Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-amd64
Navigation:
Lists: gentoo-amd64: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-amd64@g.o
From: Eric Bliss <eric@...>
Subject: Re: [OT- html posts]
Date: Fri, 9 Dec 2005 17:54:43 -0800
On Friday 09 December 2005 04:17 pm, Bob Young wrote:
> Thank you, that's exactly the point, the major objection is on a *mailing
> list*, the content is much more well defined, each and every message is
> thousands of times less likely to be spam or malware, than any randomly
> selected non-list email.
> 

Yes, but that doesn't change the fact that people have their mail systems set 
to kill ANY HTML mail that they receive.  And again, I ask - once you realize 
that many people are being aggressive in what they block (I for instance, 
never allow my e-mail client to run dynamic content or graphics - or even 
render HTML until I tell it to.), what are you going to be using HTML for??? 
Fonts???  Text Alignment???  It's just not worth the trouble. It doesn't 
serve any useful purpose to send HTML that won't be rendered to people who 
are likely to delete your e-mail just because it has HTML.

> Okay, let's use your numbers, that's an additional 2K * 1000 people, so an
> additional 2 megabytes for each message that crosses the list. Let's say the
> list receives 100 messages in a 24 hour period, in round numbers that's an
> extra 200MB to send out over a 24 hour period, sounds like a lot doesn't it?
> But compared to the bandwidth capacity the server actually has available
> over that 24 hour period, it's probably a low single digit percentage...if
> that.
> 

Except for three things...  
1000 users is quite likely low-balling the figure on almost any mailing list.  
For instance, I think I've got over 100 different people who've posted to 
this list in my e-mail box - and that doesn't even include the silent lurkers 
who are getting copies mailed to them, but that aren't actively posting.

You are also likely to have multiple e-mail lists on a single server.  How 
many different lists are there for gentoo?  I'm subscribed to at least six, 
and they all appear to be coming from the same server.  Look at the number of 
posts to gentoo-user - that's a lot more traffic that this list gets - and 
probably a lot more people subscribed as well.

Lastly - most email clients that send HTML mail actually send TWO copies of 
the mail - one plain text, and one formatted.  The fact that the plain text 
comes first, and can be selected as your primary viewing option is the only 
reason I don't bitch about this topic more often.  But, the effect is to more 
than double the size of every message that gets sent by HTML - 100% of the 
plain text, and another 120% for the HTML (more or less depending on how much 
formatting you use).

Okay, I lied, there's one more point.  It doesn't apply to me, but there are 
plenty of people who it does apply to - not everybody who subscribes to these 
lists has a broadband internet connection.  And depending on how many of 
these lists they subscribe to, and how active they are, the "double size" of 
HTML posts can become a serious problem for their individual connections.

> >Don't argue about why your way is better when it's in clear
> >opposition to the people who make up the community, simply accept that they
> >have reasons for doing things the way they do, and abide by those rules
> when
> >you're in their home.
> 
> This is disappointing. Just blowing off all opposing arguments any, and
> saying it must be done this way, "because we say so" regardless of the
> facts, or validity of opposing argument, is something I'd expect from a
> Microsoft mindset.
> 

No, as I said earlier, and as Duncan just mentioned from Eric Raymond's 
article, it's a matter of respect for the people that you're asking to help 
you.  We're not telling you how to do it no matter where you go (which is the 
Microsoft way), we're only asking you to do this when you talk to us.  And, 
as this is the clear majority opinion of the people who are actually 
providing the support, it falls under the realm of common courtesy (or 
not-so-common, these days) to respect their wishes, since you are the one 
asking for help.  There may be nothing wrong with HTML e-mail in other 
contexts, but as you were saying, the issue here is HTML on this list.  
Following the rules of the community isn't something that's limited to 
e-mail.  "We reserve the right to refuse service to anyone" is a statement 
seen on just about any business you visit.  When you're asking for service, 
there are rules you should follow depending on what you're asking for.  On 
FLOSS lists, one of these rules is "Don't use HTML".


> >So, exactly what would you refer to the Sober Worm attack on Nov. 23 as???
> 3
> >weeks ago is pretty damned recent.
> 
> Two points, first I'd bet that the attack didn't start with a message to an
> email list, much less a Linux oriented list. Second, the number of Linux
> users affected by the Worm was probably zero, so that doesn't seem like a
> very solid reason for prohibiting html on a Linux oriented list
> 

Well, according to the headers on your own e-mail, you're using Microsoft 
Outlook to send your mail.  So you of all people shouldn't assume that just 
because someone is on a Linux list means that they're invulnerable to 
Microsoft security issues.  Some people may administer Linux servers while 
using Windows desktops.  Yes, many people on a Linux list are going to be 
using a Linux desktop, but it's not guaranteed.  There is no rule that says 
that people can't operate on more than one platform.  Indeed as I'm writing 
this on my gentoo laptop, I'm sitting next to a Windows box on my left, and a 
Mac on my right.  I work on a website, so there are times when I need to look 
at how pages are rendering.  I do this in Firefox, PC Internet Explorer, Mac 
Internet Explorer, Safari, Epiphany, and Konqueror.  And I should probably do 
it in a few others as well.

And, while the attack may not have originated on a Linux list, the nature of 
the worm means that it will try to send to a Linux list.  As with most all 
the Sober varients, the worm self-propagates by looking through your address 
book and mailboxes, and sending itself to all the addresses that it harvests.  
So, all it takes is one person having this list address in a Windows box 
(like you're running for instance) to potenially have the worm hitting the 
list servers.  Whether or not the worm will make it past the server depends 
on the list admins - but it's almost guaranteed that the worm has tried to 
mail itself to Linux lists at some point.  And if it's a Linux list server, 
then there's one Linux admin who had to deal with the worm.

> > And as for "objective analysis"...  How
> >many spam filter rules are there that boil down to "It's got HTML/it's got
> >loads of HTML in it - it's probably spam".  I'd call that a fairly
> objective
> >viewpoint.
> 
> It may be objective, that doesn't make it accurate or desirable. Just
> throwing out all html messages as spam is simplistic and lazy, obviously not
> all html messages are spam.
> 

No, but you were claiming that these opinions aren't based on any objective 
analysis - but as those spam filter rules demonstrate, there is sufficient 
basis to believe that an HTML message is MORE LIKELY to be spam.  No, it 
doesn't automatically mean that it is spam, but it's a good indicator of 
POTENTIAL trouble.

> >>  Do you allow html
> >> to be rendered when you browse the web? If so, why is email more
> >> dangerous when your email client can easily be configured to
> >> render html just as safely as your browser?
> 
> 
> >How's about because we can CHOOSE where we go when we browse the web, and
> we
> >can change the settings that we use if we go to sites we don't trust.  But,
> >if you have to work at all with the public at large, you have to accept
> >e-mail from people who's intentions are a complete mystery to you, because
> >you can't know until you read it if it's a legitimate e-mail.  Yes, you can
> >filter out some things that are very obviously spam, but you can't stop
> >everything.
> 
> The issue here is accepting html from a mailing list, the sender of each and
> every message is traceable, at least to a valid email address. Yet your
> argument seems to be that accepting html email from someone who can be
> traced and held accountable, is somehow more dangerous than accessing a web
> page written by someone you know nothing about and may have no way of
> contacting.
> 

No, my point here is that list e-mail is not the only kind of e-mail that 
people who use these filters get.  I have to deal with all kinds of end-users 
on a multitude of platforms.  And if I were having to rely on my Windows box 
to do my mail, there is no way in ANY Underworld that I would want my e-mail 
client to trust every message sent to me.  Even on Linux, I still block out 
all parts of the message except for the raw text until I know what I want to 
do about it.  Many people on this list won't even give it that much latitude 
- they'll send it straight to the trash, since they don't HAVE to read any 
message on the list.  I actually have to at least look at any message that's 
sent to me (other than the exceedingly obvious spam), otherwise I might do 
the exact same thing.

>  It's okay if you want to hold the opinion that "HTML e-mail is a BAD THING"
> just because you have some emotional fondness for plain text. Such fondness
> may be because it's "from the good ole days" and that's fine, but at some
> point we all must let go of the past and embrace change, otherwise we
> stagnate.
> 

My emotional fondness for plain text isn't that "it's from the good ole days", 
it's that "no plain text message ever made my computer crash/get infected".  
Maybe I'm just picky that way.  :-)

> >Sorry for this rant, it's just that I happen to strongly agree with the
> >community here that HTML e-mail is a BAD THING - especially to FLOSS lists.
> 
> It's good to agree with someone, but it's more important to be sure of the
> reasons *why* you agree with them.
> 

Well, there are a number of reasons why I feel the way I do, as you can see.  
Some don't really apply at the moment (I'm not likely to get infected with 
any ActiveX crap while I'm using KMail), but that doesn't mean they won't 
apply to me at other times.

Nothing personal here, just trying to better explain WHY some of us are so 
opposed to HTML in e-mail.

-- 
Eric Bliss
systems design and integration,
CreativeCow.Net
-- 
gentoo-amd64@g.o mailing list


Replies:
RE: [OT- html posts]
-- Bob Young
Re: [OT- html posts]
-- Craig Webster
References:
RE: [OT- html posts]
-- Bob Young
Navigation:
Lists: gentoo-amd64: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
RE: [OT- html posts]
Next by thread:
Re: [OT- html posts]
Previous by date:
RE: [OT- html posts]
Next by date:
Re: [OT- html posts]


Updated Jun 17, 2009

Summary: Archive of the gentoo-amd64 mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.