has_many :codes

Wrapping Up 2023


Like every year, it's shocking for me how quickly this year has gone already. And I have mixed feelings about 2023. 

On the one hand, all is good with my family and myself, apart from some health issues I am currently investigating hoping it's nothing serious... Kids are growing, and besides some difficulties with our teenage daughter (as is often the case with teenagers), I would say everything is fine.

At my day job with Brella all is good too; I have been with the company for 2 and 1/2 years now and I am super happy with it. People are awesome and the atmosphere is nice too. My job is perhaps not too challenging for me at times, which is one of the reasons (the other is money) why I wanted to try to build some product on the side to be able to work on some technical stuff that I particularly like and is more challenging, and things like that.

But it seems it wasn't meant to happen, at least not in 2023. First, I had planned on reviving my blogging platform DynaBlogger by rebranding it as DynaSite and adding several features with the purpose of making it a tool to create different types of websites, not just blogs as it used to be.

I had some nice plans for it and even a potential cofounder (a colleague at Brella). My plans included several features powered by AI that would make it super easy and quick to create a fully functional website with the help of an AI assistant, by just providing it with a description of the purpose of the website, e.g. information about the business. Then, AI would produce a design together with images and copy, allowing the user to either repeat the process until they were satisfied or customise a design they liked. The AI would also aid in creating content for a blog.

It was a nice project, but eventually Paavo (my colleague) and I realised that the market was too saturated, and that building something that would be actually better than the competition would require a lot more time than we first anticipated, much more than we were willing to invest in this.

Besides, I always wanted to build a dev tool more. The only reason why I wanted to build DynaSite first was that I already had done a lot of work with the predecessor DynaBlogger, so I had thought it wouldn't take long but I was wrong.

So Paavo and I decided to forget DynaSite and pivot to something else, a tool to create and manage Kubernetes clusters with your own infrastructure called Cluster Ninja. The idea was that of a managed Kubernetes service but with your own servers, which could be in an on prem infrastructure or a provider of your choice. You would also be able to easily create multi cloud, multi region clusters for higher availability and for cheap, since you would be able to choose any provider that would fit your own budget. I was ambitious, and Cluster Ninja was meant to be the foundation for other products such as a PaaS, managed databases and object storage. 

I think the idea was nice and it was about something, the Kubernetes and infrastructure ecosystem, that I know well and I am interested in, but there were too many question marks and red flags, such as concerns about privacy (since the tool would require full access to customer clusters and therefore their data), as well as the realisation that too many people these days expect to get everything for free or are anyway not willing to pay a fair amount for tools, even if they can save them time and money. I ran a poll on Github and some of the comments  were quite demotivating not just about pricing, but also about unfair comparisons with free tools that were more limited in capabilities than what I was proposing, probably because I wasn't able to communicate properly what I had in mind. 

Long story short, I had already lost much of my motivation and whatever was left was gone when Fly.io announced their Kubernetes service, since their pricing is very competitive and I thought it would be even more difficult now to propose an alternative whose value proposition ranked money savings very highly. Generally speaking, I felt like I couldn't compete with these companies with my very limited resources so I gave up.

At the same time, I realised that I could invest my free time in a different way, with another passion of mine: security. I love exploring and exploiting vulnerabilities in web apps so I thought, why not do this legally and for money? So I decided that my main goal for 2024 is to get started with bug bounties as a sort of second job. I like this stuff a lot and it could help me financially if I play my cards well. It's a big question mark so we'll see what will happen. For now though I am going to spend a few months to get more familar with tools and techniques although I know a lot of this stuff already (I also did the OffSec OSWA course on black box testing), before I actually start with bug bounties. I want to be sure I am in a position where I can go after bugs that could be more interesting, challenging and more rewarding, rather than the low hanging fruit that anybody can find. 

Besides bug bounties, in 2024 I hope to figure out once and for all the causes of some health issues I've been having for a while, hoping that it's nothing serious that can be addressed with some kind of medication.

Anyway, that's it for now. See you in 2024! Stay tuned because I plan on writing about methodologies, tools and tricks about web app security, pentesting and bug bounties as I improve my knowledge and learn new stuff. Till then, I wish you a great new year!
© Vito Botta