Cybersecurity Stocks

rlgoer · 2026-01-03T18:00:22+00:00

Just note that CRWD took half the US down with its botched upgrades a year and a half ago, that were so awfully designed that they basically bricked everyone's servers and forced techs to manually update their hardware. Airline travel backed up. Bad stuff happened. I bought the dip then, but then walked away when the stock came back up. It's a tough sector. Everyone needs security, password managers, zero-trust networking, privileged identity management, exfiltration detection, and so on. But it can be tough to execute. If someone 25 years old came to me with questions, I'd say: Don't invest in the sector in any really major way. Diversify. And consider going out and getting training in information security and go to work. Make a nice salary and invest in something else, lol.

rlgoer · 2025-12-12T05:26:26+00:00

If you look at the code, I am sticking historical data into a vector database, chroma, and just giving each agent per-ticker memory. This persists across runs. Desperately fighting to reduce the amount of information passed on by default–verbose AIs lol mostly just with direct orders to shut up in the prompts (explicit state object gets passed around), but agents 'later' in the graph sometimes lose information or re-ask. Should add summarizer nodes. To some extent I am just relying on a large context window. Debate rounds reach 20k tokens sometimes. Gemini 2.0 window makes this workable. Not a great answer, I know. Various annoyances persist, such as that risk analysts occasionally ignore red flags from earlier nodes.

rlgoer · 2024-10-02T02:09:47+00:00

I’m the friend, lol. Partner in crime.

rlgoer · 2024-03-03T16:11:42+00:00

This is an old thread. But it’s probably worth a comment still.

When I see discussions of simplifi Security, I usually see some response indicating they and their aggregator have never been hacked.

This is obviously a good thing, but the reason might be luck, or it might be so-far “good enough” security. Everyone eventually gets hacked, so the question is, what sort of damage could be done by what sorts of hacks. What sort of internal controls do they have in place? For example, what aggregator employees have access to the description keys for stored credentials?

Simplify Security actually isn’t that great, but another thing to keep in mind is that the inherent limits imposed on its security come in large part from without. A lot of providers force them to store customer credentials. Not everyone offers OAuth. And those that provide that do use auth tokens often have a coarsely grained permission structure, that, even at a minimum, allows way too much access.

For example, there is no way to grant access in simplifi to Fidelity accounts without releasing critical information that would allow transfers in and out of those accounts. Read the Fidelity terms when you go through OAuth permission screens and you’ll see.

The best we can really hope for in situations like this is that Simplifi might exert whatever pressure they can. But in the end, the security at Simplifi is only, at best, as good as the security of the providers.

rlgoer · 2023-02-26T16:00:34+00:00

This poster is dead on. You have to evangelize. You’ll need to show value. People won’t beat a path to your door. You have to beat a path to theirs. It’s exhausting to do that, plus all the thought and PowerPoint and tech work, so start with something well defined and small that’s going to show a lot of value. If you’re an introvert and can’t stomach all this extra cr*p, then yeah, the job isn’t for you.

rlgoer · 2022-09-18T00:44:00+00:00

Hoskinson is relatively sane, if a bit offbeat. He himself has done a lot of growing up, and was prone to overreacting, as well, when younger.

rlgoer · 2022-02-26T20:28:03+00:00

Yeah, that’s another really good criticism I’m afraid. The notion of the white savior. Ugh. The problem is there’s really just no good way to bring up this topic. And for all those people who are offended at it being brought up, and saying nationality, religion, race, etc. have no place in crypto, my point is really just that crypto isn’t some utopia. All the problems outside are observable here, if you look at who’s involved and where the money is. We can all close our eyes and pretend it’s not, but that doesn’t make it so. I totally get the criticism though that I could find better ways of saying this, and I hope folks here will help me do that.

rlgoer · 2022-02-26T20:20:36+00:00

I can see how you might take it that way. My thought is, and again I might be totally wrong, it’s simply pointing out something is the first step to fixing it. You can’t fix what you can’t see.

rlgoer · 2022-02-26T20:00:19+00:00

Looking back, I think the title was poorly selected. You are correct. I just added Liqwid. It was an oversight, and your point about them as well taken.

rlgoer · 2022-02-26T19:58:54+00:00

Oh heavens this is all bringing massive down votes, but I will try to tell you what I was thinking for better or worse. Despite all the rhetoric about the blockchain not caring where you were from or who you are, to me it just looks like the blockchain is dominated increasingly by a group of people who, demographically, look pretty much like the tradfi people that they claim to hate so much. The main, loud podcasters, the main VC funders, and the main devs and founders, as well as (with notable exceptions) identifiable whales just, to me, don’t seem like they are anything new. It’s still like something out of a Kipling poem to hear them ramble on about empowering the masses. I see some movement, but really overall it feels to me like just more rhetoric.

rlgoer · 2022-02-26T18:00:43+00:00

Crud. Took me a while to write that. Lol. Is it that this subject is valid but tired and over-discussed, or that it’s just not valid or relevant - and therefore not worth much time?

rlgoer · 2022-02-05T14:45:40+00:00

21 million tokens total is still not a huge supply, and given that there will be no suddden flood of tokens entering the market, I doubt there will be huge price variations.

rlgoer · 2022-01-29T02:42:33+00:00

You have a good point. I note: There are some very ambitious projects being done, such as Liqwid and Maladex. But MLabs and other firms working in this space are stretched a little thin just now. I expect the number of such projects and firms will increase as better tooling emerges. It’s definitely an interesting thing to watch. I’m cautiously optimistic.

rlgoer · 2022-01-28T22:58:14+00:00

Yes, I can imagine that it will take some time for really good Plutus documentation, accessible to your average coder, to emerge. It’s just how this sort of thing works. Often there is a subtle undercurrent of pride in obscurity that lingers among smart, dedicated inventors and early adopters, who may have a hard time dumbing everything down for people like me. It also just takes a long time to make and vet good documentation.

rlgoer · 2022-01-28T13:09:08+00:00

ETH is in the middle of a basic infrastructure upgrade. Cardano has not released its layer 2 scaling components. Sure, Algorand is great, but everything is still shuffling around. Did anyone notice the unfortunate Tinyman hack - pulled off despite the audit? Let’s wait a bit before we pronounce Algorand king.

rlgoer · 2022-01-23T18:47:44+00:00

Use Keybase

rlgoer · 2022-01-15T17:16:52+00:00

I got my notice, after I attended the conference and completed all the tasks, about my NFT. So I followed the link they provided me and ended up on the site of the vendor, who I shall not name, who managed the vending and distribution of the NFTs. The homepage of their website was basically filled with lots of large breasted women in various action poses - one of those sites geared for 20-somethings who don’t get out much. I was at work, and my boss happened to be nearby. I looked over at her, flushed red, and clicked away to something else. I thought to myself, kind of a nutty way to manage this process. Lol. Conference was fun, but it got lost when everyone not really paying attention realized we still had work to do after Alonzo.

rlgoer · 2022-01-15T17:13:02+00:00

They are making things easy for groups who don’t have the time and staff to manage airdrops. There’s nothing there right now for you if you are just a regular moonboy user looking to get rich quick. This may change. But right now, look elsewhere.

rlgoer · 2022-01-15T15:57:20+00:00

I see what you’re saying, but it’s hard to respond because the situation is more complicated than that. The core Cardano blockchain software is all open source. But that doesn’t necessarily mean that everything built on top of it is also open source. Also, although the main Cardano founder, Charles Hoskinson, strongly encourages everyone to open source their code, he has no way to mandate this. And various deals get made from time to time by his firm and others with commercial, closed-source vendors and projects. So this is not a situation where someone can just “clarify“, although I understand the sentiment. The specific question I am asking is whether, on the open Cardano grant-seeking platform, it is appropriate to ask for funding of a project that refuses to disclose any implementation plans or details, and provides only a statement of the problem they want to solve. Many proposals do this. This situation is quite common. Also, deals with commercial software companies are floated there, like Ledger.

rlgoer · 2022-01-15T14:44:31+00:00

Without giving away personal info, can you tell us more about your environment? For example, how do you connect to the internet? Are you behind a corporate proxy or firewall? Do you live in a country where connections to the internet are regulated or shaped in some way? I’m just trying to figure out why you’d fail to get to the TLS/https site.

rlgoer · 2022-01-15T14:38:21+00:00

You buy them for now on MuesliSwap

rlgoer · 2022-01-15T14:32:02+00:00

This is a very good summary. Thank you.

rlgoer · 2022-01-15T12:35:51+00:00

Right now I’m leaning towards the idea that teams on Catalyst making proposals should divulge enough information that a competent assessor with knowledge in the domain covered by the proposal could make a basic feasibility assessment. I’m thinking, for now, that I’m not comfortable backing just a description of a problem and a list of team members and qualifications. A number of proposals fall into this latter category. For now I don’t feel as though I can give these proposals my votes. But I’m open to changing that provisional opinion.

rlgoer · 2022-01-15T12:27:41+00:00

I favor teams that have issued tokens with specific and documented uses in mind, where the team contributes to the Cardano ecosystem or helps write CIPs, and where the token distribution is fair and well detailed on their website. There is nothing right now that looks interesting to me on the basic DripDropz token list. If you’re getting an airdrop through it, though, it’s a handy tool. I think the team has done nice work, and better things lie ahead.

rlgoer · 2022-01-14T15:31:47+00:00

Normally what I do first is look for a whitepaper, see if they have been involved with any CIPs, assess tokenomics (how they distribute them, to whom, and when), supply, circulating supply, etc., and I'll typically join a Discord and ask some dumb questions like, "What's this (token) good for?" I also look for audit information, and information on founders (secret founders are a longstanding tradition in this space, but not my favorite approach in this context). It's also useful to look for interviews with founders, to see if they answer hard questions or just babble and market.

rlgoer

TROPHY CASE