Re: love worm

Date view Thread view Subject view Author view

From: Kragen Sitaker (kragen@pobox.com)
Date: Tue May 09 2000 - 18:30:51 PDT


Eugene Leitl writes:
> A mail should not know anything about the addressbook, for obvious
> reasons. A mail is just plain text, after all.

Agreed.

> No one but the user
> should be able do actions on addressbook entries. And certainly the OS
> should have no clue about the addressbook, other than it is a
> (encrypted) file.

I want to be able to write a program to scrape my addressbook and turn
it into another format (maybe CSCMail doesn't understand Outlook
addressbook format). The mail program already has to know how to read
addressbook entries; that API should *definitely* be exposed to
scripts, and IMHO there should be a naming system that lets me access
it from outside the mail program, so I don't have to write my
addressbook-scraping program in whatever half-baked brain-dead slow
broken scripting language the mail program authors happened to
integrate into their mail client.

I don't think Unix people generally understand this, which is weird,
because the idea more or less started on Unix.

Basically, the concept is that if I can invoke some function --- such
as looking up an address book entry --- software I write ought to be
able to invoke that function too. All useful reusable functions should
be accessible to any software I want to make them accessible to, with
as little fuss as possible.

Microsoft and Apple simply made them accessible to all software on the
system, which is a good choice for a non-networked box that serves as a
fancy typewriter, but a lousy choice for a communication appliance, and
they didn't do a terrific job of exposing functionality either. But
every release of Office and friends gets better at this.

Outlook doesn't, in fact, tell the OS it has an address book. (Well,
maybe it does with MAPI, but I don't hack MAPI.) It just tells the OS
it can be scripted. Then any software running on the system [with
appropriate privileges] can invoke Outlook functions.

This is a GOOD IDEA. It's just executed in an insecure way. It's
also, to a large degree, the basic concept behind Microsoft Office, and
has been for at least ten years.

(Also, it encourages software to encapsulate information in half-baked
unreliable slow proprietary file formats. But this is not an
insurmountable obstacle; after all, C encourages programmers to write
software that crashes.)

Executing this idea in a simple and transparent way, which I don't
think has yet been done, gives back shell-scripting power to the user.

> In a corporate setting, only
> trusted (by the admin, that is) users should be able to select HTML
> rendering of mail.

IMHO, HTML rendering of mail should be off by default, and there should
be a scary warning telling people about the insecurities. However, I
firmly believe that people have the right to control their own
computers. Completely. Even when they're working in a corporate
setting. Doing dangerous things like enabling JavaScript in your
browser should be dealt with in the same way as driving the company car
at 100MPH.

-- 
<kragen@pobox.com>       Kragen Sitaker     <http://www.pobox.com/~kragen/>
The Internet stock bubble didn't burst on 1999-11-08.  Hurrah!
<URL:http://www.pobox.com/~kragen/bubble.html>
The power didn't go out on 2000-01-01 either.  :)


Date view Thread view Subject view Author view

This archive was generated by hypermail 2b29 : Tue May 09 2000 - 18:31:24 PDT