[nmh-workers] Bleeping idiots!

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

[nmh-workers] Bleeping idiots!

Ronald F. Guilmette-2
I'me still backed up with unfinished tasks, piled to the rafters,
and i'm still trying to save the world for evil nternet criminals,
so alas, I have to report that I *still* having had time to go back
to read and do all of the helpful suggestions that were made to me
regarding how to get my personal nmh configuration fully unsnarled,
once and for all.

I hope you'll all frgive me for that.  It is still very much on my
todo list, but meanwhile, daily life keeps interrupting me, usually
with some utterly pointless idiocy.

Like today.

A certain insurance company, which shall remain nameless, wanted
me to set up an account on their web site, so that I could do
stuff like, you know, make payments and check my outstanding
balance.  OK.  Fine.  I know the drill.

So I go to the web site, fill in all of the innane questions
necessary to preserve the false impression of actual security
(for the benefit of the great unwashed masses) and at the end,
of course, they send me a confirmation email, from which I am
supposed to fish out a link and either click on it (which I can't
because nmh doesn't do that) or else do like I have hundreds of
times before, cutr and paste the link into a browser window,
and then hit enter and (hopefully) I'm done.

This is where things got interesting.

Relevant MINE headers were as follows:

    Content-Type:  text/html; charset="ansi_x3.4-1968"
    Content-Transfer-Encoding:  base64

And here is a summary of what nmh showed me:

============================================================
You’re almost done!

To get your <<REDACTED>> ID, just complete this final step.

Simply click the link below

Confirm your email address >



The link above will expire 90 days from when it was sent. If you have not
confirmed your email address and you need a new confirmation link, you will
receive one when you sign in.

Your privacy is important to us. If you did not register for a <<REDACTED>> ID,
please call our Customer Service Advocates at the number on the back of your
member ID card...
============================================================


Of course, I immediately went and looked at the raw text of the email file
in my inbox directory.  That was zero help, cuz the body text was all
base64 encoded.

Chalk this up as yet another reason why I hope that *someone* will eventually
find the son of a bitch who thought that putting HTML into emails would be
a good idea, and I hope that that someone will murder the lousey son of a
bitch in his sleep.

It's not just that HTML is largely pointless and unnecessarily wasteful of
bandwidth.  It's that morons working in the bowels of corporations all
over this planet clearly have no idea how to properly craft even HTMLized
email messages in such a way that they will render properrly for those of
us who use plain text email clients like nmh.

Fortunately, I managed, in the end to make contact with a helpful "web
support" minion who works for the insurance company in question and
after a brief verbal dance, she pressed some button on her end to finish
up the confirmation of my shiny new online account on this company's web
site.  (Don't even get me started about the possible security implications
and the whole topic of "social engineering".)

Ok, now that I have gotten THAT rant off my chest...

If this ever comes up again, what is the Right Answer?  Given a single
part email message with the MIME headers I've described above, what is
the simplest way for a person, such as myself, to be able to view the
raw HTML (but decoded out of base64, of course)?

I feel sure that I could slap something together based on the availability
of a wealth of helpful Perl library MIME handling routines, but I also
feel sure that someone else has already invented the exact wheel I'm
looking for, so if someone would be so kind as to simply tell me where
to get it, that would be appreciated.

And yes, 'll be back again to get some final help with unsnarling my
substantially mucked up personal nmh configuration when, if ever, I can
just get my head above the water line.  (Not this week, that's for sure.)


Regards,
rfg

--
nmh-workers
https://lists.nongnu.org/mailman/listinfo/nmh-workers
Reply | Threaded
Open this post in threaded view
|

Re: Bleeping idiots!

Howard Bampton


On Mon, Jul 15, 2019 at 8:47 PM Ronald F. Guilmette <[hidden email]> wrote:



If this ever comes up again, what is the Right Answer?  Given a single
part email message with the MIME headers I've described above, what is
the simplest way for a person, such as myself, to be able to view the
raw HTML (but decoded out of base64, of course)?


base64 -d message
 
I'm not near my nmh mailbox, but something very similar to that should work. You could also use "mhn -store" to extract the various parts (do this in a secure scratch area as it'll piddle files that you'll want to remove later and which have the sensitive link). It looks like "mhstore" is the more modern and non-depricated way to do this. I don't recall offhand if it'll decode them back to ASCII or not, but the resulting ###.html file can then be rendered by your web browser of choice (CLI or GUI).


--
nmh-workers
https://lists.nongnu.org/mailman/listinfo/nmh-workers
Reply | Threaded
Open this post in threaded view
|

Re: Bleeping idiots!

Ken Hornstein-2
In reply to this post by Ronald F. Guilmette-2
>Relevant MINE headers were as follows:
>
>    Content-Type: text/html; charset="ansi_x3.4-1968"

THAT character set is intersting.

>It's not just that HTML is largely pointless and unnecessarily wasteful
>of bandwidth.  It's that morons working in the bowels of corporations
>all over this planet clearly have no idea how to properly craft even
>HTMLized email messages in such a way that they will render properrly
>for those of us who use plain text email clients like nmh.

Weeeelll ... it's not that I disagree with you, exactly.  But I think
you're just screaming into the void at this point.

First, sending someone a link that they have to cut & paste (as opposed
to just being able to click on it) is pretty user-unfriendly.  Secondly,
the number of people who use a plain text email client is MINISCULE
compared to the entire universe of email users.  That battle has been
lost a long time ago.  I know some people are still fighting it, but
I think the rest of the world doesn't even have the the perception
that email is "plain text", so they don't even recognize that there is
something people would fight about.  These are just the facts as I see
them, no matter how much you or I would prefer otherwise.  Complaining
that the Internet doesn't work with nmh is the wrong way around; it's
nmh that has to do better.

So as a first step I would suggest you disabuse yourself of the notion
the email is "plain text"; that hasn't been true for a long time.  Once
you accept that, you'll realize it shouldn't matter what the format of
the message is, or what the encoding is.

>If this ever comes up again, what is the Right Answer?  Given a single
>part email message with the MIME headers I've described above, what is
>the simplest way for a person, such as myself, to be able to view the
>raw HTML (but decoded out of base64, of course)?

mhstore will happily extract out the parts from email and perform the
proper decoding, like Howard Bampton suggested.

When faced with similar emails on my system, the out-of-the-box setup
automatically runs HTML emails through w3m, and I have w3m configured so
that it assigns every hyperlink a number and there are a list of all of
the link locations at the bottom of the message text.  So I know that if
I need to click on link [3], I can just look for [3] at the bottom and
do the appropriate cut & paste.  I believe that a stock setup on FreeBSD
using the latest port should do that (except for the w3m part regarding
the hyperlink summary), but it sounds like you have configured things to
undo all of our hard work on that front, or maybe there's a problem with
the package you are using.

>And yes, 'll be back again to get some final help with unsnarling my
>substantially mucked up personal nmh configuration when, if ever, I
>can just get my head above the water line.  (Not this week, that's for
>sure.)

I will note that if you used all of the time you spent dealing with these
HTML emails and instead dealt with your nmh configuration so it was
all handled natively, you'd probably be ahead of the game time-wise :-/

--Ken

--
nmh-workers
https://lists.nongnu.org/mailman/listinfo/nmh-workers
Reply | Threaded
Open this post in threaded view
|

Re: Bleeping idiots!

David Levine-3
In reply to this post by Ronald F. Guilmette-2
On Mon, Jul 15, 2019 at 8:47 PM Ronald F. Guilmette <[hidden email]> wrote:

Given a single
part email message with the MIME headers I've described above, what is
the simplest way for a person, such as myself, to be able to view the
raw HTML (but decoded out of base64, of course)?

See Ken's reply.  "show" works for me.

Or to see the raw message with decoded base64, try "mhfixmsg -o -" and pipe the
output to your favorite pager.

David

--
nmh-workers
https://lists.nongnu.org/mailman/listinfo/nmh-workers
Reply | Threaded
Open this post in threaded view
|

Re: Bleeping idiots!

Ralph Corderoy
In reply to this post by Ken Hornstein-2
Hi Ken,

> >    Content-Type: text/html; charset="ansi_x3.4-1968"
>
> That character set is interesting.

The 1968 revision allows LF to occur on its own compared to 1967's where
it always had to be LF CR or CR LF, but other than that still had many
of 67's oddities, e.g. ‘!’ could be rendered as ‘!’ or ‘|’, ditto ‘^’
that was allowed to look like ‘¬’.  Probably not the creator of that
Content-Type field's intention.

--
Cheers, Ralph.

--
nmh-workers
https://lists.nongnu.org/mailman/listinfo/nmh-workers
Reply | Threaded
Open this post in threaded view
|

Re: Bleeping idiots!

Ralph Corderoy
In reply to this post by Ronald F. Guilmette-2
Hi rfg,

> If this ever comes up again, what is the Right Answer?

Please continue to ask the list questions, but you may also find nmh(7)
useful as an index of interesting man pages.

--
Cheers, Ralph.

--
nmh-workers
https://lists.nongnu.org/mailman/listinfo/nmh-workers
Reply | Threaded
Open this post in threaded view
|

Re: Bleeping idiots!

Valdis Klētnieks
In reply to this post by Ralph Corderoy
On Tue, 16 Jul 2019 09:44:58 +0100, Ralph Corderoy said:

> Hi Ken,
>
> > >    Content-Type: text/html; charset="ansi_x3.4-1968"
> >
> > That character set is interesting.
>
> The 1968 revision allows LF to occur on its own compared to 1967's where
> it always had to be LF CR or CR LF, but other than that still had many
> of 67's oddities, e.g. ‘!’ could be rendered as ‘!’ or ‘|’, ditto ‘^’
> that was allowed to look like ‘�’.  Probably not the creator of that
> Content-Type field's intention.
Maybe the creator was an embittered ex-PL/I programmer? :)

--
nmh-workers
https://lists.nongnu.org/mailman/listinfo/nmh-workers

attachment0 (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Bleeping idiots!

Ken Hornstein-2
In reply to this post by Ralph Corderoy
>> >    Content-Type: text/html; charset="ansi_x3.4-1968"
>>
>> That character set is interesting.
>
>The 1968 revision allows LF to occur on its own compared to 1967's where
>it always had to be LF CR or CR LF, but other than that still had many
>of 67's oddities, e.g. ‘!’ could be rendered as ‘!’ or ‘|’, ditto ‘^’
>that was allowed to look like ‘¬’.  Probably not the creator of that
>Content-Type field's intention.

I was more thinking that I was not sure that was valid, but I guess
looking at the IANA registry it's a permitted alias for us-ascii.  I am
wondering if either that was some software that did that, or some human
thought that was a good idea.

--Ken

--
nmh-workers
https://lists.nongnu.org/mailman/listinfo/nmh-workers