[oclug] HTML email, redux
David F. Skoll
dfs at roaringpenguin.com
Fri Feb 9 17:22:23 EST 2001
On Fri, 9 Feb 2001, Shad Young wrote:
> 1. These issues affect client programs and are easily resolved...
Really? How?
> 2. These issues are also exploits of windows based applications not
> linux.
No; Netscape (bad news; even Netscape 4.76) has a buffer-overflow problem
with it's HTML parser. (NO Javascript required.)
> 1. Irrespective of the media used exploits will be found and used by
> those persons who delight in cracking other's systems and or invading
> other people's privacy. This is not stoppable and assuming it is is
> naive.
Except that plain-text mailers have been around for 30 years, are well
understood and easy to implement. Complexity is the enemy of security.
> 2. Linux and its users should be working to provide both a "rich" and
> "secure" computing environment.
Why is that? Why is "rich" (i.e. "bloated") better than "minimalist"?
It's a matter of taste.
> And while persons like Mr. Skoll may not think usability is
> important, the rest of the world does. One must balance security with
> reason.
How does HTML make e-mail more "usable" than plain text? That's what
no-one has ever explained to me.
It seems to me that an e-mail format which is readable on fancy
graphical e-mail clients, simple character-based clients, cell phones,
PDA's and RIM pagers is far more "usable" than one which requires
extra space and can be rendered correctly on a much narrower category
of devices.
--
David.
More information about the OCLUG
mailing list