New Year, New Steve, New Plan, New Blog, Hopefully Not the Same Result

in ,

Goals

I've decided to make it my goal this year (2021) to take some piece of software I write and make it profitable. Not only am I going to do that, I'm going to relentlessly blog the whole thing.

From zero (well more like -10k if you count my debt) to some undefined endpoint. The goal is to unbiased / comical in my approach, as well as show what the process actually looks without all the hero / success worship. If its even possible.

Background

Why am I doing this? Easy - I like to write software, I enjoy coding, almost as much as I enjoy sleeping, playing counter strike, and hockey.

The only flaw in my plan is that no one is going to pay me to get up at noon, spoon my dogs for a little, fuck around with some new framework / try a new language until the deep hours of the morning.

So what if I just paid myself? Its possible that its white-guy-overconfidence but its always been a goal of mine to be start something. In fact I've made some apps before.

List of Failures:

  • Poscal (snap map before snap map was a thing)

  • scrpts.io an aggregate of security research / threat analysis reports

  • Simple Minded meditation, without the bullshit

  • Steve Kipp Hedge Fund (trading)

Net Profit: -97.54

Steve how do you live on -97.54 per year? Well luckily I'm actually fully employed as a software engineer.

The goal here is pretty lofty, and If you're here of your own freewill (I have not asked you to proofread) odds are you know just how easy a mix of podcasts, blogs (irony), and YouTube assholes can make it seem. I want this blog to be a quantifiable examination on how it all works, or if it works at all.

Science

At the end of each blog - I'm going to build a sort of tl;dr box where I attempt to break down what costs were associated with my progress. There are a few ways I can break down the costs

  1. Literal cost in USD

  2. Time spent in hours

Additionally in my tl;dr block I think I could include a short summary and maybe some keywords that will later let me do some NLP analysis.

Here is a quick idea of what a tl;dr block might look like (sure looks like YAML)

    TLDR:
       task: "watching German techno DJs on twitch while I write this" 
            timespent: 2 h 
            cost: 0
            summary: "writing the initial blog post on how I plan to document everything" 
            keys: "blog, writing, planning"

It should be noted that I initially write all of these in markdown so parsing should be easier

Next post, we figure out what to build.

Scrpts Foundations: Speed in Cybersecurity Research

in

Preface: this is part of my idealism for my site https://scrpts.io

The bad tends to outpace the good

For those unfamiliar in cyber security there are three main areas, the good (white-hat), the bad (black-hat), and the ugly (grey-hat). We commonly see headlines where major companies have huge data leaks, vendors have huge exploits, or security research was ignored. The threats (black-hat) always tend to evolve faster than protection systems (white-hat), thus putting the good in a constant defensive stance.

I want to explore a little bit why I think this happens and possibly how it can be improved upon.

Incentives

Why do some people start startups? or invest in high risk companies? the incentives are pretty lucrative. For a seemingly small investment the pay off could be extremely rewarding, ideally you work really hard at a startup for a limited amount of time and then never work again after going public (not how it works really I’m aware). The incentives for cyber crime are very similar: you have an extremely low barrier to entry, and an extremely high pay off. By barrier to entry I mean that anyone can attempt to say write malware of steal card information, not necessarily succeed.

Here’s what I wonder:

What does the investment (in terms of time) look like relative to payoff for given attack vectors?

In layman’s terms how much time does it take to build malware, and how much on average to you make off of it? and what about social engineering? Botnets?

Like any economic system if we reduce incentive, then we (likely) reduce investment. Rather than focusing on how to literally combat intrusions mano a mano, we can reduce our risk of becoming a target, or more reduce the amount of malware produced by reducing the amount of financial gain possible.

David vs Goliath

Why are startups able to beat large companies? Listening to “How I Made This” in the episode with the founders of Stripe, they talk about how if it was purely by assets, Google should have crushed Facebook. Startups tend to succeed because of smaller size that makes them more agile.

Similar is true for malicious software production, groups that produce it are small and disorganized. The solutions - can sometimes be - the exact opposite. Large organizations producing solutions that suffer the attrition of bureaucratic hold ups. In short the production of the threat is fast, and production of the fix is on average slower.

Whats the average rate of time for a solution (short of blacklisting IPs) to come available that corresponds with a given threat?

What can be done to fix this? Cybersecurity research needs to become less centralized and less systematic. The overarching goal behind scrpts is to allow individuals to post research and solutions. By focusing a community - with little hierarchy and little hold up, we might be able to get the solutions, and identifications closer to that of production levels.

Maybe

These are the concepts I’m building into scrpts, I want an active community of people and are not hindered in their pursuit. I think by fostering a community, similar in the manner that open source software does. We move the needle closer towards favoring the consumer.