Great Circle Associates List-Managers
(July 2002)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: how do I get off this list?
From: "wayfarer" <WAYFAYER @ goes . com>
Date: Mon, 8 Jul 2002 14:14:34 -0400
To: "Chuq Von Rospach" <chuqui @ plaidworks . com>, <list-managers @ greatcircle . com>, "Nick Simicich" <njs @ scifi . squawk . com>
References: <30450 . 1026107178 @ kanga . nu> <5 . 1 . 0 . 14 . 2 . 20020708110839 . 26d88490 @ 127 . 0 . 0 . 1>

how do I get off this list?
to join a learning community about communication and in
order to help cure human problems join for free
http://www.communicationinstitute.com
wayfayer tomm
----- Original Message -----
From: "Nick Simicich" <njs @
 scifi .
 squawk .
 com>
To: "Chuq Von Rospach" <chuqui @
 plaidworks .
 com>;
<list-managers @
 greatcircle .
 com>
Sent: Monday, July 08, 2002 1:03 PM
Subject: Re: The role of the mailing list


> At 11:57 PM 2002-07-07 -0700, Chuq Von Rospach wrote:
> >Nick made a number of comments I mostly don't agree with (HTML is not a
> >programming language. It's a markup language. His statement, if true,
also
> >makes the statement "wordstar is really a compiler" also true, which it's
> >not.
>
> No, it is an interpreter.  Difference -- a programming language does not
> always imply a compiler.  Wordstar, and Microsoft Word, and the html
> viewers you use are all interpreters, as much as Javascript is
interpreted.
> All of these things have "intended actions" and (likely) "unintended
> actions", situations where you can feed them invalid input and get them to
> do unexpected (by the original coder) things. (As opposed to the typical
> Word Macro Virus issue, where the virus is actually written in the macro
> language and uses the ordinary language facilities). The number of
> unintended actions is likely correlated to the general care used by the
> coder, the language used, the standards and procedures used, and so forth.
>
> This goes back to the "Use a viewer rather than Microsoft word to look at
> your documents."  It may work by limiting intended actions, as the viewer
> may be missing the macro language that is bundled into full word, but it
> may not limit unintended consequences --- the document may well have
> overflows that translate into arbitrary code execution.
>
> >  HTML has had stuff tossed onto it, whether it's javascript or java
> >applets or activex or whatever, and those things ARE active code
pieces --
> >but they are NOT HTMl. Pure HTML is benign. It can be used to bring in
> >non-benign pieces, but that doesn't mean HTML is non-benign, and that's
> >where you get the ability to protect the user from those non-benign
> >pieces...) -- and other than the previous, I'll disagree without comment
> >because most of the disagrements are philosophical.
>
> Perhaps, and perhaps things are just definitions.  I will agree with you
> that the intention of pure HTML (that is, HTML without intended scripting)
> is to be a benign markup language. How well it succeeds at that is
relative
> to how well the interpreter is written.
>
> >But he also said something on the order of "stop protecting against
viruses,
> >too" -- and in many ways, he's correct. We CAN, actually, simply go to a
> >caveat emptor approach.
>
> That was a sarcastic strawman.
>
> >Nick is running up the strawman that if we can't do everything, all the
> >time, then don't do anything. That obviously fails, but it's a wonderful
> >rhetoric.
>
> I agree that it obviously fails.  The point is to do as well as we
> can.  This leads to my point in the final paragraph...
>
> >My counter-argument is that we have a responsibility to do what we can
> >safely and reasonably, help users understand the risks where we can't
> >provide that safe harbor, but at the same time, we have to be very
careful
> >about what things we choose to put into our purview of responsibility.
> >
> >Protecting end-users form viruses is a no-brainer. We can do it for the
most
> >part pretty well. Viruses serve no useful or constructive purpose. Even
if
> >Joe sixpack doesn't care if he gets infected, we do, because his
infection
> >impacts other users elsewhere (and from the public health real world
> >analogy, there's a precedent of isolation and forced innoculation even
> >against the wishes of the user we can adopt).
> >
> >But when you start talking about HTML and web bug issues, it gets a lot
less
> >clearcut. YOU may feel strongly about privacy issues, but does running a
> >mail list give you the right to force your privacy views on your users?
>
> My definition of my mailing lists is that I am not simply a xerox
> machine.  I decide what to forward to my users and what not to.  You have
> already agreed that my approach is a good idea, the question is, where do
> you stop?  There are probably users who disagree with removing viruses
from
> the mailing lists --- but I don't care that much.
>
> For example, I noted in a separate message that I remove some headers from
> e-mail, and not only errors-to.  I also remove all headers that generate
> those "The user has requested notification that you read their message,"
> or  "the originating user has flagged this message as important."  I add
> footers.  I automatically filter for other content and edit it.
>
> Let's put it a different way:  Supposing you do remove web bugs and
> scripting.  Will any of your users notice?  Will any care?
>
> >With
> >viruses, there's a clear "protection of the commons" need here. You can't
> >have someone with mumps running around the pregnant women. But that is
far
> >from clear on privacy. If the user doesn't care about web bugs, what
gives
> >you the right to force your view of that on them? Where does that privacy
> >issue become one of the commons, where failing to protect users causes
> >damage to that commons?
>
> If you consider your lists to be a commons, that also means that you
> recognize the right of people to post handbills there.  I don't.  But the
> precedence is that, (even if you consider yourself a common carrier) is
> that common carriers have generally protected the privacy of their users
> until and unless the users have asked that their privacy be discarded.
>
> >I just don't believe it's there. I do believe list admins can evangelize
> >their views, but where virus fighting is an attempt to mitigate damage
> >caused ot the commons we all use, this privacy stuff is instead an
attempt
> >to force a personal agenda on the users of the list, where you
effectively
> >are telling the users what they have to believe -- and that coercion
doesn't
> >come with any justification of common need like the virus hacks do.
>
> Sure it does:  The protection of their e-mail addresses from exposure to
> harvesters.  And the protection of their privacy.
>
> For example, someone could sign up to one of my lists with their real
> e-mail address, and never post.  Their e-mail address is not available to
> the public. I no longer, for example, allow "who" or "which" commands by
> non-admins (at the user's request initially, I had not thought of it at
> that point, this was some time ago). But if I allow the transmission of
web
> bugs, or HTML scripting in the archives that opens them to cross site
> scripting vulnerabilities, their addresses and privacy are not protected.
>
> >So in one case you're taking action for common good and protecting users
who
> >may be incapable of that action themselves. But in another, it's
effectively
> >saying "you have to do it my way", but without the damage to the commons
> >that comes from inaction. One is the health department locking up people
> >with active TB so others don't get it. The other is Greenpeace blockading
an
> >Esso station because they feel you shouldn't be buying gas there.
>
> It is more like, "The phone company insisting that they will not install a
> pen register on your line unless presented with a warrant."  You
> know?  Probably 80-90% of the people would not care if the government
could
> get a pen register without a license.
>
> >Do you, as list admin, have the right to act as greenpeace? I don't
believe
> >so.
>
> I don't think your analogy is at all correct. You might think it is, but
> that is because your world view is warped from too much use of apple
> computers. :-)
>
> My other point is that you have to do it anyway to make the archives safe
> for viewing.  You might as well make the archives representative of the
> actual content distributed on the list.
>
> --
> "Forgive him, for he believes that the customs of his tribe are the laws
of
> nature!"
>   -- George Bernard Shaw (1856-1950)
> Nick Simicich - njs @
 scifi .
 squawk .
 com
>
>




Follow-Ups:
References:
Indexed By Date Previous: Re: The role of the mailing list
From: J C Lawrence <claw @ kanga . nu>
Next: Re: Please prune this list!
From: "Roger B.A. Klorese" <rogerk @ queernet . org>
Indexed By Thread Previous: Re: The role of the mailing list
From: J C Lawrence <claw @ kanga . nu>
Next: Re: how do I get off this list?
From: Charlie Summers <charlie @ lofcom . com>

Google
 
Search Internet Search www.greatcircle.com