Talk:Steve Gibson

From Wikipedia, the free encyclopedia

This article is within the scope of WikiProject Biography. For more information, visit the project page.
??? This article has not yet received a rating on the Project's quality scale. Please rate the article and then leave a short summary here to explain the ratings and/or to identify the strengths and weaknesses of the article. [FAQ]

Contents

[edit] Complaints Against Steve Gibson

User: Could you better explain the nature of the complaints against Steve Gibson? It is important to address them specifically. --Alexwcovington 08:53, 2 Dec 2004 (UTC)

Credited with coining the term spyware by who? First time ive heard it.... The article is POV and needs to be rewritten - for a start some discussion of what Gibsons critics (virtually the entire security industry) have said or the whole syn cookies debacle might help balance it a bit. Gibson is wonderfull at public relations but Id like to see any article that was a bit more honest than this fawning statement....

The GPA is more proof of this being written by a GRC acolyte - and gibsons written exactly one software program - Spinrite - and thats it - so i also question his credentials as a software engineer.

POV and boldly so

I agree with Alexwcovington, the section on critism needs sourcing. In the links are two pages, but they don't really seem like great sources. "Secruity Experts" are mentioned over and over, but not who they may be. To quote WP:NPOV, If a viewpoint is held by a significant minority, then it should be easy to name prominent adherents;. This needs to be done. --Falcorian | Talk 05:22, 15 January 2006 (UTC)
In my experience, the majority of security professionals take the view that Steve Gibson is a media darling rather than a security expert. The relevant section of WP:NPOV is "If a viewpoint is in the majority, then it should be easy to substantiate it with reference to commonly accepted reference texts;". Unfortunately this is not the case as expertise in computer security is invariably gathered through experience rather than reference texts (That's to say that there is no single text which can be referred to; one requires an appreciation of the entire field). Additionally most but not all controversies surrounding this man stem from failure to communicate vital nuances or from massively overplaying the importance of insignificant aspects rather than outright misinformation. --DanPope 23:05, 24 January 2006 UTC

Regarding the bullet under the Criticism section that discusses his Windows Metafile vulnerability conclusions from episode 22 of Security Now: in the next episode of the same podcast, he retracts many of his allegations against Microsoft and takes a much more conciliatory tone about the whole issue. His comments on episode 22 are certainly an example of him irresponsibly jumping to a conclusion without having done sufficient research, but it seems unfair to mention that episode without also mentioning the other. --Silpertan 02:55, 11 August 2006 (UTC)

Where is the issue with the windows metafile exploit explanation by Steve Gibson? Of course it was intentionally put in Windows in a time when nobody thought about people surfing the net with Windows (back then Windows 3.x). Windows in the early days just wasn't an operating system with multiples users and thus security in mind. I think steve gibson excellently explained that in security now. That is why I slightly changed the first sentence of that section. --Julian Bartholomeyczik

[edit] POV Dispute

This article needs ALOT of work. It reads like a back and forth argument right now. --Falcorian | Talk 05:07, 15 January 2006 (UTC)

I think the article has come a long way in a short time. I think Copysan put in a particularly good edit. I'm a little concerned of the direction Kupci is moving the article... Equating this article to the Seigenthaler debacle, especially after the recent improvements is a step backward, and I do believe that Gibson's critics have bases for their accusations and deserve a measure of consideration in this article. --AlexWCovington (talk) 18:37, 18 January 2006 (UTC)
I agree the article has come along way. I do agree with Kupci's removal of GRCSucks.com, because regardless of the merit of the claims against Gibson on it, it does have a title that doesn't seem appropriate. However, his edits seem to be pushing the article a little into the NPOV zone.Oh yes, his comparing this to Seigenthaler seems way off base as well. --Falcorian | Talk 23:41, 18 January 2006 (UTC)
GRCSucks.com should not be removed. 'A title that doesn't seem appropriate'? Oh get a life. GRCSucks has more and more benevolent factual information on the charlatan than anyone. Anyone duped to think otherwise is a - dupe. talk
Immaturity doesn't strengthen your case. --Falcorian(talk) 17:40, 28 January 2006 (UTC)

I'm wondering what purpose the Radsoft links serve. Both are either POV and/or out of date. If the content there is verifiable, wouldn't it be better to place the links in context as a part of the article?Sschinke 02:21, 2 February 2006 (UTC)

They serve the purpose of... Well... Nothing really. Frankly though, I was too lazy to read through them and decided to let someone else make the call as I didn't want to be seen as monopolizing the links section. ;) --Falcorian (talk) 04:29, 2 February 2006 (UTC)

[edit] Links Removed

I have removed three links, they are as follows:

  • Why Assembly Language Is BAAAD - This article has nothing to do with Gibson. Yes, he codes in Assembly but that's the only real link. I'd suggest Assembly language if you want to include information from the article. Frankly, this link is like putting a "Ford is BAD!" link at the bottom of random articles of people who drive Fords.
  • Web-myth debunker's life threatened by Steve Gibson Groupie - I skimmed this article, and it seems to be about a random fan, not Gibson. I may have missed the line where it says "It turns out it was Gibson that sent the death threat", but I don't think I did.
  • Steve Gibson Criticism - Removed for the above reason. I also don't believe that sites that at least try to pass themselves off as smear sites help Wikipedia's credibility, and further I think criticism of Gibson has been thoroughly covered by the previous links.

--Falcorian(talk) 18:21, 28 January 2006 (UTC)

I think GRCsucks.com may deserve a link in the criticism section, but I agree the other links are unnecessary. --AlexWCovington (talk) 21:58, 2 February 2006 (UTC)
I seem to be in the minority on removing it, so by all means throw it back up. --Falcorian (talk) 00:17, 3 February 2006 (UTC)
Agreeing with Alexwcovington here. GRCSucks.com, while having an unfortunate name, does have some excellent and well thought out analysis of Gibson's claims and assertions. Copysan 21:14, 3 February 2006 (UTC)
So, if there are no objections, can we put the "Steve Gibson Criticism" link back up? --68.230.70.235 23:37, 23 August 2006 (UTC)
It's late and I can't re-read the site tonight, but I will tomorrow. Until I do, I still object. --Falcorian (talk) 05:27, 24 August 2006 (UTC)
Have you read the site yet? If so, do you still object?--68.230.70.235 02:46, 6 September 2006 (UTC)

I should point out that GRCSucks.com is already linked to in the Criticism section. Adding another link at the end of the page would be treating it more like a neutral source. --AlexWCovington (talk) 03:57, 6 September 2006 (UTC)

Something I completely missed... Thank you for pointing it out. --Falcorian (talk) 03:44, 7 September 2006 (UTC)

[edit] Still POV?

Falcorian, do you feel the article has improved sufficiently to remove the NPOV tag? If not, What still needs to be done? --AlexWCovington (talk) 21:58, 2 February 2006 (UTC)

Looks better now. The only real thing I can think of left is those two radsoft articles, which I don't really feel like reading through, but which on the surface seem rather POV as pointed out above. I think the tag can safely come off. --Falcorian (talk) 00:16, 3 February 2006 (UTC)

[edit] NPOV and 62.103.255.73's Edits

62.103.255.73, please provide sourcing for your edits. The only sources I could find for some was radsoft.com, and even then it was wild speculation on the writers part. --Falcorian (talk) 16:33, 3 February 2006 (UTC)

What radsoft edits are you referring to? Are you talking about the ZoneAlarm promotion thing? Copysan 21:17, 3 February 2006 (UTC)
Yes. The Zonealarm thing, so far as I could tell with a quick google search, is based on a radsoft article, which, if my brief read of it is correct, basicly says "This seems likely so it is!". But also in reguards to the number of people working there, and a few other changes.--Falcorian (talk) 21:54, 3 February 2006 (UTC)
Agree. I read the radsoft articles, and I could not find any objective evidence. The radsoft articles compare Gibson to Hitler. While I'm not a member of Gibson's Gestapo, I can see that the radsoft article should not be used as a source. From this evidence and Falcorian's search, I think that any unsourced further mention about ZoneAlarm and Gibson should be regarded as vandalism. Copysan 23:32, 3 February 2006 (UTC)

[edit] Does Gibson hold an Engineer's degree ?

I would like to add this information into the introduction, similar to the one on the Leo Laporte page, to clarify the use of the word engineer in this article:

Gibson studied EECS at UC Berkeley, but did not earn a degree.

I couldn't find any evidence that Gibson holds an Engineer's degree, List of University of California, Berkeley alumni says "attended", but does not mention any academic degree. Please comment. --Ministry of Truth 06:09, 14 June 2006 (UTC)

I'm not seeing any such claims in the article at present -- it seems that Gibson dropped out to pursue his career. Besides, in the United States most schools have B.S., M.S., and Ph.D or D.Eng programs rather than engineering degrees in the sense described in the article. --AlexWCovington (talk) 15:56, 14 June 2006 (UTC)
Given the use of Engineer, whether he obtained an academic title is relevant information and the same information about Leo Laporte is therefore included on his page. As you think he dropped out too, I'll add this information unless proof of any academic titles earned is provided here over the next couple of days. --Ministry of Truth 17:33, 14 June 2006 (UTC)
I believe you may be suffering from a bit of culture shock here; in the United States the term "Engineer" is used a bit more loosely than in other countries; perhaps this is unfortunate but we can't redact Wikipedia to reflect what we think the world should be; Gibson could be described as an engineer, at least by US standards, by his body of work. --AlexWCovington (talk) 18:43, 14 June 2006 (UTC)
I agree with you that WP should take its worldwide audience into account and as neither the factual truth nor the added value of such a mention have been disputed so far, I contemplate to make the edit as worded above soon. --Ministry of Truth 12:05, 15 June 2006 (UTC)

If I may throw in my two cents before running off for two weeks: I'd have to see the evidence that he did not graduate, as the only bit that has been brought up so far is a site that is not all inclusive. Since there has been no good evidence either way, I think the current "Attended" works perfectly. --Falcorian (talk) 20:35, 15 June 2006 (UTC)

Fair point. I see you're an assistant at the University of California, Berkeley, would you kindly share your inside knowledge how to verify this fact one way or the other without actually going there as I don't live nearby ? That might also give us the opportunity to put "attended" back into the list where you removed it, which tends to contradict the above "works perfectly" a bit:http://en.wikipedia.org/w/index.php?title=List_of_University_of_California%2C_Berkeley_alumni&diff=prev&oldid=58823514 --Ministry of Truth 21:51, 15 June 2006 (UTC)
I'm not even sure how one would check it at Berkeley, it seems like that kind of info would require a reason to access, but I can look into when I get back, no promises though. ;) As for attended on the list of alumni, I would consider that a different case from here. On the list graduation years are given, so saying "attended" seemed to lean more towards the not graduating point of view, while nothing seemed more neutral (case in point, the other 'attended's on the list that I can see are all from non-graduates while there are a few blank entries for unsure cases already). Here though there is no president set by other entries in a list, and so it sounds perfectly neutral. --Falcorian (talk) 22:57, 15 June 2006 (UTC)
Thank you for your eagerness to help and unprompted reversal of your edit to the alumni list. --Ministry of Truth 00:19, 16 June 2006 (UTC)

[edit] SYN Cookies

Minitruth, could you please add how it is inferrior or source? Simply putting "It is inferrior" is rather POV and unverified. Thanks. --Falcorian (talk) 20:38, 15 June 2006 (UTC)

Falco, no sweat, would word from The Man Himself do:
"SYN Cookies had some useful features I hadn't considered
My own invention (as described on the following pages) was less than a day old and, of course, had never been implemented. By comparison, the details of SYN Cookies were years old and had the benefit of extensive open-source community experimentation and tweaking. So SYN Cookies had evolved some useful improvements that I had never considered, as well as some unnecessary (TCP Option) complications that were not required by my security scanning NanoProbe / RSVP application." http://www.grc.com/r&d/nomoredos.htm ?
--Ministry of Truth 21:58, 15 June 2006 (UTC)
Perfect! --Falcorian (talk) 22:44, 15 June 2006 (UTC)

You're welcome, Falcorian, always glad to oblige ;-) . While we're at it, would you help me find appropriate language to include the following facts into the syncookie story:

With this amount of exposure freely available to anybody interested in the field, Gibsons claim to have independantly re-invented the wheel is, to put it mildly, surprising. How could a NPOV version of this possibly look like ? --Ministry of Truth 00:00, 16 June 2006 (UTC)

[edit] References

It's raining here, and I finally have net access, so I converted all the inline urls to cites. If someone could spell check it, and maybe double check I got the links right, it would be great! --Falcorian (talk) 17:49, 25 June 2006 (UTC)

[edit] Computer Engineer

I've discussed this briefly in Leo Laporte as a side issue and it prompted me to check here, is there any support (or sensible opposition) to stating Steve as a Journalist and dropping the computer engineer description? I'd even favour a Computer Engineering Journalist description. Steve is widely criticised for any of his products or services in computer engineering having been written by ghost writers and has no formal qualifications or notable experience in IT as and of itself. A journalist he may be, a DJ, a internet personality even, but he is not a computer engineer without verifiable education, experience, resultant products or services or something else that points to achievements of any note in the field. Elomis 05:24, 5 September 2006 (UTC)

Well, if you believe Gibson's resumé, he has worked on many projects throughout his career that constitute electrical, computer, and software engineering. We can accuse the guy of padding, but unless there's proof otherwise, there's no reason to call him a charlatan in the article -- he claims to be a computer engineer, and the burden of proof is on us to show that he is not. --AlexWCovington (talk) 06:13, 5 September 2006 (UTC)


Ok. I guess the only way to settle this is to define what the minimum allowable threshold is to declare someone to be anything professionally. I would imagine that having done a year of law school years ago before I dropped out I would be publicly flogged for declaring myself an attorney. That's an example of an industry that has clear guidelines and IT perhaps due to it's infancy has much more lax considerations. I would personally consider Steve Gibson to be an computer engineer under the conditions that he either holds (perferably) or has held, an employment contract stating his title or function as such, held a diploma or higher in a computer engineering related discipline or industry certifications granted by information technology companies in line with their associated educational programs. It is widely accepted that Gibson studied computer engineering, like I studied law and with much the same result (no degree awarded). Gibson's resume available on his website shows no position in his employment history where he was a computer engineer, he was a Director of Engineering at one point, VP of Development at another and beyond that he has held consultative roles. He has in fact held no computer engineering position of a company he did not found personally, and therefore his employment as a computer engineer cannot in my opinion be validated. I have no intention of outting the guy as a charlatan, I just don't think that particular wording of the article is accurate. Elomis 06:57, 5 September 2006 (UTC)

This has been a very contentious point. It was a contentious point when the article called him a "computer expert" rather than a "computer engineer." It will probably still be contentious if it describes him as any number of titles -- Gibson is not universally well-liked in any particular capacity. Feel free to change it if you feel a particular description will play better; I'm not going to be a voice holding back the article. --AlexWCovington (talk) 14:15, 5 September 2006 (UTC)

Ok I don't particularly like him but it's best settled with neutrality, not editing the page into a hate page which is why I checked first. It's been changed to enthusiast which is much easier to verify. Funny thing is I think expert is actually even better than engineer, an engineer is a very specific thing whereas expert probably has a lower burden of proof and can be more subjective (I consider my wife an expert cook, but not a Chef). I think enthusiast describes Steve most accurately. Elomis 20:41, 5 September 2006 (UTC)

Ah! That's something I didn't think of. I was focused on a job description-- I never thought of hobby terms like enthusiast. It works well! --AlexWCovington (talk) 04:02, 6 September 2006 (UTC)

Well, I hate to stir the pot again, but may I suggest that "enthusiast" may not be the best term either? It's very broad and generic, for one thing. (In fact, one could easily argue that Leo, Steve, and the entire audience of the "Security Now!" podcast are "computer enthusiasts." What's needed is some adjective that describes why Steve is hosting the show and not any other random guy (like me) who also calls himself an "enthusiast".) I'd really rather go back to the "engineer" (or "software engineer") description. "Security expert" is probably too contentious to use, which is perhaps understandable since the term conveys a high level of qualification that not everyone wants to concede to Steve. But "software engineer" seems to be a much lower bar to reach. I think it's a fair term to use, especially given that 1) Steve has obviously written a lot of software and 2) gets a significant portion of income from his commercial product "Spinrite". The term "lawyer" (to address an earlier discussion) denotes what a person IS (as certified by a law school), but "software engineer" is more of a description of what one actually DOES. Based on that, I think it's fair for Steve to be described as an "engineer", and not simply an "enthusiast". Motley Fool 17:19, 7 September 2006 (UTC)

I selected it for broadness and for being generic. I honestly (and I think, fairly) assert that the reason Steve Gibson is hosting the technology podcast is not because he is a computer engineer, or enthusiast even, but because he is in some opinions rather good at hosting a technology podcast. He is a technology podcaster, it's what he does and arguably who he is. Security Expert is entirely inappropraite, it is something that is very easily defined and verifiable as someone who is an ISC2 CISSP, someone who has worked for a considerable period of time in the technology security industry as a security expert (and not say, VP of Security Operations), someone who has been awarded Security+ certification by the Computing Technology Industry Association (CompTIA), has made significant public contributions to security industry bodies (Bugtraq, SecurityFocus...) that were widely accepted by those communities as valid and accurate or a combination of any or all of those things. I don't think anyone could objectively and fairly concede any of those to Steve Gibson. Steve hasn't written a lot of software, he contends that he has written a handful (and with opinions that he employed ghostwriters only marginally substantiated) and has not produced anything for some years. SpinRite which is hotly contended as Nadaware (software which doesn't do anything or anything useful)[1] (a program which repairs physical damage to disks?). Even if all of that is misinformation or some sort of vendetta against Gibson, I used to be a 5th grader years ago, I haven't done much 5th grade stuff since so it's inaccurate to call me a 5th grader at this point even if I issue a podcast called "5th Grade Now!". I understand the contention that computer engineer isn't what someone is but is something someone does, Steve Gibson doesn't do it.
  1. ^ http://www.radsoft.net/news/roundups/grc/20060123,00.shtml

Elomis 00:07, 8 September 2006 (UTC)

How about the term "pundit", as in a source of vocal opinion on a subject matter. -- Tomlouie | talk 03:14, 8 September 2006 (UTC)

Works for me after reviewing the definition, doesn't upset fans by inferring that he is not qualified or skilled and doesn't upset me by inferring that any qualification or skill he has is anything but the result of generalised involvement in journalism.

Elomis 07:42, 8 September 2006 (UTC)

I guess what I'm trying to feel around for here is some word that indicates Steve Gibson is more than just a talking head or a random guy who likes to play with computers. Let's think about it in this way - ask yourself "Why do people go to grc.com? What do people want from Steve Gibson?" The answer is "software" (Shields Up, Spinrite, Unplug 'n' Pray, etc.) It's not "technology opinions" or "journalism". I think of John C. Dvorak as a "pundit" - not in a derogatory way, but simply as an acknowledgement that his specialty is opinion technology journalism, not necessarily in diving deep into code, operating systems, etc. Steve certainly has his opinions (e.g. the debate over raw sockets, the origin of the WMF vulnerability, etc.) but his main "gig" is his software. I'm aware of the old feud with John Navas, but I don't think that disqualifies him as being described as a "software engineer". And unless someone can demonstrate that the software on his activity page is fraudulant, I think we have to take him at his word that he actually wrote (and still maintains) that stuff. Finally, I think it's reasonable to ask "What is Steve Gibson's day job?" I don't think he's making any money off his Security Now podcast, so it's probably fair to say that the Steve Gibson Corporation (and related software and/or consulting activites) IS his job. That's far more than "pundit" or "enthusiast", IMHO.

-- Motley Fool 16:31, 8 September 2006 (UTC)

Replying to myself, how about "software developer"? Since GRC is a software development firm, and it's safe to say that Steve has a large part in writing that software, would this not be a fair description of him, while avoiding any more grandiose titles that seem to raise controversy? -- Motley Fool 16:52, 8 September 2006 (UTC)
I don't think I could disagree with you more, and for all the reasons you have stated. I've deliberatley avoided citing John Navas because counter-trolling is trolling but in answer to your statements; I think Steve Gibson is a random guy who likes to play with computers, I think he is a talking head. He's certainly notable enough to have a page on Wikipedia, he's certainly notable enough to have the Securirty Now! podcast but I'd contest that GRC is solely a software product marketing firm and verges on being Steve Gibsons personal homepage.

I'll take software developer as being accurate from an encyclopedic perspective, I honestly believe (along with a wide community) that Gibson has probably not written more than 20 lines of code in his life but anybody with a clue will concede that developing software is not neccessarily writing code. If you agree with me and mine that he didn't write the software, or you agree with others who insist he did, he certainly markets, supports, commentates, manages and version controls the software and according to any sensbile definition that is development of software. I've added it, rather than replaced enthusiast, to the article. I imagine in adding descriptions of him we will wind up with an average that is accurate :-) Elomis 23:06, 10 September 2006 (UTC)

Works for me. -- Motley Fool 17:36, 11 September 2006 (UTC)

[edit] Merge from Gibson Research Corporation

For the discussion see Talk:Gibson Research Corporation#Merge. Greenshed 22:10, 13 September 2006 (UTC)