Re: [Bulk] Re: Email encodings (was Re: [gentoo-user] Gentoo speed comparison to other distros )
If you're going to call me out for ignoring things, missing things or simply not knowing things, please highlight what it is. the quote isn't very enlightening in this context. You have a nasty habit of referencing things without inlining them or referencing them directly, and this has gotten in the way of clear communication *multiple* times over the last week. I only wrote two lines and you still missed it I respond to what's written in the email I'm replying to, because that's what I've just read, and that's the context of the email. never mind the examples I had given in my original mail that do not only apply to remote content and that you wrongly interpreted. Honestly, I never expected you to be up in arms over being exposed to HTML syntax. I presumed you were concerned about libpng, libjpeg, swf and gif. As I clearly said both, but actually less so html. You seem to be under the impression Androids mail clients let you avoid all that but they do not. Talk about hitting your head against a brick wall. I presumed you were concerned about privacy concerns. Those are what most people who gripe about HTML email security are concerned with. That would be to do with scripts and remote content. Remote content Is as you have said almost always switchable and so was not a concern/thought of mine but yes, what people shout about. Scripts, well with Googles love of javascript (for obvious tracking reasons) I wouldn't be too surprised if that is enabled without recourse on android email. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [Bulk] Re: Email encodings (was Re: [gentoo-user] Gentoo speed comparison to other distros )
Either you ignored what I said about being able to disable loading remote content and being able to disable showing inline rich content, or you're seriously concerned about HTML parser vulnerabilities. You can't disable incoming rich content (which is the important one) like jpg logos on Android and which was the whole point. Considering most phones run Gingerbread it should be noted that this practice is actually rather dangerous. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [Bulk] Re: Email encodings (was Re: [gentoo-user] Gentoo speed comparison to other distros )
On 03/19/2013 05:09 PM, Kevin Chadwick wrote: If you're going to call me out for ignoring things, missing things or simply not knowing things, please highlight what it is. the quote isn't very enlightening in this context. You have a nasty habit of referencing things without inlining them or referencing them directly, and this has gotten in the way of clear communication *multiple* times over the last week. I only wrote two lines and you still missed it I respond to what's written in the email I'm replying to, because that's what I've just read, and that's the context of the email. never mind the examples I had given in my original mail that do not only apply to remote content and that you wrongly interpreted. Honestly, I never expected you to be up in arms over being exposed to HTML syntax. I presumed you were concerned about libpng, libjpeg, swf and gif. As I clearly said both, but actually less so html. You seem to be under the impression Androids mail clients let you avoid all that but they do not. Talk about hitting your head against a brick wall. I can't tell any more whether you're complaining about people sending HTML, whether you're complaining about receiving HTML emails without being able to avoid parsing them, or whether you're complaining about other people receiving HTML emails and their being placed at risk of parsing bugs as a result. If you're complaining about other people sending HTML emails: OK, fine. Politely point out to them that it's common courtesy not to send HTML emails. PLONK them if you need to. But make it clear this is what you're complaining about. I don't see the relevance of most of your arguments if your complaint is with other people sending HTML messages. If you're complaining about receiving HTML emails without being able to avoid parsing them: You're clearly technical enough to implement some solution to avoid it. One solution would be to grab the source of an existing mail client and patch it to not handle the HTML parts. Another solution would be to have your mail pass through a server which strips messages of those parts, or modifies them in some way to make them safe. Yet another solution would be to find a mail client which does this for you. I see no reason to continue raging about the state of the mail clients you use, if this is your argument. If you're complaining about other people receiving HTML emails and their being placed at risk of parsing bugs, then provide a solution (I detailed a few in the above paragraph) and allow them to adopt it if they wish. If what you're complaining about isn't enumerated above, please try to state it simply and clearly. I presumed you were concerned about privacy concerns. Those are what most people who gripe about HTML email security are concerned with. That would be to do with scripts and remote content. Remote content Is as you have said almost always switchable and so was not a concern/thought of mine but yes, what people shout about. Scripts, well with Googles love of javascript (for obvious tracking reasons) I wouldn't be too surprised if that is enabled without recourse on android email. I'm pretty sure I've never seen JS in email. Traditionally, tracking is done with image bugs. There's little to no point in using scripting in emails. And given Google is pushing as fast as they can away from RSS and toward Google+, I'm rather expecting them to look for ways to get away from email and XMPP, too. Further, most GMail users use the web interface; there's No Way In Hell Google would allow mail-delivered code to be executed from within that security context. That would be the fastlane to account hijacking. This argument boils down to: I don't trust Google, so I'd like to suggest they would use JS in emails, because that's scary, too. signature.asc Description: OpenPGP digital signature
Re: [Bulk] Re: Email encodings (was Re: [gentoo-user] Gentoo speed comparison to other distros )
Wait, K9 Mail doesn't have a plain text option? Perhaps I shouldn't be surprised, as I am also unable to comprehend why K9 might enforce top-posting on replies. K9 Mail can do both plain text and bottom posting. Both set in Account settings/Sending mail. It can write but forces html onto users, which potentially includes jpg exploits, png exploits, html exploits, script exploits, font exploits... And before you say anything. For what benefit, annoying ads from paypal. I am quite capable of opening a browser and deciding which domains *I* trust?? Google's network fell into this trap and banned Windows, but did they fix the real problem or just raise the bar a little (though I expect they took other unreleased measures that would be more interesting)? Would be even worse on Iphones where webkit is forced and so as old as the rom image. Rom cycle time is a major reason why even on cyanogenmod I use firefox over the chrome package which is ancient. Of course on Apple laptops even, Safari's webkit is sometimes months old anywhow. Having knocked Android, I haven't found the time to try the latest native email app. I'm not expecting a no html option but I'm pretty sure it will have some major pluses over k9mail, which was a trade of good for bad on Gingerbread. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [Bulk] Re: Email encodings (was Re: [gentoo-user] Gentoo speed comparison to other distros )
On 03/18/2013 04:38 PM, Kevin Chadwick wrote: Wait, K9 Mail doesn't have a plain text option? Perhaps I shouldn't be surprised, as I am also unable to comprehend why K9 might enforce top-posting on replies. K9 Mail can do both plain text and bottom posting. Both set in Account settings/Sending mail. It can write but forces html onto users, which potentially includes jpg exploits, png exploits, html exploits, script exploits, font exploits... And before you say anything. For what benefit, annoying ads from paypal. I am quite capable of opening a browser and deciding which domains *I* trust?? Google's network fell into this trap and banned Windows, but did they fix the real problem or just raise the bar a little (though I expect they took other unreleased measures that would be more interesting)? Would be even worse on Iphones where webkit is forced and so as old as the rom image. Rom cycle time is a major reason why even on cyanogenmod I use firefox over the chrome package which is ancient. Of course on Apple laptops even, Safari's webkit is sometimes months old anywhow. Having knocked Android, I haven't found the time to try the latest native email app. I'm not expecting a no html option but I'm pretty sure it will have some major pluses over k9mail, which was a trade of good for bad on Gingerbread. I don't know what mail client you use (I suppose I could check your headers), but *every* mail client I've used disables loading remote content by default. Further, you're ranting about users being forced to send email with HTML, intimating that this means they'll send exploit-laden messages to their recipients. That's patently silly; the people forced to send HTML emails aren't going to be sending exploits. That's like suggesting that people forced to drive to work are forced to commit vehicular manslaughter... It's the recipient of the email who has the burden of remaining secure, and this is possible largely through simply disabling loading rich media by default. Again, most mail clients disable loading remote media by default, and most I've used support disabling packaged media as well. signature.asc Description: OpenPGP digital signature
Re: [Bulk] Re: Email encodings (was Re: [gentoo-user] Gentoo speed comparison to other distros )
I don't know what mail client you use (I suppose I could check your headers), but *every* mail client I've used disables loading remote content by default. Except the content within the message. Why do you assume I am talking about remote content. Further, you're ranting about users being forced to send email with HTML, intimating that this means they'll send exploit-laden messages to their recipients. I am not. On 03/18/2013 04:38 PM, Kevin Chadwick wrote: It can write but forces html onto users, You seem to miss some of the details. I'll find time to respond on ipv6 too at some point ;-) -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [Bulk] Re: Email encodings (was Re: [gentoo-user] Gentoo speed comparison to other distros )
On Mon, 18 Mar 2013 20:38:11 +, Kevin Chadwick wrote: K9 Mail can do both plain text and bottom posting. Both set in Account settings/Sending mail. It can write but forces html onto users, which potentially includes jpg exploits, png exploits, html exploits, script exploits, font exploits... What are you talking about? K9 forces HTML on no one, it sends plain text if you set it to do so. Having knocked Android, I haven't found the time to try the latest native email app. I'm not expecting a no html option but I'm pretty sure it will have some major pluses over k9mail, which was a trade of good for bad on Gingerbread. K9 is not Android, any more than yourfavouriteemailer is Linux. It is a program that runs on Android. As for being less capable than the native app, the opposite is the case as it is based on the code from the native app, but actively developed. -- Neil Bothwick Pedestrians come in two types: Quick or Dead. signature.asc Description: PGP signature
Re: [Bulk] Re: Email encodings (was Re: [gentoo-user] Gentoo speed comparison to other distros )
On Mon, 18 Mar 2013 19:16:52 -0400 Michael Mol mike...@gmail.com wrote: On 03/18/2013 04:38 PM, Kevin Chadwick wrote: It can write but forces html onto users, You seem to miss some of the details. About that. See the attachment. It's a screenshot of the setting in K-9 where you can select composition methods. I took the screenshot on my own phone. (And then ran it through pngcrush -brute in deference to ML bandwidth...) I knew that perfectly well?? You even missed the quote? I only wrote two lines and you still missed it never mind the examples I had given in my original mail that do not only apply to remote content and that you wrongly interpreted. There is a security saying. Assumption is the mother of all f
Re: [Bulk] Re: Email encodings (was Re: [gentoo-user] Gentoo speed comparison to other distros )
On Mon, 18 Mar 2013 23:38:11 + Neil Bothwick n...@digimed.co.uk wrote: K9 Mail can do both plain text and bottom posting. Both set in Account settings/Sending mail. It can write but forces html onto users, which potentially includes jpg exploits, png exploits, html exploits, script exploits, font exploits... What are you talking about? K9 forces HTML on no one, it sends plain text if you set it to do so. If you receive a html email you have no choice but to execute code to handle as per my above examples. Having knocked Android, I haven't found the time to try the latest native email app. I'm not expecting a no html option but I'm pretty sure it will have some major pluses over k9mail, which was a trade of good for bad on Gingerbread. K9 is not Android, any more than yourfavouriteemailer is Linux. It is a program that runs on Android. As for being less capable than the native app, the opposite is the case as it is based on the code from the native app, but actively developed. Googles mail is part of android and they do maintain it. I maintain that while k9 has some improvements it also breaks things and I guess would have not seen light without Googles initial efforts.
Re: [Bulk] Re: Email encodings (was Re: [gentoo-user] Gentoo speed comparison to other distros )
On Tue, 19 Mar 2013 00:15:34 +, Kevin Chadwick wrote: What are you talking about? K9 forces HTML on no one, it sends plain text if you set it to do so. If you receive a html email you have no choice but to execute code to handle as per my above examples. That applies to mails from any software set to send as email, it is not specific to K9, Android or the price of fish. K9 is not Android, any more than yourfavouriteemailer is Linux. It is a program that runs on Android. As for being less capable than the native app, the opposite is the case as it is based on the code from the native app, but actively developed. Googles mail is part of android and they do maintain it. I maintain that while k9 has some improvements it also breaks things and I guess would have not seen light without Googles initial efforts. Are you referring to the Googlemail or the Mail program on Android, they are completely different? But I guess there's no defence against such specific accusations as it breaks things. -- Neil Bothwick Bang on the LEFT side of your computer to restart Windows signature.asc Description: PGP signature
Re: [Bulk] Re: Email encodings (was Re: [gentoo-user] Gentoo speed comparison to other distros )
On 03/18/2013 08:15 PM, Kevin Chadwick wrote: On Mon, 18 Mar 2013 23:38:11 + Neil Bothwick n...@digimed.co.uk wrote: K9 Mail can do both plain text and bottom posting. Both set in Account settings/Sending mail. It can write but forces html onto users, which potentially includes jpg exploits, png exploits, html exploits, script exploits, font exploits... What are you talking about? K9 forces HTML on no one, it sends plain text if you set it to do so. If you receive a html email you have no choice but to execute code to handle as per my above examples. Either you ignored what I said about being able to disable loading remote content and being able to disable showing inline rich content, or you're seriously concerned about HTML parser vulnerabilities. If that's the case, set up a defanging filter for your email. Having knocked Android, I haven't found the time to try the latest native email app. I'm not expecting a no html option but I'm pretty sure it will have some major pluses over k9mail, which was a trade of good for bad on Gingerbread. K9 is not Android, any more than yourfavouriteemailer is Linux. It is a program that runs on Android. As for being less capable than the native app, the opposite is the case as it is based on the code from the native app, but actively developed. Googles mail is part of android and they do maintain it. I maintain that while k9 has some improvements it also breaks things and I guess would have not seen light without Googles initial efforts. I'm really not sure what Google's native client (or K9) breaks. I use K9 because I require GPG support for communicating with one of my clients. signature.asc Description: OpenPGP digital signature
Re: [Bulk] Re: Email encodings (was Re: [gentoo-user] Gentoo speed comparison to other distros )
On 03/18/2013 08:05 PM, Kevin Chadwick wrote: On Mon, 18 Mar 2013 19:16:52 -0400 Michael Mol mike...@gmail.com wrote: On 03/18/2013 04:38 PM, Kevin Chadwick wrote: It can write but forces html onto users, You seem to miss some of the details. About that. See the attachment. It's a screenshot of the setting in K-9 where you can select composition methods. I took the screenshot on my own phone. (And then ran it through pngcrush -brute in deference to ML bandwidth...) I knew that perfectly well?? You say 'It can write but forces html onto users'. So I pointed out that, no, it doesn't. So I take it you're complaining that *other peoples'* HTML clients force HTML on you. That's a complete and total abdication of responsibility on your part! You can ignore these people if you wish. You can ignore the HTML parts of emails if you wish. You can defang incoming emails if you wish. You have no obligation to do any more than the minimum required for you to selectively ignore emails with data you don't want. You even missed the quote? If you're going to call me out for ignoring things, missing things or simply not knowing things, please highlight what it is. the quote isn't very enlightening in this context. You have a nasty habit of referencing things without inlining them or referencing them directly, and this has gotten in the way of clear communication *multiple* times over the last week. I only wrote two lines and you still missed it I respond to what's written in the email I'm replying to, because that's what I've just read, and that's the context of the email. never mind the examples I had given in my original mail that do not only apply to remote content and that you wrongly interpreted. Honestly, I never expected you to be up in arms over being exposed to HTML syntax. I presumed you were concerned about libpng, libjpeg, swf and gif. I presumed you were concerned about privacy concerns. Those are what most people who gripe about HTML email security are concerned with. Being concerned with HTML syntax is a new one. Being angry with mail clients for allowing people to send emails you don't want to read? That'd ridiculous. There is a security saying. Assumption is the mother of all f Try including more context, and I won't have to assume as much or as often. signature.asc Description: OpenPGP digital signature
Re: [Bulk] Re: Email encodings (was Re: [gentoo-user] Gentoo speed comparison to other distros )
From the headers of his email: Subject: Re: [gentoo-user] Gentoo speed comparison to other distros References: 51418728.7020...@gmail.com In-Reply-To: 51418728.7020...@gmail.com Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit It's perfectly compliant. You may want to correct your mail client to understand HTML. (Admittedly, it's unusual to see email clients send *only* text/html, rather than a multipart message with two different encodings.) ROFL. It's called me wrestling with thunderbird to try to remove html formatting but failing. Compulsory html annoys me on Android (If only you could have proper programs like Nokias N9 had claws) Claws would mean you needn't bother and still have html to text by default and can even enable html plugins if desired (right way around). -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: [Bulk] Re: Email encodings (was Re: [gentoo-user] Gentoo speed comparison to other distros )
On Friday 15 Mar 2013 17:36:48 Kevin Chadwick wrote: From the headers of his email: Subject: Re: [gentoo-user] Gentoo speed comparison to other distros References: 51418728.7020...@gmail.com In-Reply-To: 51418728.7020...@gmail.com Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit It's perfectly compliant. You may want to correct your mail client to understand HTML. (Admittedly, it's unusual to see email clients send *only* text/html, rather than a multipart message with two different encodings.) ROFL. It's called me wrestling with thunderbird to try to remove html formatting but failing. Compulsory html annoys me on Android (If only you could have proper programs like Nokias N9 had claws) Claws would mean you needn't bother and still have html to text by default and can even enable html plugins if desired (right way around). I understand that you can specify what sort of mail format you want to send per email recipient, including of course gentoo-user@lists.gentoo.org, but I don't have T'bird installed to check: http://kb.mozillazine.org/Plain_text_e-mail_(Thunderbird) HTH. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [Bulk] Re: Email encodings (was Re: [gentoo-user] Gentoo speed comparison to other distros )
On 03/16/2013 04:06 AM, Mick wrote: On Friday 15 Mar 2013 17:36:48 Kevin Chadwick wrote: From the headers of his email: Subject: Re: [gentoo-user] Gentoo speed comparison to other distros References: 51418728.7020...@gmail.com In-Reply-To: 51418728.7020...@gmail.com Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit It's perfectly compliant. You may want to correct your mail client to understand HTML. (Admittedly, it's unusual to see email clients send *only* text/html, rather than a multipart message with two different encodings.) ROFL. It's called "me wrestling with thunderbird to try to remove html formatting but failing". Compulsory html annoys me on Android (If only you could have proper programs like Nokias N9 had claws) Claws would mean you needn't bother and still have html to text by default and can even enable html plugins if desired (right way around). I understand that you can specify what sort of mail format you want to send per email recipient, including of course gentoo-user@lists.gentoo.org, but I don't have T'bird installed to check: http://kb.mozillazine.org/Plain_text_e-mail_(Thunderbird) HTH. I know about that. But it fails to work on compose windows opened by the thunderbird conversations plugin. Quotes there seem to be hard-quoted as HTML and no amount of fiddling converts those into plaintext quotes.
Re: [Bulk] Re: Email encodings (was Re: [gentoo-user] Gentoo speed comparison to other distros )
On Friday 15 Mar 2013 20:34:14 Mark David Dumlao wrote: On 03/16/2013 04:06 AM, Mick wrote: I understand that you can specify what sort of mail format you want to send per email recipient, including of course gentoo-user@lists.gentoo.org, but I don't have T'bird installed to check: http://kb.mozillazine.org/Plain_text_e-mail_(Thunderbird) HTH. I know about that. But it fails to work on compose windows opened by the thunderbird conversations plugin. Quotes there seem to be hard-quoted as HTML and no amount of fiddling converts those into plaintext quotes. OK, I am not a T'bird user, let alone plugins for this application - but Google tells me that the 'Quick Reply' feature creates plain text responses. Is this the case? -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [Bulk] Re: Email encodings (was Re: [gentoo-user] Gentoo speed comparison to other distros )
On 03/15/2013 04:34 PM, Mark David Dumlao wrote: On 03/16/2013 04:06 AM, Mick wrote: On Friday 15 Mar 2013 17:36:48 Kevin Chadwick wrote: From the headers of his email: Subject: Re: [gentoo-user] Gentoo speed comparison to other distros References: 51418728.7020...@gmail.com In-Reply-To: 51418728.7020...@gmail.com Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit It's perfectly compliant. You may want to correct your mail client to understand HTML. (Admittedly, it's unusual to see email clients send *only* text/html, rather than a multipart message with two different encodings.) ROFL. It's called me wrestling with thunderbird to try to remove html formatting but failing. Compulsory html annoys me on Android (If only you could have proper programs like Nokias N9 had claws) Claws would mean you needn't bother and still have html to text by default and can even enable html plugins if desired (right way around). I understand that you can specify what sort of mail format you want to send per email recipient, including of course gentoo-user@lists.gentoo.org, but I don't have T'bird installed to check: http://kb.mozillazine.org/Plain_text_e-mail_(Thunderbird) HTH. I know about that. But it fails to work on compose windows opened by the thunderbird conversations plugin. Quotes there seem to be hard-quoted as HTML and no amount of fiddling converts those into plaintext quotes. Reply created from conversation view in Thunderbird. (Though I've got some configuration item set somewhere to only send in plaintext; Enigmail complains that text/html emails don't always work right with PGP signing.) signature.asc Description: OpenPGP digital signature
