Gentoo Archives: gentoo-amd64

From: Eric Bliss <eric@×××××××××××.net>
To: gentoo-amd64@l.g.o
Subject: Re: [gentoo-amd64] [OT- html posts]
Date: Sat, 10 Dec 2005 01:58:57
In Reply to: RE: [gentoo-amd64] [OT- html posts] by Bob Young
On Friday 09 December 2005 04:17 pm, Bob Young wrote:
> Thank you, that's exactly the point, the major objection is on a *mailing > list*, the content is much more well defined, each and every message is > thousands of times less likely to be spam or malware, than any randomly > selected non-list email. >
Yes, but that doesn't change the fact that people have their mail systems set to kill ANY HTML mail that they receive. And again, I ask - once you realize that many people are being aggressive in what they block (I for instance, never allow my e-mail client to run dynamic content or graphics - or even render HTML until I tell it to.), what are you going to be using HTML for??? Fonts??? Text Alignment??? It's just not worth the trouble. It doesn't serve any useful purpose to send HTML that won't be rendered to people who are likely to delete your e-mail just because it has HTML.
> Okay, let's use your numbers, that's an additional 2K * 1000 people, so an > additional 2 megabytes for each message that crosses the list. Let's say the > list receives 100 messages in a 24 hour period, in round numbers that's an > extra 200MB to send out over a 24 hour period, sounds like a lot doesn't it? > But compared to the bandwidth capacity the server actually has available > over that 24 hour period, it's probably a low single digit percentage...if > that. >
Except for three things... 1000 users is quite likely low-balling the figure on almost any mailing list. For instance, I think I've got over 100 different people who've posted to this list in my e-mail box - and that doesn't even include the silent lurkers who are getting copies mailed to them, but that aren't actively posting. You are also likely to have multiple e-mail lists on a single server. How many different lists are there for gentoo? I'm subscribed to at least six, and they all appear to be coming from the same server. Look at the number of posts to gentoo-user - that's a lot more traffic that this list gets - and probably a lot more people subscribed as well. Lastly - most email clients that send HTML mail actually send TWO copies of the mail - one plain text, and one formatted. The fact that the plain text comes first, and can be selected as your primary viewing option is the only reason I don't bitch about this topic more often. But, the effect is to more than double the size of every message that gets sent by HTML - 100% of the plain text, and another 120% for the HTML (more or less depending on how much formatting you use). Okay, I lied, there's one more point. It doesn't apply to me, but there are plenty of people who it does apply to - not everybody who subscribes to these lists has a broadband internet connection. And depending on how many of these lists they subscribe to, and how active they are, the "double size" of HTML posts can become a serious problem for their individual connections.
> >Don't argue about why your way is better when it's in clear > >opposition to the people who make up the community, simply accept that they > >have reasons for doing things the way they do, and abide by those rules > when > >you're in their home. > > This is disappointing. Just blowing off all opposing arguments any, and > saying it must be done this way, "because we say so" regardless of the > facts, or validity of opposing argument, is something I'd expect from a > Microsoft mindset. >
No, as I said earlier, and as Duncan just mentioned from Eric Raymond's article, it's a matter of respect for the people that you're asking to help you. We're not telling you how to do it no matter where you go (which is the Microsoft way), we're only asking you to do this when you talk to us. And, as this is the clear majority opinion of the people who are actually providing the support, it falls under the realm of common courtesy (or not-so-common, these days) to respect their wishes, since you are the one asking for help. There may be nothing wrong with HTML e-mail in other contexts, but as you were saying, the issue here is HTML on this list. Following the rules of the community isn't something that's limited to e-mail. "We reserve the right to refuse service to anyone" is a statement seen on just about any business you visit. When you're asking for service, there are rules you should follow depending on what you're asking for. On FLOSS lists, one of these rules is "Don't use HTML".
> >So, exactly what would you refer to the Sober Worm attack on Nov. 23 as??? > 3 > >weeks ago is pretty damned recent. > > Two points, first I'd bet that the attack didn't start with a message to an > email list, much less a Linux oriented list. Second, the number of Linux > users affected by the Worm was probably zero, so that doesn't seem like a > very solid reason for prohibiting html on a Linux oriented list >
Well, according to the headers on your own e-mail, you're using Microsoft Outlook to send your mail. So you of all people shouldn't assume that just because someone is on a Linux list means that they're invulnerable to Microsoft security issues. Some people may administer Linux servers while using Windows desktops. Yes, many people on a Linux list are going to be using a Linux desktop, but it's not guaranteed. There is no rule that says that people can't operate on more than one platform. Indeed as I'm writing this on my gentoo laptop, I'm sitting next to a Windows box on my left, and a Mac on my right. I work on a website, so there are times when I need to look at how pages are rendering. I do this in Firefox, PC Internet Explorer, Mac Internet Explorer, Safari, Epiphany, and Konqueror. And I should probably do it in a few others as well. And, while the attack may not have originated on a Linux list, the nature of the worm means that it will try to send to a Linux list. As with most all the Sober varients, the worm self-propagates by looking through your address book and mailboxes, and sending itself to all the addresses that it harvests. So, all it takes is one person having this list address in a Windows box (like you're running for instance) to potenially have the worm hitting the list servers. Whether or not the worm will make it past the server depends on the list admins - but it's almost guaranteed that the worm has tried to mail itself to Linux lists at some point. And if it's a Linux list server, then there's one Linux admin who had to deal with the worm.
> > And as for "objective analysis"... How > >many spam filter rules are there that boil down to "It's got HTML/it's got > >loads of HTML in it - it's probably spam". I'd call that a fairly > objective > >viewpoint. > > It may be objective, that doesn't make it accurate or desirable. Just > throwing out all html messages as spam is simplistic and lazy, obviously not > all html messages are spam. >
No, but you were claiming that these opinions aren't based on any objective analysis - but as those spam filter rules demonstrate, there is sufficient basis to believe that an HTML message is MORE LIKELY to be spam. No, it doesn't automatically mean that it is spam, but it's a good indicator of POTENTIAL trouble.
> >> Do you allow html > >> to be rendered when you browse the web? If so, why is email more > >> dangerous when your email client can easily be configured to > >> render html just as safely as your browser? > > > >How's about because we can CHOOSE where we go when we browse the web, and > we > >can change the settings that we use if we go to sites we don't trust. But, > >if you have to work at all with the public at large, you have to accept > >e-mail from people who's intentions are a complete mystery to you, because > >you can't know until you read it if it's a legitimate e-mail. Yes, you can > >filter out some things that are very obviously spam, but you can't stop > >everything. > > The issue here is accepting html from a mailing list, the sender of each and > every message is traceable, at least to a valid email address. Yet your > argument seems to be that accepting html email from someone who can be > traced and held accountable, is somehow more dangerous than accessing a web > page written by someone you know nothing about and may have no way of > contacting. >
No, my point here is that list e-mail is not the only kind of e-mail that people who use these filters get. I have to deal with all kinds of end-users on a multitude of platforms. And if I were having to rely on my Windows box to do my mail, there is no way in ANY Underworld that I would want my e-mail client to trust every message sent to me. Even on Linux, I still block out all parts of the message except for the raw text until I know what I want to do about it. Many people on this list won't even give it that much latitude - they'll send it straight to the trash, since they don't HAVE to read any message on the list. I actually have to at least look at any message that's sent to me (other than the exceedingly obvious spam), otherwise I might do the exact same thing.
> It's okay if you want to hold the opinion that "HTML e-mail is a BAD THING" > just because you have some emotional fondness for plain text. Such fondness > may be because it's "from the good ole days" and that's fine, but at some > point we all must let go of the past and embrace change, otherwise we > stagnate. >
My emotional fondness for plain text isn't that "it's from the good ole days", it's that "no plain text message ever made my computer crash/get infected". Maybe I'm just picky that way. :-)
> >Sorry for this rant, it's just that I happen to strongly agree with the > >community here that HTML e-mail is a BAD THING - especially to FLOSS lists. > > It's good to agree with someone, but it's more important to be sure of the > reasons *why* you agree with them. >
Well, there are a number of reasons why I feel the way I do, as you can see. Some don't really apply at the moment (I'm not likely to get infected with any ActiveX crap while I'm using KMail), but that doesn't mean they won't apply to me at other times. Nothing personal here, just trying to better explain WHY some of us are so opposed to HTML in e-mail. -- Eric Bliss systems design and integration, CreativeCow.Net -- gentoo-amd64@g.o mailing list


Subject Author
Re: [gentoo-amd64] [OT- html posts] Craig Webster <craig@××××××.net>
RE: [gentoo-amd64] [OT- html posts] Bob Young <BYoung@××××××××××.com>