of their outright arrogance," a source claiming to be from Gnosis told blog Mediaite "We have had access to all of their emails for a long time as well as most of their infrastructure powering the site. Gawkmedia has possibly the worst security I have ever seen. It is scary how poor it is. Their servers run horribly outdated kernel versions, their site is filled
with numerous exploitable code and their database is publicly accessible."

Read more:

Tuesday, December 7, 2010

Parsing HTML in Java

I am working on a social engineering tool that requires me to download a webpage's content, parse HTML as DOM, and then replace certain parts of the page with custom code.

So I thought - no problem. HTML is a subset of XML, so I'll just use a standard SAX parser. The first stab at the code looked like this (where site is a string variable containing the HTML):

DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
DocumentBuilder db = dbf.newDocumentBuilder();
Document d = db.parse(new InputSource(new StringReader(site)));

Looks good? Wrong!!
Most HTML in websites is not well-formed XML, so the parser crashed after consuming 4 lines of HTML.

So I stumbled across a really neat Java library JTidy ( which first beautifies the HTML by making it a well-formed XML, even if the website's author has been sloppy, and then parses the XML into DOM representation.
The resulting code is just as short as the original, except it actually works:

import org.w3c.tidy.Tidy;
final Tidy tidy = new Tidy();
Document d = tidy.parseDOM(new ByteArrayInputStream(site.getBytes("UTF-8")), null);

8 fallacies of distributed computing

Nice post by Peter Deutsch on 8 fallacies of distributed computing:

1. The network is reliable
2. Latency is zero
3. Bandwidth is infinite
4. The network is secure
5. Topology doesn't change
6. There is one administrator
7. Transport cost is zero
8. The network is homogeneous

Monday, December 6, 2010

Nice Git cheatsheet

Sunday, December 5, 2010

New website

Having a cold can sometimes be a good excuse to lock yourself in a room, and not allow anyone in. Spent 4 productive hours revamping my webpage