[Mailman-Developers] Re: subscription confirmations (was Re: [Mailman-Users] [ANNOUNCE] Mailman 2.1 alpha 2)

Chuq Von Rospach chuqui@plaidworks.com
Sun, 15 Jul 2001 10:57:56 -0700 

On 7/15/01 8:16 AM, "Jay R. Ashworth" <jra@baylink.com> wrote:

> What *I* think is that it's a special case, and any such pre-fetch
> system ought to, by default, *not* pre-fetch anything with GET
> parameters in it.

That was what I was thinking, too -- no matter what W3 says, building a tool
that pre-fetches those by default is like Microsoft defaulting .EXE
execution to yes, or sendmail defaulting to open relay like it did in 8.8
and before. Those are situations just waiting for someone to take advantage
of it, and the whitehats won't be the someones.

> Well put, young pilot.

Young? Young? Where's my walker? (as an irrelevant side note, Apple finally
hired me an assistant, who was -- literally -- not potty trained when I used
my first Unix system. Good kid. Well, man. He's no kid... But he's getting
going to get tired of the "In the Good Old Days.." jokes...)

>> At this point, I'd never turn on pre-fectching,  since it's safety depends
>> entirely no voluntary cooperation, and you aren't in a position to police
>> until after the fact. That's a Bad Thing in a big way.
> 
> Well, yeah, but you don't have a palmtop, either, Chuq, right?  :-)

I have a Handspring and my primary machine is a wireless laptop (a
Titanium!). Do I need a palmtop?

Of course, none of this deals iwht whether Mailman should use GET or POST.
That GET is inherently unsafe doesn't mean that it's therefore okay for
Mailman to use it -- I still think we need to look at this further. It
simply means, IMHO, that if we choose to not follow the W3 standard, that
it's fairly safe to do so.

And, editorial comment time, the subject line is a classic example of why
subject line topic flags are the second worst damn thing you can do to a
mailing list -- after coercing reply-to. How in the bloody heck is someone
supposed to look at THAT and figure out whether they want to read the
message? And my user studies have shown that subject line is the key
determinant on whether a list message gets read.




-- 
Chuq Von Rospach, Internet Gnome <http://www.chuqui.com>
[<chuqui@plaidworks.com> = <me@chuqui.com> = <chuq@apple.com>]
Yes, yes, I've finally finished my home page. Lucky you.

Shroedinger:
 We can never really be sure which side of the road the chicken is on.  It's
all a matter of chance.  Like a game of dice.

Einstein, refuting Schroedinger:
 God does not play dice with chickens.
Heisenburg:
We can determine how fast the chicken travelled, or where it ended up, but
we cannot determine why it did so.