1 |
-----Original Message----- |
2 |
From: news [mailto:news@×××××××××.org]On Behalf Of Duncan |
3 |
Sent: Friday, December 09, 2005 11:26 AM |
4 |
To: gentoo-amd64@l.g.o |
5 |
Subject: [gentoo-amd64] RE: Re: gcc compile failed after 2005.1-r1 |
6 |
instalation [OT- html posts] |
7 |
|
8 |
Bob Young posted <FAEEIJPAOFEMBBLKPMJEAEPIDNAA.BYoung@××××××××××.com>, |
9 |
excerpted below, on Thu, 08 Dec 2005 12:25:21 -0800: |
10 |
|
11 |
>> Even the two reasons listed in the above reply don't stand up very well |
12 |
to |
13 |
>> logical reasoning, it's obvious the OP was neither a spammer nor a |
14 |
malware |
15 |
>> author, filtering all html email on the basis of those two reasons alone |
16 |
is |
17 |
>> akin to throwing out the baby with the bath water. |
18 |
|
19 |
>Not necessarily. Many of us believe two things about HTML mail that color |
20 |
>our attitude toward it. |
21 |
|
22 |
>1) Of all the mail born malware attacks to date, ask yourself how many of |
23 |
>them would have been possible if email hadn't tried to go HTML. Zero, or |
24 |
>very close to it. |
25 |
The result would have been the same if the email client were simply |
26 |
configured to disallow scripting, and prevented from fetching non-local |
27 |
content. |
28 |
|
29 |
>For those of us seriously concerned about security, |
30 |
>that's a huge reason right there, altho admittedly, alone, the benefits |
31 |
>might outweigh it, if a suitably secure parsing method can be found (and |
32 |
>there is such a method, don't fetch any content not in the mail, don't |
33 |
>render any active content, only text, formatting, and images, being a very |
34 |
>good start). |
35 |
|
36 |
So we agree, it's easily possible to configure most modern email clients to |
37 |
render html messages safely. The fact is the security "argument" is weak at |
38 |
best, it had more weight a few years ago, but technology progresses. |
39 |
Opinions and policies should be based on objective evaluation of the true |
40 |
current situation. They should evolve and be modified as things change, not |
41 |
set in stone, never ever to be altered throughout the eons of time. |
42 |
|
43 |
|
44 |
>2) For those with content worth reading, the content is /just/ as worth |
45 |
>reading in plain text. It doesn't need HTML to fancy it up or obscure it. |
46 |
>In fact, those who DO seem to /need/ HTML, don't often seem to have much |
47 |
>worth reading -- the spammers, the crackers, and the AOLer types |
48 |
>that don't even WANT to know how their computer operates, thus being the |
49 |
>ones most likely to be spreading the malware in the /first/ place, |
50 |
>therefore the ones anyone who cares about their security is /least/ |
51 |
>likely to want to have sending them HTML. |
52 |
|
53 |
That's waay too general a statement to be valid, and frankly smacks of a bit |
54 |
of elitism and snobbery. Not everyone who sends html email is a spammer or |
55 |
cracker, and just because someone isn't interested in learning what L2 cache |
56 |
is, doesn't mean they are automatically unworthy of a response to their |
57 |
request for help. |
58 |
|
59 |
|
60 |
>The two factors coupled together, the security issue and the lack of |
61 |
>content that really /needs/ html to be valuable (if it /needs/ it, send a |
62 |
>link, parsing HTML is what BROWSERS are for!), are persuasive enough for |
63 |
>many of us. |
64 |
|
65 |
You're certainly entitled to your opinion, it just seems that the arguments |
66 |
you're basing it on are rooted in the past, and don't allow for the |
67 |
possibility that maybe things are different now, or that your perception is |
68 |
colored by prejudices and generalizations that are incorrect. |
69 |
|
70 |
>Others are free to continue their in our opinion misguided |
71 |
>use, as long as they don't involve us, either in their mail, or in the |
72 |
>DoSs that result when one of their HTML mail spread malware things gets |
73 |
>going! |
74 |
|
75 |
Since many emails are already html, and there hasn't been any wide spread |
76 |
"malware thing" in quite some time, you still don't seem to have a real |
77 |
solid basis for your opinion, at least not one that's based on current |
78 |
facts, and objective analysis. |
79 |
|
80 |
>( Had plain text |
81 |
>remained the rule, all those infections wouldn't have happened, and I'd |
82 |
>likely still be able to run my own mail server and connect to others |
83 |
>directly, so YES, it has affected me!) |
84 |
|
85 |
If we all communicated using Morse code we would be safe also, we don't |
86 |
because there are more convenient and effective methods. Do you allow html |
87 |
to be rendered when you browse the web? If so, why is email more dangerous |
88 |
when your email client can easily be configured to render html just as |
89 |
safely as your browser? |
90 |
|
91 |
Regards |
92 |
Bob Young |
93 |
|
94 |
-- |
95 |
gentoo-amd64@g.o mailing list |