lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: thmaillists at yahoo.com (Troy)
Subject: FD should block attachments

On Fri, 2 Apr 2004 16:29:16 -0700, Michael Gale <michael.gale@...esuperman.com> wrote:

> The point -- how many people are on this list ? Lets say 10,000 -- some
> one sends a e-mail to the list containing a 1MB attachment. We just
> wasted / costs lists.netsys.com 10GB of transfer. Now lets those 10,000
> list subscribers, 50% do not care about the attachment and delete it,
> but the other 5,000 each response with their 1MB attachment. 

If 1MB attachments were regularly sent on this list, I might agree with
you, but they're not. There is no epidemic of huge attachments being
sent to the list.

I have kept all messages sent to this list since January 21 of this year.
I just ran my attachment manager plugin on those messages. There were
142 attachments for a total of 909,498 bytes, *including* HTML
attachments. The largest was 111,573 bytes. The second largest was
34,856. If you remove the HTML, there were only 51 attachments totalling
571,076 bytes.

So, of the binary attachments, the average file size is 11,198 bytes, or
just under 11 KB. If you take the single "large" attachment out of the
picture, the average size of binary files drops to about 9 KB.

When you come to think of it, the binary attachments consume about 7.5KB
worth of bandwidth per user per day. The HTML attachments average 4.5 KB
per user per day. 

> Look at all the bandwidth we wast, the money we cost other people and
> the examples we set. Posting a link to a file is much better way -- only
> those who want to see the attachment will download it. 

888KB is nothing compared to the amount of bandwidth the messages on
this list take up.

> IRC servers have this type of setup I believe -- maybe the FD could
> setup a HTTP server where list subscribers could post files -- have a
> cron to auto delete any file older then 30 days or less.

On any other list, I would agree. If this were Usenet, I'd agree.
However, Full Disclosure, by its very nature, needs to be unmoderated
and unfiltered. That's what makes this list unique.

-- 
Troy

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ