Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Input methods - again!

lain. writes:

 > Ultimately, anything with internet access can be exploited by a bad
 > actor remotely, and most likely even will.  If you really have to
 > use something like that, you might perhaps mitigate
 > volunerabilities to some extend by network sniffing the program to
 > check on which IP addresses it's listening to, and then block them.

LOL.  Do you take your word salad with french or italian dressing?

Sure, if your threat model extends to the Lazarus Group and NSO, you
want to be that paranoid.  But if you just want to provide a few
simple services to a limited audience, it's not that hard to button

By the way, if you're going to be checking incoming IPs, a static
whitelist is almost certainly easier to implement and more robust than
any dynamic blacklist.  Most of the time that's good enough (unless
you're actually selling those services, but I wasn't talking about
that, I was talking about personal services, maybe just for me, maybe
for a couple hundred students most of whom are inside a firewall --
admittedly a pretty porous firewall with plenty of miscreants inside).

 > Also, SaaS is a scam to make you pay for software you don't own,
 > you don't have control over, and can be taken away from you at any
 > random moment.

That's the business model, yes, but I was talking about the
engineering model.


Home | Main Index | Thread Index