Rockbox.org home
release
dev builds
extras
themes manual
wiki
device status forums
mailing lists
IRC bugs
patches
dev guide



Rockbox mail archive

Subject: Re: HTML - was RE: Flashed RB still having charging issues..
From: David McIntyre (plugh_at_mudbarn.com)
Date: 2003-10-21


In a world dominated by Microsoft, who releases 3 fixes a week regarding ways
for hackers to access private data using cleverly formed html, with the spread
of e-mail virii that don't even need the user to launch an attachment to take
hold and spread themselves, and when the mere preview of an html based email
can cause a link to be opened on a foreign webserver, with which the host of
the site can extract one's email client info, operationg system, and IP
address, I'd just as soon receive and read all my mail as straight text. I
don't need highlights, graphic bullets, varying font sizes, or anyone's idea
of an "ideal font" to get everything I need out of a text only email.

On Tue, Oct 21, 2003 at 12:31:21PM -0400, Fred Maxwell wrote:
> > It's a disadvantage when one runs mutt on a shell because one
> > does not like virii, html tracking codes in spam, and general
> > mayhem allowed by html messages.
>
> You don't want to go there with me. I've been technical lead on a project
> to produce a commercial C2 secure network workstation, have been doing
> computer/network security research and work this morning, and I know the
> subject inside and out.
>
> HTML does not have a way to spread computer viruses. You might be able to
> use HTML to exploit some flaw in a particular client, but there is no HTML
> mechanism to allow the silent installation or execution of code on a remote
> system. If there were, viruses would be spread by simply visiting web pages
> and the virus would affect an entire platform (e.g., Windows 2000)
> regardless of which browser was being used. Nor does HTML allow "general
> mayhem."
>
> HTML tracking "codes" in Spam rely on poorly configured systems. Why would
> you ever allow your e-mail client to make HTTP requests to untrusted web
> servers based on receipt of e-mail from untrusted senders?
>
> > Think about the
> > possibility that the one person on earth who has the answer
> > to your question is running UNIX mail(1) and can't read an
> > html message at all. It's all about going to the lowest
> > common denominator: text.
>
> The text is still in English -- even if there are HTML tags interspersed
> throughout, so it's not impossible to read HTML e-mail without an HTML
> client.
>
> *******************************************************************
> Again, the answer is for the listserver to run stripmime.pl. It's silly to
> expect hundreds of people on this (or any) mailing list to always remember
> to post in plain text, without fail, especially when the most popular e-mail
> clients ship with HTML e-mail on as the default.
> *******************************************************************
>
> Regards,
> Fred Maxwell
>

-- 
David McIntyre         plugh_at_mudbarn.com        http://www.mudbarn.com
PGP Key fingerprint = CAB5 A73A 43FA 19E3 449D  20B8 25D7 FA84 8847 D6A7
http://www.mudbarn.com/~plugh/plughinfo.txt for geek code, pgp key, etc. 



Page was last modified "Jan 10 2012" The Rockbox Crew
aaa