| 1 |
On Friday 09 December 2005 04:17 pm, Bob Young wrote: |
| 2 |
> Thank you, that's exactly the point, the major objection is on a *mailing |
| 3 |
> list*, the content is much more well defined, each and every message is |
| 4 |
> thousands of times less likely to be spam or malware, than any randomly |
| 5 |
> selected non-list email. |
| 6 |
> |
| 7 |
|
| 8 |
Yes, but that doesn't change the fact that people have their mail systems set |
| 9 |
to kill ANY HTML mail that they receive. And again, I ask - once you realize |
| 10 |
that many people are being aggressive in what they block (I for instance, |
| 11 |
never allow my e-mail client to run dynamic content or graphics - or even |
| 12 |
render HTML until I tell it to.), what are you going to be using HTML for??? |
| 13 |
Fonts??? Text Alignment??? It's just not worth the trouble. It doesn't |
| 14 |
serve any useful purpose to send HTML that won't be rendered to people who |
| 15 |
are likely to delete your e-mail just because it has HTML. |
| 16 |
|
| 17 |
> Okay, let's use your numbers, that's an additional 2K * 1000 people, so an |
| 18 |
> additional 2 megabytes for each message that crosses the list. Let's say the |
| 19 |
> list receives 100 messages in a 24 hour period, in round numbers that's an |
| 20 |
> extra 200MB to send out over a 24 hour period, sounds like a lot doesn't it? |
| 21 |
> But compared to the bandwidth capacity the server actually has available |
| 22 |
> over that 24 hour period, it's probably a low single digit percentage...if |
| 23 |
> that. |
| 24 |
> |
| 25 |
|
| 26 |
Except for three things... |
| 27 |
1000 users is quite likely low-balling the figure on almost any mailing list. |
| 28 |
For instance, I think I've got over 100 different people who've posted to |
| 29 |
this list in my e-mail box - and that doesn't even include the silent lurkers |
| 30 |
who are getting copies mailed to them, but that aren't actively posting. |
| 31 |
|
| 32 |
You are also likely to have multiple e-mail lists on a single server. How |
| 33 |
many different lists are there for gentoo? I'm subscribed to at least six, |
| 34 |
and they all appear to be coming from the same server. Look at the number of |
| 35 |
posts to gentoo-user - that's a lot more traffic that this list gets - and |
| 36 |
probably a lot more people subscribed as well. |
| 37 |
|
| 38 |
Lastly - most email clients that send HTML mail actually send TWO copies of |
| 39 |
the mail - one plain text, and one formatted. The fact that the plain text |
| 40 |
comes first, and can be selected as your primary viewing option is the only |
| 41 |
reason I don't bitch about this topic more often. But, the effect is to more |
| 42 |
than double the size of every message that gets sent by HTML - 100% of the |
| 43 |
plain text, and another 120% for the HTML (more or less depending on how much |
| 44 |
formatting you use). |
| 45 |
|
| 46 |
Okay, I lied, there's one more point. It doesn't apply to me, but there are |
| 47 |
plenty of people who it does apply to - not everybody who subscribes to these |
| 48 |
lists has a broadband internet connection. And depending on how many of |
| 49 |
these lists they subscribe to, and how active they are, the "double size" of |
| 50 |
HTML posts can become a serious problem for their individual connections. |
| 51 |
|
| 52 |
> >Don't argue about why your way is better when it's in clear |
| 53 |
> >opposition to the people who make up the community, simply accept that they |
| 54 |
> >have reasons for doing things the way they do, and abide by those rules |
| 55 |
> when |
| 56 |
> >you're in their home. |
| 57 |
> |
| 58 |
> This is disappointing. Just blowing off all opposing arguments any, and |
| 59 |
> saying it must be done this way, "because we say so" regardless of the |
| 60 |
> facts, or validity of opposing argument, is something I'd expect from a |
| 61 |
> Microsoft mindset. |
| 62 |
> |
| 63 |
|
| 64 |
No, as I said earlier, and as Duncan just mentioned from Eric Raymond's |
| 65 |
article, it's a matter of respect for the people that you're asking to help |
| 66 |
you. We're not telling you how to do it no matter where you go (which is the |
| 67 |
Microsoft way), we're only asking you to do this when you talk to us. And, |
| 68 |
as this is the clear majority opinion of the people who are actually |
| 69 |
providing the support, it falls under the realm of common courtesy (or |
| 70 |
not-so-common, these days) to respect their wishes, since you are the one |
| 71 |
asking for help. There may be nothing wrong with HTML e-mail in other |
| 72 |
contexts, but as you were saying, the issue here is HTML on this list. |
| 73 |
Following the rules of the community isn't something that's limited to |
| 74 |
e-mail. "We reserve the right to refuse service to anyone" is a statement |
| 75 |
seen on just about any business you visit. When you're asking for service, |
| 76 |
there are rules you should follow depending on what you're asking for. On |
| 77 |
FLOSS lists, one of these rules is "Don't use HTML". |
| 78 |
|
| 79 |
|
| 80 |
> >So, exactly what would you refer to the Sober Worm attack on Nov. 23 as??? |
| 81 |
> 3 |
| 82 |
> >weeks ago is pretty damned recent. |
| 83 |
> |
| 84 |
> Two points, first I'd bet that the attack didn't start with a message to an |
| 85 |
> email list, much less a Linux oriented list. Second, the number of Linux |
| 86 |
> users affected by the Worm was probably zero, so that doesn't seem like a |
| 87 |
> very solid reason for prohibiting html on a Linux oriented list |
| 88 |
> |
| 89 |
|
| 90 |
Well, according to the headers on your own e-mail, you're using Microsoft |
| 91 |
Outlook to send your mail. So you of all people shouldn't assume that just |
| 92 |
because someone is on a Linux list means that they're invulnerable to |
| 93 |
Microsoft security issues. Some people may administer Linux servers while |
| 94 |
using Windows desktops. Yes, many people on a Linux list are going to be |
| 95 |
using a Linux desktop, but it's not guaranteed. There is no rule that says |
| 96 |
that people can't operate on more than one platform. Indeed as I'm writing |
| 97 |
this on my gentoo laptop, I'm sitting next to a Windows box on my left, and a |
| 98 |
Mac on my right. I work on a website, so there are times when I need to look |
| 99 |
at how pages are rendering. I do this in Firefox, PC Internet Explorer, Mac |
| 100 |
Internet Explorer, Safari, Epiphany, and Konqueror. And I should probably do |
| 101 |
it in a few others as well. |
| 102 |
|
| 103 |
And, while the attack may not have originated on a Linux list, the nature of |
| 104 |
the worm means that it will try to send to a Linux list. As with most all |
| 105 |
the Sober varients, the worm self-propagates by looking through your address |
| 106 |
book and mailboxes, and sending itself to all the addresses that it harvests. |
| 107 |
So, all it takes is one person having this list address in a Windows box |
| 108 |
(like you're running for instance) to potenially have the worm hitting the |
| 109 |
list servers. Whether or not the worm will make it past the server depends |
| 110 |
on the list admins - but it's almost guaranteed that the worm has tried to |
| 111 |
mail itself to Linux lists at some point. And if it's a Linux list server, |
| 112 |
then there's one Linux admin who had to deal with the worm. |
| 113 |
|
| 114 |
> > And as for "objective analysis"... How |
| 115 |
> >many spam filter rules are there that boil down to "It's got HTML/it's got |
| 116 |
> >loads of HTML in it - it's probably spam". I'd call that a fairly |
| 117 |
> objective |
| 118 |
> >viewpoint. |
| 119 |
> |
| 120 |
> It may be objective, that doesn't make it accurate or desirable. Just |
| 121 |
> throwing out all html messages as spam is simplistic and lazy, obviously not |
| 122 |
> all html messages are spam. |
| 123 |
> |
| 124 |
|
| 125 |
No, but you were claiming that these opinions aren't based on any objective |
| 126 |
analysis - but as those spam filter rules demonstrate, there is sufficient |
| 127 |
basis to believe that an HTML message is MORE LIKELY to be spam. No, it |
| 128 |
doesn't automatically mean that it is spam, but it's a good indicator of |
| 129 |
POTENTIAL trouble. |
| 130 |
|
| 131 |
> >> Do you allow html |
| 132 |
> >> to be rendered when you browse the web? If so, why is email more |
| 133 |
> >> dangerous when your email client can easily be configured to |
| 134 |
> >> render html just as safely as your browser? |
| 135 |
> |
| 136 |
> |
| 137 |
> >How's about because we can CHOOSE where we go when we browse the web, and |
| 138 |
> we |
| 139 |
> >can change the settings that we use if we go to sites we don't trust. But, |
| 140 |
> >if you have to work at all with the public at large, you have to accept |
| 141 |
> >e-mail from people who's intentions are a complete mystery to you, because |
| 142 |
> >you can't know until you read it if it's a legitimate e-mail. Yes, you can |
| 143 |
> >filter out some things that are very obviously spam, but you can't stop |
| 144 |
> >everything. |
| 145 |
> |
| 146 |
> The issue here is accepting html from a mailing list, the sender of each and |
| 147 |
> every message is traceable, at least to a valid email address. Yet your |
| 148 |
> argument seems to be that accepting html email from someone who can be |
| 149 |
> traced and held accountable, is somehow more dangerous than accessing a web |
| 150 |
> page written by someone you know nothing about and may have no way of |
| 151 |
> contacting. |
| 152 |
> |
| 153 |
|
| 154 |
No, my point here is that list e-mail is not the only kind of e-mail that |
| 155 |
people who use these filters get. I have to deal with all kinds of end-users |
| 156 |
on a multitude of platforms. And if I were having to rely on my Windows box |
| 157 |
to do my mail, there is no way in ANY Underworld that I would want my e-mail |
| 158 |
client to trust every message sent to me. Even on Linux, I still block out |
| 159 |
all parts of the message except for the raw text until I know what I want to |
| 160 |
do about it. Many people on this list won't even give it that much latitude |
| 161 |
- they'll send it straight to the trash, since they don't HAVE to read any |
| 162 |
message on the list. I actually have to at least look at any message that's |
| 163 |
sent to me (other than the exceedingly obvious spam), otherwise I might do |
| 164 |
the exact same thing. |
| 165 |
|
| 166 |
> It's okay if you want to hold the opinion that "HTML e-mail is a BAD THING" |
| 167 |
> just because you have some emotional fondness for plain text. Such fondness |
| 168 |
> may be because it's "from the good ole days" and that's fine, but at some |
| 169 |
> point we all must let go of the past and embrace change, otherwise we |
| 170 |
> stagnate. |
| 171 |
> |
| 172 |
|
| 173 |
My emotional fondness for plain text isn't that "it's from the good ole days", |
| 174 |
it's that "no plain text message ever made my computer crash/get infected". |
| 175 |
Maybe I'm just picky that way. :-) |
| 176 |
|
| 177 |
> >Sorry for this rant, it's just that I happen to strongly agree with the |
| 178 |
> >community here that HTML e-mail is a BAD THING - especially to FLOSS lists. |
| 179 |
> |
| 180 |
> It's good to agree with someone, but it's more important to be sure of the |
| 181 |
> reasons *why* you agree with them. |
| 182 |
> |
| 183 |
|
| 184 |
Well, there are a number of reasons why I feel the way I do, as you can see. |
| 185 |
Some don't really apply at the moment (I'm not likely to get infected with |
| 186 |
any ActiveX crap while I'm using KMail), but that doesn't mean they won't |
| 187 |
apply to me at other times. |
| 188 |
|
| 189 |
Nothing personal here, just trying to better explain WHY some of us are so |
| 190 |
opposed to HTML in e-mail. |
| 191 |
|
| 192 |
-- |
| 193 |
Eric Bliss |
| 194 |
systems design and integration, |
| 195 |
CreativeCow.Net |
| 196 |
-- |
| 197 |
gentoo-amd64@g.o mailing list |
Archives