[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Boulder Pledge

On Mon, 2003-02-03 at 10:30, Tim van Erven wrote:
> On Mon, 03/02/2003 04:42 -0800, Alexander Hvostov wrote:
> > On Sun, 2003-02-02 at 17:06, Tim van Erven wrote:
> >> * Rendering delays.  Waiting > 1s for each mail to render is
> >>   unacceptable when you have to go through a lot of mail.
> > 
> > Configure your MUA to ignore some of the more CPU-intensive markup (eg,
> > images).
> Automated filters on message contents are a very bad idea.  Stripping
> content can completely alter the message's content.  Imagine for
> instance a message reading "I'm breaking up with you." with an image
> underneath that shows a sign saying "Just kidding, silly.".

If your {girl,boy}friend sends you email like that, it needs repair or

> You definately wouldn't want to just ignore the image.

Actually I would. See above.

> >> * Raising the minimum system requirements.  (Think: small gadgets.)
> > 
> > See above. HTML is easy to parse, and it is therefore easy to strip out
> > unnecessary stuff. The hard part is rendering some kinds of markup (like
> > images).
> Time your browser rendering some websites you visit, multiply by the
> amount of mails some folks get, talk again.

With no images, frames, or scripting? A few tenths of a second. Same as

If your browser is slow, then either it sucks, or you haven't configured
it to ignore CPU-intensive markup. Not that you would _want_ it to
ignore CPU-intensive markup, but you _would_ want an MUA to.

> >> But keeping things simple is the first rule of writing secure code.
> > 
> > Simplicity is not always the best way to do it. The Linux kernel is an
> > example.
> Simplicity is always the best way to do it.  Additional complexity
> always needs a very good justification.

So, you're saying the Linux kernel is inherently insecure? Oh dear. Have
you sent to Bugtraq yet?


PGP Public Key: http://aoi.dyndns.org/~alex/pgp-public-key

Version: 3.1
GCS d- s:++ a18 C++(++++)>$ UL+++(++++) P--- L+++>++++ E---- W+(+++) N-
o-- K+ w--- !O M(+) V-- PS+++ PE-- Y+ PGP+(+++) t* 5-- X-- R tv b- DI
D+++ G e h! !r y

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: