What Programming Language Should I Use to Build a Startup?

Often entrepreneurs ask me 'What technology should I build my startup on?' There is no right or wrong answer to this question. It's a decision every company makes for itself, depending on what it's trying to build and the skills of its cofounders. Nonetheless, there are a few rules that one should adhere to. We discuss them in this blog post.

Incident Response Policy

What happens in your company when a production incident occurs? Usually in a typical startup, you will see engineers running around frantically trying to resolve the problem. However, as soon as the incident is resolved, they forget about it and go back to their usual business. A good incident response policy can help bring order into chaos. We provide a sample template in this blog post.

Why Software Deadlines Never Make Sense

We discuss why software deadlines usually don't make sense.

Analyzing Front-End Performance With Just a Browser

We discuss a number of freely available online tools which can be used to analyze bottlenecks in your website.

Why Smaller Businesses Can't Ignore Security and How They Can Achieve It On a Budget

In this article, we show that security is both important and achievable for smaller companies without breaking a bank.

Saturday, June 30, 2012

PR Advice for Hosting Your Own Audio Show

Reposted from

There are quite a few resources and tactics that you can employ to get your show some attention in the press. In this post, we’ll walk you through some of the ways you can drive a mini PR campaign for your show.  You can also tune into a show on PR that we did for BlogTalkRadio University to get more color around these tips. Tune in here.
In order to launch an effective PR campaign, there are 5 things you must know:
1. What Is Newsworthy?
Before you start your PR push,  you first need to have a sense of what is newsworthy.  In some cases you may need to come up with an original angle.  Some examples of interesting angles may be, covering a worthy cause, a trending topic, interviewing a noteworthy guest, breaking news on your show, hosting your 100th show, a special holiday themed show, etc.
Here are some press release examples from BTR hosts that you can leverage as templates for different instances:

  • Launch of Your Show
  • Show on a Trending Topic
  • Interviewing a Noteworthy Guest
  • Breaking News On Your Show
  • Milestone Show

  • 2. How To Write An Effective Press Release

  • Provide a concise, compelling, clear headline of around 20 words
  • Consider including a subheadline.
  • Focus your most important messages in the headline, subheadline and first two paragraphs.
  • Include links wherever relevant.
  • Include photos, videos and other multimedia whenever possible.
  • Include your show logo.
  • Include complete contact information, with up-to-date phone numbers, e-mail addresses and social media links.
  • 3. Where to Submit Your Press Release
    Here is a comprehensive list of PR submission sites for where you can submit your press release once it’s ready to go out into the world. View list.
    4. How To Pitch A Reporter
    An alternative to writing a press release is actually pitching a reporter directly.  Here are some tips on getting you started using this approach:

  • Choose 5-10 journalists in your category.  Get familiar with their work and build relationships with them.  Focus on this group when you have a story to share.
  • Make sure to customize you pitch for the particular reporter and shy away from email blasts.  A story pitch could start along these lines: “I noticed you cover the – DIY space in Home & Garden Magazine and I think you’d be interested in an upcoming interview I am doing with Bob Villa.”
  • In your initial pitch, mention that you can send images or more details if the reporter is interested in learning more.
  • Make sure to send your pitch in time for the reporter to write a story  – a week in advance is a good rule.
  • Follow reporters in your category on Twitter in case they are looking for info that you could provide or stay in touch by sharing relevant news and articles with them.  View Muckrack for which reporters are on Twitter.
  • Use tools like HARO and NewsBasis to find and respond to reporter requests for sources.
  • 5. How To Tap Into The Blogger Community
    Similar to finding journalists that you can build relationships with, explore bloggers in your category as well. These relationships can be more casual in nature.  Many bloggers have great influence and reach.
    You can connect with bloggers directly on email, by commenting on posts or on social media platforms like Twitter, Facebook, Instagram, Tumblr, Pinterest, etc.  Once a relationship is established, you can send a heads up on a guest you are interviewing that they may be interested in tuning in to.   If relevant, they may decide to blog about you to their audience.  Better yet, invite them to come on our show and they will be sure to blog about it:)
    For additional PR tips, Business Wire has an informative podcast called All Things Press Release that you can access here.

    Tuesday, June 26, 2012

    New York REDIS Meetup Kicks off on June 26th

    New York REDIS Meetup Welcome SessionREDIS is my favorite key-value store, which is a Swiss army knife that can be used for caching, message-queues, key-value lookup, and much more.Today, we held the first New York REDIS meetup. If you are a technologist in the New York area who is interested in NoSQL and scalability, then join us.  The first event had a great turnout with over 75 attendees. 

         Brainstorming on master-master replication.

    Full-house at Gilt Groupe.

    In the talk, we discussed what REDIS is, the philosophy behind its architecture, some of its pros/cons, security implications, and practical applications of using REDIS at Cinchcast.

    Friday, June 22, 2012

    If I Launched a Startup

    Excellent 1-pager cheatsheet by Ryan Roberts (
    Here’s what I’d do in the beginning:
    (1) Entity Choice: Corporation or Corporation
    (2) State of Incorporation: Delaware
    (3) Authorized Shares in Charter: 10,000,000 Shares
    (4) Type of Shares: Common Stock
    (5) Par Value of Common: $0.0001
    (6) Initial Founders Issuance: 8,000,000 Shares
    (8) Vest Founders Shares?: Hell Yes
    (9) Vesting Schedule for Founders Shares: 4 years with a One Year Cliff
    (10) Consideration for Founders Shares: Cash & IP
    (11) Handling of “Lost Founders”: Lock Down the IP (then Wish Them Well)
    Raising Capital
    (1) Length of NDA: 0 pages
    (2) Fees Paid to Pitch my Startup: $0
    (3) Investors: Accredited Investors
    (4) Structure of First Capital Raise up to $1MM: Convertible Notes

    Sunday, June 17, 2012

    Email 10 years ago and now

    From TEDx (

    Wednesday, June 6, 2012

    Is Your Linkedin Password Secure?

    LinkedIn passwords database got hacked, and 6.5 million encrypted passwords got posted on the Internet. There exist various programs to reverse engineer encrypted passwords and the passwords are actively being cracked by hackers. As of 6/6/2012, almost 160K of them are available in cleartext on the Internet.

    Are you Secure?
    Dustin Hilgaertner (an architect at Cinchcast) and myself developed a simple application which checks if your password has been compromised or not. Basically, it does a simple lookup in the cracked password file, which is circulated around, for your cleartext password. The password you enter isn't logged at any point.

    The URL to check if your password is compromised or not is:

    If you don't trust entering your password, you can download a list (as of 6/6/2012) yourself, and search for your cleartext password there

    I like to compare security to maintaining your bathroom. If you do a great job, then nobody says thank you. But if you screw up, and the bathroom starts leaking, then all hell breaks lose. Unfortunately, value of security isn't recognized by many companies, so securing the systems always takes a back seat to other business priorities. This seems to be the case here - an older SHA1 algorithm was used to obfuscate passwords, instead of newer SHA2, and what's worse the passwords weren't salted which is a basic security tenet.

    Even though the breach details aren't available yet, my guess is that social engineering and custom trojans (APT) were used to get into an internal network. In this exploits,  a hacker sends a seemingly innocuous file to an internal employee with an Excel spreadsheet or a Winword document which contain a custom virus. Once the employee opens it, a virus is installed on the system creating a backdoor for attacker to poke around the network. Because the virus is custom-crafted, most anti-viruses or intrusion detection systems don't notice it.   After the attacker is on the network, most of the time the game is lost.

    If you want to learn five simple rules to keep your organization secure, you can listen to my audio podcast recorded using Cinchcast Technology:

    The slide deck is below:

    Tuesday, June 5, 2012

    Keeping Meetings Efficient

    1. No meeting should last longer than an hour.

    2. Each meeting should have a clearly defined agenda,
    and a person leading the meeting.

    3. After the meeting, follow up notes should be posted on Wiki
    with decisions that we made and any follow-ups.
    Each follow-up should have an owner.

    4. Do your homework before the meeting (e.g. if we are talking about release X.Y.Z. then know what the release is about).

    5. 80-20 rule.
    We should try to spend no more than 20% of our time on meetings.

    6. Before you ask a question "How does system X work?" Try to figure out yourself first, that's how learning happens.

    Saturday, June 2, 2012

    Why Do Software Deadlines Never Make Sense?

    Software development is like jogging.
    It takes a lot of preparation, and you don't always know what to expect.

    Suppose you decide to go for a morning jog around the Central Park Reservoir in New York City.
    You've never jogged there before but you know that 1.5 miles usually take you 15 minutes to complete.
    As you start jogging, you realize it's a dirt surface and your feet hurt. Today feels especially humid and hot, so you slow down the pace. Suddenly, you bump into an old friend who you haven't seen for years.
    You stop to chat for five minutes, and then resume the run. The scenery is beautiful. You admire the Cherry Blossom next to the path, the tips of Chrysler and Empire State buildings, feel reenergized and pick up the pace. Suddenly, you notice that the trail ahead is closed.
    It rained last night so it flooded. You run around it, and finish the trail in 35 minutes instead of the fifteen you initially anticipated.

    One big problem with asking developers to estimate how long a particular feature will take is that
    developers will always estimate in ideal days.  In reality, days are never ideal - people
    come over and ask you for advice, the software doesn't
    work as expected, servers break (albeit rarely because of the rain).
    Even when the deadlines get padded to account for this, people tend to procrastinate and project dates shift.

    There are a few things that I do to make sure this doesn't become a problem:
    1. Try to estimate in "t-shirt sizes" (XS, S, M, L) and then base your project estimations on your experience of how long
    similar tasks took.

    2. Keep sprints in fixed duration. If you are running late, don't extend the sprint end date.   Just cut out the features
    which go into this sprint iteration.

    3. Try Kanban instead of sprints.   One disadvantage of scrum is that if developers get frequently distracted with Production Support,
    then it's hard to keep estimates correct. Kanban aims just to get things done.
    A good product feature is still a success regardless of whether it's delivered five days earlier or later.
    There's a good plugin for JIRA called GreenHopper that can be used to implement a Kanban board.