On Mon, 2003-02-03 at 10:30, Tim van Erven wrote: > On Mon, 03/02/2003 04:42 -0800, Alexander Hvostov wrote: > > On Sun, 2003-02-02 at 17:06, Tim van Erven wrote: > >> * Rendering delays. Waiting > 1s for each mail to render is > >> unacceptable when you have to go through a lot of mail. > > > > Configure your MUA to ignore some of the more CPU-intensive markup (eg, > > images). > > Automated filters on message contents are a very bad idea. Stripping > content can completely alter the message's content. Imagine for > instance a message reading "I'm breaking up with you." with an image > underneath that shows a sign saying "Just kidding, silly.".
If your {girl,boy}friend sends you email like that, it needs repair or
replacement.
> You definately wouldn't want to just ignore the image.
Actually I would. See above.
> >> * Raising the minimum system requirements. (Think: small gadgets.)
> >
> > See above. HTML is easy to parse, and it is therefore easy to strip out
> > unnecessary stuff. The hard part is rendering some kinds of markup (like
> > images).
>
> Time your browser rendering some websites you visit, multiply by the
> amount of mails some folks get, talk again.
With no images, frames, or scripting? A few tenths of a second. Same as
text.
If your browser is slow, then either it sucks, or you haven't configured
it to ignore CPU-intensive markup. Not that you would _want_ it to
ignore CPU-intensive markup, but you _would_ want an MUA to.
> >> But keeping things simple is the first rule of writing secure code.
> >
> > Simplicity is not always the best way to do it. The Linux kernel is an
> > example.
>
> Simplicity is always the best way to do it. Additional complexity
> always needs a very good justification.
So, you're saying the Linux kernel is inherently insecure? Oh dear. Have
you sent to Bugtraq yet?
Alex.
--
PGP Public Key: http://aoi.dyndns.org/~alex/pgp-public-key
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS d- s:++ a18 C++(++++)>$ UL+++(++++) P--- L+++>++++ E---- W+(+++) N-
o-- K+ w--- !O M(+) V-- PS+++ PE-- Y+ PGP+(+++) t* 5-- X-- R tv b- DI
D+++ G e h! !r y
------END GEEK CODE BLOCK------
signature.asc
Description: This is a digitally signed message part
