Disqus - Latest Comments for doke01

Re: Welcome, and Ideas, Products, Teams and Execution - Part I

Doug Kersten — Mon, 29 Sep 2014 20:57:47 -0000

It's easy to say what a great product is after the fact. Hard to tell what it is before.

Re: Welcome, and Ideas, Products, Teams and Execution - Part II

Doug Kersten — Mon, 29 Sep 2014 20:55:01 -0000

Long work hours, lack of sleep and poor eating habits will always impact mental health are are hard to avoid in a startup. Hanging with good friends and getting good and drunk helps me reset. Then again, I don't go out drinking all of the time.

Re: Welcome, and Ideas, Products, Teams and Execution - Part II

Doug Kersten — Mon, 29 Sep 2014 20:52:07 -0000

Yeah, this is one of those things that are hard to define. James Bond is a spy. It's hardly likely you'd know he was Jame Bond and not some normal guy/gal. More like MacGyver. Can fix anything with anything. The only way I could see to find this out is to make friends and go hang out and see what they want to do and what they have done. If they are all dream with no action they are likely not 'the one'. For example, one of my past co-founders started his own company and sold it. You would never know it by looking at the guy but it tells a lot about character and what a guy/gal will do when the chips are down.

Re: Welcome, and Ideas, Products, Teams and Execution - Part II

Doug Kersten — Mon, 29 Sep 2014 20:47:24 -0000

Remember what position he is talking from. Success is funded by VCs with a big buyout or IPO at the end. You can do very well as a single founder. Look at delicious and plenty of fish for examples.

Re: Welcome, and Ideas, Products, Teams and Execution - Part II

Doug Kersten — Mon, 29 Sep 2014 20:45:12 -0000

Valley ageism at its worst.

Re: Welcome, and Ideas, Products, Teams and Execution - Part II

Doug Kersten — Mon, 29 Sep 2014 20:43:58 -0000

MySQL was largely remote employees. I am not sure about the cofounders but they really were distributed all over the world. They were bought by Oracle.

Re: This Light Bulb Eavesdrops And Livetweets Your Conversations

Doug Kersten — Thu, 15 May 2014 10:35:32 -0000

It is illegal in NY to record a conversation without one of the people recording it being a participant in the conversation.

Re: Heartbleed: What Is The Correct Response?

Doug Kersten — Fri, 11 Apr 2014 22:35:48 -0000

The HeartBleed vulnerability allows all kinds of data to be retrieved. It is not limited to a username and password or certificate/key information only.

There are a lot of ways to determine and mitigate risks and insurance companies are very good at it or they go out of business. Requiring someone to be responsible for information security at a company is a proven way to help mitigate security risks. Of course you can never get rid of all risk, and I never meant to imply you could, but you can plan for and mitigate it.

Saying that information security is a bunch of checklists and onerous to implement is a bit disingenuous and shows a lack of knowledge about information security as a practice. Perhaps you have been the victim of badly practiced Infosec? Good Infosec is almost transparent. In fact, good Infosec usually means following good operational procedures. Think of it in terms of a car. In the old days there were no seat belts, airbags, anti-lock brakes, etc. You would just jump into a car and drive. However, you were taking on a significant risk every time you did. Seat belts, head rests, airbags, anti-lock brakes, etc. came along to mitigate the associated risks. When seat belts became mandatory a lot of people thought it was onerous and didn't want to do it. The car companies didn't want to do it either. Now those same people get into a car and buckle up without thinking about it and car companies wouldn't think of building a car without them. It is virtually transparent to them.

My point is that the risks associated with information security has gotten so high that the insurance companies can no longer ignore it and are taking steps to mitigate the risks. Startups can no longer ignore it either. They are implementing SSL, two-factor authentication, encrypting data and passwords, controlling access to their servers in a more restrictive way and much more. Often, however, you will see companies compromised because of basic mistakes in how they implement security. People tend to think it is 'simple' and just a matter of salting hashed passwords. It is usually only when something bad happens that they realize they have been going about it the wrong way and then tend to get serious about it. Startups spend so much time on development, marketing, customer satisfaction, etc. that they usually skimp on the Infosec side (which can make sense when the company is very young). But we are at an inflection point where that has to change. It doesn't have to be expensive or onerous to implement good security practices but if you get it wrong it could spell the end for your business.

Re: Heartbleed: What Is The Correct Response?

Doug Kersten — Thu, 10 Apr 2014 11:12:33 -0000

I am not sure if this was said already but this vulnerability impacts more then usernames and passwords. ANY data that was transmitted over the secure connections could have been compromised. This takes thinking about it to a whole new level. What do you do if someone has all the details of your bank accounts, your health information, your investments, etc.? Something like Lifelock has become a must for the credit side of things but what about the rest? Insurance requirements are definitely an area where I think we will see an impact. For example, insurance companies are already starting to require companies to hire/designate someone responsible for information security and are beginning to expect full-blown information security programs before they will insure against cyber threats.

It is good for the information security field since I expect great expansion in this area in the next 10 years. Fireye and and the other security companies you have seen in the news lately are just the bottom of the iceberg (do icebergs grow from the top down or the bottom up? hah). Tools for creating security programs and assessing security risk are pretty lousy right now... Something to think about for a new business...

Re: Heartbleed: What Is The Correct Response?

Doug Kersten — Thu, 10 Apr 2014 10:47:39 -0000

You need, at a minimum, two of three things to be secure. Something that you know, something that you have, and something that you are. Two-factor authentication uses two of these three things. For example, something you know is your username and password and something you have is your one time password/RSA token. Throwing something that you are (e.g., your fingerprint, iris scan, etc.) into the mix would make it three-factor authentication and the most secure. Any one of the three by themselves is relatively insecure, which is why biometrics by itself is not a good idea from a security perspective.

Re: The Close.io Blog — Why Engineers Scare Me – A True Story

Doug Kersten — Wed, 11 Sep 2013 15:52:43 -0000

They may have used something like this http://openbiometrics.org/

Re: An Iron Man Like 3d Hologram Controlled by Leap Motion and Three.js - Badass JavaScript

Doug Kersten — Fri, 15 Mar 2013 13:56:57 -0000

Where is the RSS feed on robbietilton.com at?

Re: Spider Man Speed Painting

Doug Kersten — Sat, 27 Oct 2012 14:05:15 -0000

You are a talented Spidy Artist!

Re: Celebrity Images

Doug Kersten — Sat, 27 Oct 2012 14:04:51 -0000

Spidy is cool!

Re: What is AllCelebTalk?

Doug Kersten — Fri, 26 Oct 2012 00:36:29 -0000

Cool video! I can't believe we made it so fast!

Re: Beautiful Sunset

Doug Kersten — Fri, 26 Oct 2012 00:35:29 -0000

Nice sunset! Looks apocalyptic!

Re: The Avengers 2012 Trailer

Doug Kersten — Fri, 26 Oct 2012 00:33:10 -0000

The best trailer. Love it. This movie was great!

Re: Celebrity Images

Doug Kersten — Fri, 26 Oct 2012 00:32:35 -0000

Awesome movie poster!

Re: http://alltalk.kicks-ass.net/actplayers.php?id=421&t=2

Doug Kersten — Thu, 25 Oct 2012 21:52:22 -0000

Love it!

Re: http://alltalk.kicks-ass.net/actplayers.php?id=421&t=2

Doug Kersten — Thu, 25 Oct 2012 21:49:09 -0000

Very very cool!

Re: http://alltalk.kicks-ass.net/actplayers.php?id=421&t=2

Doug Kersten — Thu, 25 Oct 2012 21:48:48 -0000

Very Cool!

Re: http://alltalk.kicks-ass.net/actplayers.php?id=421&t=2

Doug Kersten — Thu, 25 Oct 2012 21:37:01 -0000

Very Cool!

Re: Gawk.it

Doug Kersten — Tue, 29 May 2012 11:51:06 -0000

I remember emailing lijit when they first started to say they should do something like this! Pretty ironic.

Re: Google Says It Removes 1 Million Infringing Links Monthly

Doug Kersten — Fri, 25 May 2012 11:11:53 -0000

Looks like the current system is working. Why mess with it.

Re: Scripting News: Take 3

Doug Kersten — Fri, 10 Feb 2012 10:18:21 -0000

This is why I took Facebook off of my Android phone. They imported my address book without asking me and I was shocked to see that some of the information was public by default. I immediately removed the Facebook app and only use my home PC to access it now.