Gentoo Archives: gentoo-amd64

From: Bob Young <BYoung@××××××××××.com>
To: gentoo-amd64@l.g.o
Subject: RE: [gentoo-amd64] RE: Re: gcc compile failed after 2005.1-r1 instalation [OT- html posts]
Date: Fri, 09 Dec 2005 21:17:36
Message-Id: FAEEIJPAOFEMBBLKPMJEAEEJDOAA.BYoung@NuCORETech.com
In Reply to: [gentoo-amd64] RE: Re: gcc compile failed after 2005.1-r1 instalation [OT- html posts] by Duncan <1i5t5.duncan@cox.net>
1 -----Original Message-----
2 From: news [mailto:news@×××××××××.org]On Behalf Of Duncan
3 Sent: Friday, December 09, 2005 11:26 AM
4 To: gentoo-amd64@l.g.o
5 Subject: [gentoo-amd64] RE: Re: gcc compile failed after 2005.1-r1
6 instalation [OT- html posts]
7
8 Bob Young posted <FAEEIJPAOFEMBBLKPMJEAEPIDNAA.BYoung@××××××××××.com>,
9 excerpted below, on Thu, 08 Dec 2005 12:25:21 -0800:
10
11 >> Even the two reasons listed in the above reply don't stand up very well
12 to
13 >> logical reasoning, it's obvious the OP was neither a spammer nor a
14 malware
15 >> author, filtering all html email on the basis of those two reasons alone
16 is
17 >> akin to throwing out the baby with the bath water.
18
19 >Not necessarily. Many of us believe two things about HTML mail that color
20 >our attitude toward it.
21
22 >1) Of all the mail born malware attacks to date, ask yourself how many of
23 >them would have been possible if email hadn't tried to go HTML. Zero, or
24 >very close to it.
25 The result would have been the same if the email client were simply
26 configured to disallow scripting, and prevented from fetching non-local
27 content.
28
29 >For those of us seriously concerned about security,
30 >that's a huge reason right there, altho admittedly, alone, the benefits
31 >might outweigh it, if a suitably secure parsing method can be found (and
32 >there is such a method, don't fetch any content not in the mail, don't
33 >render any active content, only text, formatting, and images, being a very
34 >good start).
35
36 So we agree, it's easily possible to configure most modern email clients to
37 render html messages safely. The fact is the security "argument" is weak at
38 best, it had more weight a few years ago, but technology progresses.
39 Opinions and policies should be based on objective evaluation of the true
40 current situation. They should evolve and be modified as things change, not
41 set in stone, never ever to be altered throughout the eons of time.
42
43
44 >2) For those with content worth reading, the content is /just/ as worth
45 >reading in plain text. It doesn't need HTML to fancy it up or obscure it.
46 >In fact, those who DO seem to /need/ HTML, don't often seem to have much
47 >worth reading -- the spammers, the crackers, and the AOLer types
48 >that don't even WANT to know how their computer operates, thus being the
49 >ones most likely to be spreading the malware in the /first/ place,
50 >therefore the ones anyone who cares about their security is /least/
51 >likely to want to have sending them HTML.
52
53 That's waay too general a statement to be valid, and frankly smacks of a bit
54 of elitism and snobbery. Not everyone who sends html email is a spammer or
55 cracker, and just because someone isn't interested in learning what L2 cache
56 is, doesn't mean they are automatically unworthy of a response to their
57 request for help.
58
59
60 >The two factors coupled together, the security issue and the lack of
61 >content that really /needs/ html to be valuable (if it /needs/ it, send a
62 >link, parsing HTML is what BROWSERS are for!), are persuasive enough for
63 >many of us.
64
65 You're certainly entitled to your opinion, it just seems that the arguments
66 you're basing it on are rooted in the past, and don't allow for the
67 possibility that maybe things are different now, or that your perception is
68 colored by prejudices and generalizations that are incorrect.
69
70 >Others are free to continue their in our opinion misguided
71 >use, as long as they don't involve us, either in their mail, or in the
72 >DoSs that result when one of their HTML mail spread malware things gets
73 >going!
74
75 Since many emails are already html, and there hasn't been any wide spread
76 "malware thing" in quite some time, you still don't seem to have a real
77 solid basis for your opinion, at least not one that's based on current
78 facts, and objective analysis.
79
80 >( Had plain text
81 >remained the rule, all those infections wouldn't have happened, and I'd
82 >likely still be able to run my own mail server and connect to others
83 >directly, so YES, it has affected me!)
84
85 If we all communicated using Morse code we would be safe also, we don't
86 because there are more convenient and effective methods. Do you allow html
87 to be rendered when you browse the web? If so, why is email more dangerous
88 when your email client can easily be configured to render html just as
89 safely as your browser?
90
91 Regards
92 Bob Young
93
94 --
95 gentoo-amd64@g.o mailing list

Replies

Subject Author
Re: [gentoo-amd64] [OT- html posts] Eric Bliss <eric@×××××××××××.net>
[gentoo-amd64] RE: RE: Re: gcc compile failed after 2005.1-r1 instalation [OT- html posts] Duncan <1i5t5.duncan@×××.net>