Disqus - Latest Comments for dugsong

Re: Google+Buys+Angstro+As+It+Furthers+Social%26nbsp%3BStrategy

dugsong — Fri, 27 Aug 2010 15:02:19 -0000

Congratulations Rohit!!! FoRKs rejoice!

Re: Skype%26%238217%3Bs+Innermost+Security+Layers+Claimed+To+Be%26nbsp%3BReverse-Engineered

dugsong — Thu, 08 Jul 2010 16:45:32 -0000

Jeez, I'm sorry Sean. I just thought it was an excellent result worth highlighting. This really shouldn't have been picked up TechCrunch, of all places. Perhaps next time, such code will show up anonymously on sci.crypt, as the reversed FWZ cipher for Check Point Firewall-1 did back in 2000...

For folks wondering why this is significant, check out Phillipe and Fabrice's excellent Skype analysis from 2006 (original here: http://www.secdev.org/conf/skype_BHEU06.pdf - but save Phil the bandwidth):
http://www.slideshare.net/dugsong/silver-needle-i...

Basically, Skype's attack surface is much broader when you can actually talk to it. I'm guessing the first client-side vulns (heap overflows) they found back in 2006 won't be the last. A half-billion node botnet would be... significant.

Re: Shooting+for+the+Moon%3A+How+Universities+Can+Turn+Innovation+into%26nbsp%3BCompanies

dugsong — Wed, 30 Sep 2009 11:15:43 -0000

Having done two venture-backed tech transfer companies from the University of Michigan (which spent over *$1 billion* last year on research), I'm not sure there are necessarily "bad guys" to blame here, just some very difficult problems to overcome in culture and environment (just stating the facts: startups with PhD founders have the highest rate of failure). That said, we also probably have one of the better tech transfer offices around, although their startup group is relatively new.

The crux of the issue, IMO - large research universities are really built for R, not D, and few have ready access to a startup ecosystem for rapid commercialization. The academic research agenda also tends to orient toward matters of technical interest versus commercial importance, so you often start with a significant gap in product/market fit - technology in search of an application in search of a market. The death valley funding gap for such ventures can be much wider than for your typical lean Internet software startup, and the founder's issues (ala Noah Wasserman) much more... intense.

Michigan's made some attempt to address this, both top-down and bottom-up. The state has four magic sectors that have been blessed for investment, incentives, and grants to help offset their high startup capital requirements - life sciences, alt energy, advanced manufacturing/automotive, and homeland security. Programs like http://muci.org provide straight-up grant money for university technology commercialization, and the Michigan pre-seed fund can provide a 2-to-1 match for any money you raise (dilutive, but subordinate). The state has also injected money into local VCs targeting investments in these sectors.

UM's Office of Tech Transfer and the b-school's Center for Venture Capital and Private Equity Finance both have programs that build student teams around university tech transfer opportunities (with external mentorship). The engineering school's Center for Entrepreneurship and b-school's Zell-Lurie Institute both offer some support, but more importantly, encouragement, for students and faculty to consider entrepreneurship. UM's also set up a dedicated office, the Business Engagement Center, to help orient external folks looking to engage in commercial opportunities here.

There is definitely an untapped goldmine of university IP, but the challenges in research commercialization are much more than just access and licensing. And these problems aren't specifically ours (although Michigan's clearly uniquely challenged in other ways) - see for example, New York: http://bit.ly/3rhbiW

In fact, Michigan is probably one of the easiest (and most promising) places to go on such a treasure hunt if you have the resources and will to go where no entrepreneur has gone before. ;-) Take a look at the list of disclosures in UM OTT's annual report for a start: http://techtransfer.umich.edu

Happy hunting!

Re: Eliminate Ranges From Your Negotiating Vocabulary

dugsong — Thu, 24 Sep 2009 10:16:53 -0000

Re: "the starting position you are trying to establish", and the anchoring effect: http://hbswk.hbs.edu/archive/4302.html

Re: Automattic Acquires Spellcheck Plug-In After The Deadline

dugsong — Tue, 08 Sep 2009 19:48:28 -0000

For why AtD matters, see this example of Firefox, Microsoft Word, and After the Deadline attacking The Spell Checker Poem:

http://bit.ly/badpoetry

Congratulations! You done real good, Raphael!

Re: Jabber Bot

dugsong — Fri, 21 Aug 2009 01:22:23 -0000

i'd like a copy of this as well! can you put it up somewhere to download?

Re: Olark Is A Dead Simple Chat Widget For Site Owners

dugsong — Wed, 19 Aug 2009 17:49:33 -0000

That's exactly what Olark does - you can use your existing IM service (AIM, GTalk, Yahoo, MSN, Jabber, etc.) to chat with your website visitors.

Re: Geek Weekend: Ann Arbor, Michigan

dugsong — Sun, 09 Aug 2009 15:03:52 -0000

I had nothing to do with this nerdrage-inducing article, and have no claim to anything listed except the TechBrewery and the a2geeks wiki. What gives, Trek?

For a community directory of 60+ geek/startup groups with an average 2-3 events daily in Ann Arbor, see a2geeks.org and a2newtech.org - and annarborstartups.com for a review of new developments here over the last 6 months.

Re: Startup Hotbed Inferiority Complex

dugsong — Fri, 10 Jul 2009 16:17:51 -0000

Ann Arbor also has a growing startup ecosystem (with strong ties to SV & Route 128, and a few friends in Boulder :-) and a strong hacker/geek community:

http://annarborstartups.com
http://a2newtech.org
http://a2geeks.org

We're still working on the college sports thing. ;-) Go Blue!

Re: Bring the world to your event

dugsong — Mon, 29 Jun 2009 04:35:58 -0000

also check out http://visibletweets.com

Re: What to do if your startup is about fail (or “Don’t Stop Believing”) [Jason Calacanis Post]

dugsong — Wed, 04 Mar 2009 00:31:39 -0000

"fauxtrepreneur" is sort of unwieldy. i prefer "wantrepreneur"...

Re: Aguri: Coolest Data Structure You’ve Never Heard Of

dugsong — Tue, 22 Jan 2008 23:05:22 -0000

hey tom. going to explain judy trees next? ;-)

Re: C++: A Cautionary Tale, or, 1 Hour Of Your Black Hat Trip is Spoken For

dugsong — Fri, 13 Jul 2007 00:17:12 -0000

shee, hi Tom...

i've not "given up on security" to "go do something meaningful" - this is crazy talk. that may have been how you felt about NAI, but i'm glad to have had the opportunity to save the internet with you at Arbor. :-)

Stuart Staniford may be a better example for your purposes:

http://www.econbrowser.com/...

i'm sorry i'll miss horizon and duke's talk, which promises to be amazing (and never were there two nicer guys in the industry). i keep hoping someone takes on Python next, and a Li Gong finally emerges in that community.

see you at WOOT07! :-)

Re: Notarized Advisories: Prove You Found Something Without Giving Up Secrets

dugsong — Fri, 08 Sep 2006 00:40:23 -0000

peter honeyman did this almost a decade ago with the publication of some vulnerabilities in Schlumberger's Java smartcard - he mailed them a copy of the Michigan Daily's classified section, where he'd taken out an ad containing the MD5 hash of his advisory (which i can't find anymore, but some photographic evidence still exists :-)

http://www.citi.umich.edu/p...
http://www.citi.umich.edu/p...

Re: Python is the “lingua-franca” of over-the-hill hackers

dugsong — Tue, 15 Aug 2006 00:37:41 -0000

heh, i wasn't consulted about this "collective opinion" expressed in the Arbor post, and don't much agree with it, either.

that said, there is some truth to the notion that Python is for over-the-hill hackers. CORE and Immunity, for instance (excepting gera's Smalltalk fetish). these Metasploit newjacks can have their goofy Japanese Perl, whatever!

i had this argument with spoonm at Bluehat before they settled on Ruby, and lost then. maybe Python 3000 will one day serve all you whippersnappers a big cup of STFU, but until then, i'm happy with my caffeine-free, hi-fiber, watered-down pablum language.

if Metasploit and PDB were written in elisp, i'd be more impressed. and might actually run them.

emacs uber alles!