[conspire] 21st century web platforms

Rick Moen rick at linuxmafia.com
Tue Feb 18 23:01:08 PST 2020


Quoting Paul Zander (paulz at ieee.org):

> The proper response should be to find someone actually knows the
> subject and present it clearly.

Which is my cue to say that Ruben says it was _not_ this presentation on 
'Security Now' that he heard about Obj-C in the iOS security context,
but rather some other podcast that neither of us can now find.


> I've been puzzling over why Gibson and others achieve celebrity
> status anyway.  Old saying, "If you can't dazzle them with
> brilliance, baffle them with bullshit."

I remember in the late 80s/early 90s hearing Gibson on-stage somewhere
at a PC-industry trade show holding forth with what was obvious to me to
be utter drivel about hard drives, about which he was supposedly an
industry expert on account of Spinrite.  And, of course, there was
absolutely no opportunity for any better-informed person in the
audience, including me (and I'm no expert) to contest the
misinformation.  One had to, at best, take notes and then post a
scathing takedown to Usenet.

I held my peace earlier about his more-recent prestige offering, the online
service ShieldsUP, but here's a short version:

The user opens a Web browser to www.grc.com (Gibson Research), picks
ShieldsUP, and requests what amounts to a remote portscan.  The site
rummages around for a while and probes sundry ports on your presented
public IP address, and then tells you that you are _safe or not_ from
the mean, nasty Internet depending on whether www.grc.com was able to
autoprobe network daemons at your public IP.

There are a bunch of bad assumptions:

1.  That inaccessibility of network daemons from their IP means they
    don't exist.
2.  That network daemons are inherently dangerous.
3.  That vulnerabilities local to your machine don't matter.

I remember, back in the day, being very amused when I ran the service
from my server IP (probably using lynx) and was advised that my 'PC' 
was in horrible danger because it was offering HTTP, HTTPS, SMTP, SSH, 
rsync, NTP, and ftp connectivity to the mean, nasty Internet!




More information about the conspire mailing list