1 |
On Friday 09 December 2005 04:17 pm, Bob Young wrote: |
2 |
> Thank you, that's exactly the point, the major objection is on a *mailing |
3 |
> list*, the content is much more well defined, each and every message is |
4 |
> thousands of times less likely to be spam or malware, than any randomly |
5 |
> selected non-list email. |
6 |
> |
7 |
|
8 |
Yes, but that doesn't change the fact that people have their mail systems set |
9 |
to kill ANY HTML mail that they receive. And again, I ask - once you realize |
10 |
that many people are being aggressive in what they block (I for instance, |
11 |
never allow my e-mail client to run dynamic content or graphics - or even |
12 |
render HTML until I tell it to.), what are you going to be using HTML for??? |
13 |
Fonts??? Text Alignment??? It's just not worth the trouble. It doesn't |
14 |
serve any useful purpose to send HTML that won't be rendered to people who |
15 |
are likely to delete your e-mail just because it has HTML. |
16 |
|
17 |
> Okay, let's use your numbers, that's an additional 2K * 1000 people, so an |
18 |
> additional 2 megabytes for each message that crosses the list. Let's say the |
19 |
> list receives 100 messages in a 24 hour period, in round numbers that's an |
20 |
> extra 200MB to send out over a 24 hour period, sounds like a lot doesn't it? |
21 |
> But compared to the bandwidth capacity the server actually has available |
22 |
> over that 24 hour period, it's probably a low single digit percentage...if |
23 |
> that. |
24 |
> |
25 |
|
26 |
Except for three things... |
27 |
1000 users is quite likely low-balling the figure on almost any mailing list. |
28 |
For instance, I think I've got over 100 different people who've posted to |
29 |
this list in my e-mail box - and that doesn't even include the silent lurkers |
30 |
who are getting copies mailed to them, but that aren't actively posting. |
31 |
|
32 |
You are also likely to have multiple e-mail lists on a single server. How |
33 |
many different lists are there for gentoo? I'm subscribed to at least six, |
34 |
and they all appear to be coming from the same server. Look at the number of |
35 |
posts to gentoo-user - that's a lot more traffic that this list gets - and |
36 |
probably a lot more people subscribed as well. |
37 |
|
38 |
Lastly - most email clients that send HTML mail actually send TWO copies of |
39 |
the mail - one plain text, and one formatted. The fact that the plain text |
40 |
comes first, and can be selected as your primary viewing option is the only |
41 |
reason I don't bitch about this topic more often. But, the effect is to more |
42 |
than double the size of every message that gets sent by HTML - 100% of the |
43 |
plain text, and another 120% for the HTML (more or less depending on how much |
44 |
formatting you use). |
45 |
|
46 |
Okay, I lied, there's one more point. It doesn't apply to me, but there are |
47 |
plenty of people who it does apply to - not everybody who subscribes to these |
48 |
lists has a broadband internet connection. And depending on how many of |
49 |
these lists they subscribe to, and how active they are, the "double size" of |
50 |
HTML posts can become a serious problem for their individual connections. |
51 |
|
52 |
> >Don't argue about why your way is better when it's in clear |
53 |
> >opposition to the people who make up the community, simply accept that they |
54 |
> >have reasons for doing things the way they do, and abide by those rules |
55 |
> when |
56 |
> >you're in their home. |
57 |
> |
58 |
> This is disappointing. Just blowing off all opposing arguments any, and |
59 |
> saying it must be done this way, "because we say so" regardless of the |
60 |
> facts, or validity of opposing argument, is something I'd expect from a |
61 |
> Microsoft mindset. |
62 |
> |
63 |
|
64 |
No, as I said earlier, and as Duncan just mentioned from Eric Raymond's |
65 |
article, it's a matter of respect for the people that you're asking to help |
66 |
you. We're not telling you how to do it no matter where you go (which is the |
67 |
Microsoft way), we're only asking you to do this when you talk to us. And, |
68 |
as this is the clear majority opinion of the people who are actually |
69 |
providing the support, it falls under the realm of common courtesy (or |
70 |
not-so-common, these days) to respect their wishes, since you are the one |
71 |
asking for help. There may be nothing wrong with HTML e-mail in other |
72 |
contexts, but as you were saying, the issue here is HTML on this list. |
73 |
Following the rules of the community isn't something that's limited to |
74 |
e-mail. "We reserve the right to refuse service to anyone" is a statement |
75 |
seen on just about any business you visit. When you're asking for service, |
76 |
there are rules you should follow depending on what you're asking for. On |
77 |
FLOSS lists, one of these rules is "Don't use HTML". |
78 |
|
79 |
|
80 |
> >So, exactly what would you refer to the Sober Worm attack on Nov. 23 as??? |
81 |
> 3 |
82 |
> >weeks ago is pretty damned recent. |
83 |
> |
84 |
> Two points, first I'd bet that the attack didn't start with a message to an |
85 |
> email list, much less a Linux oriented list. Second, the number of Linux |
86 |
> users affected by the Worm was probably zero, so that doesn't seem like a |
87 |
> very solid reason for prohibiting html on a Linux oriented list |
88 |
> |
89 |
|
90 |
Well, according to the headers on your own e-mail, you're using Microsoft |
91 |
Outlook to send your mail. So you of all people shouldn't assume that just |
92 |
because someone is on a Linux list means that they're invulnerable to |
93 |
Microsoft security issues. Some people may administer Linux servers while |
94 |
using Windows desktops. Yes, many people on a Linux list are going to be |
95 |
using a Linux desktop, but it's not guaranteed. There is no rule that says |
96 |
that people can't operate on more than one platform. Indeed as I'm writing |
97 |
this on my gentoo laptop, I'm sitting next to a Windows box on my left, and a |
98 |
Mac on my right. I work on a website, so there are times when I need to look |
99 |
at how pages are rendering. I do this in Firefox, PC Internet Explorer, Mac |
100 |
Internet Explorer, Safari, Epiphany, and Konqueror. And I should probably do |
101 |
it in a few others as well. |
102 |
|
103 |
And, while the attack may not have originated on a Linux list, the nature of |
104 |
the worm means that it will try to send to a Linux list. As with most all |
105 |
the Sober varients, the worm self-propagates by looking through your address |
106 |
book and mailboxes, and sending itself to all the addresses that it harvests. |
107 |
So, all it takes is one person having this list address in a Windows box |
108 |
(like you're running for instance) to potenially have the worm hitting the |
109 |
list servers. Whether or not the worm will make it past the server depends |
110 |
on the list admins - but it's almost guaranteed that the worm has tried to |
111 |
mail itself to Linux lists at some point. And if it's a Linux list server, |
112 |
then there's one Linux admin who had to deal with the worm. |
113 |
|
114 |
> > And as for "objective analysis"... How |
115 |
> >many spam filter rules are there that boil down to "It's got HTML/it's got |
116 |
> >loads of HTML in it - it's probably spam". I'd call that a fairly |
117 |
> objective |
118 |
> >viewpoint. |
119 |
> |
120 |
> It may be objective, that doesn't make it accurate or desirable. Just |
121 |
> throwing out all html messages as spam is simplistic and lazy, obviously not |
122 |
> all html messages are spam. |
123 |
> |
124 |
|
125 |
No, but you were claiming that these opinions aren't based on any objective |
126 |
analysis - but as those spam filter rules demonstrate, there is sufficient |
127 |
basis to believe that an HTML message is MORE LIKELY to be spam. No, it |
128 |
doesn't automatically mean that it is spam, but it's a good indicator of |
129 |
POTENTIAL trouble. |
130 |
|
131 |
> >> Do you allow html |
132 |
> >> to be rendered when you browse the web? If so, why is email more |
133 |
> >> dangerous when your email client can easily be configured to |
134 |
> >> render html just as safely as your browser? |
135 |
> |
136 |
> |
137 |
> >How's about because we can CHOOSE where we go when we browse the web, and |
138 |
> we |
139 |
> >can change the settings that we use if we go to sites we don't trust. But, |
140 |
> >if you have to work at all with the public at large, you have to accept |
141 |
> >e-mail from people who's intentions are a complete mystery to you, because |
142 |
> >you can't know until you read it if it's a legitimate e-mail. Yes, you can |
143 |
> >filter out some things that are very obviously spam, but you can't stop |
144 |
> >everything. |
145 |
> |
146 |
> The issue here is accepting html from a mailing list, the sender of each and |
147 |
> every message is traceable, at least to a valid email address. Yet your |
148 |
> argument seems to be that accepting html email from someone who can be |
149 |
> traced and held accountable, is somehow more dangerous than accessing a web |
150 |
> page written by someone you know nothing about and may have no way of |
151 |
> contacting. |
152 |
> |
153 |
|
154 |
No, my point here is that list e-mail is not the only kind of e-mail that |
155 |
people who use these filters get. I have to deal with all kinds of end-users |
156 |
on a multitude of platforms. And if I were having to rely on my Windows box |
157 |
to do my mail, there is no way in ANY Underworld that I would want my e-mail |
158 |
client to trust every message sent to me. Even on Linux, I still block out |
159 |
all parts of the message except for the raw text until I know what I want to |
160 |
do about it. Many people on this list won't even give it that much latitude |
161 |
- they'll send it straight to the trash, since they don't HAVE to read any |
162 |
message on the list. I actually have to at least look at any message that's |
163 |
sent to me (other than the exceedingly obvious spam), otherwise I might do |
164 |
the exact same thing. |
165 |
|
166 |
> It's okay if you want to hold the opinion that "HTML e-mail is a BAD THING" |
167 |
> just because you have some emotional fondness for plain text. Such fondness |
168 |
> may be because it's "from the good ole days" and that's fine, but at some |
169 |
> point we all must let go of the past and embrace change, otherwise we |
170 |
> stagnate. |
171 |
> |
172 |
|
173 |
My emotional fondness for plain text isn't that "it's from the good ole days", |
174 |
it's that "no plain text message ever made my computer crash/get infected". |
175 |
Maybe I'm just picky that way. :-) |
176 |
|
177 |
> >Sorry for this rant, it's just that I happen to strongly agree with the |
178 |
> >community here that HTML e-mail is a BAD THING - especially to FLOSS lists. |
179 |
> |
180 |
> It's good to agree with someone, but it's more important to be sure of the |
181 |
> reasons *why* you agree with them. |
182 |
> |
183 |
|
184 |
Well, there are a number of reasons why I feel the way I do, as you can see. |
185 |
Some don't really apply at the moment (I'm not likely to get infected with |
186 |
any ActiveX crap while I'm using KMail), but that doesn't mean they won't |
187 |
apply to me at other times. |
188 |
|
189 |
Nothing personal here, just trying to better explain WHY some of us are so |
190 |
opposed to HTML in e-mail. |
191 |
|
192 |
-- |
193 |
Eric Bliss |
194 |
systems design and integration, |
195 |
CreativeCow.Net |
196 |
-- |
197 |
gentoo-amd64@g.o mailing list |