Re: Helge has a gripe AND a point
On Apr 5, 2007, at 9:28 PM, Ralph Shumaker wrote: Gregory K. Ruiz-Ade wrote: a) replace our entire list management system with something that does better obfuscation in the web archives. I know next to nothing about the list management system. Bearing that in mind, couldn't the postings be archived into some kind of a temporary place by the list management system? Then a script could check the subject lines (and any other part) and munge them appropriately before moving them to the target archive? Unfortunately, that still doesn't address the archives created by people subscribing other online archive services to the lists. If the mail goes out to members, it does out to those services as well. If you search for kplug-list, the first hit is www.mail-archive.com, which I don't think anyone on -steer has anything to do with: http://www.mail-archive.com/kplug-list@kernel-panic.org/info.html There they point to the official archive, as well as a gmane archive, which we also have nothing to do with. Those two external archives took less than a minute to find; I'm sure there are others. However, mail-archive.org happens to obfuscate all email addresses it finds; for evidence of this, see: http://www.mail-archive.com/kplug-steer@kernel-panic.org/msg00801.html Gregory -- Gregory K. Ruiz-Ade [EMAIL PROTECTED] OpenPGP Key ID: EAF4844B keyserver: pgpkeys.mit.edu PGP.sig Description: This is a digitally signed message part -- KPLUG-Steer@kernel-panic.org http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-steer
Re: Helge has a gripe AND a point
The mailing list are a public forum. Let that sink in for a moment. As such, Helge should have been more careful, and not (presumably) put an email address in the Subject: header of an email sent to a mailing list. I can't seem to find the email in question. When was it sent? What was the Message-ID? We DO NOT CONTROL who, outside of KPLUG's control, has set up or configured archives of our lists. Therefor, the best we can do is delete this person's email from our own archives. However, if Google's already snatched it, there's nothing we can do until it expires from Google's cache. Gregory On Apr 5, 2007, at 1:12 PM, James G. Sack (jim) wrote: I had my name on a thread in the -steer archives of 2006.09.01, along with jhriv, jp, lb, and gkra. Today I received the email containing this message i was nice and alerted you about spam on your domain and you expose my address to spammers!? http://www.kernel-panic.org/pipermail/kplug-steer/2006-September/ 002752.html please make this page (and any on other mail-archives you forwarded that mail to) disappear asap. unfriendly regards, helge The To: header had all the above listed names (except jp), with multiple addresses for several recipients. she evidently has some research talents! Well, I would say *the gripe is valid* in that that our archives have a raw email address in the subject line, and that could be (and maybe has) been harvested by spambots. I guess the software has a mechanism to [mildly] obfuscate email addresses from data -- but (I would guess) it probably doesn't try to modify anything in subject or body. I can envision an argument that diddling email-addresses within the body might have unforseen (undesirable) consequences, but.. ..it seems reasonable to me that it would be worthwhile (and cheap) to look for and _fix_ addresses that inadvertently get into subject lines. I suspect it is a rare occurrence, but still might be useful. As an aside, it might also be useful to have our own little page of recommendations, reminders, and maybe even sigh rules that we can refer users to. Can anybody comment on how/whether subject-diddling might be done? Also, should we respond somehow to Helge? Regards, ..jim -- KPLUG-Steer@kernel-panic.org http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-steer -- Gregory K. Ruiz-Ade [EMAIL PROTECTED] OpenPGP Key ID: EAF4844B keyserver: pgpkeys.mit.edu PGP.sig Description: This is a digitally signed message part -- KPLUG-Steer@kernel-panic.org http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-steer
Re: Helge has a gripe AND a point
On Apr 5, 2007, at 1:26 PM, Gregory K. Ruiz-Ade wrote: As such, Helge should have been more careful, and not (presumably) put an email address in the Subject: header of an email sent to a mailing list. I can't seem to find the email in question. When was it sent? What was the Message-ID? I still haven't found the message (dated today, not the original thread) which you say included me in the recipients. To be clear, if someone can cough up the Message-ID for today's message, not the original thread, that'd be great. We DO NOT CONTROL who, outside of KPLUG's control, has set up or configured archives of our lists. Therefor, the best we can do is delete this person's email from our own archives. However, if Google's already snatched it, there's nothing we can do until it expires from Google's cache. Well, I would say *the gripe is valid* in that that our archives have a raw email address in the subject line, and that could be (and maybe has) been harvested by spambots. This isn't necessarily easy to fix. I'm not sure how the original email which turned into the ... spam on your domain -steer thread was sent. If it was sent using a contact us form on the old web site, or via a Plone contact us thingy, we'll have to look into fixing that mechanism or just plain be more careful about forwarding messages to the lists which may contain potentially private information. I guess the software has a mechanism to [mildly] obfuscate email addresses from data -- but (I would guess) it probably doesn't try to modify anything in subject or body. I believe it already does this for To: From: and CC: headers. I belive pipermail restricts its address mangling to those portions of the email in order to minimize the damage it can do to the contents of an email. Honestly, email addresses just don't belong in Subject: headers, anyway. Perhaps there's a setting we can adjust for address obfuscation, but I'd be surprised to find one. ..it seems reasonable to me that it would be worthwhile (and cheap) to look for and _fix_ addresses that inadvertently get into subject lines. I haven't looked at how pipermail stores messages, but if someone has the extra time, I'm sure we can correct it for this thread. That still doesn't help the fact that: * it's likely already been scraped * it's likely already in Google * other people have set up non-official archives of Kernel-Panic lists with other services. There's really nothing we can do about these issues. I suspect it is a rare occurrence, but still might be useful. To my knowledge, this has been the only occurrence. As an aside, it might also be useful to have our own little page of recommendations, reminders, and maybe even sigh rules that we can refer users to. First, if you're going to use an email address, it's going to get out. No matter how careful you are, accidents happen (both human and technical), and getting your knickers in a twist about it is just a waste of time. Between my email addresses and participation on things like linux-kernel (back when), my addresses are easily found and as a result get plenty of spam. At least 800 messages/day in spam. Sadly, it's just a part of life on teh intarwebs. Can anybody comment on how/whether subject-diddling might be done? I'm sure one of the regular-expression gurus here can come up with something. Also, should we respond somehow to Helge? Helge found our archives, and is presumably following this there. :) Honestly, a simple, Sorry about that, we'll see about cleaning the messages to which you referred. Have a nice day, would do. Gregory -- Gregory K. Ruiz-Ade [EMAIL PROTECTED] OpenPGP Key ID: EAF4844B keyserver: pgpkeys.mit.edu PGP.sig Description: This is a digitally signed message part -- KPLUG-Steer@kernel-panic.org http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-steer
Re: Helge has a gripe AND a point
Gregory K. Ruiz-Ade wrote: The mailing list are a public forum. Let that sink in for a moment. As such, Helge should have been more careful, and not (presumably) put an email address in the Subject: header of an email sent to a mailing list. I can't seem to find the email in question. When was it sent? What was the Message-ID? We DO NOT CONTROL who, outside of KPLUG's control, has set up or configured archives of our lists. Therefor, the best we can do is delete this person's email from our own archives. However, if Google's already snatched it, there's nothing we can do until it expires from Google's cache. [snip] It looks like jhriv is the one who put the e-mail address in the Subject line of the originating message, looking back through the thread. Although you are correct in that the lists are a public forum, it is evident that we do try to do some minimal obfuscation to protect e-mail addresses. Evidently, the list manager doesn't look in the subject line since that's not an obvious place to look. However, I don't think that retroactively going back and changing things is a good idea. The possibility of hosing history outweighs any insignificant advantage to Helge. If she is on some spammer's list then I feel her pain, but deleting our archives isn't going to remove her from their lists. I wonder if she puts as much effort into tracking down the bad guys. Gus -- KPLUG-Steer@kernel-panic.org http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-steer
Re: Helge has a gripe AND a point
Gregory K. Ruiz-Ade wrote: The mailing list are a public forum. Let that sink in for a moment. As such, Helge should have been more careful, and not (presumably) put an email address in the Subject: header of an email sent to a mailing list. I can't seem to find the email in question. When was it sent? What was the Message-ID? We DO NOT CONTROL who, outside of KPLUG's control, has set up or configured archives of our lists. Therefor, the best we can do is delete this person's email from our own archives. However, if Google's already snatched it, there's nothing we can do until it expires from Google's cache. sorry if I munged the quoted link. the email I received earlier today (did you not also get one?) had a link http://www.kernel-panic.org/pipermail/kplug-steer/2006-September/002752.html Backtracking the thread indicates the inititial posting was http://www.kernel-panic.org/pipermail/kplug-steer/2006-September/002750.html If I am reading the headers right, the ID is Message-id: [EMAIL PROTECTED] It looks to me that although Helga did include her raw email in the original message body, we possibly exacerbated the problem by putting the raw address into the subject line (which was repeated 20 times in a discussion thread). And even if she were less than totally careful, I thought my question innocent enough :-) .. especially since _we_ created the subject line. Would it be desirable to modify subject lines that people put real email addresses into? .. at least in our archive, if not in list-distributed mail? Possible answers: it's very hard it's harder than justified by the rare occurrence it fixes Regards, ..jim -- KPLUG-Steer@kernel-panic.org http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-steer
Re: Helge has a gripe AND a point
Gregory K.Ruiz-Ade wrote: .. I still haven't found the message (dated today, not the original thread) which you say included me in the recipients. To be clear, if someone can cough up the Message-ID for today's message, not the original thread, that'd be great. Todays message was direct, NOT to the list .. here's a copy (Changed her @ to =A= .. should I have diddled all addrs? heh) From - Thu Apr 5 12:07:55 2007 X-Account-Key: account2 X-UIDL: 25457-1149213698 X-Mozilla-Status: 0001 X-Mozilla-Status2: Return-path: hf =A= helge.at Received: from ms-mta-02.socal.rr.com (ms-mta-02-smtp.socal.rr.com [10.10.4.126]) by ms-mss-01.socal.rr.com (iPlanet Messaging Server 5.2 HotFix 2.10 (built Dec 26 2005)) with ESMTP id [EMAIL PROTECTED] for [EMAIL PROTECTED]; Thu, 05 Apr 2007 03:25:33 -0700 (PDT) Received: from hrndva-mx-03.mgw.rr.com (hrndva-mx-03.mgw.rr.com [24.28.204.22]) by ms-mta-02.socal.rr.com (iPlanet Messaging Server 5.2 HotFix 2.10 (built Dec 26 2005)) with ESMTP id [EMAIL PROTECTED] for [EMAIL PROTECTED] (ORCPT [EMAIL PROTECTED]); Thu, 05 Apr 2007 03:25:33 -0700 (PDT) Received: from mailbigip.dreamhost.com (HELO randymail-a8.g.dreamhost.com) ([208.97.132.5]) by hrndva-mx-03.mgw.rr.com with ESMTP; Thu, 05 Apr 2007 06:25:24 -0400 Received: from [192.168.182.4] (chello080109061051.5.14.vie.surfer.at [80.109.61.51]) by randymail-a8.g.dreamhost.com (Postfix) with ESMTP id D861DAF59E; Thu, 05 Apr 2007 03:24:59 -0700 (PDT) Date: Thu, 05 Apr 2007 12:24:48 +0200 From: Helge Fahrnberger hf =A= helge.at Subject: thank you for exposing my address :-( To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Message-id: [EMAIL PROTECTED] MIME-version: 1.0 Content-type: multipart/alternative; boundary=040003090804090307030402 User-Agent: Thunderbird 1.5.0.10 (Windows/20070221) X-MID: 34029615 Original-recipient: rfc822;[EMAIL PROTECTED] This is a multi-part message in MIME format. --040003090804090307030402 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit i was nice and alerted you about spam on your domain and you expose my address to spammers!? http://www.kernel-panic.org/pipermail/kplug-steer/2006-September/002752.html please make this page (and any on other mail-archives you forwarded that mail to) disappear asap. unfriendly regards, helge --040003090804090307030402 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit !DOCTYPE html PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN html head meta content=text/html;charset=ISO-8859-1 http-equiv=Content-Type /head body bgcolor=#ff text=#00 font size=-1font face=Verdanai was nice and alerted you about spam on your domain and you expose my address to spammers!?br a class=moz-txt-link-freetext href=http://www.kernel-panic.org/pipermail/kplug-steer/2006-September/002752.html;http://www.kernel-panic.org/pipermail/kplug-steer/2006-September/002752.html/abr br please make this page (and any on other mail-archives you forwarded that mail to) disappear asap.br br unfriendly regards,br helgebr br br /font/font /body /html --040003090804090307030402-- Regards, ..jim -- KPLUG-Steer@kernel-panic.org http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-steer
Re: Helge has a gripe AND a point [added [EMAIL PROTECTED] ]
James G. Sack (jim) wrote: .. I can envision an argument that diddling email-addresses within the body might have unforseen (undesirable) consequences, but.. Looking at the archive of todays messages shows that email addresses within body text *do get obfuscated*. But it looks like it didn't work that way back in September, last. Nevertheless, there's still a question: would it be worthwhile to hide email addresses from subject lines in archived messages. Hmmm, maybe it's already implemented? I think I'll add to the subject line of this email -- as a test message. Regards, ..jim -- KPLUG-Steer@kernel-panic.org http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-steer
Re: Helge has a gripe AND a point [added [EMAIL PROTECTED] ]
James G. Sack (jim) wrote: Hmmm, maybe it's already implemented? I think I'll add to the subject line of this email -- as a test message. http://www.kernel-panic.org/pipermail/kplug-steer/2007-April/003223.html !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 3.2//EN HTML HEAD TITLE Helge has a gripe AND a point [added [EMAIL PROTECTED] ] /TITLE The @ is not even entity encoded. -john -- KPLUG-Steer@kernel-panic.org http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-steer
Re: Helge has a gripe AND a point
Gus Wirth wrote: .. Although you are correct in that the lists are a public forum, it is evident that we do try to do some minimal obfuscation to protect e-mail addresses. Evidently, the list manager doesn't look in the subject line since that's not an obvious place to look. That's the main point I was groping with. I need to study English, some day. I note that the obfuscation of archived messages seem to have improved recently (since September). I also just verified that subject lines are NOT modified in the archives, as of today. However, I don't think that retroactively going back and changing things is a good idea. The possibility of hosing history outweighs any insignificant advantage to Helge. If she is on some spammer's list then I feel her pain, but deleting our archives isn't going to remove her from their lists. I wonder if she puts as much effort into tracking down the bad guys. I would agree that it's unreasonable to attempt to fix or delete old archives. My question still stands: could we [in the future] do something about subject lines in our archives? Regards, ..jim -- KPLUG-Steer@kernel-panic.org http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-steer
Re: Helge has a gripe AND a point
On Apr 5, 2007, at 3:27 PM, James G. Sack (jim) wrote: Helge is evidently a man's name. I was thinking of Helga, I suppose. Bah, I made that mistake too. We're all stupid americans, anyway, so he shouldn't have expected any better. :D Gregory -- Gregory K. Ruiz-Ade [EMAIL PROTECTED] OpenPGP Key ID: EAF4844B keyserver: pgpkeys.mit.edu PGP.sig Description: This is a digitally signed message part -- KPLUG-Steer@kernel-panic.org http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-steer