[plug] kmail and the gigasecond bug
Bret Busby
bret at busby.net
Sat Sep 8 20:42:25 WST 2001
On Sat, 08 Sep 2001, Bill Kenworthy wrote:
> The lynx -dump idea sounds workable. An alternative is anomy (I find it
> excellent) which "defangs" suspect html and scripts amongst other
> things, leaving them readable, but no funny buisiness allowed. That
> only leaves those using <flamethrower on>legacy text mail
> readers</flamethrower off> :) who have difficulty reading the stuff.
> HTML in itself is NOT a security risk, its the use a program may make of
> it (like MS does), and no Unix email reader I have used does silly
> things like that.
>
Ah, yes, but, how do you determine whether a script that is contained in an
html message, will execute on UNIX/Linux, before you access the email?
> A point I would like to make is there are many good reasons to use html
> mail - YOU will be the one missing out if you get too paranoid. If you
> want to risk missing out on that once in a lifetime job offer, go for it
> ...
Paranoia is relative, as is security. I prefer to not live with my backdoor
left unlocked and open all the time (especially in the slums of Armadale), for
reasons of personal security. Similarly, I prefer to not access HTMl email
messages, which could cause apocalypse on my computer, and, on our LAN.
>
> Valid uses of html mail I have found are: its great between friends and
> family (attach family photos etc) that are unskilled in computer use,
> certain mail lists where presentation is important to the sender, such
> as management in many (non-tech) companies where you dont want to be
> seen a dinosaur (i.e., incompetant and unable to move with the times!).
> In effect, you know better, but you are competing with those who dont
> and will be seen at a disadvantage ...
This is weird; I can easily send and receive text email messages, with
photographs, and word-processed files, and, files of other formats, attached. No
need exists for HTML in email messages. It is like a tie-died hippy car it may
be alright, if you like that kind of thing, but, I prefer not to drive one
myself (it is probably still a good way to get men in blue knocking on the
door, when a driver stops, asking for a blood sample...)
>
> And dont forget windows seems to default to this, so if you need to read
> from unskilled windoze users ...
Even they can be trained, like most other animals...
>
> And Brett, didnt I see somewhere that you said you were using NS 4.6x -
> from memory that had some severe security issues with the browser
> reading code from websites, I'd suggest you upgrade to the latest 4.7.
As I have previously stated, I have NS 6.1, as well, now, but, unless
javascript is used, and, I particularly need the javascript, I use kfm. I
especially do not have java enabled - I am not suicidal.
Oh, and, I had tried a 4.7x version - 4.74 or 4.75, and I took it off, as it was
destructive. 4.61 was the most recent stable version, and it did not try to
destroy my computer, like the 4.7x version that I had installed.
> Also RH 6.2 is getting a bit long in the tooth
Then, that is probably appropriate for me... :)
Oh, for VAX/VMS, or, DEC RSTS/e. They were good OS's... probably don't run on a
Cyrix CPU, 'tho ...
> - many gui applications
> have moved on and its starting to become impractical to configure it to
> run the latest stuff, do yourself a favour and update which will be
> better in the long run you will have to do it sooner or later when you
> hit that wall where its just not practical to try and force some
> application you really need onto an old OS.
Most of what I need, at present, runs okay with RH 6.2; NS 6.1 is not so old,
and that runs on RH 6.2.
As I have previously said, RH 7.1 appears to be too problematic, from what I
have read on this mailing list, and, with requiring a number of CD's, and, with
the "progress", it appears to be like Win2K - excessively large, and, unable to
run on computers that are not supercomputers. As I have said, already, I use a
Curix 6x86 CPU based system, with 64MB of RAM. On that, I can run Star Office
5.2, several Netscape (4.61) browser windows, some kfm browser windows, kmail,
and, all of this on top of X-Windows, satisfactorily. If I have to upgrade to
one of these new-fangled, multi-CD versions of Linux, then, the hardware
upgrades required, would mean that I might as well spend the thousands of
dollars, and, buy a new computer, which makes upgrades too expensive. And,
remember, given that a DEC Alpha based computer is a supercomputer, and, the
new computers are of equivalent (or close) power, it would mean that I have to
have a supercomputer, basically, to run the operating system.
Not all of us are rich.
That is one of the advanatges of the old Linux - able to run, happily, on less
powerful computers. That aspect of Linux appears to have fallen by the wayside,
in the name of "progress" - "If Microsoft can make an operating system bigger
and more powerfuls, and, needing a supercomputer to run it, so can we..."
Bret Busby
..........
More information about the plug
mailing list