On Friday the 17th, I attended my first Startup Weekend.

Startup Weekend is a 54-hour event that has founders pitch their ideas, find people to help work on them, and launch their idea into the marketplace. At the end of the weekend, the startup is pitched to a panel of judges with extensive experience.

I was originally going to just find a pitched idea that appealed to me and could make use of my tech knowledge. I’ve built simple web apps before, and have some knowledge of a lot of useful tools that can quickly launch a prototype.

I ended up pitching an idea. I wanted to start a service where small or medium businesses can get a suite of useful off-the-shelf products to launch their businesses (or even revamp them) safely. From what I understand, many of these businesses don’t have dedicated IT staff, nor have the resources to hire someone to constantly check the security of their systems.

Me pitching my idea

This leads to unpatched systems, weak passwords, and poor security practices. This is why WannaCry was so successful. Ransomware is wreaking havoc on small businesses especially because most business owners have no idea on how to protect themselves. Many of their systems use the default configurations, making them easy targets. By selling a suite of services, perhaps as a subscription SaaS product, best practice can be automatically applied to each service. There could be a quick onboarding process where they pick a few systems (website, e-commerce, database, payroll, etc.), and have them automatically configured for use.

By having a single login (which would be enforced with a strong password policy) and using randomly generated passwords for each service, the effect of a single service failing will (ideally) have little effect on the other services. Of course, the single login failing will wreak havoc on a business. But this is the same as a password manager.

But no-one wanted to work on my idea. I got a lot of votes for my idea, but converting those votes into people who wanted to work on it with me failed.

So I decided to work on a venue-finder for quiet spots. Originally, the idea was to create a service that would allow introverts to find quiet venues and extroverts to find lively venues. Over the weekend, the fine points of that idea changed numerous times.

I worked on the tech side (which I’ll be focusing on; the other elements of a startup scare and confuse me). I created a simple web scraper using the populartimes Python library┬áto pull historic venue popularity data from venues in a small geographic area. I ended up with information from 159 bars, cafes, restaurants, and nightclubs. This info included the name, address, rating, and historic popularity for each hour of the day during the week.

The scraper:

An example of the data that’s scraped:

Using this data, I adapted a Google Map service I had already built for my work to display this information graphically. Each venue was a colour-coded pin based on the average popularity during business hours. A user could filter by quiet, semi-popular, and popular (based on figures I pulled out of my ass). I should really set up a public repo with all of the code I used. Maybe.

Using the Google Maps JavaScript API, in my opinion, was a nightmare. It’s an asynchronous clusterfuck. When I originally built the map for work, it took me tens of hours before it finally clicked how callback functions worked. When you go to code it, you end up with layers upon layers of callback functions. It disgusts me. I ended up signing up for the Google Cloud $300 trial to run it, simply because I hit the 1,000 request daily cap testing my scraper. So now I’ve got access to a cloud server for 12 months. Might come in handy.

Our startup didn’t get much traction because we pivoted (changed direction with what our startup wanted to do) too many times before we could effectively start advertising. However, our pitch was quite solid. It was a great experience and I learnt alot.

Anyway, maybe I’ll have my home lab set up sometime this week (there’ll be a blog on that) and hopefully christen it with a CTF (there’ll be another blog on that).