Comparisons and sorting of a numeric class....

Steven D'Aprano steve+comp.lang.python at pearwood.info
Fri Jan 16 08:33:49 CET 2015


Andrew Robinson wrote:

[...much about bools...]

I'll get back to that shortly, but for now I just want to make a couple of
comments about your HTML email.

>> [...]
>>> I don't have a setting on my email to turn off html.  Sorry. Can't help.
>> You are using Thunderbird. You certainly do have such a setting.
>
> It's nice to know that you read and believe what you see in an email
> header. Note: Headers are sometimes modified by sysadmins who actually
> care about security.

No they're not. They're modified by sysadmins who like to give the false
impression that they care about security. Also who don't care about your
privacy. (I wouldn't trust a sys admin who modified the headers my mail
program set. I would wonder what else he is modifying behind my back.)

Faking the Useragent header is as useful for security as removing the badge
off a Toyota and replacing it with a Ford badge. Even if you can come up
with some conceivable set of circumstances where you are more secure ("what
if a terrorist with a grudge against Toyota sees your car and is
sufficiently enraged to blow it up???"), it's just security theatre.

To quote Whitfield Diffie: 

"The secret to strong security: less reliance on secrets."

If the security of your email program depends on people being misinformed
about which email program you have, then you have no little or no security.


> PPS: If there is a way to turn off HTML in this email program -- it is
> not obvious -- and I have looked.
> I've done my best not to push any HTML enhancement buttons...

Despite your belief that you are unable to disable HTML in your email, I can
tell you that out of the twelve posts I have received from you so far,
eight have no HTML (including this one of yours which I am replying to). So
you can disable it -- the only trick is to work out what you are doing, or
not doing, to avoid triggering it.

(If you are using Thunderbird, it gives you extensive control over when HTML
mail is set. Apart from being able to disable it completely, you can set
certain domains to only receive plain text emails. Look under Preferences
or Settings or whatever it's called now -- you're an engineer. I'm sure
you'll work it out.)



-- 
Steven




More information about the Python-list mailing list