Microsoft releases patch to fix month-old security problem
anon July 31 2004 Seattle (AP) --

Microsoft Corp. released a patch Friday to halt the spread of a
computer virus that can steal personal information, more than a month
after the virus began winding its way through the Internet.

[...]

The vulnerabilities prompted some security experts to recommend that
users try a different browser, such as Mozilla or Opera, while
Microsoft's dominant Internet Explorer browser remained unfixed.

http://www.wcfcourier.com/articles/2004/07/31/business/local/2195fc7a97182e8586256ee1006cb3c2.txt
http://snipurl.com/85hb

On Sun, 01 Aug 2004 15:56:02 -0700, Simon Cooke wrote:

> Doug Mitchell aka. Doug Mentohl aka. Daeron is a despicable lowlife piece
> of scum who will stop at nothing to promote Linux - including attempting to
> get people fired, and posting lies about them online.

You could always just leave the NG Simon? :)

On 31 Jul 2004 10:35:01 -0700, Daeron wrote:

> Microsoft releases patch to fix month-old security problem
> anon July 31 2004 Seattle (AP) --
> 
> Microsoft Corp. released a patch Friday to halt the spread of a
> computer virus that can steal personal information, more than a month
> after the virus began winding its way through the Internet.
> 
> [...]
> 
> The vulnerabilities prompted some security experts to recommend that
> users try a different browser, such as Mozilla or Opera, while
> Microsoft's dominant Internet Explorer browser remained unfixed.
> 
> http://www.wcfcourier.com/articles/2004/07/31/business/local/2195fc7a97182e8586256ee1006cb3c2.txt
> http://snipurl.com/85hb

Before reading one of his posts, consider this:

Daeron is a despicable liar of the highest order. He has attacked me
repeatedly in this newsgroup. In his latest attack posted to his blog, he
is claimikng that I posted requests for sexual acts on another newsgroup.

Those posts were forged by another lowlife Linux Advocate, but he's trying
to claim that this is my "hobby".

Doug Mitchell aka. Doug Mentohl aka. Daeron is a despicable lowlife piece
of scum who will stop at nothing to promote Linux - including attempting to
get people fired, and posting lies about them online.

Read his posts with care.

On Sun, 01 Aug 2004 16:28:27 +0000, Freeride wrote:

> On Sun, 01 Aug 2004 15:56:02 -0700, Simon Cooke wrote:
> 
>> Doug Mitchell aka. Doug Mentohl aka. Daeron is a despicable lowlife piece
>> of scum who will stop at nothing to promote Linux - including attempting to
>> get people fired, and posting lies about them online.
> 
> You could always just leave the NG Simon? :)

How would that stop him?

Do you have proof that this would stop him?

Also, why *should* I leave a public forum because of him?

You do realize that you're supporting his actions, right?

Simon Cooke wrote:

> On Sun, 01 Aug 2004 16:28:27 +0000, Freeride wrote:
> 
>> On Sun, 01 Aug 2004 15:56:02 -0700, Simon Cooke wrote:
>> 
>>> Doug Mitchell aka. Doug Mentohl aka. Daeron is a despicable lowlife
>>> piece of scum who will stop at nothing to promote Linux - including
>>> attempting to get people fired, and posting lies about them online.
>> 
>> You could always just leave the NG Simon? :)
> 
> How would that stop him?
> 
> Do you have proof that this would stop him?
> 
> Also, why *should* I leave a public forum because of him?
> 
> You do realize that you're supporting his actions, right?

If you have evidence, then take action via the law, as you often bluff that
you would do.

Telling us about your paranoid fantasies about Daeron does nothing to help
you or your persecution complexes.  

Please take the first step towards help.


-- 
http://kentpsychedelic.blogspot.com

On 31 Jul 2004 10:35:01 -0700, Daeron wrote:

> Microsoft releases patch to fix month-old security problem
> anon July 31 2004 Seattle (AP) --
> 
> Microsoft Corp. released a patch Friday to halt the spread of a
> computer virus that can steal personal information, more than a month
> after the virus began winding its way through the Internet.
> 
> [...]
> 
> The vulnerabilities prompted some security experts to recommend that
> users try a different browser, such as Mozilla or Opera, while
> Microsoft's dominant Internet Explorer browser remained unfixed.
> 
> http://www.wcfcourier.com/articles/2004/07/31/business/local/2195fc7a97182e8586256ee1006cb3c2.txt
> http://snipurl.com/85hb

Oh wait, it's still not fixed....

http://bugzilla.mozilla.org/show_bug.cgi?id=22183

Simon Cooke wrote:

> On Sun, 01 Aug 2004 16:28:27 +0000, Freeride wrote:
> 
>> On Sun, 01 Aug 2004 15:56:02 -0700, Simon Cooke wrote:
>> 
>>> Doug Mitchell aka. Doug Mentohl aka. Daeron is a despicable lowlife
>>> piece of scum who will stop at nothing to promote Linux - including
>>> attempting to get people fired, and posting lies about them online.
>> 
>> You could always just leave the NG Simon? :)
> 
> How would that stop him?
> 
> Do you have proof that this would stop him?
> 
> Also, why *should* I leave a public forum because of him?
> 
> You do realize that you're supporting his actions, right?

Just.... go away. Your postings after each of Daeron's posts is just plain
wasteful... and probably can be called abuse.



-- 

******************************************************************************
                     Registered Linux User Number 185956
              FSF Associate Member number 2340 since 05/20/2004
             Join me in chat at #linux-users on irc.freenode.net
    Buy an Xbox for $149.00, run linux on it and Microsoft loses $150.00!
    9:53pm  up 104 days, 35 min,  7 users,  load average: 0.06, 0.08, 0.09

On Mon, 02 Aug 2004 02:02:53 +0000, Jerry McBride wrote:

> Simon Cooke wrote:
> 
>> On Sun, 01 Aug 2004 16:28:27 +0000, Freeride wrote:
>> 
>>> On Sun, 01 Aug 2004 15:56:02 -0700, Simon Cooke wrote:
>>> 
>>>> Doug Mitchell aka. Doug Mentohl aka. Daeron is a despicable lowlife
>>>> piece of scum who will stop at nothing to promote Linux - including
>>>> attempting to get people fired, and posting lies about them online.
>>> 
>>> You could always just leave the NG Simon? :)
>> 
>> How would that stop him?
>> 
>> Do you have proof that this would stop him?
>> 
>> Also, why *should* I leave a public forum because of him?
>> 
>> You do realize that you're supporting his actions, right?
> 
> Just.... go away. Your postings after each of Daeron's posts is just plain
> wasteful... and probably can be called abuse.

No. If he's not going to stop, and he wants me to go away, then I'll keep
posting here.

Nearly every single post I've made in the past couple of months has been in
response to his attacks. I would have left this newsgroup a good while ago
- or my posting rate would have dropped to near nothing - if not for him
and his lies.

Erik Funkenbusch wrote:

> On 31 Jul 2004 10:35:01 -0700, Daeron wrote:
> 
> 
>>Microsoft releases patch to fix month-old security problem
>>anon July 31 2004 Seattle (AP) --
>>
>>Microsoft Corp. released a patch Friday to halt the spread of a
>>computer virus that can steal personal information, more than a month
>>after the virus began winding its way through the Internet.
>>
>>[...]
>>
>>The vulnerabilities prompted some security experts to recommend that
>>users try a different browser, such as Mozilla or Opera, while
>>Microsoft's dominant Internet Explorer browser remained unfixed.
>>
>>http://www.wcfcourier.com/articles/2004/07/31/business/local/2195fc7a97182e8586256ee1006cb3c2.txt
>>http://snipurl.com/85hb
> 
> 
> Oh wait, it's still not fixed....
> 
> http://bugzilla.mozilla.org/show_bug.cgi?id=22183

Neither is IE 6.0, so a bug isn't fixed in Mozilla.  So what?  When is 
M$ going to fix IE 6.0?

-- 
---------------------------------
My other computer is a VAX.

On Sun, 01 Aug 2004 22:19:38 -0600, GreyCloud wrote:

> Erik Funkenbusch wrote:
> 
>> On 31 Jul 2004 10:35:01 -0700, Daeron wrote:
>> 
>> 
>>>Microsoft releases patch to fix month-old security problem
>>>anon July 31 2004 Seattle (AP) --
>>>
>>>Microsoft Corp. released a patch Friday to halt the spread of a
>>>computer virus that can steal personal information, more than a month
>>>after the virus began winding its way through the Internet.
>>>
>>>[...]
>>>
>>>The vulnerabilities prompted some security experts to recommend that
>>>users try a different browser, such as Mozilla or Opera, while
>>>Microsoft's dominant Internet Explorer browser remained unfixed.
>>>
>>>http://www.wcfcourier.com/articles/2004/07/31/business/local/2195fc7a97182e8586256ee1006cb3c2.txt
>>>http://snipurl.com/85hb
>> 
>> 
>> Oh wait, it's still not fixed....
>> 
>> http://bugzilla.mozilla.org/show_bug.cgi?id=22183
> 
> Neither is IE 6.0, so a bug isn't fixed in Mozilla.  So what?  When is 
> M$ going to fix IE 6.0?

Daeron was making a big point over a bug fix in IE that is a month old, yet
at least one 4 *YEAR* old bug still isn't fixed in Mozilla.

It's all about hypocricy, greycloud.

Simon Cooke wrote:

> On Mon, 02 Aug 2004 02:02:53 +0000, Jerry McBride wrote:
> 
>> Simon Cooke wrote:
>> 
>>> On Sun, 01 Aug 2004 16:28:27 +0000, Freeride wrote:
>>> 
>>>> On Sun, 01 Aug 2004 15:56:02 -0700, Simon Cooke wrote:
>>>> 
>>>>> Doug Mitchell aka. Doug Mentohl aka. Daeron is a despicable lowlife
>>>>> piece of scum who will stop at nothing to promote Linux - including
>>>>> attempting to get people fired, and posting lies about them online.
>>>> 
>>>> You could always just leave the NG Simon? :)
>>> 
>>> How would that stop him?
>>> 
>>> Do you have proof that this would stop him?
>>> 
>>> Also, why *should* I leave a public forum because of him?
>>> 
>>> You do realize that you're supporting his actions, right?
>> 
>> Just.... go away. Your postings after each of Daeron's posts is just
>> plain wasteful... and probably can be called abuse.
> 
> No. If he's not going to stop, and he wants me to go away, then I'll keep
> posting here.
> 
> Nearly every single post I've made in the past couple of months has been
> in response to his attacks. I would have left this newsgroup a good while
> ago - or my posting rate would have dropped to near nothing - if not for
> him and his lies.

Then you, sir, are a dolt of the Highest Order !

Paint a word on your forehead, in bright glittery letters: D - U - M - Y

That's what you are.

A Dumy !!!

HA HA HA



-- 
http://kentpsychedelic.blogspot.com

On 2004-08-02, GreyCloud <mist@cumulus.com> sputtered:
>
>
> Erik Funkenbusch wrote:
>
>> On 31 Jul 2004 10:35:01 -0700, Daeron wrote:
>> 
>> 
>>>Microsoft releases patch to fix month-old security problem
>>>anon July 31 2004 Seattle (AP) --
>>>
>>>Microsoft Corp. released a patch Friday to halt the spread of a
>>>computer virus that can steal personal information, more than a month
>>>after the virus began winding its way through the Internet.
>>>
>>>[...]
>>>
>>>The vulnerabilities prompted some security experts to recommend that
>>>users try a different browser, such as Mozilla or Opera, while
>>>Microsoft's dominant Internet Explorer browser remained unfixed.
>>>
>>>http://www.wcfcourier.com/articles/2004/07/31/business/local/2195fc7a97182e8586256ee1006cb3c2.txt
>>>http://snipurl.com/85hb
>> 
>> 
>> Oh wait, it's still not fixed....
>> 
>> http://bugzilla.mozilla.org/show_bug.cgi?id=22183
>
> Neither is IE 6.0, so a bug isn't fixed in Mozilla.  So what?  When is 
> M$ going to fix IE 6.0?

When His Billness starts pinching off albino turds.

-- 
Microsoft: The company that made email dangerous.

begin  On Sun, 01 Aug 2004 22:19:38 -0600, GreyCloud scribbled this
message:

> 
> 
> Erik Funkenbusch wrote:
> 
>> On 31 Jul 2004 10:35:01 -0700, Daeron wrote:
>> 
>> 
>>>Microsoft releases patch to fix month-old security problem
>>>anon July 31 2004 Seattle (AP) --
>>>
>>>Microsoft Corp. released a patch Friday to halt the spread of a
>>>computer virus that can steal personal information, more than a month
>>>after the virus began winding its way through the Internet.
>>>
>>>[...]
>>>
>>>The vulnerabilities prompted some security experts to recommend that
>>>users try a different browser, such as Mozilla or Opera, while
>>>Microsoft's dominant Internet Explorer browser remained unfixed.
>>>
>>>http://www.wcfcourier.com/articles/2004/07/31/business/local/2195fc7a97182e8586256ee1006cb3c2.txt
>>>http://snipurl.com/85hb
>> 
>> 
>> Oh wait, it's still not fixed....
>> 
>> http://bugzilla.mozilla.org/show_bug.cgi?id=22183
> 
> Neither is IE 6.0, so a bug isn't fixed in Mozilla.  So what?  When is 
> M$ going to fix IE 6.0?

And when it the 'begin' bug going to be fixed in OE? 

-- 
"If it weren't for Windows, you wouldn't 
be posting anything right now."
DFS aka DorkForSure aka DooFu$ -  
comp.os.linux.advocacy Date: Tue, 22 Jun 2004

On Mon, 02 Aug 2004 11:01:28 +0100, William Poaster wrote:

> begin  On Sun, 01 Aug 2004 22:19:38 -0600, GreyCloud scribbled this
> message:
> 
>> 
>> 
>> Erik Funkenbusch wrote:
>> 
>>> On 31 Jul 2004 10:35:01 -0700, Daeron wrote:
>>> 
>>> 
>>>>Microsoft releases patch to fix month-old security problem
>>>>anon July 31 2004 Seattle (AP) --
>>>>
>>>>Microsoft Corp. released a patch Friday to halt the spread of a
>>>>computer virus that can steal personal information, more than a month
>>>>after the virus began winding its way through the Internet.
>>>>
>>>>[...]
>>>>
>>>>The vulnerabilities prompted some security experts to recommend that
>>>>users try a different browser, such as Mozilla or Opera, while
>>>>Microsoft's dominant Internet Explorer browser remained unfixed.
>>>>
>>>>http://www.wcfcourier.com/articles/2004/07/31/business/local/2195fc7a97182e8586256ee1006cb3c2.txt
>>>>http://snipurl.com/85hb
>>> 
>>> 
>>> Oh wait, it's still not fixed....
>>> 
>>> http://bugzilla.mozilla.org/show_bug.cgi?id=22183
>> 
>> Neither is IE 6.0, so a bug isn't fixed in Mozilla.  So what?  When is 
>> M$ going to fix IE 6.0?
> 
> And when it the 'begin' bug going to be fixed in OE?

Never, most likely, since it's not a bug.

begin  <1gwet517yrvz7.dlg@funkenbusch.com>,
	Erik Funkenbusch <erik@despam-funkenbusch.com> writes:
> On Mon, 02 Aug 2004 11:01:28 +0100, William Poaster wrote:
> 
>> And when it the 'begin' bug going to be fixed in OE?
> 
> Never, most likely, since it's not a bug.

Yeh, right Erik:

http://support.microsoft.com/default.aspx?scid=kb;en-us;265230

    STATUS

    Microsoft has confirmed that this is a problem in the Microsoft
    products that are listed at the beginning of this article.

The best bit though:

    WORKAROUND

    To workaround this problem:

    * Do not start messages with the word "begin" followed by two spaces.
    * Use only one space between the word "begin" and the following data.
    * Capitalize the word "begin" so that it is reads "Begin."
    * Use a different word such as "start" or "commence."

Truly pathetic.

rgc@nodomain.none (Roy Culley) writes:

> begin  <1gwet517yrvz7.dlg@funkenbusch.com>,
> 	Erik Funkenbusch <erik@despam-funkenbusch.com> writes:
>> On Mon, 02 Aug 2004 11:01:28 +0100, William Poaster wrote:
>> 
>>> And when it the 'begin' bug going to be fixed in OE?
>> 
>> Never, most likely, since it's not a bug.

Not a bug.  What's a bug then?  

>
> Yeh, right Erik:
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;265230
>
>     STATUS
>
>     Microsoft has confirmed that this is a problem in the Microsoft
>     products that are listed at the beginning of this article.
>
> The best bit though:
>
>     WORKAROUND
>
>     To workaround this problem:
>
>     * Do not start messages with the word "begin" followed by two spaces.
>     * Use only one space between the word "begin" and the following data.
>     * Capitalize the word "begin" so that it is reads "Begin."
>     * Use a different word such as "start" or "commence."
>
> Truly pathetic.

No doubt.  They give advice to the *sender* rather than the
*recipient*, despite the fact that the sender doesn't see the bug at
all.

Worst advice ever.  Well, except for this, perhaps.

"Do not click any hyperlinks that you do not trust. Type them in the
Address bar yourself."

Actually, your bit is better than mine.  In principle, my advice might
really work to prevent *some* attempts at phishing.  It's at least
directed to the right party.  Better than if the advice was, "don't
write URLs with %01 followed by a link to your clone site, because
this is naughty."

-- 
Jesse F. Hughes

One is not superior merely because one sees the world as odious.
                -- Chateaubriand (1768-1848)

Simon Cooke <simonREMOVEcooke@earthREMOVElink.net> writes:

> No. If he's not going to stop, and he wants me to go away, then I'll keep
> posting here.

Or you can just deal with it and act like an adult. The only thing you
will gain by this is pissing the rest of the group off against you. I
take you are already in quite a few killfiles already.

-- 
Ichimusai http://ichimusai.org/ AA #769 ICQ: 1645566 Yahoo: Ichimusai
MSN: Ichimusai1972 AOL: Ichimusai1972 IRC: Ichimusai@IRCNet
What part of "shall not be infringed" is so hard to understand?

On Mon, 2 Aug 2004 11:55:50 -0500, Erik Funkenbusch
<erik@despam-funkenbusch.com> wrote:

>On Mon, 02 Aug 2004 11:01:28 +0100, William Poaster wrote:
>
>> begin  On Sun, 01 Aug 2004 22:19:38 -0600, GreyCloud scribbled this
>> message:
>> 
>>> 
>>> 
>>> Erik Funkenbusch wrote:
>>> 
>>>> On 31 Jul 2004 10:35:01 -0700, Daeron wrote:
>>>> 
>>>> 
>>>>>Microsoft releases patch to fix month-old security problem
>>>>>anon July 31 2004 Seattle (AP) --
>>>>>
>>>>>Microsoft Corp. released a patch Friday to halt the spread of a
>>>>>computer virus that can steal personal information, more than a month
>>>>>after the virus began winding its way through the Internet.
>>>>>
>>>>>[...]
>>>>>
>>>>>The vulnerabilities prompted some security experts to recommend that
>>>>>users try a different browser, such as Mozilla or Opera, while
>>>>>Microsoft's dominant Internet Explorer browser remained unfixed.
>>>>>
>>>>>http://www.wcfcourier.com/articles/2004/07/31/business/local/2195fc7a97182e8586256ee1006cb3c2.txt
>>>>>http://snipurl.com/85hb
>>>> 
>>>> 
>>>> Oh wait, it's still not fixed....
>>>> 
>>>> http://bugzilla.mozilla.org/show_bug.cgi?id=22183
>>> 
>>> Neither is IE 6.0, so a bug isn't fixed in Mozilla.  So what?  When is 
>>> M$ going to fix IE 6.0?
>> 
>> And when it the 'begin' bug going to be fixed in OE?
>
>Never, most likely, since it's not a bug.

Oh, just another feature.

In comp.os.linux.advocacy, Erik Funkenbusch
<erik@despam-funkenbusch.com>
 wrote
on Sun, 1 Aug 2004 23:31:04 -0500
<1hv9waxvf4czz.dlg@funkenbusch.com>:
> On Sun, 01 Aug 2004 22:19:38 -0600, GreyCloud wrote:
>
>> Erik Funkenbusch wrote:
>> 
>>> On 31 Jul 2004 10:35:01 -0700, Daeron wrote:
>>> 
>>> 
>>>>Microsoft releases patch to fix month-old security problem
>>>>anon July 31 2004 Seattle (AP) --
>>>>
>>>>Microsoft Corp. released a patch Friday to halt the spread of a
>>>>computer virus that can steal personal information, more than a month
>>>>after the virus began winding its way through the Internet.
>>>>
>>>>[...]
>>>>
>>>>The vulnerabilities prompted some security experts to recommend that
>>>>users try a different browser, such as Mozilla or Opera, while
>>>>Microsoft's dominant Internet Explorer browser remained unfixed.
>>>>
>>>>http://www.wcfcourier.com/articles/2004/07/31/business/local/2195fc7a97182e8586256ee1006cb3c2.txt
>>>>http://snipurl.com/85hb
>>> 
>>> 
>>> Oh wait, it's still not fixed....
>>> 
>>> http://bugzilla.mozilla.org/show_bug.cgi?id=22183
>> 
>> Neither is IE 6.0, so a bug isn't fixed in Mozilla.  So what?  When is 
>> M$ going to fix IE 6.0?
>
> Daeron was making a big point over a bug fix in IE that is a month old, yet
> at least one 4 *YEAR* old bug still isn't fixed in Mozilla.
>
> It's all about hypocricy, greycloud.

66 bugs with an action between 3y and 4y of age found:

    ID  	 Sev  	 Pri  	 Plt  	 Assignee  	 Status  	 Resolution  	 Summary
    4633 	nor 	P3 	Sun 	leif@ogre.com 	ASSI 		Trailing NUL at the end of attributes
    5223 	nor 	P3 	All 	waterson@maubi.net 	ASSI 		[xul] NodeList and NamedNodeMap are not dynamic
    9637 	enh 	P2 	All 	eric@droidlogic.com 	REOP 		sched: Font Picker Data Source
    9638 	enh 	P2 	All 	eric@droidlogic.com 	REOP 		sched: Font Picker List box and dropdown box builders for...
    16762 	nor 	P3 	All 	scc@mozilla.org 	ASSI 		delete <interface pointer>
    16831 	nor 	P3 	All 	dveditz@cruzio.com 	ASSI 		We need a non-fatal category of errors from complete()
    18116 	nor 	P3 	All 	danm.moz@gmail.com 	NEW 		xpcom/threads: need all-in-one create/push function
    19013 	nor 	P3 	All 	sspitzer@mozilla.org 	ASSI 		Migration carries forward unsubscribed category groups.
    19963 	nor 	P3 	All 	dcone@formerly-netscape.com... 	ASSI 		[BORDERS]dotted and dashed borders don't interact well wi...
    20001 	enh 	P3 	All 	nobody@mozilla.org 	NEW 		Rewrite filtering to not write to Inbox first.
    21953 	nor 	P1 	PC 	rginda@hacksrus.com 	ASSI 		JS Modules need easy way to hook into window object
    22923 	nor 	P3 	All 	mscott@formerly-netscape.co... 	NEW 		mail should use GENERIC modules
    23624 	nor 	P3 	PC 	sspitzer@mozilla.org 	ASSI 		fix getFoldersWithFlags to return an array of nsIMsgFolders
    23971 	nor 	P2 	All 	waterson@maubi.net 	ASSI 		Onunload handler being called before onload
    26352 	nor 	P3 	Oth 	sspitzer@mozilla.org 	ASSI 		No such article: does not mark article read or remove fro...
    26514 	nor 	P3 	Sun 	leif@ogre.com 	ASSI 		isDeleted() doesn't return true for deleted attributes
    26515 	enh 	P3 	Sun 	leif@ogre.com 	ASSI 		isEntryModified()
    30709 	nor 	P3 	All 	waterson@maubi.net 	ASSI 		add self-referring arcs to registry datasource for "path"...
    31750 	nor 	P3 	All 	scc@mozilla.org 	ASSI 		Interfaces must not have virtual destructors
    32039 	nor 	P3 	Oth 	sspitzer@mozilla.org 	ASSI 		No error message when sending to unknown Usenet group
    32888 	enh 	P3 	All 	nobody@mozilla.org 	NEW 		[RFE] Buffer all newly downloaded mail into separate mail...
    34039 	nor 	P3 	PC 	pavlov@pavlov.net 	ASSI 		XOR drawing doesn't work very well on 8bit displays
    34868 	enh 	P3 	Sun 	wchang0222@aol.com 	ASSI 		Use /dev/poll
    35251 	nor 	P3 	PC 	pinkerton@aol.net 	ASSI 		Support for WM_DROPFILES
    36452 	nor 	P3 	All 	sspitzer@mozilla.org 	ASSI 		Set Copies&Folders to Local Folders if previous server wa...
    36647 	nor 	P3 	PC 	sspitzer@mozilla.org 	ASSI 		assertions caused by multi-part news messages
    37020 	nor 	P1 	All 	wchang0222@aol.com 	ASSI 		lousy error when Send encrypted msg but sender's cert is bad
    38137 	enh 	P3 	All 	nobody@mozilla.org 	NEW 		customizable one-click (hidden) form submission
    38705 	nor 	P4 	All 	saari@formerly-netscape.com... 	ASSI 		Key binding may stop working after browser sits 2 hours
    39028 	nor 	P3 	PC 	danm.moz@gmail.com 	ASSI 		frame min/max/menu buttons handled incorrectly
    39110 	nor 	P3 	All 	wchang0222@aol.com 	ASSI 		PR_FREEIF macro is dangerous
    40132 	nor 	P3 	All 	security-bugs@alphacentauri.cc 	REOP 		Cached authentication credentials can be used by third-pa...
    41110 	nor 	P3 	PC 	danm.moz@gmail.com 	NEW 		remove nsIWebshellWindow/nsIXULWindow usage
    41174 	nor 	P3 	All 	tonyr@fbdesigns.com 	ASSI 		mailnewsimport category stuff uses categories slightly wrong
    41530 	nor 	P3 	All 	scottputterman@gmail.com 	ASSI 		Empty folders/newsgroups seems to be sorted
    43519 	nor 	P3 	PC 	wchang0222@aol.com 	ASSI 		Classic NSPR: socket test asserts.
    44512 	nor 	P3 	Oth 	danm.moz@gmail.com 	NEW 		args for opendialog destroyed if one var is 0
    47103 	nor 	P3 	All 	nhottanscp@yahoo.co.jp 	ASSI 		Need a way to easily build the mozilla i18n components.
    47460 	nor 	P3 	PC 	waterson@maubi.net 	ASSI 		nsXULElement::IsSynthetic isn't implemented
    48084 	tri 	P3 	PC 	sspitzer@mozilla.org 	NEW 		NIS/YP domainname used for default email address
    48399 	nor 	P3 	PC 	joki@formerly-netscape.com.tld 	NEW 		[FOCUS/ACT]Focus not on my portfolio when customizing sto...
    48545 	nor 	P3 	All 	hyatt@mozilla.org 	ASSI 		incorrect URN syntax
    51405 	enh 	P3 	All 	nelson@bolyard.com 	ASSI 		Stan: SSL should ignore bad user certs if certs not required
    51407 	enh 	P3 	All 	nelson@bolyard.com 	ASSI 		Stan: Multiple certificate databases and SSL
    51408 	enh 	P3 	All 	nelson@bolyard.com 	ASSI 		Stan: NES/SSL should remember that client refused to auth...
    51409 	nor 	P3 	All 	nelson@bolyard.com 	ASSI 		PR_Available on an SSL socket nearly always returns zero
    51413 	nor 	P3 	All 	nelson@bolyard.com 	ASSI 		SSL client API doesn't pass cert types from cert request
    51443 	nor 	P3 	All 	nelson@bolyard.com 	ASSI 		ssl3 functions call CERT_VerifyCert with bogus wincx arg
    51467 	enh 	P3 	All 	nelson@bolyard.com 	ASSI 		Make selection of trusted CA certs explicit, not implicit
    51475 	nor 	P3 	All 	nelson@bolyard.com 	ASSI 		SSL doesn't invalidate Sessions when connections abort
    51476 	enh 	P3 	All 	nelson@bolyard.com 	ASSI 		eliminate unnecessary data copying, especially for writev()
    51664 	enh 	P3 	All 	nelson@bolyard.com 	ASSI 		Make SSL_ResetHandshake unnecessary
    51962 	nor 	P3 	All 	waterson@maubi.net 	ASSI 		WARNING: "waaah!" from nsXULPDGlobalObject::GetDocShell
    53247 	nor 	P3 	All 	leif@ogre.com 	ASSI 		Rewrite code for handling DELETE and EXIST etc.
    53303 	nor 	P3 	All 	scc@mozilla.org 	ASSI 		inconsistent allocator usage
    54356 	enh 	P3 	All 	trudelle@acm.org 	ASSI 		Allow XPToolkit applications to be real OS applications
    54517 	nor 	P3 	All 	waterson@maubi.net 	ASSI 		scripts included from XUL naively inflated to UCS2
    55056 	enh 	P3 	All 	leif@ogre.com 	ASSI 		RFE: Method for returning LDIF of actions taken during $c...
    55158 	nor 	P3 	PC 	hyatt@mozilla.org 	NEW 		Popups nested within popups don't behave properly.
    55203 	enh 	P3 	PC 	andrewtv@usa.net 	NEW 		xpidl should warn on out-of-range constant
    55403 	maj 	P3 	All 	danm.moz@gmail.com 	NEW 		PL_ProcessPendingEvents optimization
    55465 	nor 	P3 	All 	waterson@maubi.net 	ASSI 		reimplement frame recycler to not rely on vtable layout
    57194 	nor 	P3 	PC 	quy@igelaus.com.au 	ASSI 		XLIB: Various Edit menu entries don't function correctly
    58165 	nor 	P3 	PC 	quy@igelaus.com.au 	ASSI 		XLIB: Modal Dialogs are not Modal
    59509 	enh 	P3 	All 	sspitzer@mozilla.org 	ASSI 		Download only top-level newsgroups/branches (if server su...
    61798 	nor 	P3 	PC 	sspitzer@mozilla.org 	ASSI 		ForgetPassword() will not work if we add support for news...


Apologies for the munging.  If one wants to run one's own queries,
go to
http://bugzilla.mozilla.org 
and enter the desired specifications for the bugs one wants
to query out of the system.

And remember, Microsoft is highly responsive to all one's needs,
such as tabbed browsing, multiple desktops, and security.

(Bridges for sale; inquire within.)

-- 
#191, ewill3@earthlink.net
It's still legal to go .sigless.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 2 Aug 2004 11:55:50 -0500,
 Erik Funkenbusch <erik@despam-funkenbusch.com> wrote:
> On Mon, 02 Aug 2004 11:01:28 +0100, William Poaster wrote:
>
>> begin  On Sun, 01 Aug 2004 22:19:38 -0600, GreyCloud scribbled this
>> message:
>> 
>>> 
>>> 
>>> Erik Funkenbusch wrote:
>>> 
>>>> On 31 Jul 2004 10:35:01 -0700, Daeron wrote:
>>>> 
>>>> 
>>>>>Microsoft releases patch to fix month-old security problem
>>>>>anon July 31 2004 Seattle (AP) --
>>>>>
>>>>>Microsoft Corp. released a patch Friday to halt the spread of a
>>>>>computer virus that can steal personal information, more than a month
>>>>>after the virus began winding its way through the Internet.
>>>>>
>>>>>[...]
>>>>>
>>>>>The vulnerabilities prompted some security experts to recommend that
>>>>>users try a different browser, such as Mozilla or Opera, while
>>>>>Microsoft's dominant Internet Explorer browser remained unfixed.
>>>>>
>>>>>http://www.wcfcourier.com/articles/2004/07/31/business/local/2195fc7a97182e8586256ee1006cb3c2.txt
>>>>>http://snipurl.com/85hb
>>>> 
>>>> 
>>>> Oh wait, it's still not fixed....
>>>> 
>>>> http://bugzilla.mozilla.org/show_bug.cgi?id=22183
>>> 
>>> Neither is IE 6.0, so a bug isn't fixed in Mozilla.  So what?  When is 
>>> M$ going to fix IE 6.0?
>> 
>> And when it the 'begin' bug going to be fixed in OE?
>
> Never, most likely, since it's not a bug.

Micorosoft disagrees with you. They seem to think it's a bug, they just
aren't going to bother fixing it. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBDqMTd90bcYOAWPYRAuTGAJ9pJ1VkJIS02gV8sPrcGR53Nw0WoACgjbNd
DAymgw0BT9G/5h39mZFtmsc=
=LSHY
-----END PGP SIGNATURE-----

-- 
Jim Richardson     http://www.eskimo.com/~warlock
Ambition is a poor excuse for not having sense enough to be lazy.
		-- Charlie McCarthy

On Mon, 02 Aug 2004 11:55:50 -0500, Erik Funkenbusch wrote:

> On Mon, 02 Aug 2004 11:01:28 +0100, William Poaster wrote:
> 
>> begin  On Sun, 01 Aug 2004 22:19:38 -0600, GreyCloud scribbled this
>> message:
>> 
>>> 
>>> 
>>> Erik Funkenbusch wrote:
>>> 
>>>> On 31 Jul 2004 10:35:01 -0700, Daeron wrote:
>>>> 
>>>> 
>>>>>Microsoft releases patch to fix month-old security problem
>>>>>anon July 31 2004 Seattle (AP) --
>>>>>
>>>>>Microsoft Corp. released a patch Friday to halt the spread of a
>>>>>computer virus that can steal personal information, more than a month
>>>>>after the virus began winding its way through the Internet.
>>>>>
>>>>>[...]
>>>>>
>>>>>The vulnerabilities prompted some security experts to recommend that
>>>>>users try a different browser, such as Mozilla or Opera, while
>>>>>Microsoft's dominant Internet Explorer browser remained unfixed.
>>>>>
>>>>>http://www.wcfcourier.com/articles/2004/07/31/business/local/2195fc7a97182e8586256ee1006cb3c2.txt
>>>>>http://snipurl.com/85hb
>>>> 
>>>> 
>>>> Oh wait, it's still not fixed....
>>>> 
>>>> http://bugzilla.mozilla.org/show_bug.cgi?id=22183
>>> 
>>> Neither is IE 6.0, so a bug isn't fixed in Mozilla.  So what?  When is 
>>> M$ going to fix IE 6.0?
>> 
>> And when it the 'begin' bug going to be fixed in OE?
> 
> Never, most likely, since it's not a bug.

OE is -supposed- to work that way?

-- 
Rick

Erik Funkenbusch wrote:

> On Sun, 01 Aug 2004 22:19:38 -0600, GreyCloud wrote:
> 
> 
>>Erik Funkenbusch wrote:
>>
>>
>>>On 31 Jul 2004 10:35:01 -0700, Daeron wrote:
>>>
>>>
>>>
>>>>Microsoft releases patch to fix month-old security problem
>>>>anon July 31 2004 Seattle (AP) --
>>>>
>>>>Microsoft Corp. released a patch Friday to halt the spread of a
>>>>computer virus that can steal personal information, more than a month
>>>>after the virus began winding its way through the Internet.
>>>>
>>>>[...]
>>>>
>>>>The vulnerabilities prompted some security experts to recommend that
>>>>users try a different browser, such as Mozilla or Opera, while
>>>>Microsoft's dominant Internet Explorer browser remained unfixed.
>>>>
>>>>http://www.wcfcourier.com/articles/2004/07/31/business/local/2195fc7a97182e8586256ee1006cb3c2.txt
>>>>http://snipurl.com/85hb
>>>
>>>
>>>Oh wait, it's still not fixed....
>>>
>>>http://bugzilla.mozilla.org/show_bug.cgi?id=22183
>>
>>Neither is IE 6.0, so a bug isn't fixed in Mozilla.  So what?  When is 
>>M$ going to fix IE 6.0?
> 
> 
> Daeron was making a big point over a bug fix in IE that is a month old, yet
> at least one 4 *YEAR* old bug still isn't fixed in Mozilla.
> 
> It's all about hypocricy, greycloud.

I understand those things.  But when a gov. cert advises people to shift 
from IE 6 to some other browser, well now that is a serious bug to 
contend with and not to be ignored.

-- 
---------------------------------
My other computer is a VAX.

Erik Funkenbusch wrote:

> On Mon, 02 Aug 2004 11:01:28 +0100, William Poaster wrote:
> 
> 
>>begin  On Sun, 01 Aug 2004 22:19:38 -0600, GreyCloud scribbled this
>>message:
>>
>>
>>>
>>>Erik Funkenbusch wrote:
>>>
>>>
>>>>On 31 Jul 2004 10:35:01 -0700, Daeron wrote:
>>>>
>>>>
>>>>
>>>>>Microsoft releases patch to fix month-old security problem
>>>>>anon July 31 2004 Seattle (AP) --
>>>>>
>>>>>Microsoft Corp. released a patch Friday to halt the spread of a
>>>>>computer virus that can steal personal information, more than a month
>>>>>after the virus began winding its way through the Internet.
>>>>>
>>>>>[...]
>>>>>
>>>>>The vulnerabilities prompted some security experts to recommend that
>>>>>users try a different browser, such as Mozilla or Opera, while
>>>>>Microsoft's dominant Internet Explorer browser remained unfixed.
>>>>>
>>>>>http://www.wcfcourier.com/articles/2004/07/31/business/local/2195fc7a97182e8586256ee1006cb3c2.txt
>>>>>http://snipurl.com/85hb
>>>>
>>>>
>>>>Oh wait, it's still not fixed....
>>>>
>>>>http://bugzilla.mozilla.org/show_bug.cgi?id=22183
>>>
>>>Neither is IE 6.0, so a bug isn't fixed in Mozilla.  So what?  When is 
>>>M$ going to fix IE 6.0?
>>
>>And when it the 'begin' bug going to be fixed in OE?
> 
> 
> Never, most likely, since it's not a bug.

LOL!  It's a feature.

-- 
---------------------------------
My other computer is a VAX.

On Mon, 02 Aug 2004 18:05:32 -0400, Rick wrote:

> On Mon, 02 Aug 2004 11:55:50 -0500, Erik Funkenbusch wrote:
> 
>> On Mon, 02 Aug 2004 11:01:28 +0100, William Poaster wrote:
>> 
>>> begin  On Sun, 01 Aug 2004 22:19:38 -0600, GreyCloud scribbled this
>>> message:
>>> 
>>>> 
>>>> 
>>>> Erik Funkenbusch wrote:
>>>> 
>>>>> On 31 Jul 2004 10:35:01 -0700, Daeron wrote:
>>>>> 
>>>>> 
>>>>>>Microsoft releases patch to fix month-old security problem
>>>>>>anon July 31 2004 Seattle (AP) --
>>>>>>
>>>>>>Microsoft Corp. released a patch Friday to halt the spread of a
>>>>>>computer virus that can steal personal information, more than a month
>>>>>>after the virus began winding its way through the Internet.
>>>>>>
>>>>>>[...]
>>>>>>
>>>>>>The vulnerabilities prompted some security experts to recommend that
>>>>>>users try a different browser, such as Mozilla or Opera, while
>>>>>>Microsoft's dominant Internet Explorer browser remained unfixed.
>>>>>>
>>>>>>http://www.wcfcourier.com/articles/2004/07/31/business/local/2195fc7a97182e8586256ee1006cb3c2.txt
>>>>>>http://snipurl.com/85hb
>>>>> 
>>>>> 
>>>>> Oh wait, it's still not fixed....
>>>>> 
>>>>> http://bugzilla.mozilla.org/show_bug.cgi?id=22183
>>>> 
>>>> Neither is IE 6.0, so a bug isn't fixed in Mozilla.  So what?  When is 
>>>> M$ going to fix IE 6.0?
>>> 
>>> And when it the 'begin' bug going to be fixed in OE?
>> 
>> Never, most likely, since it's not a bug.
> 
> OE is -supposed- to work that way?

OE shows uuencoded files as atachments.  The uuencode specification says
that a uuencoded file starts with a newline-"begin"[space][space]filename
mode"

Windows doesn't have a mode, so it ignores that flag, so it only looks for
the rest of it.  And, since uuencoded files can span multiple messages, you
can't rely on there being an end signifier to identify a correct message.

In other words, the "flaw" is that MS treats uuencoded messages as
attachments.  The "fix" would be to remove that feature.

On Mon, 02 Aug 2004 20:30:14 GMT, Jim Richardson wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Mon, 2 Aug 2004 11:55:50 -0500,
>  Erik Funkenbusch <erik@despam-funkenbusch.com> wrote:
>> On Mon, 02 Aug 2004 11:01:28 +0100, William Poaster wrote:
>>
>>> begin  On Sun, 01 Aug 2004 22:19:38 -0600, GreyCloud scribbled this
>>> message:
>>> 
>>>> 
>>>> 
>>>> Erik Funkenbusch wrote:
>>>> 
>>>>> On 31 Jul 2004 10:35:01 -0700, Daeron wrote:
>>>>> 
>>>>> 
>>>>>>Microsoft releases patch to fix month-old security problem
>>>>>>anon July 31 2004 Seattle (AP) --
>>>>>>
>>>>>>Microsoft Corp. released a patch Friday to halt the spread of a
>>>>>>computer virus that can steal personal information, more than a month
>>>>>>after the virus began winding its way through the Internet.
>>>>>>
>>>>>>[...]
>>>>>>
>>>>>>The vulnerabilities prompted some security experts to recommend that
>>>>>>users try a different browser, such as Mozilla or Opera, while
>>>>>>Microsoft's dominant Internet Explorer browser remained unfixed.
>>>>>>
>>>>>>http://www.wcfcourier.com/articles/2004/07/31/business/local/2195fc7a97182e8586256ee1006cb3c2.txt
>>>>>>http://snipurl.com/85hb
>>>>> 
>>>>> 
>>>>> Oh wait, it's still not fixed....
>>>>> 
>>>>> http://bugzilla.mozilla.org/show_bug.cgi?id=22183
>>>> 
>>>> Neither is IE 6.0, so a bug isn't fixed in Mozilla.  So what?  When is 
>>>> M$ going to fix IE 6.0?
>>> 
>>> And when it the 'begin' bug going to be fixed in OE?
>>
>> Never, most likely, since it's not a bug.
> 
> Micorosoft disagrees with you. They seem to think it's a bug, they just
> aren't going to bother fixing it. 

It's not really a bug.  A bug is when there is an error in the way
something works.  There is no error, it's just unfortunate that uuencoding
works the way it does.  This is what MIME was invented to fix, among other
things.

On Mon, 02 Aug 2004 18:22:59 -0500, Erik Funkenbusch wrote:

> On Mon, 02 Aug 2004 18:05:32 -0400, Rick wrote:
> 
>> On Mon, 02 Aug 2004 11:55:50 -0500, Erik Funkenbusch wrote:
>> 
>>> On Mon, 02 Aug 2004 11:01:28 +0100, William Poaster wrote:
>>> 
>>>> begin  On Sun, 01 Aug 2004 22:19:38 -0600, GreyCloud scribbled this
>>>> message:
>>>> 
>>>>> 
>>>>> 
>>>>> Erik Funkenbusch wrote:
>>>>> 
>>>>>> On 31 Jul 2004 10:35:01 -0700, Daeron wrote:
>>>>>> 
>>>>>> 
>>>>>>>Microsoft releases patch to fix month-old security problem
>>>>>>>anon July 31 2004 Seattle (AP) --
>>>>>>>
>>>>>>>Microsoft Corp. released a patch Friday to halt the spread of a
>>>>>>>computer virus that can steal personal information, more than a month
>>>>>>>after the virus began winding its way through the Internet.
>>>>>>>
>>>>>>>[...]
>>>>>>>
>>>>>>>The vulnerabilities prompted some security experts to recommend that
>>>>>>>users try a different browser, such as Mozilla or Opera, while
>>>>>>>Microsoft's dominant Internet Explorer browser remained unfixed.
>>>>>>>
>>>>>>>http://www.wcfcourier.com/articles/2004/07/31/business/local/2195fc7a97182e8586256ee1006cb3c2.txt
>>>>>>>http://snipurl.com/85hb
>>>>>> 
>>>>>> 
>>>>>> Oh wait, it's still not fixed....
>>>>>> 
>>>>>> http://bugzilla.mozilla.org/show_bug.cgi?id=22183
>>>>> 
>>>>> Neither is IE 6.0, so a bug isn't fixed in Mozilla.  So what?  When is 
>>>>> M$ going to fix IE 6.0?
>>>> 
>>>> And when it the 'begin' bug going to be fixed in OE?
>>> 
>>> Never, most likely, since it's not a bug.
>> 
>> OE is -supposed- to work that way?
> 
> OE shows uuencoded files as atachments.  The uuencode specification says
> that a uuencoded file starts with a newline-"begin"[space][space]filename
> mode"
> 
> Windows doesn't have a mode, so it ignores that flag, so it only looks for
> the rest of it.  And, since uuencoded files can span multiple messages, you
> can't rely on there being an end signifier to identify a correct message.
> 
> In other words, the "flaw" is that MS treats uuencoded messages as
> attachments.  The "fix" would be to remove that feature.

Then why does micro$oft consider it a problem, complete with work arounds?
And why do other news readers no have the same problem?
-- 
Rick

On Mon, 02 Aug 2004 18:24:46 -0500, Erik Funkenbusch wrote:

> On Mon, 02 Aug 2004 20:30:14 GMT, Jim Richardson wrote:
> 
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> 
>> On Mon, 2 Aug 2004 11:55:50 -0500,
>>  Erik Funkenbusch <erik@despam-funkenbusch.com> wrote:
>>> On Mon, 02 Aug 2004 11:01:28 +0100, William Poaster wrote:
>>>
>>>> begin  On Sun, 01 Aug 2004 22:19:38 -0600, GreyCloud scribbled this
>>>> message:
>>>> 
>>>>> 
>>>>> 
>>>>> Erik Funkenbusch wrote:
>>>>> 
>>>>>> On 31 Jul 2004 10:35:01 -0700, Daeron wrote:
>>>>>> 
>>>>>> 
>>>>>>>Microsoft releases patch to fix month-old security problem
>>>>>>>anon July 31 2004 Seattle (AP) --
>>>>>>>
>>>>>>>Microsoft Corp. released a patch Friday to halt the spread of a
>>>>>>>computer virus that can steal personal information, more than a month
>>>>>>>after the virus began winding its way through the Internet.
>>>>>>>
>>>>>>>[...]
>>>>>>>
>>>>>>>The vulnerabilities prompted some security experts to recommend that
>>>>>>>users try a different browser, such as Mozilla or Opera, while
>>>>>>>Microsoft's dominant Internet Explorer browser remained unfixed.
>>>>>>>
>>>>>>>http://www.wcfcourier.com/articles/2004/07/31/business/local/2195fc7a97182e8586256ee1006cb3c2.txt
>>>>>>>http://snipurl.com/85hb
>>>>>> 
>>>>>> 
>>>>>> Oh wait, it's still not fixed....
>>>>>> 
>>>>>> http://bugzilla.mozilla.org/show_bug.cgi?id=22183
>>>>> 
>>>>> Neither is IE 6.0, so a bug isn't fixed in Mozilla.  So what?  When is 
>>>>> M$ going to fix IE 6.0?
>>>> 
>>>> And when it the 'begin' bug going to be fixed in OE?
>>>
>>> Never, most likely, since it's not a bug.
>> 
>> Micorosoft disagrees with you. They seem to think it's a bug, they just
>> aren't going to bother fixing it. 
> 
> It's not really a bug.  A bug is when there is an error in the way
> something works.  There is no error, it's just unfortunate that uuencoding
> works the way it does.  This is what MIME was invented to fix, among other
> things.

Yeah, its a shame Mozilla, Pan, Agent and others don't work the same way.
-- 
Rick

On Mon, 02 Aug 2004 20:19:38 +0200, Jesse F. Hughes wrote:

> rgc@nodomain.none (Roy Culley) writes:
> 
>> begin  <1gwet517yrvz7.dlg@funkenbusch.com>,
>> 	Erik Funkenbusch <erik@despam-funkenbusch.com> writes:
>>> On Mon, 02 Aug 2004 11:01:28 +0100, William Poaster wrote:
>>> 
>>>> And when it the 'begin' bug going to be fixed in OE?
>>> 
>>> Never, most likely, since it's not a bug.
> 
> Not a bug.  What's a bug then?  

No, MS classifies it as a "problem" not a bug.  A problem is when something
is working as designed, but is not necessarily what the user intends.  A
bug is when something doesn't work as designed.

>> Yeh, right Erik:
>>
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;265230
>>
>>     STATUS
>>
>>     Microsoft has confirmed that this is a problem in the Microsoft
>>     products that are listed at the beginning of this article.
>>
>> The best bit though:
>>
>>     WORKAROUND
>>
>>     To workaround this problem:
>>
>>     * Do not start messages with the word "begin" followed by two spaces.
>>     * Use only one space between the word "begin" and the following data.
>>     * Capitalize the word "begin" so that it is reads "Begin."
>>     * Use a different word such as "start" or "commence."
>>
>> Truly pathetic.
> 
> No doubt.  They give advice to the *sender* rather than the
> *recipient*, despite the fact that the sender doesn't see the bug at
> all.
> 
> Worst advice ever.  Well, except for this, perhaps.
> 
> "Do not click any hyperlinks that you do not trust. Type them in the
> Address bar yourself."

Oh, you are talking about Mozilla I see.

http://secunia.com/advisories/12188/

"Solution: Do not follow links from untrusted sites."

begin  On Mon, 02 Aug 2004 18:05:32 -0400, Rick scribbled this message:
<snip>

> OE is -supposed- to work that way?

Looks like it. Unless, of course, M$ have their hands full trying to fill
up the holes in their Swiss cheese OS, to bother with anything else.  

-- 
"If it weren't for Windows, you wouldn't 
be posting anything right now."
DFS aka DorkForSure aka DooFu$ -  
comp.os.linux.advocacy Date: Tue, 22 Jun 2004

begin  On Mon, 02 Aug 2004 19:17:36 +0200, Roy Culley scribbled this
message:

> begin  <1gwet517yrvz7.dlg@funkenbusch.com>,
> 	Erik Funkenbusch <erik@despam-funkenbusch.com> writes:
>> On Mon, 02 Aug 2004 11:01:28 +0100, William Poaster wrote:
>> 
>>> And when it the 'begin' bug going to be fixed in OE?
>> 
>> Never, most likely, since it's not a bug.
> 
> Yeh, right Erik:
> 
> http://support.microsoft.com/default.aspx?scid=kb;en-us;265230
> 
>     STATUS
> 
>     Microsoft has confirmed that this is a problem in the Microsoft
>     products that are listed at the beginning of this article.
> 
> The best bit though:
> 
>     WORKAROUND
> 
>     To workaround this problem:
> 
>     * Do not start messages with the word "begin" followed by two spaces.
>     * Use only one space between the word "begin" and the following data.
>     * Capitalize the word "begin" so that it is reads "Begin."
>     * Use a different word such as "start" or "commence."
> 
> Truly pathetic.

Absolutely.

-- 
"If it weren't for Windows, you wouldn't 
be posting anything right now."
DFS aka DorkForSure aka DooFu$ -  
comp.os.linux.advocacy Date: Tue, 22 Jun 2004

begin  In article <1sbmrff0trqwq$.dlg@funkenbusch.com> (Mon, 02 Aug 2004
18:22:59 -0500), Erik Funkenbusch wrote:

> OE shows uuencoded files as atachments.  The uuencode specification says
> that a uuencoded file starts with a newline-"begin"[space][space]filename
> mode"

It's

  begin[space][mode][space][filename]

> In other words, the "flaw" is that MS treats uuencoded messages as
> attachments.  The "fix" would be to remove that feature.

No, OE treats "begin[space][space][filename]" as if it indicated the start
of a UUencoded file.  This is a defect in Microsoft's implementation.

begin  <1sbmrff0trqwq$.dlg@funkenbusch.com>,
	Erik Funkenbusch <erik@despam-funkenbusch.com> writes:
> On Mon, 02 Aug 2004 18:05:32 -0400, Rick wrote:
> 
>> OE is -supposed- to work that way?
> 
> OE shows uuencoded files as atachments.  The uuencode specification says
> that a uuencoded file starts with a newline-"begin"[space][space]filename
> mode"

Where does it say it starts with that? Utter crap as usual. It starts:

    The header line is distinguished by having the first 6 characters
    begin  The word begin is followed by a mode (in octal), and a string
    which names the remote file.  A space separates the three items in the
    header line.

    The body consists of a number of lines, each at most 62 characters
    long (including the trailing newline).  These consist of a character
    count, followed by encoded characters, followed by a newline.  The
    character count is a single printing character, and represents an
    integer, the number of bytes the rest of the line represents.  Such
    integers are always in the range from 0 to 63 and can be determined by
    subtracting the character space (octal 40) from the character.

    Groups of 3 bytes are stored in 4 characters, 6 bits per character.
    All are offset by a space to make the characters printing.  The last
    line may be shorter than the normal 45 bytes.  If the size is not a
    multiple of 3, this fact can be determined by the value of the count
    on the last line.  Extra garbage will be included to make the
    character count a multiple of 4.  The body is terminated by a line
    with a count of zero.  This line consists of one ASCII space.

    The trailer line consists of end on a line by itself.

> Windows doesn't have a mode, so it ignores that flag, so it only
> looks for the rest of it.

Treating 'begin  ' as the start of uuencoded is simply wrong.

> And, since uuencoded files can span multiple messages, you can't
> rely on there being an end signifier to identify a correct message.

So? You then do nothing and leave it up to the user to join the parts
up or use a cool script such as aub.

> In other words, the "flaw" is that MS treats uuencoded messages as
> attachments.  The "fix" would be to remove that feature.

No, the flaw is treating 'begin  ' as the start of uuencoded data. Much
better to check the following lines and look for the trailor. If that
fails then do not do anything.

For sure, the fix for MS would be just to remove this buggy feature.

On Mon, 02 Aug 2004 19:28:42 -0400, Rick wrote:

> On Mon, 02 Aug 2004 18:24:46 -0500, Erik Funkenbusch wrote:
> 
>> On Mon, 02 Aug 2004 20:30:14 GMT, Jim Richardson wrote:
>> 
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>> 
>>> On Mon, 2 Aug 2004 11:55:50 -0500,
>>>  Erik Funkenbusch <erik@despam-funkenbusch.com> wrote:
>>>> On Mon, 02 Aug 2004 11:01:28 +0100, William Poaster wrote:
>>>>
>>>>> begin  On Sun, 01 Aug 2004 22:19:38 -0600, GreyCloud scribbled this
>>>>> message:
>>>>> 
>>>>>> 
>>>>>> 
>>>>>> Erik Funkenbusch wrote:
>>>>>> 
>>>>>>> On 31 Jul 2004 10:35:01 -0700, Daeron wrote:
>>>>>>> 
>>>>>>> 
>>>>>>>>Microsoft releases patch to fix month-old security problem
>>>>>>>>anon July 31 2004 Seattle (AP) --
>>>>>>>>
>>>>>>>>Microsoft Corp. released a patch Friday to halt the spread of a
>>>>>>>>computer virus that can steal personal information, more than a month
>>>>>>>>after the virus began winding its way through the Internet.
>>>>>>>>
>>>>>>>>[...]
>>>>>>>>
>>>>>>>>The vulnerabilities prompted some security experts to recommend that
>>>>>>>>users try a different browser, such as Mozilla or Opera, while
>>>>>>>>Microsoft's dominant Internet Explorer browser remained unfixed.
>>>>>>>>
>>>>>>>>http://www.wcfcourier.com/articles/2004/07/31/business/local/2195fc7a97182e8586256ee1006cb3c2.txt
>>>>>>>>http://snipurl.com/85hb
>>>>>>> 
>>>>>>> 
>>>>>>> Oh wait, it's still not fixed....
>>>>>>> 
>>>>>>> http://bugzilla.mozilla.org/show_bug.cgi?id=22183
>>>>>> 
>>>>>> Neither is IE 6.0, so a bug isn't fixed in Mozilla.  So what?  When is 
>>>>>> M$ going to fix IE 6.0?
>>>>> 
>>>>> And when it the 'begin' bug going to be fixed in OE?
>>>>
>>>> Never, most likely, since it's not a bug.
>>> 
>>> Micorosoft disagrees with you. They seem to think it's a bug, they just
>>> aren't going to bother fixing it. 
>> 
>> It's not really a bug.  A bug is when there is an error in the way
>> something works.  There is no error, it's just unfortunate that uuencoding
>> works the way it does.  This is what MIME was invented to fix, among other
>> things.
> 
> Yeah, its a shame Mozilla, Pan, Agent and others don't work the same way.

None of those treat uuencoded data as attachments.

On Mon, 02 Aug 2004 19:27:39 -0400, Rick wrote:

> On Mon, 02 Aug 2004 18:22:59 -0500, Erik Funkenbusch wrote:
> 
>> On Mon, 02 Aug 2004 18:05:32 -0400, Rick wrote:
>> 
>>> On Mon, 02 Aug 2004 11:55:50 -0500, Erik Funkenbusch wrote:
>>> 
>>>> On Mon, 02 Aug 2004 11:01:28 +0100, William Poaster wrote:
>>>> 
>>>>> begin  On Sun, 01 Aug 2004 22:19:38 -0600, GreyCloud scribbled this
>>>>> message:
>>>>> 
>>>>>> 
>>>>>> 
>>>>>> Erik Funkenbusch wrote:
>>>>>> 
>>>>>>> On 31 Jul 2004 10:35:01 -0700, Daeron wrote:
>>>>>>> 
>>>>>>> 
>>>>>>>>Microsoft releases patch to fix month-old security problem
>>>>>>>>anon July 31 2004 Seattle (AP) --
>>>>>>>>
>>>>>>>>Microsoft Corp. released a patch Friday to halt the spread of a
>>>>>>>>computer virus that can steal personal information, more than a month
>>>>>>>>after the virus began winding its way through the Internet.
>>>>>>>>
>>>>>>>>[...]
>>>>>>>>
>>>>>>>>The vulnerabilities prompted some security experts to recommend that
>>>>>>>>users try a different browser, such as Mozilla or Opera, while
>>>>>>>>Microsoft's dominant Internet Explorer browser remained unfixed.
>>>>>>>>
>>>>>>>>http://www.wcfcourier.com/articles/2004/07/31/business/local/2195fc7a97182e8586256ee1006cb3c2.txt
>>>>>>>>http://snipurl.com/85hb
>>>>>>> 
>>>>>>> 
>>>>>>> Oh wait, it's still not fixed....
>>>>>>> 
>>>>>>> http://bugzilla.mozilla.org/show_bug.cgi?id=22183
>>>>>> 
>>>>>> Neither is IE 6.0, so a bug isn't fixed in Mozilla.  So what?  When is 
>>>>>> M$ going to fix IE 6.0?
>>>>> 
>>>>> And when it the 'begin' bug going to be fixed in OE?
>>>> 
>>>> Never, most likely, since it's not a bug.
>>> 
>>> OE is -supposed- to work that way?
>> 
>> OE shows uuencoded files as atachments.  The uuencode specification says
>> that a uuencoded file starts with a newline-"begin"[space][space]filename
>> mode"
>> 
>> Windows doesn't have a mode, so it ignores that flag, so it only looks for
>> the rest of it.  And, since uuencoded files can span multiple messages, you
>> can't rely on there being an end signifier to identify a correct message.
>> 
>> In other words, the "flaw" is that MS treats uuencoded messages as
>> attachments.  The "fix" would be to remove that feature.
> 
> Then why does micro$oft consider it a problem, complete with work arounds?
> And why do other news readers no have the same problem?

Because it is a problem.

On Mon, 02 Aug 2004 17:46:28 -0600, Hamilcar Barca wrote:

> begin  In article <1sbmrff0trqwq$.dlg@funkenbusch.com> (Mon, 02 Aug 2004
> 18:22:59 -0500), Erik Funkenbusch wrote:
> 
>> OE shows uuencoded files as atachments.  The uuencode specification says
>> that a uuencoded file starts with a newline-"begin"[space][space]filename
>> mode"
> 
> It's
> 
>   begin[space][mode][space][filename]

You're correct.

>> In other words, the "flaw" is that MS treats uuencoded messages as
>> attachments.  The "fix" would be to remove that feature.
> 
> No, OE treats "begin[space][space][filename]" as if it indicated the start
> of a UUencoded file.  This is a defect in Microsoft's implementation.

No.  Windows doesn't care about a file mode.  It doesn't have any use for
it.  Further, it's far more likely that you're going to see
newline"begin"[space]numbers[space]text in everyday correspondence than a
begin followed by two spaces on a new line.

Imagine the following "We begin 1234 jobs" in which the begin happens to
start on a new line due to word wrap.  The only way to get
begin[space][space] is by typo.

uuencoding sucks, plain and simple.  That's why none of the unix mail
readers support uuencoded attachments.

On Tue, 3 Aug 2004 01:48:26 +0200, Roy Culley wrote:

> begin  <1sbmrff0trqwq$.dlg@funkenbusch.com>,
> 	Erik Funkenbusch <erik@despam-funkenbusch.com> writes:
>> On Mon, 02 Aug 2004 18:05:32 -0400, Rick wrote:
>> 
>>> OE is -supposed- to work that way?
>> 
>> OE shows uuencoded files as atachments.  The uuencode specification says
>> that a uuencoded file starts with a newline-"begin"[space][space]filename
>> mode"
> 
> Where does it say it starts with that? Utter crap as usual. It starts:
> 
>     The header line is distinguished by having the first 6 characters
>     begin  The word begin is followed by a mode (in octal), and a string
>     which names the remote file.  A space separates the three items in the
>     header line.

Yes, I misrememberd the sequence, my bad.  I already acknoweledge this.

>> Windows doesn't have a mode, so it ignores that flag, so it only
>> looks for the rest of it.
> 
> Treating 'begin  ' as the start of uuencoded is simply wrong.

Not when you don't need a mode flag.
 
>> And, since uuencoded files can span multiple messages, you can't
>> rely on there being an end signifier to identify a correct message.
> 
> So? You then do nothing and leave it up to the user to join the parts
> up or use a cool script such as aub.

Not very user friendly.  MS isn't going to ever do something like that.

>> In other words, the "flaw" is that MS treats uuencoded messages as
>> attachments.  The "fix" would be to remove that feature.
> 
> No, the flaw is treating 'begin  ' as the start of uuencoded data. Much
> better to check the following lines and look for the trailor. If that
> fails then do not do anything.

Checking all the lines for validity would take forever on large messages.  

> For sure, the fix for MS would be just to remove this buggy feature.

It's not buggy.  It's just as easy to accidentally create an attachment if
you include the mode bits.

In article <kbx9j2hk24dc.dlg@funkenbusch.com> (Mon, 02 Aug 2004 19:41:08
-0500), Erik Funkenbusch wrote:

> On Mon, 02 Aug 2004 17:46:28 -0600, Hamilcar Barca wrote:
> 
>> No, OE treats "begin[space][space][filename]" as if it indicated the
>> start of a UUencoded file.  This is a defect in Microsoft's
>> implementation.
> 
> No.  Windows doesn't care about a file mode.  It doesn't have any use
> for it.

So, if we're to believe you, rather than ignoring the file mode which it
cannot use, Microsoft made their software deliberately defective.

> Further, it's far more likely that you're going to see
> newline"begin"[space]numbers[space]text in everyday correspondence than
> a begin followed by two spaces on a new line.

Further, it's highly unlikely that anyone would accidentally use a
nongrammatical structure that begins a UUencoded attachement, rather than
simply adding a superfluous space.

> Imagine the following "We begin 1234 jobs" in which the begin happens to
> start on a new line due to word wrap.  The only way to get
> begin[space][space] is by typo.

Imagine that Microsoft fixes the defect in their software that they have
publicly acknowledged as a defect.

Imagine that instead of using apologetics to explain away the defect, you
simply acknowledge, as has Microsoft, that OE has this defect.  Unlike
IE's case, with new security vulnerabilities on the average of once every
8 days, it's not a major failing in OE.

> uuencoding sucks, plain and simple.

Those grapes certainly must have been sour.

> That's why none of the unix mail readers support uuencoded attachments.

This doesn't explain why Microsoft refuses to correct its defective
software.

On Mon, 2 Aug 2004 19:45:51 -0500, Erik Funkenbusch
<erik@despam-funkenbusch.com> wrote:

> On Tue, 3 Aug 2004 01:48:26 +0200, Roy Culley wrote:

>> Treating 'begin  ' as the start of uuencoded is simply wrong.
>
> Not when you don't need a mode flag.

It is still wrong.  The right thing would still be to make sure there is
a mode flag.  The spec calls for a mode flag, it does not say "may be
left out if not needed by the receiving OS".  Looking for a mode flag is
part of the requirement regardless of whether Windows is going to use it.


>>> And, since uuencoded files can span multiple messages, you can't
>>> rely on there being an end signifier to identify a correct message.
>> 
>> So? You then do nothing and leave it up to the user to join the parts
>> up or use a cool script such as aub.
>
> Not very user friendly.  MS isn't going to ever do something like that.

Does OE automatically find the rest of the attachment?  What if you
haven't got it all yet, then what does it do?


> Checking all the lines for validity would take forever on large messages.  

They could at least check a _few_ lines, that would still be better than
what they are doing now.


>> For sure, the fix for MS would be just to remove this buggy feature.
>
> It's not buggy.  It's just as easy to accidentally create an attachment if
> you include the mode bits.

Even doing _some_ of the other checks would make it far less likely.

If MS is going to implement a "user friendly" feature like this, it sure
would be nice if they'd do the whole job instead of part of it.  But
that seems to be their M.O.  Do just enough to get the feature checked
off in the reviews.  See "POSIX Subsystem" for another example.


-- 
 -| Bob Hauck
 -| To Whom You Are Speaking
 -| http://www.haucks.org/

On Mon, 02 Aug 2004 19:28:51 -0500, Erik Funkenbusch wrote:

> On Mon, 02 Aug 2004 19:28:42 -0400, Rick wrote:
> 
>> On Mon, 02 Aug 2004 18:24:46 -0500, Erik Funkenbusch wrote:
>> 
>>> On Mon, 02 Aug 2004 20:30:14 GMT, Jim Richardson wrote:
>>> 
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>> 
>>>> On Mon, 2 Aug 2004 11:55:50 -0500,
>>>>  Erik Funkenbusch <erik@despam-funkenbusch.com> wrote:
>>>>> On Mon, 02 Aug 2004 11:01:28 +0100, William Poaster wrote:
>>>>>
>>>>>> begin  On Sun, 01 Aug 2004 22:19:38 -0600, GreyCloud scribbled this
>>>>>> message:
>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> Erik Funkenbusch wrote:
>>>>>>> 
>>>>>>>> On 31 Jul 2004 10:35:01 -0700, Daeron wrote:
>>>>>>>> 
>>>>>>>> 
>>>>>>>>>Microsoft releases patch to fix month-old security problem
>>>>>>>>>anon July 31 2004 Seattle (AP) --
>>>>>>>>>
>>>>>>>>>Microsoft Corp. released a patch Friday to halt the spread of a
>>>>>>>>>computer virus that can steal personal information, more than a month
>>>>>>>>>after the virus began winding its way through the Internet.
>>>>>>>>>
>>>>>>>>>[...]
>>>>>>>>>
>>>>>>>>>The vulnerabilities prompted some security experts to recommend that
>>>>>>>>>users try a different browser, such as Mozilla or Opera, while
>>>>>>>>>Microsoft's dominant Internet Explorer browser remained unfixed.
>>>>>>>>>
>>>>>>>>>http://www.wcfcourier.com/articles/2004/07/31/business/local/2195fc7a97182e8586256ee1006cb3c2.txt
>>>>>>>>>http://snipurl.com/85hb
>>>>>>>> 
>>>>>>>> 
>>>>>>>> Oh wait, it's still not fixed....
>>>>>>>> 
>>>>>>>> http://bugzilla.mozilla.org/show_bug.cgi?id=22183
>>>>>>> 
>>>>>>> Neither is IE 6.0, so a bug isn't fixed in Mozilla.  So what?  When is 
>>>>>>> M$ going to fix IE 6.0?
>>>>>> 
>>>>>> And when it the 'begin' bug going to be fixed in OE?
>>>>>
>>>>> Never, most likely, since it's not a bug.
>>>> 
>>>> Micorosoft disagrees with you. They seem to think it's a bug, they just
>>>> aren't going to bother fixing it. 
>>> 
>>> It's not really a bug.  A bug is when there is an error in the way
>>> something works.  There is no error, it's just unfortunate that uuencoding
>>> works the way it does.  This is what MIME was invented to fix, among other
>>> things.
>> 
>> Yeah, its a shame Mozilla, Pan, Agent and others don't work the same way.
> 
> None of those treat uuencoded data as attachments.

Gee... ya think?
-- 
Rick

On Mon, 02 Aug 2004 19:29:25 -0500, Erik Funkenbusch wrote:

> On Mon, 02 Aug 2004 19:27:39 -0400, Rick wrote:
> 
>> On Mon, 02 Aug 2004 18:22:59 -0500, Erik Funkenbusch wrote:
>> 
>>> On Mon, 02 Aug 2004 18:05:32 -0400, Rick wrote:
>>> 
>>>> On Mon, 02 Aug 2004 11:55:50 -0500, Erik Funkenbusch wrote:
>>>> 
>>>>> On Mon, 02 Aug 2004 11:01:28 +0100, William Poaster wrote:
>>>>> 
>>>>>> begin  On Sun, 01 Aug 2004 22:19:38 -0600, GreyCloud scribbled this
>>>>>> message:
>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> Erik Funkenbusch wrote:
>>>>>>> 
>>>>>>>> On 31 Jul 2004 10:35:01 -0700, Daeron wrote:
>>>>>>>> 
>>>>>>>> 
>>>>>>>>>Microsoft releases patch to fix month-old security problem
>>>>>>>>>anon July 31 2004 Seattle (AP) --
>>>>>>>>>
>>>>>>>>>Microsoft Corp. released a patch Friday to halt the spread of a
>>>>>>>>>computer virus that can steal personal information, more than a month
>>>>>>>>>after the virus began winding its way through the Internet.
>>>>>>>>>
>>>>>>>>>[...]
>>>>>>>>>
>>>>>>>>>The vulnerabilities prompted some security experts to recommend that
>>>>>>>>>users try a different browser, such as Mozilla or Opera, while
>>>>>>>>>Microsoft's dominant Internet Explorer browser remained unfixed.
>>>>>>>>>
>>>>>>>>>http://www.wcfcourier.com/articles/2004/07/31/business/local/2195fc7a97182e8586256ee1006cb3c2.txt
>>>>>>>>>http://snipurl.com/85hb
>>>>>>>> 
>>>>>>>> 
>>>>>>>> Oh wait, it's still not fixed....
>>>>>>>> 
>>>>>>>> http://bugzilla.mozilla.org/show_bug.cgi?id=22183
>>>>>>> 
>>>>>>> Neither is IE 6.0, so a bug isn't fixed in Mozilla.  So what?  When is 
>>>>>>> M$ going to fix IE 6.0?
>>>>>> 
>>>>>> And when it the 'begin' bug going to be fixed in OE?
>>>>> 
>>>>> Never, most likely, since it's not a bug.
>>>> 
>>>> OE is -supposed- to work that way?
>>> 
>>> OE shows uuencoded files as atachments.  The uuencode specification says
>>> that a uuencoded file starts with a newline-"begin"[space][space]filename
>>> mode"
>>> 
>>> Windows doesn't have a mode, so it ignores that flag, so it only looks for
>>> the rest of it.  And, since uuencoded files can span multiple messages, you
>>> can't rely on there being an end signifier to identify a correct message.
>>> 
>>> In other words, the "flaw" is that MS treats uuencoded messages as
>>> attachments.  The "fix" would be to remove that feature.
>> 
>> Then why does micro$oft consider it a problem, complete with work arounds?
>> And why do other news readers no have the same problem?
> 
> Because it is a problem.

.... that micro$oft doesn't fix.
-- 
Rick

On Mon, 02 Aug 2004 19:41:08 -0500, Erik Funkenbusch wrote:

> On Mon, 02 Aug 2004 17:46:28 -0600, Hamilcar Barca wrote:
> 
>> begin  In article <1sbmrff0trqwq$.dlg@funkenbusch.com> (Mon, 02 Aug
>> 2004 18:22:59 -0500), Erik Funkenbusch wrote:
>> 
>>> OE shows uuencoded files as atachments.  The uuencode specification
>>> says that a uuencoded file starts with a
>>> newline-"begin"[space][space]filename mode"
>> 
>> It's
>> 
>>   begin[space][mode][space][filename]
> 
> You're correct.
> 
>>> In other words, the "flaw" is that MS treats uuencoded messages as
>>> attachments.  The "fix" would be to remove that feature.
>> 
>> No, OE treats "begin[space][space][filename]" as if it indicated the
>> start of a UUencoded file.  This is a defect in Microsoft's
>> implementation.
> 
> No.  Windows doesn't care about a file mode.  It doesn't have any use
> for it.  Further, it's far more likely that you're going to see
> newline"begin"[space]numbers[space]text in everyday correspondence than
> a begin followed by two spaces on a new line.
> 
> Imagine the following "We begin 1234 jobs" in which the begin happens to
> start on a new line due to word wrap.  The only way to get
> begin[space][space] is by typo.
> 
> uuencoding sucks, plain and simple.  That's why none of the unix mail
> readers support uuencoded attachments.

>http://www.scit.wlv.ac.uk/cgi-bin/mansec?1C+uuencode>

Unix Manual Page for uuencode

DESCRIPTION

uuencode
uuencode converts a binary file into an encoded  representa- tion that can
be sent using mail(1).


<http://www.cs.drexel.edu/~kschmidt/Ref/unix_reference.html>

UNIX Slightly Longer Reference Guide (still for newbies)

pine	Another nice mail reader, understands MIME and UUEncode types.

<http://www.panix.com/~kylet/unix-att.html>

uuencode - This is the original method to send encoded text within a
message. It is not an attachment as we think of them today but is still
used enough to warrant putting it here.

-- 
Rick

[snips]

On Mon, 02 Aug 2004 19:45:51 -0500, Erik Funkenbusch wrote:

>> Treating 'begin  ' as the start of uuencoded is simply wrong.
> 
> Not when you don't need a mode flag.

You do need a mode flag: to differentiate between the word "begin" and the
beginning of an attachment of this sort.  That you don't use the mode for
any other purpose is irrelevant; anyone with the spec in front of them
should be able to write a parser *without* this problem; anyone,
apparently, except Microsoft.  This is that "commercial quality" we keep
hearing about, right?

[snips]

On Mon, 02 Aug 2004 18:24:46 -0500, Erik Funkenbusch wrote:

> It's not really a bug.  A bug is when there is an error in the way
> something works.  

Exactly: such as parsing "begin  " as an attachment instead of at least
checking for a properly-formatted header which includes a mode and a
filename.

Erik Funkenbusch wrote:

> On Mon, 02 Aug 2004 20:19:38 +0200, Jesse F. Hughes wrote:
> 
> 
>>rgc@nodomain.none (Roy Culley) writes:
>>
>>
>>>begin  <1gwet517yrvz7.dlg@funkenbusch.com>,
>>>	Erik Funkenbusch <erik@despam-funkenbusch.com> writes:
>>>
>>>>On Mon, 02 Aug 2004 11:01:28 +0100, William Poaster wrote:
>>>>
>>>>
>>>>>And when it the 'begin' bug going to be fixed in OE?
>>>>
>>>>Never, most likely, since it's not a bug.
>>
>>Not a bug.  What's a bug then?  
> 
> 
> No, MS classifies it as a "problem" not a bug.  A problem is when something
> is working as designed, but is not necessarily what the user intends.  A
> bug is when something doesn't work as designed.
> 
> 
>>>Yeh, right Erik:
>>>
>>>http://support.microsoft.com/default.aspx?scid=kb;en-us;265230
>>>
>>>    STATUS
>>>
>>>    Microsoft has confirmed that this is a problem in the Microsoft
>>>    products that are listed at the beginning of this article.
>>>
>>>The best bit though:
>>>
>>>    WORKAROUND
>>>
>>>    To workaround this problem:
>>>
>>>    * Do not start messages with the word "begin" followed by two spaces.
>>>    * Use only one space between the word "begin" and the following data.
>>>    * Capitalize the word "begin" so that it is reads "Begin."
>>>    * Use a different word such as "start" or "commence."
>>>
>>>Truly pathetic.
>>
>>No doubt.  They give advice to the *sender* rather than the
>>*recipient*, despite the fact that the sender doesn't see the bug at
>>all.
>>
>>Worst advice ever.  Well, except for this, perhaps.
>>
>>"Do not click any hyperlinks that you do not trust. Type them in the
>>Address bar yourself."
> 
> 
> Oh, you are talking about Mozilla I see.
> 
> http://secunia.com/advisories/12188/
> 
> "Solution: Do not follow links from untrusted sites."
> 

Isn't that essentially what M$ is suggesting as well for IE 6?

-- 
---------------------------------
My other computer is a VAX.

Erik Funkenbusch wrote:

> On Mon, 02 Aug 2004 20:30:14 GMT, Jim Richardson wrote:
> 
> 
>>-----BEGIN PGP SIGNED MESSAGE-----
>>Hash: SHA1
>>
>>On Mon, 2 Aug 2004 11:55:50 -0500,
>> Erik Funkenbusch <erik@despam-funkenbusch.com> wrote:
>>
>>>On Mon, 02 Aug 2004 11:01:28 +0100, William Poaster wrote:
>>>
>>>
>>>>begin  On Sun, 01 Aug 2004 22:19:38 -0600, GreyCloud scribbled this
>>>>message:
>>>>
>>>>
>>>>>
>>>>>Erik Funkenbusch wrote:
>>>>>
>>>>>
>>>>>>On 31 Jul 2004 10:35:01 -0700, Daeron wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>>Microsoft releases patch to fix month-old security problem
>>>>>>>anon July 31 2004 Seattle (AP) --
>>>>>>>
>>>>>>>Microsoft Corp. released a patch Friday to halt the spread of a
>>>>>>>computer virus that can steal personal information, more than a month
>>>>>>>after the virus began winding its way through the Internet.
>>>>>>>
>>>>>>>[...]
>>>>>>>
>>>>>>>The vulnerabilities prompted some security experts to recommend that
>>>>>>>users try a different browser, such as Mozilla or Opera, while
>>>>>>>Microsoft's dominant Internet Explorer browser remained unfixed.
>>>>>>>
>>>>>>>http://www.wcfcourier.com/articles/2004/07/31/business/local/2195fc7a97182e8586256ee1006cb3c2.txt
>>>>>>>http://snipurl.com/85hb
>>>>>>
>>>>>>
>>>>>>Oh wait, it's still not fixed....
>>>>>>
>>>>>>http://bugzilla.mozilla.org/show_bug.cgi?id=22183
>>>>>
>>>>>Neither is IE 6.0, so a bug isn't fixed in Mozilla.  So what?  When is 
>>>>>M$ going to fix IE 6.0?
>>>>
>>>>And when it the 'begin' bug going to be fixed in OE?
>>>
>>>Never, most likely, since it's not a bug.
>>
>>Micorosoft disagrees with you. They seem to think it's a bug, they just
>>aren't going to bother fixing it. 
> 
> 
> It's not really a bug.  A bug is when there is an error in the way
> something works.  There is no error, it's just unfortunate that uuencoding
> works the way it does.  This is what MIME was invented to fix, among other
> things.

Uuencoding??  I've never had that problem with Mozilla under Solaris 
with this 'begin' word. Sure it isn't something else in OE 6?

-- 
---------------------------------
My other computer is a VAX.

Erik Funkenbusch <erik@despam-funkenbusch.com> writes:

> On Mon, 02 Aug 2004 20:19:38 +0200, Jesse F. Hughes wrote:
>> 
>> "Do not click any hyperlinks that you do not trust. Type them in the
>> Address bar yourself."
>
> Oh, you are talking about Mozilla I see.
>
> http://secunia.com/advisories/12188/
>
> "Solution: Do not follow links from untrusted sites."
>

Pretty bad, yes, but not as funny.  A couple of differences: whether
trust is placed on the individual links or the site.  Now that's
probably just bad writing but it gives the impression the user should
judge each link.  The main difference as far as humor goes: MS tells
you to *type hyperlinks into the address bar yourself*.

That's just funny.

Maybe another difference or two.  We can learn about what has been
done regarding the Mozilla bug at
http://bugzilla.mozilla.org/show_bug.cgi?id=244965.  And the bug has
been fixed (but I don't know if the fix is part of a release or not).

Has the MS bug been fixed?  I'm not sure.  Looking at
http://support.microsoft.com/default.aspx?scid=kb;%5Bln%5D;833786,
they suggest installing a security update, but then they tell you to
type in your hyperlinks anyway.  Does the update fix the bug?  What
does it do?

I assume I could find out more about the update with some Googling,
but I must go now.  Maybe later.  Or maybe you can fill in the details
for me in the meantime.

Thanks.
-- 
"Reality has a fascinating ability to check us when we get a little too
big for our britches... Make no mistake.  There isn't a mathematician alive
today that I can't now touch, and not a mathematical career on the planet
that I can't now affect."  --James Harris, render of worlds

jesse@phiwumbda.org (Jesse F. Hughes) writes:

> Has the MS bug been fixed?  I'm not sure.  Looking at
> http://support.microsoft.com/default.aspx?scid=kb;%5Bln%5D;833786,
> they suggest installing a security update, but then they tell you to
> type in your hyperlinks anyway.  Does the update fix the bug?  What
> does it do?

As far as I can tell, the MS bug has not been fixed.  The security
update doesn't look like it addresses the problem.  Instead, it
addresses problems with SSL, which may help one determine whether he's
at a spoofed site, but doesn't change the phishing mechanism.

Right?

So, Erik, the Mozilla bug, while serious, has been fixed.  I don't
know if that fix has made it to downloads, but it's in the pipe at
least.  I don't see any evidence the IE bug has been fixed.  Please
correct me if I'm mistaken.

In this case, if we compare the two, then I prefer Mozilla (not that I
use it).

-- 
Jesse F. Hughes
"And I'm one of my own biggest skeptics as I had *YEARS* of wrong
ideas, and attempts that failed.  Worse, for some of them it took
*MONTHS* before I figured out where I screwed up." -- James Harris

jesse@phiwumbda.org (Jesse F. Hughes) writes:

> jesse@phiwumbda.org (Jesse F. Hughes) writes:
>
>> Has the MS bug been fixed?  I'm not sure.  Looking at
>> http://support.microsoft.com/default.aspx?scid=kb;%5Bln%5D;833786,
>> they suggest installing a security update, but then they tell you to
>> type in your hyperlinks anyway.  Does the update fix the bug?  What
>> does it do?
>
> As far as I can tell, the MS bug has not been fixed.  The security
> update doesn't look like it addresses the problem.  Instead, it
> addresses problems with SSL, which may help one determine whether he's
> at a spoofed site, but doesn't change the phishing mechanism.
>
> Right?
>
> So, Erik, the Mozilla bug, while serious, has been fixed.  I don't
> know if that fix has made it to downloads, but it's in the pipe at
> least.  I don't see any evidence the IE bug has been fixed.  Please
> correct me if I'm mistaken.

I have found evidence that it was "fixed", which means, of course,
that Microsoft chose to break IE in a different way.

Microsoft chose to disallow URLs of the form
http(s)://username:password@server/resource.ext, which is, I
understand, perfectly legal and useful.  By disallowing such URLs, IE
is no longer susceptible to the phishing bug which we the source of
that funny advice.  But I'm not sure why the support page doesn't
mention the update -- does it?

Source:
http://www.theregister.co.uk/2004/02/03/ms_plugs_ie_phishing_bug/
http://www.theregister.co.uk/2004/01/30/ms_drop_authentication_technique/

Erik, this is a pathetic fix and it took two months for this
half-assed response.  The Mozilla bug which you mentioned was fixed
in, what, four days?  I won't doublecheck that figure, but it was at
least under a week.

Good comparison.
-- 
"It seems to me that in wartime Americans shouldn't be attacking each
other in this way on a *worldwide* forum.  Then again, I know I'm an
American, but I have no way of knowing that you are, which would
explain a lot."  --James Harris, on why Yanks should accept his proof

: Erik Funkenbusch <erik@despam-funkenbusch.com>
: No, MS classifies it as a "problem" not a bug.  A problem is when
: something is working as designed, but is not necessarily what the user
: intends.  A bug is when something doesn't work as designed. 

Therefore, MS must have actually designed their recognition of uuencoded
enclosures to recognise as an enclosure things that manifestly are not
actually enclosures.  And they did this on purpose, knowing that it
would prevent parts of messages being displayed.  And have decided not
to improve the recognition to reject these false identifications, even
though this change would be trivial.


Wayne Throop   throopw@sheol.org   http://sheol.org/throopw

In comp.os.linux.advocacy, Erik Funkenbusch
<erik@despam-funkenbusch.com>
 wrote
on Mon, 2 Aug 2004 18:22:59 -0500
<1sbmrff0trqwq$.dlg@funkenbusch.com>:
> On Mon, 02 Aug 2004 18:05:32 -0400, Rick wrote:
>
>> On Mon, 02 Aug 2004 11:55:50 -0500, Erik Funkenbusch wrote:
>> 
>>> On Mon, 02 Aug 2004 11:01:28 +0100, William Poaster wrote:
>>> 
>>>> begin  On Sun, 01 Aug 2004 22:19:38 -0600, GreyCloud scribbled this
>>>> message:
>>>> 
>>>>> 
>>>>> 
>>>>> Erik Funkenbusch wrote:
>>>>> 
>>>>>> On 31 Jul 2004 10:35:01 -0700, Daeron wrote:
>>>>>> 
>>>>>> 
>>>>>>>Microsoft releases patch to fix month-old security problem
>>>>>>>anon July 31 2004 Seattle (AP) --
>>>>>>>
>>>>>>>Microsoft Corp. released a patch Friday to halt the spread of a
>>>>>>>computer virus that can steal personal information, more than a month
>>>>>>>after the virus began winding its way through the Internet.
>>>>>>>
>>>>>>>[...]
>>>>>>>
>>>>>>>The vulnerabilities prompted some security experts to recommend that
>>>>>>>users try a different browser, such as Mozilla or Opera, while
>>>>>>>Microsoft's dominant Internet Explorer browser remained unfixed.
>>>>>>>
>>>>>>>http://www.wcfcourier.com/articles/2004/07/31/business/local/2195fc7a97182e8586256ee1006cb3c2.txt
>>>>>>>http://snipurl.com/85hb
>>>>>> 
>>>>>> 
>>>>>> Oh wait, it's still not fixed....
>>>>>> 
>>>>>> http://bugzilla.mozilla.org/show_bug.cgi?id=22183
>>>>> 
>>>>> Neither is IE 6.0, so a bug isn't fixed in Mozilla.  So what?  When is 
>>>>> M$ going to fix IE 6.0?
>>>> 
>>>> And when it the 'begin' bug going to be fixed in OE?
>>> 
>>> Never, most likely, since it's not a bug.
>> 
>> OE is -supposed- to work that way?
>
> OE shows uuencoded files as atachments.  The uuencode specification says
> that a uuencoded file starts with a newline-"begin"[space][space]filename
> mode"

Pedant point:

'begin 0644 filename'

is the more or less usual specification for uuencoded files (I'd have
to look to be sure; uuencoding is not in the RFCs AFAIK), but
presumably the double space form is acceptable, leading to:

'begin  filename'

which OE thinks begins a uuencoded filename.

Presumably uudecode puts the right value into the permissions slot --
assuming it pays any attention thereto at all.

>
> Windows doesn't have a mode, so it ignores that flag, so it only looks for
> the rest of it.  And, since uuencoded files can span multiple messages, you
> can't rely on there being an end signifier to identify a correct message.
>
> In other words, the "flaw" is that MS treats uuencoded messages as
> attachments.  The "fix" would be to remove that feature.

Or at least check to see if the following line begins with an 'M',
contains no spaces, and is a certain length.

For example, 'uuencode < t3.C t3.C' generates
the following two lines:

    begin 644 t3.C
    M(VEN8VQU9&4@/'-T9&EO+F@^"@HO+R!A(%)E;&9I<VT*"B-D969I;F4@3&]O

followed by a few more lines (all beginning with an 'M', which
is an encoded line length, apparently), followed by

    @(B5D("5D7&XB+"!X+"!Y*3L*"@ER971U<FX@,#L*?0H`
    `
    end

Were I to put the output of uuencode into a mail message OE would
do the right thing -- but OE doesn't have enough checking.

It turns out that, if I remove the '644' but leave the double space
in uuencode's output, uudecode complains:

    uudecode: stdin: No `begin' line

My brain hurts.

-- 
#191, ewill3@earthlink.net
It's still legal to go .sigless.

In comp.os.linux.advocacy, Rick
<none@nomail.com>
 wrote
on Mon, 02 Aug 2004 21:48:16 -0400
<pan.2004.08.03.01.48.12.919441@nomail.com>:
> On Mon, 02 Aug 2004 19:29:25 -0500, Erik Funkenbusch wrote:
>
>> On Mon, 02 Aug 2004 19:27:39 -0400, Rick wrote:
>> 
>>> On Mon, 02 Aug 2004 18:22:59 -0500, Erik Funkenbusch wrote:
>>> 

[snip for brevity]

>>>> In other words, the "flaw" is that MS treats uuencoded messages as
>>>> attachments.  The "fix" would be to remove that feature.
>>> 
>>> Then why does micro$oft consider it a problem, complete with work arounds?
>>> And why do other news readers no have the same problem?
>> 
>> Because it is a problem.
>
> ... that micro$oft doesn't fix.

Considering the major problems exploited by such viruses
as Nimda, Klez, Skynet, MyDoom, and what not, I'd say that
the priority of this particular bug/problem/whatever is
somewhere between cleaning out the swimming pool's drain
and buying paper doilies for the picnic...during Hurricane Alex. :-)

-- 
#191, ewill3@earthlink.net
It's still legal to go .sigless.

On Mon, 02 Aug 2004 18:59:41 -0600, Hamilcar Barca wrote:

> In article <kbx9j2hk24dc.dlg@funkenbusch.com> (Mon, 02 Aug 2004 19:41:08
> -0500), Erik Funkenbusch wrote:
> 
>> On Mon, 02 Aug 2004 17:46:28 -0600, Hamilcar Barca wrote:
>> 
>>> No, OE treats "begin[space][space][filename]" as if it indicated the
>>> start of a UUencoded file.  This is a defect in Microsoft's
>>> implementation.
>> 
>> No.  Windows doesn't care about a file mode.  It doesn't have any use
>> for it.
> 
> So, if we're to believe you, rather than ignoring the file mode which it
> cannot use, Microsoft made their software deliberately defective

No.  You don't get it.  MS *IS* ignoring the mode.  That's why they don't
care if it's present or not.

> Imagine that instead of using apologetics to explain away the defect, you
> simply acknowledge, as has Microsoft, that OE has this defect.  Unlike
> IE's case, with new security vulnerabilities on the average of once every
> 8 days, it's not a major failing in OE.

Microsoft has not ackowledged it as a defect.

>> uuencoding sucks, plain and simple.
> 
> Those grapes certainly must have been sour.

Yet you can't explain why there are no unix news or mail readers that treat
uuencoding as attachments.

>> That's why none of the unix mail readers support uuencoded attachments.
> 
> This doesn't explain why Microsoft refuses to correct its defective
> software.

It's not a defect.  It's working as designed.  It's just not working as
some users would like.

On Mon, 02 Aug 2004 22:05:41 -0400, Rick wrote:

> On Mon, 02 Aug 2004 19:41:08 -0500, Erik Funkenbusch wrote:
> 
>> On Mon, 02 Aug 2004 17:46:28 -0600, Hamilcar Barca wrote:
>> 
>>> begin  In article <1sbmrff0trqwq$.dlg@funkenbusch.com> (Mon, 02 Aug
>>> 2004 18:22:59 -0500), Erik Funkenbusch wrote:
>>> 
>>>> OE shows uuencoded files as atachments.  The uuencode specification
>>>> says that a uuencoded file starts with a
>>>> newline-"begin"[space][space]filename mode"
>>> 
>>> It's
>>> 
>>>   begin[space][mode][space][filename]
>> 
>> You're correct.
>> 
>>>> In other words, the "flaw" is that MS treats uuencoded messages as
>>>> attachments.  The "fix" would be to remove that feature.
>>> 
>>> No, OE treats "begin[space][space][filename]" as if it indicated the
>>> start of a UUencoded file.  This is a defect in Microsoft's
>>> implementation.
>> 
>> No.  Windows doesn't care about a file mode.  It doesn't have any use
>> for it.  Further, it's far more likely that you're going to see
>> newline"begin"[space]numbers[space]text in everyday correspondence than
>> a begin followed by two spaces on a new line.
>> 
>> Imagine the following "We begin 1234 jobs" in which the begin happens to
>> start on a new line due to word wrap.  The only way to get
>> begin[space][space] is by typo.
>> 
>> uuencoding sucks, plain and simple.  That's why none of the unix mail
>> readers support uuencoded attachments.
> 
>>http://www.scit.wlv.ac.uk/cgi-bin/mansec?1C+uuencode>
> 
> Unix Manual Page for uuencode
> 
> DESCRIPTION
> 
> uuencode
> uuencode converts a binary file into an encoded  representa- tion that can
> be sent using mail(1).
> 
> 
> <http://www.cs.drexel.edu/~kschmidt/Ref/unix_reference.html>
> 
> UNIX Slightly Longer Reference Guide (still for newbies)
> 
> pine	Another nice mail reader, understands MIME and UUEncode types.
> 
> <http://www.panix.com/~kylet/unix-att.html>
> 
> uuencode - This is the original method to send encoded text within a
> message. It is not an attachment as we think of them today but is still
> used enough to warrant putting it here.

What's your point exactly?

In article <1b4xhwyvmh0yi$.dlg@funkenbusch.com> (Tue, 03 Aug 2004 21:41:06
-0500), Erik Funkenbusch wrote:

> On Mon, 02 Aug 2004 18:59:41 -0600, Hamilcar Barca wrote:
> 
>> So, if we're to believe you, rather than ignoring the file mode which it
>> cannot use, Microsoft made their software deliberately defective
> 
> No.  You don't get it.

I get it all right.

> MS *IS* ignoring the mode.  That's why they don't
> care if it's present or not.

Ignoring the mode when it's present and forms part of a valid UUE header
is not the same is incorrectly assuming a valid UUE header is present when
it is not.  What Microsoft doesn't care is if the defect in their software
causes their users problems.

>> Imagine that instead of using apologetics to explain away the defect,
>> you simply acknowledge, as has Microsoft, that OE has this defect. 
>> Unlike IE's case, with new security vulnerabilities on the average of
>> once every 8 days, it's not a major failing in OE.
> 
> Microsoft has not ackowledged it as a defect.

Microsoft has confirmed there is a problem in OE.  It's only you who has
now acknowledged the defect.

> Yet you can't explain why there are no unix news or mail readers that
> treat uuencoding as attachments.

Yet, the attempt to change the subject fails.

>>> That's why none of the unix mail readers support uuencoded attachments.
>> 
>> This doesn't explain why Microsoft refuses to correct its defective
>> software.
> 
> It's not a defect.  It's working as designed.

In that case, the design is accidentally or deliberately defective. 
Microsoft confirms that OE sometimes detects a UUencoded attachment when
none is present.

> It's just not working as some users would like.

On this point, we're in agreement.  In particular, DooFuS was quite
displeased when he discovered the defect.

In article <1lx6jnlsbf2j1.dlg@funkenbusch.com> (Tue, 03 Aug 2004 21:42:13
-0500), Erik Funkenbusch wrote:

>>> [snip errors in interpretation and attempt at misdirection]
>>> 
>>> [snip sour grapes]
>>>
>>> uuencoding sucks, plain and simple.  That's why none of the unix mail
>>> readers support uuencoded attachments.
>> 
>>>http://www.scit.wlv.ac.uk/cgi-bin/mansec?1C+uuencode>
>> 
>> Unix Manual Page for uuencode
>> 
>> DESCRIPTION
>> 
>> uuencode
>> uuencode converts a binary file into an encoded  representa- tion that
>> can be sent using mail(1).
>> 
>> 
>> <http://www.cs.drexel.edu/~kschmidt/Ref/unix_reference.html>
>> 
>> UNIX Slightly Longer Reference Guide (still for newbies)
>> 
>> pine	Another nice mail reader, understands MIME and UUEncode types.
>> 
>> <http://www.panix.com/~kylet/unix-att.html>
>> 
>> uuencode - This is the original method to send encoded text within a
>> message. It is not an attachment as we think of them today but is still
>> used enough to warrant putting it here.
> 
> What's your point exactly?

The point is that you offered untruths and attempts to change the subject,
and profess ignorance when proved wrong.

Although it was irrelevant and immaterial to the original discussion, you
claimed the beginning of a UUencoded attachment did not require the mode.
You're proved wrong.

Although it was irrelevant and immaterial to the original discussion, you
also claimed no Unix newsreader or email client could perform UUdecoding.
You're proved wrong again.

What was your point exactly?  Please limit the discussion to relevant
points where you have not already been proved wrong, okay?  The following
are already shown conclusively:

1) UUencoded attachment headers require a three-digit, octal file mode.
   This was the standard before Microsoft foisted its defect product upon
   an unsuspecting public.  This was the case even before Microsoft
   included TCP/IP support in any of its operating systems.

2) Outlook Express falsely indicates a UUencoded attachment when the mode
   is missing.

You can continue prevaricating and obfuscating but Outlook Express is
defective and Microsoft has indicated they do not intend to correct this
defect, although they have not been honest enough to simply say so.

begin  On Tue, 03 Aug 2004 21:02:21 -0600, Hamilcar Barca scribbled this
message:

> In particular, DooFuS was quite
> displeased when he discovered the defect.

DooFu$ was upset? Oh dear, what a shame! ;-) 

-- 
"If it weren't for Windows, you wouldn't 
be posting anything right now."
DFS aka DorkForSure aka DooFu$ -  
comp.os.linux.advocacy Date: Tue, 22 Jun 2004

On Tue, 03 Aug 2004 21:42:13 -0500, Erik Funkenbusch wrote:

> On Mon, 02 Aug 2004 22:05:41 -0400, Rick wrote:
> 
>> On Mon, 02 Aug 2004 19:41:08 -0500, Erik Funkenbusch wrote:
>> 
>>> On Mon, 02 Aug 2004 17:46:28 -0600, Hamilcar Barca wrote:
>>> 
>>>> begin  In article <1sbmrff0trqwq$.dlg@funkenbusch.com> (Mon, 02 Aug
>>>> 2004 18:22:59 -0500), Erik Funkenbusch wrote:
>>>> 
>>>>> OE shows uuencoded files as atachments.  The uuencode specification
>>>>> says that a uuencoded file starts with a
>>>>> newline-"begin"[space][space]filename mode"
>>>> 
>>>> It's
>>>> 
>>>>   begin[space][mode][space][filename]
>>> 
>>> You're correct.
>>> 
>>>>> In other words, the "flaw" is that MS treats uuencoded messages as
>>>>> attachments.  The "fix" would be to remove that feature.
>>>> 
>>>> No, OE treats "begin[space][space][filename]" as if it indicated the
>>>> start of a UUencoded file.  This is a defect in Microsoft's
>>>> implementation.
>>> 
>>> No.  Windows doesn't care about a file mode.  It doesn't have any use
>>> for it.  Further, it's far more likely that you're going to see
>>> newline"begin"[space]numbers[space]text in everyday correspondence
>>> than a begin followed by two spaces on a new line.
>>> 
>>> Imagine the following "We begin 1234 jobs" in which the begin happens
>>> to start on a new line due to word wrap.  The only way to get
>>> begin[space][space] is by typo.
>>> 
>>> uuencoding sucks, plain and simple.  That's why none of the unix mail
>>> readers support uuencoded attachments.
>> 
>>>http://www.scit.wlv.ac.uk/cgi-bin/mansec?1C+uuencode>
>> 
>> Unix Manual Page for uuencode
>> 
>> DESCRIPTION
>> 
>> uuencode
>> uuencode converts a binary file into an encoded  representa- tion that
>> can be sent using mail(1).
>> 
>> 
>> <http://www.cs.drexel.edu/~kschmidt/Ref/unix_reference.html>
>> 
>> UNIX Slightly Longer Reference Guide (still for newbies)
>> 
>> pine	Another nice mail reader, understands MIME and UUEncode types.
>> 
>> <http://www.panix.com/~kylet/unix-att.html>
>> 
>> uuencode - This is the original method to send encoded text within a
>> message. It is not an attachment as we think of them today but is still
>> used enough to warrant putting it here.
> 
> What's your point exactly?

My point is that you said "That's why none of the unix mail readers
support uuencoded attachments", and while they may not support uuencoded
-attachments- per se, they do properly uencoding in messages, which IE
apparently doesn't.

-- 
Rick

On Wed, 04 Aug 2004 06:57:50 -0400, Rick wrote:

> On Tue, 03 Aug 2004 21:42:13 -0500, Erik Funkenbusch wrote:
> 
>> On Mon, 02 Aug 2004 22:05:41 -0400, Rick wrote:
>> 
>>> On Mon, 02 Aug 2004 19:41:08 -0500, Erik Funkenbusch wrote:
>>> 
>>>> On Mon, 02 Aug 2004 17:46:28 -0600, Hamilcar Barca wrote:
>>>> 
>>>>> begin  In article <1sbmrff0trqwq$.dlg@funkenbusch.com> (Mon, 02 Aug
>>>>> 2004 18:22:59 -0500), Erik Funkenbusch wrote:
>>>>> 
>>>>>> OE shows uuencoded files as atachments.  The uuencode specification
>>>>>> says that a uuencoded file starts with a
>>>>>> newline-"begin"[space][space]filename mode"
>>>>> 
>>>>> It's
>>>>> 
>>>>>   begin[space][mode][space][filename]
>>>> 
>>>> You're correct.
>>>> 
>>>>>> In other words, the "flaw" is that MS treats uuencoded messages as
>>>>>> attachments.  The "fix" would be to remove that feature.
>>>>> 
>>>>> No, OE treats "begin[space][space][filename]" as if it indicated the
>>>>> start of a UUencoded file.  This is a defect in Microsoft's
>>>>> implementation.
>>>> 
>>>> No.  Windows doesn't care about a file mode.  It doesn't have any use
>>>> for it.  Further, it's far more likely that you're going to see
>>>> newline"begin"[space]numbers[space]text in everyday correspondence
>>>> than a begin followed by two spaces on a new line.
>>>> 
>>>> Imagine the following "We begin 1234 jobs" in which the begin happens
>>>> to start on a new line due to word wrap.  The only way to get
>>>> begin[space][space] is by typo.
>>>> 
>>>> uuencoding sucks, plain and simple.  That's why none of the unix mail
>>>> readers support uuencoded attachments.
>>> 
>>>>http://www.scit.wlv.ac.uk/cgi-bin/mansec?1C+uuencode>
>>> 
>>> Unix Manual Page for uuencode
>>> 
>>> DESCRIPTION
>>> 
>>> uuencode
>>> uuencode converts a binary file into an encoded  representa- tion that
>>> can be sent using mail(1).
>>> 
>>> 
>>> <http://www.cs.drexel.edu/~kschmidt/Ref/unix_reference.html>
>>> 
>>> UNIX Slightly Longer Reference Guide (still for newbies)
>>> 
>>> pine	Another nice mail reader, understands MIME and UUEncode types.
>>> 
>>> <http://www.panix.com/~kylet/unix-att.html>
>>> 
>>> uuencode - This is the original method to send encoded text within a
>>> message. It is not an attachment as we think of them today but is still
>>> used enough to warrant putting it here.
>> 
>> What's your point exactly?
> 
> My point is that you said "That's why none of the unix mail readers
> support uuencoded attachments", and while they may not support uuencoded
> -attachments- per se, they do properly uencoding in messages, which IE
> apparently doesn't.

oops.. should have been OE.
-- 
Rick

Was Re: Mozilla releases patch to fix 4 year-old security problem

whilst also attempts to derail the thread. The debating tactic of a low
life bottom feeder.

Erik Funkenbusch wrote:

>>> Oh wait, it's still not fixed....

>>> http://bugzilla.mozilla.org/show_bug.cgi?id=22183

>> Neither is IE 6.0, so a bug isn't fixed in Mozilla.  So what?  When
>>  is M$ going to fix IE 6.0?

> Daeron was making a big point over a bug fix in IE that is a month 
> old, yet at least one 4 *YEAR* old bug still isn't fixed in Mozilla.

> It's all about hypocricy, greycloud.

Pray tell how exactly is it 'hypocrisy'. I post articles mostly in
praise of Open Source. I have also posted bug (sorry problem) reports
regarding Open Source.

What is really hypocrital is someone who has spent years squatting on a
Linux group pretending he really wants Linux be get better.

Prostituting his obviously sharp intellect in beating up on genuine
Linux advocates. Now that is the ultimate hypocrisy.

fuddie: Tell the readers how you used to help the OS/2 groups until the
became no threat to the collective.
-- 

guess who'll be first to his defence ... the ionkid .. ;)

On Tue, 03 Aug 2004 21:13:44 -0600, Hamilcar Barca wrote:

> In article <1lx6jnlsbf2j1.dlg@funkenbusch.com> (Tue, 03 Aug 2004 21:42:13
> -0500), Erik Funkenbusch wrote:
> 
>>>> [snip errors in interpretation and attempt at misdirection]
>>>> 
>>>> [snip sour grapes]
>>>>
>>>> uuencoding sucks, plain and simple.  That's why none of the unix mail
>>>> readers support uuencoded attachments.
>>> 
>>>>http://www.scit.wlv.ac.uk/cgi-bin/mansec?1C+uuencode>
>>> 
>>> Unix Manual Page for uuencode
>>> 
>>> DESCRIPTION
>>> 
>>> uuencode
>>> uuencode converts a binary file into an encoded  representa- tion that
>>> can be sent using mail(1).
>>> 
>>> 
>>> <http://www.cs.drexel.edu/~kschmidt/Ref/unix_reference.html>
>>> 
>>> UNIX Slightly Longer Reference Guide (still for newbies)
>>> 
>>> pine	Another nice mail reader, understands MIME and UUEncode types.
>>> 
>>> <http://www.panix.com/~kylet/unix-att.html>
>>> 
>>> uuencode - This is the original method to send encoded text within a
>>> message. It is not an attachment as we think of them today but is still
>>> used enough to warrant putting it here.
>> 
>> What's your point exactly?
> 
> The point is that you offered untruths and attempts to change the subject,
> and profess ignorance when proved wrong.

Excuse me?  I did no such thing.  I have said nothing untrue here, nor has
anyone proven me wrong.  Is that what you thought you were doing?  Proving
me wrong?  All you did was quote the uuencode man page

> Although it was irrelevant and immaterial to the original discussion, you
> claimed the beginning of a UUencoded attachment did not require the mode.
> You're proved wrong.

I claimed no such thing.  I said Windows doesn't have a mode, and thus
ignores it.  You're the one who seems to be offering untruth here about
what you claim I said.  Further, I'm not the one that changed the subject
from the original discussion.

> Although it was irrelevant and immaterial to the original discussion, you
> also claimed no Unix newsreader or email client could perform UUdecoding.
> You're proved wrong again.

Once again, you're the one offering untruth here.  I said that no unix
newsreader or email client treated uuencoded messages as attachments.  Why
are you twisting what I said into something else?

> What was your point exactly?  Please limit the discussion to relevant
> points where you have not already been proved wrong, okay?  The following
> are already shown conclusively:
> 
> 1) UUencoded attachment headers require a three-digit, octal file mode.

There is no such requirement for Windows.  Windows ignores mode, therefore
it doesn't matter if it's present or not.

>    This was the standard before Microsoft foisted its defect product upon
>    an unsuspecting public.  This was the case even before Microsoft
>    included TCP/IP support in any of its operating systems.

There is no uuencoding standard or RFC.  Just some best practices.

> 2) Outlook Express falsely indicates a UUencoded attachment when the mode
>    is missing.

As it would if the mode were present.

> You can continue prevaricating and obfuscating but Outlook Express is
> defective and Microsoft has indicated they do not intend to correct this
> defect, although they have not been honest enough to simply say so.

It's not a defect.

On Wed, 04 Aug 2004 06:57:50 -0400, Rick wrote:

> On Tue, 03 Aug 2004 21:42:13 -0500, Erik Funkenbusch wrote:
> 
>> On Mon, 02 Aug 2004 22:05:41 -0400, Rick wrote:
>> 
>>> On Mon, 02 Aug 2004 19:41:08 -0500, Erik Funkenbusch wrote:
>>> 
>>>> On Mon, 02 Aug 2004 17:46:28 -0600, Hamilcar Barca wrote:
>>>> 
>>>>> begin  In article <1sbmrff0trqwq$.dlg@funkenbusch.com> (Mon, 02 Aug
>>>>> 2004 18:22:59 -0500), Erik Funkenbusch wrote:
>>>>> 
>>>>>> OE shows uuencoded files as atachments.  The uuencode specification
>>>>>> says that a uuencoded file starts with a
>>>>>> newline-"begin"[space][space]filename mode"
>>>>> 
>>>>> It's
>>>>> 
>>>>>   begin[space][mode][space][filename]
>>>> 
>>>> You're correct.
>>>> 
>>>>>> In other words, the "flaw" is that MS treats uuencoded messages as
>>>>>> attachments.  The "fix" would be to remove that feature.
>>>>> 
>>>>> No, OE treats "begin[space][space][filename]" as if it indicated the
>>>>> start of a UUencoded file.  This is a defect in Microsoft's
>>>>> implementation.
>>>> 
>>>> No.  Windows doesn't care about a file mode.  It doesn't have any use
>>>> for it.  Further, it's far more likely that you're going to see
>>>> newline"begin"[space]numbers[space]text in everyday correspondence
>>>> than a begin followed by two spaces on a new line.
>>>> 
>>>> Imagine the following "We begin 1234 jobs" in which the begin happens
>>>> to start on a new line due to word wrap.  The only way to get
>>>> begin[space][space] is by typo.
>>>> 
>>>> uuencoding sucks, plain and simple.  That's why none of the unix mail
>>>> readers support uuencoded attachments.
>>> 
>>>>http://www.scit.wlv.ac.uk/cgi-bin/mansec?1C+uuencode>
>>> 
>>> Unix Manual Page for uuencode
>>> 
>>> DESCRIPTION
>>> 
>>> uuencode
>>> uuencode converts a binary file into an encoded  representa- tion that
>>> can be sent using mail(1).
>>> 
>>> 
>>> <http://www.cs.drexel.edu/~kschmidt/Ref/unix_reference.html>
>>> 
>>> UNIX Slightly Longer Reference Guide (still for newbies)
>>> 
>>> pine	Another nice mail reader, understands MIME and UUEncode types.
>>> 
>>> <http://www.panix.com/~kylet/unix-att.html>
>>> 
>>> uuencode - This is the original method to send encoded text within a
>>> message. It is not an attachment as we think of them today but is still
>>> used enough to warrant putting it here.
>> 
>> What's your point exactly?
> 
> My point is that you said "That's why none of the unix mail readers
> support uuencoded attachments", and while they may not support uuencoded
> -attachments- per se, they do properly uencoding in messages, which IE
> apparently doesn't.

No, they pipe the data out to an external program that does the uuencoding
or decoding.

Erik Funkenbusch <erik@despam-funkenbusch.com> writes:

> Yet you can't explain why there are no unix news or mail readers that treat
> uuencoding as attachments.

What does this mean?

Strictly speaking, a uuencoded part of a message is not an attachment,
as far as I understand the term.  An attachment means a MIME
attachment, I think.  But this is just terminology, so let's ignore
this complaint.

Do you mean that there's no unix mail or news reader that allows one
can treat uuencoded parts just like MIME attachments?  This is false.
I have run a little test with Gnus.

First, I tried to simply insert a uuencoded audio file and send it.
Gnus is too clever for that.  It inserted the appropriate mime
headers.  (Another case of software assuming too much?  Maybe.  I'm
sure it can be turned off, but I didn't want to dig too deep to figure
out how.  Aside from this test, I can't think of when I might want to
turn it off.)

So, instead I chose to go to the dark nether regions of Usenet (so
named out of homage to Amsterdam's red light district, I think).  I
fetched alt.sex.binaries.pictures.erotica, because I think that free
porn providers are not so careful to follow Mime conventions.  I
forgot who told me so. 

Guess what.  Gnus doesn't care whether there's mime headers or not.
It will present text buttons for extracting uuencoded parts just as if
they were mime attachments, but it's *not* susceptible to the begin
bug.  Wow.

In fact, I knew this without testing it, because of the documentation
regarding "gnus-article-emulate-mime".  See?
 
  If non-nil, use MIME emulation for uuencode and the like.
  This means that Gnus will search message bodies for text that look
  like uuencoded bits, yEncoded bits, and so on, and present that using
  the normal Gnus MIME machinery.

But I knew you'd want confirmation, so I checked it out.  I found
confirmation on that group.  My eyes will never be the same. 

So, you're right.  I can't explain why there are no unix news readers
that treat uuencoding as attachments because *there are*.  Not only
that, but these news readers (well, at least Gnus) don't barf on
normal text so far as I've noticed.  Not only that, but just in case
they screw up and give a false positive, it's *easy* to turn off that
feature.

Can you tell OE to stop trying to treat "begin  " as the beginning of
an attachment?  

-- 
"Sale or rental of this disc is ILLEGAL.  If you have rented or
purchased this disc, please call the MPAA at 1-800-NO-COPYS."  
                 -- The MPAA begins a new anti-piracy program,
                    found on a DVD purchased in China

On Mon, 02 Aug 2004 17:17:21 -0600, GreyCloud wrote:

> 
> 
> Erik Funkenbusch wrote:
> 
>> On Mon, 02 Aug 2004 11:01:28 +0100, William Poaster wrote:
>> 
>> 
>>>begin  On Sun, 01 Aug 2004 22:19:38 -0600, GreyCloud scribbled this
>>>message:
>>>
>>>
>>>>
>>>>Erik Funkenbusch wrote:
>>>>
>>>>
>>>>>On 31 Jul 2004 10:35:01 -0700, Daeron wrote:
>>>>>
>>>>>
>>>>>
>>>>>>Microsoft releases patch to fix month-old security problem
>>>>>>anon July 31 2004 Seattle (AP) --
>>>>>>
>>>>>>Microsoft Corp. released a patch Friday to halt the spread of a
>>>>>>computer virus that can steal personal information, more than a month
>>>>>>after the virus began winding its way through the Internet.
>>>>>>
>>>>>>[...]
>>>>>>
>>>>>>The vulnerabilities prompted some security experts to recommend that
>>>>>>users try a different browser, such as Mozilla or Opera, while
>>>>>>Microsoft's dominant Internet Explorer browser remained unfixed.
>>>>>>
>>>>>>http://www.wcfcourier.com/articles/2004/07/31/business/local/2195fc7a97182e8586256ee1006cb3c2.txt
>>>>>>http://snipurl.com/85hb
>>>>>
>>>>>
>>>>>Oh wait, it's still not fixed....
>>>>>
>>>>>http://bugzilla.mozilla.org/show_bug.cgi?id=22183
>>>>
>>>>Neither is IE 6.0, so a bug isn't fixed in Mozilla.  So what?  When is 
>>>>M$ going to fix IE 6.0?
>>>
>>>And when it the 'begin' bug going to be fixed in OE?
>> 
>> 
>> Never, most likely, since it's not a bug.
> 
> LOL!  It's a feature.

Well, he's right.  It's not a bug, it's just a sign of crappy design.

Cheers,

Greg

In article <1p018diojajn1.dlg@funkenbusch.com> (Wed, 04 Aug 2004 19:08:59
-0500), Erik Funkenbusch wrote:

>> 1) UUencoded attachment headers require a three-digit, octal file mode.
> 
> There is no such requirement for Windows.

The requirement is for UUencoded attachments, regardless of any of
your failed attempts at redefinitions of attachment, requirement,
uuencode, uudecode, and defect.

> It's not a defect.

Erik, clearly you have more technical knowledge than some posters here. 
On the other hand, you're a blithering idiot and a Microsoft apologist (to
be perfectly redundant) who doesn't understand more than a small fraction
of the terms and concepts on which you offer opinions.

Perhaps someday you'll become wise enough to realize this but, for
the meantime, please introduce yourself to the Flatfish in the Bozo bin.

In article <87zn59j1w2.fsf@phiwumbda.org> (Thu, 05 Aug 2004 12:49:17
+0200), Jesse F. Hughes wrote:

> Erik Funkenbusch <erik@despam-funkenbusch.com> writes:
> 
>> Yet you can't explain why there are no unix news or mail readers that
>> treat uuencoding as attachments.
> 
> What does this mean?

It attempts -- and fails -- to redefine attachment in order to draw
attention away from the defect in OE.

> Can you tell OE to stop trying to treat "begin  " as the beginning of an
> attachment?

I can!  To prevent OE from falsely treating "begin  " as the start of an
attachment, don't use OE.  This is currently the only possibility.

On Tue, 03 Aug 2004 16:04:35 GMT, Wayne Throop wrote:

>: Erik Funkenbusch <erik@despam-funkenbusch.com>
>: No, MS classifies it as a "problem" not a bug.  A problem is when
>: something is working as designed, but is not necessarily what the user
>: intends.  A bug is when something doesn't work as designed. 
> 
> Therefore, MS must have actually designed their recognition of uuencoded
> enclosures to recognise as an enclosure things that manifestly are not
> actually enclosures.  And they did this on purpose, knowing that it
> would prevent parts of messages being displayed.  And have decided not
> to improve the recognition to reject these false identifications, even
> though this change would be trivial.

Yes.  It's not really a trivial change though.  Merely recognizing the mode
would not change the ability for people to generate messages that obscure
content.

On Thu, 05 Aug 2004 13:31:38 -0500, Erik Funkenbusch wrote:

> On Tue, 03 Aug 2004 16:04:35 GMT, Wayne Throop wrote:
> 
>>: Erik Funkenbusch <erik@despam-funkenbusch.com>
>>: No, MS classifies it as a "problem" not a bug.  A problem is when
>>: something is working as designed, but is not necessarily what the user
>>: intends.  A bug is when something doesn't work as designed. 
>> 
>> Therefore, MS must have actually designed their recognition of uuencoded
>> enclosures to recognise as an enclosure things that manifestly are not
>> actually enclosures.  And they did this on purpose, knowing that it
>> would prevent parts of messages being displayed.  And have decided not
>> to improve the recognition to reject these false identifications, even
>> though this change would be trivial.
> 
> Yes.  It's not really a trivial change though.  Merely recognizing the mode
> would not change the ability for people to generate messages that obscure
> content.

Agreed. Which is why this should be viewed as a poor design rather than a
bug.  Come on folks, let's call it what it is.  A poor design is a poor
design.  A bug is a bug.  The application is working as designed.  It's
just not an ideal design, especially given that uuencoded messages have a
long history of being munged, corrupted, or being partially delivered. 
The fact that MS failed to design for what is a known problem, is not an
excuse, but a bug it does not make.

IMO, this reflects their general design attitudes which have created an
environment for poor security.  Time and time again, they design only for
things which *should* happen and completely ignore things that are less
common or simply shouldn't exist.  In an ideal world, stray, "begins"
shouldn't exist.  In the real world, they do, and it's not unreasonable
to expect for the to natually occur, even if very rarely.  Likewise, in an
ideal world, users won't attempt to exploit buffer overruns, but in the
real world, they do. I believe this heavily reflects on MS' design and
coding philosophy. Which, in turn, isn't exactly hard to see why they have
so many poor designs, bugs, and security issues.

Cheers,

Greg

Erik Funkenbusch <erik@despam-funkenbusch.com> writes:

> On Tue, 03 Aug 2004 16:04:35 GMT, Wayne Throop wrote:
>
>>: Erik Funkenbusch <erik@despam-funkenbusch.com>
>>: No, MS classifies it as a "problem" not a bug.  A problem is when
>>: something is working as designed, but is not necessarily what the user
>>: intends.  A bug is when something doesn't work as designed. 
>> 
>> Therefore, MS must have actually designed their recognition of uuencoded
>> enclosures to recognise as an enclosure things that manifestly are not
>> actually enclosures.  And they did this on purpose, knowing that it
>> would prevent parts of messages being displayed.  And have decided not
>> to improve the recognition to reject these false identifications, even
>> though this change would be trivial.
>
> Yes.  It's not really a trivial change though.  Merely recognizing the mode
> would not change the ability for people to generate messages that obscure
> content.

But it would almost certainly prevent false positives.  

Of course, some improvement is no better than no improvement at all,
is it?
-- 
Jesse Hughes
"LOL.  How arrogant you are.  Now when you realize that I DID prove
Goldbach's conjecture and that I proved Fermat's Last Theorem as well,
how are you going to feel then?" -- James Harris

On 2004-08-05, Erik Funkenbusch <erik@despam-funkenbusch.com> sputtered:
> On Tue, 03 Aug 2004 16:04:35 GMT, Wayne Throop wrote:
>
>>: Erik Funkenbusch <erik@despam-funkenbusch.com>
>>: No, MS classifies it as a "problem" not a bug.  A problem is when
>>: something is working as designed, but is not necessarily what the user
>>: intends.  A bug is when something doesn't work as designed. 
>> 
>> Therefore, MS must have actually designed their recognition of uuencoded
>> enclosures to recognise as an enclosure things that manifestly are not
>> actually enclosures.  And they did this on purpose, knowing that it
>> would prevent parts of messages being displayed.  And have decided not
>> to improve the recognition to reject these false identifications, even
>> though this change would be trivial.
>
> Yes.  It's not really a trivial change though.  Merely recognizing the mode
> would not change the ability for people to generate messages that obscure
> content.

tippity-tap-tippity-tap-tippity-tippity-tippity

Nobody was talking about *deliberately* obscuring anything. The
discussion was about how poorly-made IE is if it treats a normal word
in a way that it thinks it needs to make an attachment out of
everything after, and including, said word.

Your turn to tap-dance for us some more.

-- 
Linux: Because life is too short to spend it rebooting.