[plug] kmail and the gigasecond bug

Christian christian at amnet.net.au
Sun Sep 9 12:41:20 WST 2001 

On Sat, Sep 08, 2001 at 08:42:25PM +0800, Bret Busby wrote:
> On Sat, 08 Sep 2001, Bill Kenworthy wrote:
> > The lynx -dump idea sounds workable.  An alternative is anomy (I find it
> > excellent) which "defangs" suspect html and scripts amongst other
> > things, leaving them readable, but no funny buisiness allowed.  That
> > only leaves those using <flamethrower on>legacy text mail
> > readers</flamethrower off> :) who have difficulty reading the stuff.
> > HTML in itself is NOT a security risk, its the use a program may make of
> > it (like MS does), and no Unix email reader I have used does silly
> > things like that.
> 
> Ah, yes, but, how do you determine whether a script that is contained in an
> html message, will execute on UNIX/Linux, before you access the email?

He just said `it "defangs" suspect html and scripts'.  Note the word
"suspect".

> Paranoia is relative, as is security. I prefer to not live with my backdoor
> left unlocked and open all the time (especially in the slums of Armadale), for
> reasons of personal security. Similarly, I prefer to not access HTMl email
> messages, which could cause apocalypse on my computer, and, on our LAN.

As is stupidity.  What are you raving about?  I assume you ban web
browsing on this super-secure LAN of yours?

(I think we've already had this discussion though.  It was pointed out
to you that receiving HTML email is no different from browsing the web
-- possibly a lot safer even -- but, despite not being able to supply
any reasons, you still seem to think that your computer will explode if
you receive HTML emails.)

> Even they can be trained, like most other animals...

Yeah. Most.

> > And Brett, didnt I see somewhere that you said you were using NS 4.6x -
> > from memory that had some severe security issues with the browser
> > reading code from websites, I'd suggest you upgrade to the latest 4.7. 
> As I have previously stated, I have NS 6.1, as well, now, but, unless
> javascript is used, and, I particularly need the javascript, I use kfm. I
> especially do not have java enabled - I am not suicidal.

I didn't realise Java induced suicide.  (Well, actually, come to think
of it...)

> Oh, and, I had tried a 4.7x version - 4.74 or 4.75, and I took it off, as it was
> destructive. 4.61 was the most recent stable version, and it did not try to
> destroy my computer, like the 4.7x version that I had installed.

Be very careful.  Most web browsers, like HTML email, are out to destroy
your computer.  Trust no one.

 
> As I have previously said, RH 7.1 appears to be too problematic, from what I
> have read on this mailing list, and, with requiring a number of CD's, and, with
> the "progress", it appears to be like Win2K - excessively large, and, unable to
> run on computers that are not supercomputers. As I have said, already, I use a
> Curix 6x86 CPU based system, with 64MB of RAM. On that, I can run Star Office
> 5.2, several Netscape (4.61) browser windows, some kfm browser windows, kmail,
> and, all of this on top of X-Windows, satisfactorily. If I have to upgrade to
> one of these new-fangled, multi-CD versions of Linux, then, the hardware
> upgrades required, would mean that I might as well spend the thousands of
> dollars, and, buy a new computer, which makes upgrades too expensive. And,
> remember, given that a DEC Alpha based computer is a supercomputer, and, the
> new computers are of equivalent (or close) power, it would mean that I have to
> have a supercomputer, basically, to run the operating system.
> Not all of us are rich.

Yeah, and compared to the computers they used ten years ago, your Cyrix
is a supercomputer!  If your computer can run RH 6.2 then it can run
7.1.  CD-R's are cheap so that can't be the problem and I'm sure someone
will loan you the discs, if only to shut you up.  The real problem is
you're simply too lazy to do an upgrade.

And I wonder if you've been keeping up to date with all the security
updates... after all, the countless problems with RH 6.2 are quite
possibly more of a threat than HTML email and Netscape 4.74.

Quite honestly Bret, the more I read your emails, the more I think that
we wouldn't be able to help you even if you actually listened to us.  I
really think that the help that you so desperately need cannot be
obtained on this mailing list.

-- 
DSA 0x0EC1D28C: BBCB 0D79 4EBB 078A A066  7267 8BED E9D6 0EC1 D28C

More information about the plug mailing list