Re: Eliminating Virus Spam
On Wed, 3 Jan 2001, James M Galvin wrote: > I think this discussion needs to separate at least two distinct issues. > > 1. Should the IETF elist messages be scanned for viruses? > > 2. Should the IETF elist restrict the type of content that can be >submitted? Bear this in mind when you say that - I am running (in the spirit of inclusion) an operating system / mailservice that I wrote myself. My system is set up such that, upon receiving an e-mail which contains any sort of attachment it does not recognize (and it doesn't recognize anything but 7-bit ASCII text), it immediately replies to every address mentioned in the e-mail, including every attachment, and throwing in a virus for every other system for which one is known. Please be certain to include virus-scanning which respects the fact that to my system, all attachments are viruses. (Naturally, I have configured my system to APPEAR as though I'm just using PINE, but trust me - it works the way I say it does. Really.) -= flail? http://flail.com/ =- -= the online comic strip =-
Re: NATs *ARE* evil!
On Fri, 15 Dec 2000, Scott Brim wrote: > How much meaning does "Keith Moore" have? Somehow we have a planet with > billions of people on it and those who need to still manage to find the > appropriate "Keith Moore". How do they do that? Are there any lessons > to be learned? They do that by attempting to use additional fields to create a unique global name for Keith Moore, such as "Keith Moore, the painter from Dublin" or "Keith Moore, the taxidermist from Dubai." And just like you can't identify 192.168.0.1 if it changes the address it lives on in the global namespace, you'll have a hard time finding your friend Keith if he moves to Dallas. The lesson we learn from this is that people need significantly longer names, in order to prevent confusion, and make it easier to find long-lost acquaintances. Not to mention which make the jobs of various government agencies and courts significantly easier. -= flail? http://flail.com/ =- -= the online comic strip =-
Re: Internationalization and the IETF
On Thu, 7 Dec 2000, Anthony Atkielski wrote: > From: <[EMAIL PROTECTED]> > > Umm.. No. We haven't. You got a phone book in your > > office? Ever dialed 555-1212? > Not a valid comparison. Do we have a worldwide, global phonebook that lists > every telephone number on the planet? No. Do we have telephones with > keyboards into which you type a name instead of a number? No. And yet we > get by very well without them. The issue of how distributed a database can be before it ceases to be a single database aside, yes, I do have a telephone into which I type a name instead of a number. However, the name must be stored on the phone - analogous to /etc/hosts, not DNS. You're really muddying two issues, though. The initial claim, as I understood it, was that the ability to do DNS lookup was irrelevant, that one would simply maintain one's own database of "IP numbers I like", whether one was a computer or a person. And then, when one of those computers changed IP addresses, one would... one would... wardial all the IP addresses available until one received the expected response, presumably. Yes, the DNS database is much better organized, easily accessible, thorough, and generally more accurate than what passes for a global phone number database. However, I don't think you can deny that there exist transactions which are worth promoting under IP and telephony which could not exist without such semi-authoritative databases. With that in mind, what is your claim, again? -= flail? http://flail.com/ =- -= the online comic strip =-
Re: VIRUS WARNING
On Fri, 12 May 2000, Vernon Schryver wrote: > As as been pointed out repeatedly and as demonstrated with a concrete > example Saturday morning, attached HTML can be a significant security > problem. I doubt that (probably porn) HTML spam was much of a security > threat, but if you think about it for a little, you can surely see how > such things can be real security problems. I think there's some confusion in terminology, here, possibly on my part. Some mail clients permit the sending of an HTML _message_, where other clients will automatically parse the HTML in the message as HTML instead of plain text. I am trying desperately to distinguish between this practice and the ability to attach HTML as a binary file. Binary attached HTML presents a subset of the risks of all binary attachments - you may, if you choose to open the attachment, be disappointed in the results. HTML as e-mail presents further risks for clients which are willing to interpret the HTML (Outlook and Outlook Express both do this in their default configuration.) -=I would imagine that if 1000 Rwandan's were hacked to death AT THE EXPO, people would sure have raised a stink.=-
Re: VIRUS WARNING
On Fri, 12 May 2000 [EMAIL PROTECTED] wrote: > Incidentally, this is exactly the same issue as "attach a file to an e-mail" > versus "send the recipient a note, copy the file to a ftp/web server, wait > for him to retrieve it, and then remember to clean it up afterwards". Only if the e-mail client in question automatically executes the attached file. Indeed, I don't think any of the people who are complaining about the "HTML in e-mail" issues would complain about someone sending an e-mail with an HTML file as an attachment. At least, not as I understand their arguments against it. At any rate, it is certainly not "exactly the same issue" - people have expounded upon the differences already. -=I would imagine that if 1000 Rwandan's were hacked to death AT THE EXPO, people would sure have raised a stink.=-
Re: VIRUS WARNING
On Sun, 7 May 2000, Keith Moore wrote: > > I don't see how, as long as the software manufacturers ship the software > > with legal disclaimers, e.g. "We are not responsible for damages ..." > > sooner or later that phrase will be recognized as less valuable > than bovine feces. (In the U.S.) It has value, but only in disclaiming rights which are not ordinarily legally present. I cannot escape liability for causing an auto accident by putting such a label on my car, but such a label can provide evidence that a customer could not have reasonably believed that a company was not assuming liability which would not ordinarily have been legally assigned to it - for instance, if MS was not negligent in any fashion, but Windows still manages to make my computer disintegrate, I would have difficulty establishing that MS should pay for my computer because of implied promises in their advertising. Even in the stronger case where the license agreement states "by agreeing to the terms of this license, the user agrees not to hold MS liable for any damage caused by this product," this is generally worthless if MS is negligent - you cannot waive rights to recourse for "any and all damage which might potentially occer." -=I would imagine that if 1000 Rwandan's were hacked to death AT THE EXPO, people would sure have raised a stink.=-
Re: Privacy and IETF Document Access
On Tue, 28 Mar 2000 [EMAIL PROTECTED] wrote: > I do not think this is really a concern because the system will > accept "[EMAIL PROTECTED]" as a valid password email as well. If it doesn't care whether the email address is valid, why does it insist that the invalid email address be in the format of an email address? The problem is not that it insists on a valid email address, but that it appears to do so. This lack of clarity serves no recognizable purpose. -=I would imagine that if 1000 Rwandan's were hacked to death AT THE EXPO, people would sure have raised a stink.=-