About | Buy | Industry Watch | Learning Curve | Products | Search | Test Drive
Home » Learning Curve

Leet & Leeter, Fanboy & Fanboyer

As with Steve Jobs, Nancy Heinen, and Fred Anderson, backdating is generally a Bad Idea™.

Apple fanboys have never been and will never be part of the broad programming and security communities and the immature behaviour of one more fanboy does nothing to counter this claim.

Having his fanboy feelings hurt because Rixstep were supporting the efforts of the Month of Apple Bugs team, this fanboy - perhaps more fanboyer than others - went into a 'full disclosure' mailing list with a supposed advisory 'backdated' ('forged') to make it appear as if others were just as lax with computer security as Apple are.

But the attempt at backdating failed - and now again it's the Apple fanboys and they alone who look bad - 'fanboyer' than ever.

To: full-disclosure
Subject: Re: 'Rixstep still aren't as leet as they thought they were'

Oh it's been fixed all right - Mr Anonymous with the Bent didn't stay around long enough to find out.

What's interesting of course is that Mr Anonymous 'backdated' the advisory to make the company look bad. This is not 'full disclosure' - this is the typical immature behaviour of an Apple fanboy.

He got excited on 15 January, did in fact find a bug, and then searched the entire Rixstep site for mention of the product. The earliest he could find was 23 November last year. So he 'backdated' his advisory to the day after.

Unfortunately this cowardly fool didn't take the time to consider several things.

  • There are serial numbers on all SF advisories. Several dozen before his are all dated 15 January 2007. It becomes obvious he's backdating.
  • The product Mr Bent tested is not the product released on 23 November.
  • Mr Bent would have the world think he actually contacted Rixstep prior to going public with his 'nasty bug'. But in such case he got his hands on a copy of a product two weeks prior to it being written.

As with Steve Jobs, Nancy Heinen, and Fred Anderson, backdating is generally a Bad Idea™.

But the bug has indeed been fixed and Security Focus have been alerted to the issue with the behaviour of this person and corrected the appropriate records.

Basically all this proves is that this fanboy - behaving fanboyer than others - has a sick mind - something most of us already knew. But now it's out in the open. His goal was to make MOAB and Rixstep look bad and in the end it's only he and his fanboy friends who look bad. Again, very typical of the way things go for Apple fanboys.

The objective of full disclosure is to close security gaps in software so users are not victimised. It is not to be able to strike back at people like MOAB (or Rixstep who support their efforts) who dare criticise their beloved platform.

Apple fanboys have attacked Brian Krebs, Dan Gillmor, Andrew Stone, Avie Tevanian, George Ou, Kieren McCarthy - and now MOAB and Rixstep - where other vendors such as Microsoft simply say 'yes we know; we are going to fix it' and Microsoft software users take a calm and rational stance to it all.

Wikipedia's definition of 'fanboy' is as follows.

'Fanboy is a term used to describe an individual (usually male though the feminine version fangirl may be used for females) who is utterly devoted to a single fannish subject or to a single point of view within that subject, often to the point where it is considered an obsession. Fanboys remain loyal to their particular obsession, disregarding any factors that differ from their point of view. They are also typically hateful to the opposing brand or competition of their obsession regardless of its merits or achievements.'

You can't cure a fanboy just as you couldn't convince the citizens of Jonestown to come home and save themselves - and they will become aggressive to those who try to help them. Wiki's words are good here - this is just a fact of life.

Bottom line? Rixstep are just as 'leet' as they claimed: their stance is not merely that they write better code and do more QA than other companies but that they're actively soliciting bug hunts - they won't hide in the PR department like some other companies. If this is 'leet' then all software companies should try to be as 'leet': software users would only benefit.

Also of note is that the cowardly Mr Bent, attempting to take the ethical high ground, still hides behind 'anonymity'. If everything were so above board and he felt no shame and disgust at his behaviour - then why hide? Rixstep do in fact offer rewards for people who find bugs - and have given away two products already as a result - but they're not about to give them to nasty anonymous Apple idiots.

This post has little relevance to FD but OTOH neither did any of the rantings of this lunatic. It's merely to set the record straight. Watch out for fanboys and if you're contemplating migrating to OS X (most likely you're not) consider you will run into these suicide users all over the place.

PS. It should also be pointed out that this lunatic's supposed 'proof of concept' actually proved nothing and was in fact extremely amateurish code. Yes he did discover a bug, but his advisory and proof of concept code had even more (and more dangerous) bugs. In a word: it had 'fanboy' written all over it.

His claim he produced a denial of service even if his exploit failed basically sealed his fate: that's about the dumbest thing ever posted to SF or FD or anywhere ever. When you have two hot ('for (;;)') loops running in side by side processes and both acting on the file system of course you get yourself in a tight situation - but no one but a fanboy would ever try something so immature - this is totally independent of any external software you claim to be testing.

And when you have something like 'system("/bin/cat > <target> <source>")' inside a compilable file you know you're dealing with someone very special - and thankfully extremely unusual.

Nobody's coming home from Jonestown. Fanboys are fanboys and will remain fanboys - and they get fanboyer all the time.

About | ACP | Buy | Industry Watch | Learning Curve | Search | Test Drive
Copyright © Rixstep. All rights reserved.