What Programming Language Should I Use to Build a Startup?

Often entrepreneurs ask me 'What technology should I build my startup on?' There is no right or wrong answer to this question. It's a decision every company makes for itself, depending on what it's trying to build and the skills of its cofounders. Nonetheless, there are a few rules that one should adhere to. We discuss them in this blog post.

Incident Response Policy

What happens in your company when a production incident occurs? Usually in a typical startup, you will see engineers running around frantically trying to resolve the problem. However, as soon as the incident is resolved, they forget about it and go back to their usual business. A good incident response policy can help bring order into chaos. We provide a sample template in this blog post.

Why Software Deadlines Never Make Sense

We discuss why software deadlines usually don't make sense.

Analyzing Front-End Performance With Just a Browser

We discuss a number of freely available online tools which can be used to analyze bottlenecks in your website.

Why Smaller Businesses Can't Ignore Security and How They Can Achieve It On a Budget

In this article, we show that security is both important and achievable for smaller companies without breaking a bank.

Saturday, April 9, 2011

Malware goes to the movies

I am giving a briefing at 12th Annual New York Metro Information Security Forum by IANS on how viewing a seemingly innocuous video could infect your computer and steal your credit card data. If you are interested to attend, you can register right here:

Thursday, April 7, 2011

RSA Secure IDs hacked

Some interviews with me about the implications of the RSA SecurID breach:

Java is Faster Than C++ ?

It's amusing to hear developers claim that C++ is more performant than Java.
While it may have been the case back in the 90's, nowadays it's no longer true.
Java often exceeds C++ performance, as this research by Keith Lea demonstrates. Back in 2003, this article stirred quite a bit of controversy when it first got published; nowadays, it wouldn't surprise most people.

Personally, I've written Java programs which processed 100K operations a second, and never had second thoughts about switching to an unmanaged language. My guidelines for achieving this performance (that may sound simplistic but worked for me) are:

1. Cache as much data as possible in memory
2. Fine-tune garbage collection
3. Avoid using ORM frameworks as much as possible
4. Design the program with scalability in mind (i.e. it's better to overcomplicate things at first than to significantly alter the program at a later stage)
5. Design the program to be fault-tolerant (what if network connection fails? what if you can't read the config file?)
6. Implement security from the start (ask yourself what would happen if a user wasn't well-behaved?)

Tuesday, April 5, 2011

New Hire Party at Gilt

Beer and sandwiches. A good way to give a new boost for productivity at 5.30pm .

Sunday, April 3, 2011

Building a Javascript module framework at Gilt

A great talk by Eric Shepherd about a module framework in use at Gilt:

"For modules to function within a large-scale system and on third-party sites, they need to be self-contained units with minimal dependencies. They also need to keep their hands off of other modules and library code. Gilt’s module framework manages multiple independent components, providing them with what they need, and only what they need, to do their jobs.
Once the module framework is built, third parties still need an easy way to consume modules. A server-generated JavaScript bootstrap file allows all the module’s options to be wrapped in a closure, keeping the DOM clean and conflict-free. There are some complex problems that arise when embedding code this way, so be sure to watch for them!"

Building a JavaScript Module Framework at Gilt from Gilt Tech on Vimeo.