Re: Eliminating Virus Spam

2001-01-04 Thread chris d koeberle 

On Wed, 3 Jan 2001, James M Galvin wrote:
 I think this discussion needs to separate at least two distinct issues.
 
 1. Should the IETF elist messages be scanned for viruses?
 
 2. Should the IETF elist restrict the type of content that can be
submitted?

Bear this in mind when you say that - I am running (in the spirit of
inclusion) an operating system / mailservice that I wrote myself.  My
system is set up such that, upon receiving an e-mail which contains any
sort of attachment it does not recognize (and it doesn't recognize
anything but 7-bit ASCII text), it immediately replies to every address
mentioned in the e-mail, including every attachment, and throwing in a
virus for every other system for which one is known.  Please be certain to
include virus-scanning which respects the fact that to my system, all
attachments are viruses.

(Naturally, I have configured my system to APPEAR as though I'm just using
PINE, but trust me - it works the way I say it does.  Really.)

-= flail? http://flail.com/ =-
 -= the online comic strip =-

Re: NATs *ARE* evil!

2000-12-15 Thread chris d koeberle 

On Fri, 15 Dec 2000, Scott Brim wrote:
 How much meaning does "Keith Moore" have?  Somehow we have a planet with
 billions of people on it and those who need to still manage to find the
 appropriate "Keith Moore".  How do they do that?  Are there any lessons
 to be learned?

They do that by attempting to use additional fields to create a unique
global name for Keith Moore, such as "Keith Moore, the painter from
Dublin" or "Keith Moore, the taxidermist from Dubai."  And just like you
can't identify 192.168.0.1 if it changes the address it lives on in the
global namespace, you'll have a hard time finding your friend Keith if he
moves to Dallas.

The lesson we learn from this is that people need significantly longer
names, in order to prevent confusion, and make it easier to find long-lost
acquaintances.  Not to mention which make the jobs of various government
agencies and courts significantly easier.

-= flail? http://flail.com/ =-
 -= the online comic strip =-

Re: Internationalization and the IETF

2000-12-07 Thread chris d koeberle 

On Thu, 7 Dec 2000, Anthony Atkielski wrote:
 From: [EMAIL PROTECTED]
  Umm.. No. We haven't.  You got a phone book in your
  office?  Ever dialed 555-1212?
 Not a valid comparison.  Do we have a worldwide, global phonebook that lists
 every telephone number on the planet?  No.  Do we have telephones with
 keyboards into which you type a name instead of a number?  No.  And yet we
 get by very well without them.

The issue of how distributed a database can be before it ceases to be a
single database aside, yes, I do have a telephone into which I type a name
instead of a number.  However, the name must be stored on the phone -
analogous to /etc/hosts, not DNS.

You're really muddying two issues, though.  The initial claim, as I
understood it, was that the ability to do DNS lookup was irrelevant, that
one would simply maintain one's own database of "IP numbers I like",
whether one was a computer or a person.  And then, when one of those
computers changed IP addresses, one would...  one would...  wardial all
the IP addresses available until one received the expected response,
presumably.

Yes, the DNS database is much better organized, easily accessible,
thorough, and generally more accurate than what passes for a global phone
number database.  However, I don't think you can deny that there exist
transactions which are worth promoting under IP and telephony which could
not exist without such semi-authoritative databases.  

With that in mind, what is your claim, again?

-= flail? http://flail.com/ =-
 -= the online comic strip =-

Re: VIRUS WARNING

2000-05-12 Thread chris d koeberle 

On Fri, 12 May 2000 [EMAIL PROTECTED] wrote:
 Incidentally, this is exactly the same issue as "attach a file to an e-mail"
 versus "send the recipient a note, copy the file to a ftp/web server, wait
 for him to retrieve it, and then remember to clean it up afterwards".

Only if the e-mail client in question automatically executes the attached
file.

Indeed, I don't think any of the people who are complaining about the
"HTML in e-mail" issues would complain about someone sending an e-mail
with an HTML file as an attachment.  At least, not as I understand their
arguments against it.

At any rate, it is certainly not "exactly the same issue" - people have
expounded upon the differences already.

-=I would imagine that if 1000 Rwandan's were hacked to death AT THE EXPO,
people would sure have raised a stink.=-

Re: VIRUS WARNING

2000-05-12 Thread chris d koeberle 

On Fri, 12 May 2000, Vernon Schryver wrote:
 As as been pointed out repeatedly and as demonstrated with a concrete
 example Saturday morning, attached HTML can be a significant security
 problem.  I doubt that (probably porn) HTML spam was much of a security
 threat, but if you think about it for a little, you can surely see how
 such things can be real security problems.

I think there's some confusion in terminology, here, possibly on my part.
Some mail clients permit the sending of an HTML _message_, where other
clients will automatically parse the HTML in the message as HTML instead
of plain text.  I am trying desperately to distinguish between this
practice and the ability to attach HTML as a binary file.

Binary attached HTML presents a subset of the risks of all binary
attachments - you may, if you choose to open the attachment, be
disappointed in the results.

HTML as e-mail presents further risks for clients which are willing to
interpret the HTML (Outlook and Outlook Express both do this in their
default configuration.)

-=I would imagine that if 1000 Rwandan's were hacked to death AT THE EXPO,
people would sure have raised a stink.=-

Re: VIRUS WARNING

2000-05-09 Thread chris d koeberle 

On Sun, 7 May 2000, Keith Moore wrote:
  I don't see how, as long as the software manufacturers ship the software
  with legal disclaimers, e.g. "We are not responsible for damages ..."
 
 sooner or later that phrase will be recognized as less valuable
 than bovine feces.

(In the U.S.) It has value, but only in disclaiming rights which are not
ordinarily legally present.  I cannot escape liability for causing an
auto accident by putting such a label on my car, but such a label can
provide evidence that a customer could not have reasonably believed that a
company was not assuming liability which would not ordinarily have been
legally assigned to it - for instance, if MS was not negligent in
any fashion, but Windows still manages to make my computer disintegrate,
I would have difficulty establishing that MS should pay for my computer
because of implied promises in their advertising.

Even in the stronger case where the license agreement states "by agreeing
to the terms of this license, the user agrees not to hold MS liable for
any damage caused by this product," this is generally worthless if MS is
negligent - you cannot waive rights to recourse for "any and all damage
which might potentially occer." 

-=I would imagine that if 1000 Rwandan's were hacked to death AT THE EXPO,
people would sure have raised a stink.=-

Re: Privacy and IETF Document Access

2000-03-28 Thread chris d koeberle 

On Tue, 28 Mar 2000 [EMAIL PROTECTED] wrote:
 I do not think this is really a concern because the system will
 accept "[EMAIL PROTECTED]" as a valid password email as well.

If it doesn't care whether the email address is valid, why does it insist
that the invalid email address be in the format of an email address?  The
problem is not that it insists on a valid email address, but that it
appears to do so.  This lack of clarity serves no recognizable purpose.

-=I would imagine that if 1000 Rwandan's were hacked to death AT THE EXPO,
people would sure have raised a stink.=-