llvm dev - May 2015 - [LLVMdev] LLD improvement plan

On 27 May 2015, at 16:49, Rui Ueyama <ruiu at google.com>
wrote:
> 
> David,
> 
> The link works fine with my Mac and Android. The source of the mail looks
okay to me (I verified that from a different machine than the one I sent the
mail). You may want to check your browser or proxy?
It’s correct in the plain-text version of the mail.  The HTML MIME part contains
this:

<a
href=3D"https://urldefense.proofpoint.com/v2/url?u=3Dhttp-3A__reviews.llvm.org_D10036&d=3DAwMFaQ&c=3D8hUWFZcy2Z-Za5rBPlktOQ&r=3DMfk2qtn1LTDThVkh6-oGglNfMADXfJdty4_bhmuhMHA&m=3D8dYF1obzqNfZvfOxlk7H-g8VUfu1ZyS0GdcCWRkWxCk&s=3DRu6670O4y8SpAwlp17gVmI7BLz3mIY7gs1Irvo9iDRw&e=3D">http://reviews.llvm.org/D10036</a>

Apparently they’re not malicious, but I find it somewhat unnerving when the URL
that I click on turns out not to be the one that the mouseover text pops up.  If
you feel the need to insert a redirection link, I’d very much appreciate it if
you would post the full link in the text version, as well as the href.  If, on
the other hand, you are unaware that your computer is doing this, then I would
encourage you to work out what it is and that it is not malicious.

The archives only include the plain text version, not the HTML copy, so will not
see this.

David

I sent the mail from Gmail. I checked the source using the Gmail "show
original" mode (which displays a mail in plain text including headers and
all MIME sections) from a different computer, but I cannot find that URL. I
cannot check an email copy that the mailing list server sent back because
Gmail automatically de-dup emails, which is annoying, but I think it's
unlikely that my machine is infected from evidences I've seen so far. Maybe
a mail transfer agent in between Gmail to you inserted the link? I'd
appreciate if you can forward the mail including headers to me.

On Wed, May 27, 2015 at 9:12 AM, David Chisnall <David.Chisnall at
cl.cam.ac.uk
> wrote:
> On 27 May 2015, at 16:49, Rui Ueyama <ruiu at google.com> wrote:
> >
> > David,
> >
> > The link works fine with my Mac and Android. The source of the mail
> looks okay to me (I verified that from a different machine than the one I
> sent the mail). You may want to check your browser or proxy?
>
> It’s correct in the plain-text version of the mail.  The HTML MIME part
> contains this:
>
> <a
href=3D"https://urldefense.proofpoint.com/v2/url?u=3Dhttp-3A__reviews>
>
.llvm.org_D10036&d=3DAwMFaQ&c=3D8hUWFZcy2Z-Za5rBPlktOQ&r=3DMfk2qtn1LTDThVkh>
>
6-oGglNfMADXfJdty4_bhmuhMHA&m=3D8dYF1obzqNfZvfOxlk7H-g8VUfu1ZyS0GdcCWRkWxCk>
&s=3DRu6670O4y8SpAwlp17gVmI7BLz3mIY7gs1Irvo9iDRw&e=3D">
> http://reviews.llvm.> org/D10036</a>
>
> Apparently they’re not malicious, but I find it somewhat unnerving when
> the URL that I click on turns out not to be the one that the mouseover text
> pops up.  If you feel the need to insert a redirection link, I’d very much
> appreciate it if you would post the full link in the text version, as well
> as the href.  If, on the other hand, you are unaware that your computer is
> doing this, then I would encourage you to work out what it is and that it
> is not malicious.
>
> The archives only include the plain text version, not the HTML copy, so
> will not see this.
>
> David
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.llvm.org/pipermail/llvm-dev/attachments/20150527/8070d044/attachment.html>

I think I found the problem:
https://opia.illinois.edu/content/targeted-attack-protection-tuning

UIUC is apparently rewriting HTML links in emails to redirect through
urldefense.proofpoint.com. This is visible in my version of Rui's email.

On Wed, May 27, 2015 at 9:36 AM, Rui Ueyama <ruiu at google.com> wrote:
> I sent the mail from Gmail. I checked the source using the Gmail "show
> original" mode (which displays a mail in plain text including headers
and
> all MIME sections) from a different computer, but I cannot find that URL. I
> cannot check an email copy that the mailing list server sent back because
> Gmail automatically de-dup emails, which is annoying, but I think it's
> unlikely that my machine is infected from evidences I've seen so far.
Maybe
> a mail transfer agent in between Gmail to you inserted the link? I'd
> appreciate if you can forward the mail including headers to me.
>
> On Wed, May 27, 2015 at 9:12 AM, David Chisnall <
> David.Chisnall at cl.cam.ac.uk> wrote:
>
>> On 27 May 2015, at 16:49, Rui Ueyama <ruiu at google.com> wrote:
>> >
>> > David,
>> >
>> > The link works fine with my Mac and Android. The source of the
mail
>> looks okay to me (I verified that from a different machine than the one
I
>> sent the mail). You may want to check your browser or proxy?
>>
>> It’s correct in the plain-text version of the mail.  The HTML MIME part
>> contains this:
>>
>> <a
href=3D"https://urldefense.proofpoint.com/v2/url?u=3Dhttp-3A__reviews>>
>>
.llvm.org_D10036&d=3DAwMFaQ&c=3D8hUWFZcy2Z-Za5rBPlktOQ&r=3DMfk2qtn1LTDThVkh>>
>>
6-oGglNfMADXfJdty4_bhmuhMHA&m=3D8dYF1obzqNfZvfOxlk7H-g8VUfu1ZyS0GdcCWRkWxCk>>
&s=3DRu6670O4y8SpAwlp17gVmI7BLz3mIY7gs1Irvo9iDRw&e=3D">
>> http://reviews.llvm.
>>
<https://urldefense.proofpoint.com/v2/url?u=http-3A__reviews.llvm.&d=AwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=Mfk2qtn1LTDThVkh6-oGglNfMADXfJdty4_bhmuhMHA&m=UxTA9_ALGj6dP9lASAs-vE6FoBX_s9ZbD803t-a4XQA&s=Ubr9G2mEli5qzBQAq5lmtafexJu4OZ_lw4HIpfG_QKM&e=>
>> >> org/D10036</a>
>>
>> Apparently they’re not malicious, but I find it somewhat unnerving when
>> the URL that I click on turns out not to be the one that the mouseover
text
>> pops up.  If you feel the need to insert a redirection link, I’d very
much
>> appreciate it if you would post the full link in the text version, as
well
>> as the href.  If, on the other hand, you are unaware that your computer
is
>> doing this, then I would encourage you to work out what it is and that
it
>> is not malicious.
>>
>> The archives only include the plain text version, not the HTML copy, so
>> will not see this.
>>
>> David
>>
>>
>
> _______________________________________________
> LLVM Developers mailing list
> LLVMdev at cs.uiuc.edu         http://llvm.cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.llvm.org/pipermail/llvm-dev/attachments/20150527/3f7ac324/attachment.html>

On 27 May 2015 at 09:36, Rui Ueyama <ruiu at google.com>
wrote:
> I sent the mail from Gmail. I checked the source using the Gmail "show
> original" mode (which displays a mail in plain text including headers
and
> all MIME sections) from a different computer, but I cannot find that URL.
I see it in GMail's "show original" (at the start of the usual
terribly-formatted HTML block). But I suspect it's the mailing list's
servers rather than your computer, Rui. This might be related:
https://opia.illinois.edu/content/targeted-attack-protection-tuning

Messing with people's messages is not great though, no matter how
well-intentioned. I bet they'd break signatures, for a start.

Tim.