Re: [liberationtech] list reply-all
On Wed, Mar 20, 2013 at 05:48:20AM -0400, Michael Allan wrote: Pardon me, but that's not true. GNU Mailman is a decent list server and it ships with reply-to-sender. You must go out of your way to munge the Reply-to header. They recommend against it: http://www.gnu.org/software/mailman/mailman-admin/node11.html Correct. (That is, (a) correct that they recommend against it and (b) correct that they SHOULD recommend against it.) [1] Now it's true that there are broken email clients out there that don't handle this gracefully. The solution is not to accomodate broken email clients, but to insist that users of broken email clients either fix them, get them fixed, or abandon them for others. I will also suggest, that in the context of this particular list, everyone should be using a mail client that permits and even better, encourages, full editing of the To:, Cc: and Bcc: fields and that members get in the habit of double-checking those fields before sending. That's just good email practice, along with things like not top-posting, not full-quoting, and not sending mail marked up with HTML. ---rsk [1] Mailman is more than decent: it is, at the moment, the best available software for running mailing lists, period. Certainly all closed-source software may be immediately dismissed from consideration, which leaves us with things like ezmlm and majordomo, none of which have Mailman's feature set, standards compliance, or ongoing track record of bug fixes and improvements. Oh, it's not perfect, and I sure wish it wasn't written in Python: but it's the best-available, and its authors have done an exemplary job of bug-fixing and enhancement. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] list reply-all
Please let me clarify: I think it was the original collective decision that was ill-informed, and not the decision to vote on the issue, or to honour the result of that vote. But it now appears that safety is a concern (as Matt points out), which wasn't originally understood. Since it's a question of safety vs. convenience, then maybe it's better to revert immediately to the default setting (the safer one). The question then would be, Does anyone want to re-vote the issue? If not, we could just leave it there. Mike Yosem Companys said: Am I right to assume Mike and Matt are asking that the issue be put up for a vote again so that the default is changed back from reply-to-all to reply-to-poster? If so, I will get that survey going. Thanks, Yosem One of the moderators On Tue, Mar 19, 2013 at 6:59 PM, Michael Allan m...@zelea.com wrote: Matt said: Reply-to-list poses a significant usability risk that can escalate into a security issue, so it's unfortunate that it's being used here of all places. I agree. Some more information on Reply-To header munging: http://www.gnu.org/software/mailman/mailman-admin/node11.html It's non-standard too, as Joseph suggests. Joseph said: ... I wouldn't want to question that collective decision... I think the two stanford.edu lists I am on are the only ones out of a large number that default to reply-to list. I will be more careful. While well intentioned, the original decision seems ill-informed. -- Michael Allan Toronto, +1 416-699-9528 http://zelea.com/ Matt Mackall said: On Tue, 2013-03-19 at 19:08 -0400, Joseph Lorenzo Hall wrote: Has the possibility of reconfiguring libtech to not reply-all by default been broached? Reply-to-list poses a significant usability risk that can escalate into a security issue, so it's unfortunate that it's being used here of all places. Let me relate a personal example from several years ago: A: operational discussion on activist group list B: Right on! ps: how's extremely embarassing private matter going? B: Oh SH*#$#*T, I'm SO sorry, I didn't mean to reply-all!! I feel horrible!! It's quite easy to imagine extremely embarassing private matter being replaced by career-ending aside on most lists, but on this one in particular it might be replaced by potentially life-endangering datum. Now compare this to the typical fall-out that happens without reply-to: A: operational discussion on activist group list B: public reply accidentally sent privately B: Oops, sent that privately, sorry for the duplicate. How many such minor inconveniences equal one job lost or life endangered? In my opinion, no list should use reply-to-list. -- Mathematics is the supreme nostalgia of our time. Joseph Lorenzo Hall said: On Mar 19, 2013, at 19:32, Yosem Companys compa...@stanford.edu wrote: We used to use individual replies rather than reply all, but the list members took a vote to change the default to reply all. If there's enough interest, we could always bring it up for another vote, as the decision was made a year or so ago, and the list has grown a lot since then. Cool. That is exactly the data that I was looking for; I wouldn't want to question that collective decision. I think the two stanford.edu lists I am on are the only ones out of a large number that default to reply-to list. I will be more careful. best, Joe -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] list reply-all
On Wed, Mar 20, 2013 at 9:36 AM, Michael Allan m...@zelea.com wrote: But it now appears that safety is a concern (as Matt points out), which wasn't originally understood. Since it's a question of safety vs. convenience, then maybe it's better to revert immediately to the default setting (the safer one). How about no? Any decent mailing list uses reply-to-list as a default. The original survey stated: Reply to entire list or individual sender: - Advantage of replying to individual sender includes preventing personal replies from being inadvertently sent to the entire list. Advantages of replying to entire list include: - Preventing people who forward emails from the list from unnecessarily exposing subscribers' email addresses - Preventing list server from having to filter email to subscribers who are in To: or Cc: (if anything goes wrong, they get an email twice) - Reducing both the strain on the server and the risk of triggering spam filters So no new information has been brought in this thread. -- Maxim Kammerer Liberté Linux: http://dee.su/liberte -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] list reply-all
I find myself agreeing. While emails that reply to all when the intentioned recipient is a just a specific friend are tragic, the default reply to behavior for most emails on this list(or at least mine) is to the entire list. That's what a mailing list is for? -Andrew On Mar 20, 2013, at 9:52 PM, Maxim Kammerer m...@dee.su wrote: On Wed, Mar 20, 2013 at 9:36 AM, Michael Allan m...@zelea.com wrote: But it now appears that safety is a concern (as Matt points out), which wasn't originally understood. Since it's a question of safety vs. convenience, then maybe it's better to revert immediately to the default setting (the safer one). How about no? Any decent mailing list uses reply-to-list as a default. The original survey stated: Reply to entire list or individual sender: - Advantage of replying to individual sender includes preventing personal replies from being inadvertently sent to the entire list. Advantages of replying to entire list include: - Preventing people who forward emails from the list from unnecessarily exposing subscribers' email addresses - Preventing list server from having to filter email to subscribers who are in To: or Cc: (if anything goes wrong, they get an email twice) - Reducing both the strain on the server and the risk of triggering spam filters So no new information has been brought in this thread. -- Maxim Kammerer Liberté Linux: http://dee.su/liberte -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] list reply-all
The strain on server argument and the list server filtering argument seem silly to me (I doubt any configuration other than allowing very large attachments will substantially impact the server and Mailman does redundancy filtering quite well if you allow it)... and I'm on lists where forwarding requires manually removing email addresses and that seems to mostly work. Again, I'm happy to go either way, especially of there has been a formal poll... but I'm on a slew of decent mailing lists and none of them do this, primarily to avoid useless email traffic and embarrassment but also to avoid misconfigured precedence:bulk responses. best, Joe -- Joseph Lorenzo Hall Senior Staff Technologist Center for Democracy Technology https://www.cdt.org/ On Mar 20, 2013, at 4:51, Maxim Kammerer m...@dee.su wrote: On Wed, Mar 20, 2013 at 9:36 AM, Michael Allan m...@zelea.com wrote: But it now appears that safety is a concern (as Matt points out), which wasn't originally understood. Since it's a question of safety vs. convenience, then maybe it's better to revert immediately to the default setting (the safer one). How about no? Any decent mailing list uses reply-to-list as a default. The original survey stated: Reply to entire list or individual sender: - Advantage of replying to individual sender includes preventing personal replies from being inadvertently sent to the entire list. Advantages of replying to entire list include: - Preventing people who forward emails from the list from unnecessarily exposing subscribers' email addresses - Preventing list server from having to filter email to subscribers who are in To: or Cc: (if anything goes wrong, they get an email twice) - Reducing both the strain on the server and the risk of triggering spam filters So no new information has been brought in this thread. -- Maxim Kammerer Liberté Linux: http://dee.su/liberte -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] list reply-all
On Wed, Mar 20, 2013 at 11:48 AM, Michael Allan m...@zelea.com wrote: Maxim Kammerer said: ... Any decent mailing list uses reply-to-list as a default. ... Pardon me, but that's not true. GNU Mailman is a decent list server and it ships with reply-to-sender. I wrote “mailing list”, not “mailing list software”. I am on quite a few mailing lists, and they all use reply-to-list. ... no new information has been brought in this thread. That seems unlikely. I think the new information is that *this* ... preventing personal replies from being inadvertently sent to the entire list. is now recognized to be a safety issue. Matt Mackall said: It's quite easy to imagine extremely embarassing private matter being replaced by career-ending aside on most lists, but on this one in particular it might be replaced by potentially life-endangering datum. ... How many... minor inconveniences equal one job lost or life endangered? ... Isn't that a valid point? No, it's a useless imaginary construct. A valid point would be an example (preferably, more than one) of such an email on this list, where it would be possible to debate whether the person actually deserved losing his job / life for hastily sending said email. Otherwise, my imaginary friend here says that his convenience is more important than your imaginary construct. -- Maxim Kammerer Liberté Linux: http://dee.su/liberte -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] list reply-all
On Wed, 2013-03-20 at 18:02 +0200, Maxim Kammerer wrote: Isn't that a valid point? No, it's a useless imaginary construct. A valid point would be an example (preferably, more than one) of such an email on this list, where it would be possible to debate whether the person actually deserved losing his job / life for hastily sending said email. Am I reading this correctly? You need to personally witness someone make a potentially fatal mistake before you'll take a risk seriously? If you're unwilling to employ foresight as a decision-making aide, you may not be taking full advantage of your prefrontal cortex. -- Mathematics is the supreme nostalgia of our time. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] list reply-all
Maybe I have a hard time understanding since I don't use email to discuss anything that would be embarrassing, career ending, and most certainly not life threatening. However, it would seem that even if someone /does/ talk about those things using email -- they should be doing it with encryption and thus wouldn't be a problem on the main list. Conversations often get broken up when you disable reply-to-list because people just click reply instead of reply-all and we miss what could be very enlightening conversation. If I was to vote on a matter like this I would either abstain or vote to keep it the way it is, so clearly it's not so important to me that I want to fight about it. I don't view this as a security risk, no more than a person could reveal the same information using reply-all (anyone who has worked at a large company before probably knows countless times when someone has clicked reply all when they only meant to click reply) for recent example http://www.hlntv.com/article/2012/11/28/reply-all-nyu-student-emails-school I see zero need to change it. Travis McCrea Pirate Party of Canada The Ultimate Ebook Library Kopimist Church of Idaho Phone: 1(206)552-8728 US Call/Text IRC: irc.freenode.net, irc.pirateirc.net (TeamColtra or TravisMcCrea) Web: travismccrea.com IM: teamcol...@451.im (jabber) teamcoltra (AIM) On 2013-03-20, at 1:37 PM, Matt Mackall m...@selenic.com wrote: On Wed, 2013-03-20 at 18:02 +0200, Maxim Kammerer wrote: Isn't that a valid point? No, it's a useless imaginary construct. A valid point would be an example (preferably, more than one) of such an email on this list, where it would be possible to debate whether the person actually deserved losing his job / life for hastily sending said email. Am I reading this correctly? You need to personally witness someone make a potentially fatal mistake before you'll take a risk seriously? If you're unwilling to employ foresight as a decision-making aide, you may not be taking full advantage of your prefrontal cortex. -- Mathematics is the supreme nostalgia of our time. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] list reply-all
If we're going to require people to use their brains, perhaps its not too much to ask that individuals take responsibility for paying attention to who they are speaking to. This is not a personally configurable setting on the mailing list software, and we're relegated to a dualistic choice that cannot satisfy all participants, yet we still must choose and have previously chosen. If this will be a recurring issue, perhaps we should structure a yearly survey/vote. gf On 3/20/13 12:37 PM, Matt Mackall wrote: On Wed, 2013-03-20 at 18:02 +0200, Maxim Kammerer wrote: Isn't that a valid point? No, it's a useless imaginary construct. A valid point would be an example (preferably, more than one) of such an email on this list, where it would be possible to debate whether the person actually deserved losing his job / life for hastily sending said email. Am I reading this correctly? You need to personally witness someone make a potentially fatal mistake before you'll take a risk seriously? If you're unwilling to employ foresight as a decision-making aide, you may not be taking full advantage of your prefrontal cortex. -- Gregory Foster || gfos...@entersection.org @gregoryfoster http://entersection.com/ -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] list reply-all
Strange how so many are citing security norms for (say) encryption but not the one that systems should always fail to the safest setting. (Which isn't always the most functional.) I actually prefer it the way it is. Yet I certainly appreciate the alternative concern and would support the change in deference to .. -Ali On Mar 20, 2013 1:52 PM, Gregory Foster gfos...@entersection.org wrote: If we're going to require people to use their brains, perhaps its not too much to ask that individuals take responsibility for paying attention to who they are speaking to. This is not a personally configurable setting on the mailing list software, and we're relegated to a dualistic choice that cannot satisfy all participants, yet we still must choose and have previously chosen. If this will be a recurring issue, perhaps we should structure a yearly survey/vote. gf On 3/20/13 12:37 PM, Matt Mackall wrote: On Wed, 2013-03-20 at 18:02 +0200, Maxim Kammerer wrote: Isn't that a valid point? No, it's a useless imaginary construct. A valid point would be an example (preferably, more than one) of such an email on this list, where it would be possible to debate whether the person actually deserved losing his job / life for hastily sending said email. Am I reading this correctly? You need to personally witness someone make a potentially fatal mistake before you'll take a risk seriously? If you're unwilling to employ foresight as a decision-making aide, you may not be taking full advantage of your prefrontal cortex. -- Gregory Foster || gfos...@entersection.org @gregoryfoster http://entersection.com/ -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] list reply-all
Can we just vote already? This is getting out of hand and a perfect example why this list is increasingly useless with too many flame wars and not enough substantive content... On Mar 20, 2013, at 13:52, Gregory Foster gfos...@entersection.org wrote: If we're going to require people to use their brains, perhaps its not too much to ask that individuals take responsibility for paying attention to who they are speaking to. This is not a personally configurable setting on the mailing list software, and we're relegated to a dualistic choice that cannot satisfy all participants, yet we still must choose and have previously chosen. If this will be a recurring issue, perhaps we should structure a yearly survey/vote. gf On 3/20/13 12:37 PM, Matt Mackall wrote: On Wed, 2013-03-20 at 18:02 +0200, Maxim Kammerer wrote: Isn't that a valid point? No, it's a useless imaginary construct. A valid point would be an example (preferably, more than one) of such an email on this list, where it would be possible to debate whether the person actually deserved losing his job / life for hastily sending said email. Am I reading this correctly? You need to personally witness someone make a potentially fatal mistake before you'll take a risk seriously? If you're unwilling to employ foresight as a decision-making aide, you may not be taking full advantage of your prefrontal cortex. -- Gregory Foster || gfos...@entersection.org @gregoryfoster http://entersection.com/ -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] list reply-all
On Tue, Mar 19, 2013 at 07:08:48PM -0400, Joseph Lorenzo Hall wrote: Has the possibility of reconfiguring libtech to not reply-all by default been broached? Maybe I'm the only one that trips over it so often. best, Joe This is something that has been debated numerous, and I do mean *numerous*, times over the past few decades. That said, I'd recommend (a) removing the Reply-To header from the list's config and (b) using the mutt email client, which is the best one I'm aware of and -- if you configure it with edit_headers=yes -- makes it very very very easy to see what you're doing *and* change it if it's not whta you want to be doing. Mutt is lightweight, fast, portable, usable as-is, very customizable, and presents a much smaller attack surface than many other mail clients. I've used a *lot* of mail clients over the years; so far, mutt's the best. ---rsk -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] list reply-all
We used to use individual replies rather than reply all, but the list members took a vote to change the default to reply all. If there's enough interest, we could always bring it up for another vote, as the decision was made a year or so ago, and the list has grown a lot since then. Best, Yosem One of the list moderators On Tue, Mar 19, 2013 at 4:08 PM, Joseph Lorenzo Hall j...@cdt.org wrote: Has the possibility of reconfiguring libtech to not reply-all by default been broached? Maybe I'm the only one that trips over it so often. best, Joe On Mar 19, 2013, at 19:06, Joseph Lorenzo Hall j...@cdt.org wrote: best, Joe -- Joseph Lorenzo Hall Senior Staff Technologist Center for Democracy Technology https://www.cdt.org/ On Mar 19, 2013, at 16:18, Eleanor Saitta e...@dymaxion.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 2013.03.19 15.02, Lindsay Beck wrote: Hi All, NDItech is looking to collect a set of the best-of-the-best resources on threat modeling and risk assessment, particularly on information security pertaining to creating, storing, and sharing information. I'd love to hear from the list on what tools/resources you use, and will re-share an aggregated list. Lindsay: We don't have writeups finished yet, but at the Tactical Tech Integrated Security workshop and the Internews Level-Up event that followed it, we worked on turning the work that Brenda Larcom and I have been doing on the Trike project into something more suitable for NGOs and individuals to use for understanding the risks to their practices. Separately, there will hopefully be better writeups for the Trike project, suitable for use by security analysts and engineers during software development. The existing Trike information can be found at http://octotrike.org -- the two spreadsheets are the most relevant. E. - -- Ideas are my favorite toys. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) iF4EAREIAAYFAlFIyCsACgkQQwkE2RkM0wqCogD/bPG8/zyBFLI9szqBbqzHmvs4 I8GQXEOn8YEDJGmV0tYBAIC6Yh/pDWU1wxE0Iqzcr2i+vGDCM9eHMZtegT7yMmEl =tPTV -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] list reply-all
..on Tue, Mar 19, 2013 at 07:24:39PM -0400, Rich Kulawiec wrote: On Tue, Mar 19, 2013 at 07:08:48PM -0400, Joseph Lorenzo Hall wrote: Has the possibility of reconfiguring libtech to not reply-all by default been broached? Maybe I'm the only one that trips over it so often. best, Joe This is something that has been debated numerous, and I do mean *numerous*, times over the past few decades. That said, I'd recommend (a) removing the Reply-To header from the list's config and (b) using the mutt email client, which is the best one I'm aware of and -- if you configure it with edit_headers=yes -- makes it very very very easy to see what you're doing *and* change it if it's not whta you want to be doing. Mutt is lightweight, fast, portable, usable as-is, very customizable, and presents a much smaller attack surface than many other mail clients. I've used a *lot* of mail clients over the years; so far, mutt's the best. Hear here. 10 years with mutt across numerous machines and it's still the client that sucks the least. It takes a little learning at first, but those hours are well worth it. Cheers, -- Julian Oliver http://julianoliver.com http://criticalengineering.org -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] list reply-all
On Mar 19, 2013, at 19:32, Yosem Companys compa...@stanford.edu wrote: We used to use individual replies rather than reply all, but the list members took a vote to change the default to reply all. If there's enough interest, we could always bring it up for another vote, as the decision was made a year or so ago, and the list has grown a lot since then. Cool. That is exactly the data that I was looking for; I wouldn't want to question that collective decision. I think the two stanford.edu lists I am on are the only ones out of a large number that default to reply-to list. I will be more careful. best, Joe -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] list reply-all
On Tue, 2013-03-19 at 19:08 -0400, Joseph Lorenzo Hall wrote: Has the possibility of reconfiguring libtech to not reply-all by default been broached? Reply-to-list poses a significant usability risk that can escalate into a security issue, so it's unfortunate that it's being used here of all places. Let me relate a personal example from several years ago: A: operational discussion on activist group list B: Right on! ps: how's extremely embarassing private matter going? B: Oh SH*#$#*T, I'm SO sorry, I didn't mean to reply-all!! I feel horrible!! It's quite easy to imagine extremely embarassing private matter being replaced by career-ending aside on most lists, but on this one in particular it might be replaced by potentially life-endangering datum. Now compare this to the typical fall-out that happens without reply-to: A: operational discussion on activist group list B: public reply accidentally sent privately B: Oops, sent that privately, sorry for the duplicate. How many such minor inconveniences equal one job lost or life endangered? In my opinion, no list should use reply-to-list. -- Mathematics is the supreme nostalgia of our time. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] list reply-all
Matt said: Reply-to-list poses a significant usability risk that can escalate into a security issue, so it's unfortunate that it's being used here of all places. I agree. Some more information on Reply-To header munging: http://www.gnu.org/software/mailman/mailman-admin/node11.html It's non-standard too, as Joseph suggests. Joseph said: ... I wouldn't want to question that collective decision... I think the two stanford.edu lists I am on are the only ones out of a large number that default to reply-to list. I will be more careful. While well intentioned, the original decision seems ill-informed. -- Michael Allan Toronto, +1 416-699-9528 http://zelea.com/ Matt Mackall said: On Tue, 2013-03-19 at 19:08 -0400, Joseph Lorenzo Hall wrote: Has the possibility of reconfiguring libtech to not reply-all by default been broached? Reply-to-list poses a significant usability risk that can escalate into a security issue, so it's unfortunate that it's being used here of all places. Let me relate a personal example from several years ago: A: operational discussion on activist group list B: Right on! ps: how's extremely embarassing private matter going? B: Oh SH*#$#*T, I'm SO sorry, I didn't mean to reply-all!! I feel horrible!! It's quite easy to imagine extremely embarassing private matter being replaced by career-ending aside on most lists, but on this one in particular it might be replaced by potentially life-endangering datum. Now compare this to the typical fall-out that happens without reply-to: A: operational discussion on activist group list B: public reply accidentally sent privately B: Oops, sent that privately, sorry for the duplicate. How many such minor inconveniences equal one job lost or life endangered? In my opinion, no list should use reply-to-list. -- Mathematics is the supreme nostalgia of our time. Joseph Lorenzo Hall said: On Mar 19, 2013, at 19:32, Yosem Companys compa...@stanford.edu wrote: We used to use individual replies rather than reply all, but the list members took a vote to change the default to reply all. If there's enough interest, we could always bring it up for another vote, as the decision was made a year or so ago, and the list has grown a lot since then. Cool. That is exactly the data that I was looking for; I wouldn't want to question that collective decision. I think the two stanford.edu lists I am on are the only ones out of a large number that default to reply-to list. I will be more careful. best, Joe -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] list reply-all
Am I right to assume Mike and Matt are asking that the issue be put up for a vote again so that the default is changed back from reply-to-all to reply-to-poster? If so, I will get that survey going. Thanks, Yosem One of the moderators On Tue, Mar 19, 2013 at 6:59 PM, Michael Allan m...@zelea.com wrote: Matt said: Reply-to-list poses a significant usability risk that can escalate into a security issue, so it's unfortunate that it's being used here of all places. I agree. Some more information on Reply-To header munging: http://www.gnu.org/software/mailman/mailman-admin/node11.html It's non-standard too, as Joseph suggests. Joseph said: ... I wouldn't want to question that collective decision... I think the two stanford.edu lists I am on are the only ones out of a large number that default to reply-to list. I will be more careful. While well intentioned, the original decision seems ill-informed. -- Michael Allan Toronto, +1 416-699-9528 http://zelea.com/ Matt Mackall said: On Tue, 2013-03-19 at 19:08 -0400, Joseph Lorenzo Hall wrote: Has the possibility of reconfiguring libtech to not reply-all by default been broached? Reply-to-list poses a significant usability risk that can escalate into a security issue, so it's unfortunate that it's being used here of all places. Let me relate a personal example from several years ago: A: operational discussion on activist group list B: Right on! ps: how's extremely embarassing private matter going? B: Oh SH*#$#*T, I'm SO sorry, I didn't mean to reply-all!! I feel horrible!! It's quite easy to imagine extremely embarassing private matter being replaced by career-ending aside on most lists, but on this one in particular it might be replaced by potentially life-endangering datum. Now compare this to the typical fall-out that happens without reply-to: A: operational discussion on activist group list B: public reply accidentally sent privately B: Oops, sent that privately, sorry for the duplicate. How many such minor inconveniences equal one job lost or life endangered? In my opinion, no list should use reply-to-list. -- Mathematics is the supreme nostalgia of our time. Joseph Lorenzo Hall said: On Mar 19, 2013, at 19:32, Yosem Companys compa...@stanford.edu wrote: We used to use individual replies rather than reply all, but the list members took a vote to change the default to reply all. If there's enough interest, we could always bring it up for another vote, as the decision was made a year or so ago, and the list has grown a lot since then. Cool. That is exactly the data that I was looking for; I wouldn't want to question that collective decision. I think the two stanford.edu lists I am on are the only ones out of a large number that default to reply-to list. I will be more careful. best, Joe -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] list reply-all
Here is a very personal example, in which I learned a valuable general lesson about talking shit: http://six.pairlist.net/pipermail/markdown-discuss/2008-March/001175.html which had a side effect of cementing one of my professional mantras: What would David Wagner do? ::) I can certainly take the time to be better about spurious reply-all sends. best, Joe -- Joseph Lorenzo Hall Senior Staff Technologist Center for Democracy Technology https://www.cdt.org/ On Mar 19, 2013, at 21:22, Matt Mackall m...@selenic.com wrote: On Tue, 2013-03-19 at 19:08 -0400, Joseph Lorenzo Hall wrote: Has the possibility of reconfiguring libtech to not reply-all by default been broached? Reply-to-list poses a significant usability risk that can escalate into a security issue, so it's unfortunate that it's being used here of all places. Let me relate a personal example from several years ago: A: operational discussion on activist group list B: Right on! ps: how's extremely embarassing private matter going? B: Oh SH*#$#*T, I'm SO sorry, I didn't mean to reply-all!! I feel horrible!! It's quite easy to imagine extremely embarassing private matter being replaced by career-ending aside on most lists, but on this one in particular it might be replaced by potentially life-endangering datum. Now compare this to the typical fall-out that happens without reply-to: A: operational discussion on activist group list B: public reply accidentally sent privately B: Oops, sent that privately, sorry for the duplicate. How many such minor inconveniences equal one job lost or life endangered? In my opinion, no list should use reply-to-list. -- Mathematics is the supreme nostalgia of our time. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
