Re: Boulder Pledge

To: debian-curiosa@lists.debian.org
Subject: Re: Boulder Pledge
From: Alexander Hvostov <alex@aoi.dyndns.org>
Date: 07 Feb 2003 14:16:23 -0800
Message-id: <1044656183.31700.60.camel@cornerstone.core.aoi>
In-reply-to: <20030203183000.GC2034@mould.vormig.net>
References: <Pine.GSU.4.21.0301230511460.7409-100000@garcia.efn.org> <20030202080103.GB14234@hafd.org> <1044193530.1937.17.camel@cornerstone.core.aoi> <200302021526.44452.th.ritter@gmx.net> <1044232150.26300.21.camel@cornerstone.core.aoi> <20030203010639.GA1469@mould.vormig.net> <1044276164.4867.12.camel@cornerstone.core.aoi> <20030203183000.GC2034@mould.vormig.net>

On Mon, 2003-02-03 at 10:30, Tim van Erven wrote:
> On Mon, 03/02/2003 04:42 -0800, Alexander Hvostov wrote:
> > On Sun, 2003-02-02 at 17:06, Tim van Erven wrote:
> >> * Rendering delays.  Waiting > 1s for each mail to render is
> >>   unacceptable when you have to go through a lot of mail.
> > 
> > Configure your MUA to ignore some of the more CPU-intensive markup (eg,
> > images).
> 
> Automated filters on message contents are a very bad idea.  Stripping
> content can completely alter the message's content.  Imagine for
> instance a message reading "I'm breaking up with you." with an image
> underneath that shows a sign saying "Just kidding, silly.".

If your {girl,boy}friend sends you email like that, it needs repair or
replacement.

> You definately wouldn't want to just ignore the image.

Actually I would. See above.

> >> * Raising the minimum system requirements.  (Think: small gadgets.)
> > 
> > See above. HTML is easy to parse, and it is therefore easy to strip out
> > unnecessary stuff. The hard part is rendering some kinds of markup (like
> > images).
> 
> Time your browser rendering some websites you visit, multiply by the
> amount of mails some folks get, talk again.

With no images, frames, or scripting? A few tenths of a second. Same as
text.

If your browser is slow, then either it sucks, or you haven't configured
it to ignore CPU-intensive markup. Not that you would _want_ it to
ignore CPU-intensive markup, but you _would_ want an MUA to.

> >> But keeping things simple is the first rule of writing secure code.
> > 
> > Simplicity is not always the best way to do it. The Linux kernel is an
> > example.
> 
> Simplicity is always the best way to do it.  Additional complexity
> always needs a very good justification.

So, you're saying the Linux kernel is inherently insecure? Oh dear. Have
you sent to Bugtraq yet?

Alex.

-- 
PGP Public Key: http://aoi.dyndns.org/~alex/pgp-public-key

-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS d- s:++ a18 C++(++++)>$ UL+++(++++) P--- L+++>++++ E---- W+(+++) N-
o-- K+ w--- !O M(+) V-- PS+++ PE-- Y+ PGP+(+++) t* 5-- X-- R tv b- DI
D+++ G e h! !r y
------END GEEK CODE BLOCK------

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Follow-Ups:
- Re: Boulder Pledge
  - From: Thomas Ritter <th.ritter@gmx.net>

References:
- Re: Boulder Pledge
  - From: jordanb@hafd.org (Jordan Bettis)
- Re: Boulder Pledge
  - From: Alexander Hvostov <alex@aoi.dyndns.org>
- Re: Boulder Pledge
  - From: Thomas Ritter <th.ritter@gmx.net>
- Re: Boulder Pledge
  - From: Alexander Hvostov <alex@aoi.dyndns.org>
- Re: Boulder Pledge
  - From: Tim van Erven <tve@vormig.net>
- Re: Boulder Pledge
  - From: Alexander Hvostov <alex@aoi.dyndns.org>
- Re: Boulder Pledge
  - From: Tim van Erven <tve@vormig.net>

Prev by Date: Re: Boulder Pledge
Next by Date: Re: Boulder Pledge
Previous by thread: Re: Boulder Pledge
Next by thread: Re: Boulder Pledge
Index(es):
- Date
- Thread