MESSAGE
DATE | 2024-02-18 |
FROM | Joe Schaefer
|
SUBJECT | Re: [Hangout - NYLXS] HTTPd Devs Considered Harmful to
|
From hangout-bounces-at-nylxs.com Sun Feb 18 23:46:53 2024 Return-Path: X-Original-To: archive-at-mrbrklyn.com Delivered-To: archive-at-mrbrklyn.com Received: from www2.mrbrklyn.com (www2.mrbrklyn.com [96.57.23.82]) by mrbrklyn.com (Postfix) with ESMTP id ACE7B1640C3; Sun, 18 Feb 2024 23:46:51 -0500 (EST) X-Original-To: hangout-at-www2.mrbrklyn.com Delivered-To: hangout-at-www2.mrbrklyn.com Received: by mrbrklyn.com (Postfix, from userid 1000) id 9D5F61640B6; Sun, 18 Feb 2024 23:45:58 -0500 (EST) Resent-From: Ruben Safir Resent-Date: Sun, 18 Feb 2024 23:45:58 -0500 Resent-Message-ID: <20240219044558.GF20445-at-www2.mrbrklyn.com> Resent-To: hangout-at-mrbrklyn.com X-Original-To: ruben-at-mrbrklyn.com Delivered-To: ruben-at-mrbrklyn.com Received: from mxout1-he-de.apache.org (mxout1-he-de.apache.org [95.216.194.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.apache.org", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified)) by mrbrklyn.com (Postfix) with ESMTPS id A0BC11640A3 for ; Sun, 18 Feb 2024 14:12:40 -0500 (EST) Received: from mail.apache.org (mailgw-he-de.apache.org [IPv6:2a01:4f8:c2c:d4aa::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mxout1-he-de.apache.org (ASF Mail Server at mxout1-he-de.apache.org) with ESMTPS id 89B3465157 for ; Sun, 18 Feb 2024 19:12:31 +0000 (UTC) Received: (qmail 1292868 invoked by uid 998); 18 Feb 2024 19:12:26 -0000 Mailing-List: contact modperl-help-at-perl.apache.org; run by ezmlm Precedence: bulk Delivered-To: mailing list modperl-at-perl.apache.org Received: (qmail 1292809 invoked by uid 116); 18 Feb 2024 19:12:26 -0000 Received: from spamproc1-he-fi.apache.org (HELO spamproc1-he-fi.apache.org) (95.217.134.168) by apache.org (qpsmtpd/0.94) with ESMTP; Sun, 18 Feb 2024 19:12:26 +0000 Authentication-Results: apache.org; auth=none Received: from localhost (localhost [127.0.0.1]) by spamproc1-he-fi.apache.org (ASF Mail Server at spamproc1-he-fi.apache.org) with ESMTP id D8BECC1234 for ; Sun, 18 Feb 2024 19:12:25 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamproc1-he-fi.apache.org X-Spam-Flag: NO X-Spam-Score: 0.004 X-Spam-Level: X-Spam-Status: No, score=0.004 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.2, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, T_REMOTE_IMAGE=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamproc1-he-fi.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=sunstarsys.com Received: from mx1-ec2-va.apache.org ([116.203.227.195]) by localhost (spamproc1-he-fi.apache.org [95.217.134.168]) (amavisd-new, port 10024) with ESMTP id R2JhiUnxXy5s for ; Sun, 18 Feb 2024 19:12:25 +0000 (UTC) Received-SPF: None (mailfrom) identity=mailfrom; client-ip=209.85.214.181; helo=mail-pl1-f181.google.com; envelope-from=joe-at-sunstarsys.com; receiver= Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id AB902C02CE for ; Sun, 18 Feb 2024 19:12:17 +0000 (UTC) Received: by mail-pl1-f181.google.com with SMTP id d9443c01a7336-1da0cd9c0e5so34405415ad.0 for ; Sun, 18 Feb 2024 11:12:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sunstarsys.com; s=google; t=1708283531; x=1708888331; darn=perl.apache.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=UGK6ujZIOsko0TQO1oESYiuCvFZEsXomMaBqip/YCPY=; b=ejtYJFs8WGrJVWxUHaQrxLrg0pWS66oRaInZ93i4WybbmWG8jDGi7FUs/IdsIYVI0+ lj3WOEMfe+uXb46ZbCweX40LJdgmoHIpTpK6kNoBlvw+hfWgL2t67AoEZqy5lwsAm33N v/1zWIVMzIwFghMikZGBi5Pn6ueFZIGF25GYpkPegaReAJWmTXDECMSaLRVc80wv//ks TVHEYk1JjsmdObEYwRdRULN0ogaRX6JmK9wAu2VNR1f365MzSyKrMNluLw6chO65h9kB Bpj5jlat9HK+ap+Tdcn/Nr1wt9xSV2f0hDpkF/BXWVq5IL9/0Z4a4pt8uSzEKE73e+Y7 BF1A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708283531; x=1708888331; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=UGK6ujZIOsko0TQO1oESYiuCvFZEsXomMaBqip/YCPY=; b=ESYrd0Depzg1Zo7oQ7+EgjvwN50yuRbRyU/k7nVcla6wuBeluF6MbOQlQmZeIxssAC rMyH7rkdvHvqWBc6eDV11Pe3CTbQJNaZYyb0eawK6LOCRpK/c1CdPUj8neZljYB0so4i gxgTEzMAI6uxdRfctNO/Z6RjjY+NHHG1IqPJzGdLrekLslXOtEzqOD7XG+B8QG33opHn Ygov4dVxv/LEcRV0T22FNnPMltDY1LoAZ2TgvCVng9hZLlr4FPzOtUlTXl8hjfohlc9w sZavk39tyITfMgTjZAc6L3K1iUyr+hVdh03zpwXMRKBB709IMOPbNaw5ADH+6xHd8MjS bHUQ== X-Gm-Message-State: AOJu0YyxDRrjFzh/gfLtXyWdTPIjJIRtFzVTUd42yywAWlp9vbDrOT8M E0YUyucMfH+8M/GRn3HZqNu53ngWKssfmgdYa+Fx4TOZ6JmRop/SdK0lHpBsbszzP/Dsjcn9QvJ l1JXcjHAJc+5XTtynEpLTBwjEuMnNVne1jFhYwg== X-Google-Smtp-Source: AGHT+IGuJ+2bO6Xl8ngOWB050XrWtxvuCtjiRGm+mTiC5Kuw5WkjIlbfqj3Eqifs3Znt2QJG0z5KBtzc3uL7BhbP7L0= X-Received: by 2002:a17:90a:d482:b0:299:4ae4:7a17 with SMTP id s2-20020a17090ad48200b002994ae47a17mr6976470pju.15.1708283531169; Sun, 18 Feb 2024 11:12:11 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Joe Schaefer Date: Sun, 18 Feb 2024 14:12:00 -0500 Message-ID: To: Mithun Bhattacharya Cc: mod_perl list Subject: Re: [Hangout - NYLXS] HTTPd Devs Considered Harmful to Apache2::Request users X-BeenThere: hangout-at-nylxs.com X-Mailman-Version: 2.1.30rc1 List-Id: NYLXS Tech Talk and Politics List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1208559818==" Errors-To: hangout-bounces-at-nylxs.com Sender: "Hangout"
--===============1208559818== Content-Type: multipart/alternative; boundary="0000000000000d3a860611acc10b"
--0000000000000d3a860611acc10b Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Trunk is the safe bet.
Joe Schaefer, Ph.D.
Orion - The Enterprise Jamstack Wiki >
954.253.3732 /954.253.3732>
On Sun, Feb 18, 2024 at 2:11=E2=80=AFPM Mithun Bhattacharya om> wrote:
> So is there a cleaner/saner version of libapreq2 or is the 2012 version > better ? > > On Sun, Feb 18, 2024, 12:58=E2=80=AFPM Joe Schaefer = wrote: > >> For the past 25 years, I have been the lead developer of the libapreq2 >> subproject within the Apache HTTPd Server Parent Project. The original i= dea >> of libapreq as a safe/performant HTML form and Cookie parsing library ca= me >> out of a collaboration between Lincoln Stein and Doug MacEachern in the >> late 90s. >> >> It was my vision back then to transform the library into a generic, >> non-Perl related C library that would support language bindings from oth= er >> programming languages, which is why I pushed for the project to be homes >> under the HTTPd umbrella instead of the Apache-Perl project. >> >> While this vision was wildly successful, with language bindings availabl= e >> for several languages like Perl, TCL, R, etc, ever since about 2010 its >> proven tragic for the existing user community consisting of all of them, >> not just Perl. >> >> What happened? Philip Gollucci, a Perl/FreeBSD olleague of mine at the >> time, started agitating that we promote the project to be released from >> inside the HTTPd server itself. What Philip didn=E2=80=99t know very wel= l back then >> was how utterly vapid and territorial that team had become, which would >> have meant having to collaborate with them directly on user-facing >> decisions about the code base. >> >> In 2012, Philip got what he wanted and I stopped resisting, so he forked >> the existing project and copied the C library components into HTTPd core= . >> >> In 2016 I resigned from the Foundation en masse. You can guess the >> reasons. >> >> In 2020 or so, Google=E2=80=99s Security Team took advantage of an alpha= release >> of httpd 2.5 by fuzzing its 8 year old copy of apreq. It found a few >> hotspots that needed repair. >> >> Instead of having the courtesy of reaching out to me, or anyone else >> involved in development of apreq, a junior engineer on the HTTPd team we= nt >> about the business of =E2=80=9Cbug fixing=E2=80=9D the vulnerabilities G= oogle found. You >> can see a record of his trial and error work in every release since then= . >> >> But the coup de grace was the 2022 release of 2.17, wherein the rookie >> developer purposely introduced a fatal bug into the codebase, breaking a >> fifteen year old regression test. >> >> If you are wondering how something with a broken regression test winds u= p >> on CPAN, you=E2=80=99ll have to look into how RELENG is done in the serv= er project. >> >> Long story short, they commented out the test and shipped it anyway, and >> called it a Security Release that fixed a vulnerability every prior rele= ase >> was susceptible to. >> >> Why do I care now? Because I=E2=80=99m the sucker users reach out to for= answers >> as a known subject matter expert. >> >> This sucks, but I=E2=80=99m sorry to tell you that my days wearing the S= uperman >> cape at Apache ended 8 years ago. >> >> -- >> Joe Schaefer, Ph.D. >> >> Orion - The Enterprise Jamstack Wiki >> >> >> 954.253.3732 /954.253.3732> >> >> >>
--0000000000000d3a860611acc10b Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
class=3D"gmail_quote"> ail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-le= ft:1ex">So is there a cleaner/saner version of libapreq2 = or is the 2012 version better ?
r=3D"ltr" class=3D"gmail_attr">On Sun, Feb 18, 2024, 12:58=E2=80=AFPM Joe S= chaefer < joe-at-sun= starsys.com> wrote: =3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">=3D"ltr"> ans-serif;font-size:13.3333px;background-color:rgb(246,246,239)">For the pa= st 25 years, I have been the lead developer of the libapreq2 subproject wit= hin the Apache HTTPd Server Parent Project. The original idea of libapreq a= s a safe/performant HTML form and Cookie parsing library came out of a coll= aboration between Lincoln Stein and Doug MacEachern in the late 90s.= nt-size:13.3333px;background-color:rgb(246,246,239)">It was my vision back = then to transform the library into a generic, non-Perl related C library th= at would support language bindings from other programming languages, which = is why I pushed for the project to be homes under the HTTPd umbrella instea= d of the Apache-Perl project. mily:Verdana,Geneva,sans-serif;font-size:13.3333px;background-color:rgb(246= ,246,239)">While this vision was wildly successful, with language bindings = available for several languages like Perl, TCL, R, etc, ever since about 20= 10 its proven tragic for the existing user community consisting of all of t= hem, not just Perl. na,Geneva,sans-serif;font-size:13.3333px;background-color:rgb(246,246,239)"= >What happened? Philip Gollucci, a Perl/FreeBSD olleague of mine at the tim= e, started agitating that we promote the project to be released from inside= the HTTPd server itself. What Philip didn=E2=80=99t know very well back th= en was how utterly vapid and territorial that team had become, which would = have meant having to collaborate with them directly on user-facing decision= s about the code base. rdana,Geneva,sans-serif;font-size:13.3333px;background-color:rgb(246,246,23= 9)">In 2012, Philip got what he wanted and I stopped resisting, so he forke= d the existing project and copied the C library components into HTTPd core.=
f;font-size:13.3333px;background-color:rgb(246,246,239)">In 2016 I resigned= from the Foundation en masse. You can guess the reasons. lor:rgb(130,130,130);font-family:Verdana,Geneva,sans-serif;font-size:13.333= 3px;background-color:rgb(246,246,239)">In 2020 or so, Google=E2=80=99s Secu= rity Team took advantage of an alpha release of httpd 2.5 by fuzzing its 8 = year old copy of apreq. It found a few hotspots that needed repair. tyle=3D"color:rgb(130,130,130);font-family:Verdana,Geneva,sans-serif;font-s= ize:13.3333px;background-color:rgb(246,246,239)">Instead of having the cour= tesy of reaching out to me, or anyone else involved in development of apreq= , a junior engineer on the HTTPd team went about the business of =E2=80=9Cb= ug fixing=E2=80=9D the vulnerabilities Google found. You can see a record o= f his trial and error work in every release since then. r:rgb(130,130,130);font-family:Verdana,Geneva,sans-serif;font-size:13.3333p= x;background-color:rgb(246,246,239)">But the coup de grace was the 2022 rel= ease of 2.17, wherein the rookie developer purposely introduced a fatal bug= into the codebase, breaking a fifteen year old regression test. e=3D"color:rgb(130,130,130);font-family:Verdana,Geneva,sans-serif;font-size= :13.3333px;background-color:rgb(246,246,239)">If you are wondering how some= thing with a broken regression test winds up on CPAN, you=E2=80=99ll have t= o look into how RELENG is done in the server project. rgb(130,130,130);font-family:Verdana,Geneva,sans-serif;font-size:13.3333px;= background-color:rgb(246,246,239)">Long story short, they commented out the= test and shipped it anyway, and called it a Security Release that fixed a = vulnerability every prior release was susceptible to. rgb(130,130,130);font-family:Verdana,Geneva,sans-serif;font-size:13.3333px;= background-color:rgb(246,246,239)">Why do I care now? Because I=E2=80=99m t= he sucker users reach out to for answers as a known subject matter expert.<= /p> ;font-size:13.3333px;background-color:rgb(246,246,239)">This sucks, but I= =E2=80=99m sorry to tell you that my days wearing the Superman cape at Apac= he ended 8 years ago.
ix">--
--0000000000000d3a860611acc10b--
--===============1208559818== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
_______________________________________________ Hangout mailing list Hangout-at-nylxs.com http://lists.mrbrklyn.com/mailman/listinfo/hangout
--===============1208559818==--
--===============1208559818== Content-Type: multipart/alternative; boundary="0000000000000d3a860611acc10b"
--0000000000000d3a860611acc10b Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Trunk is the safe bet.
Joe Schaefer, Ph.D.
Orion - The Enterprise Jamstack Wiki >
954.253.3732 /954.253.3732>
On Sun, Feb 18, 2024 at 2:11=E2=80=AFPM Mithun Bhattacharya om> wrote:
> So is there a cleaner/saner version of libapreq2 or is the 2012 version > better ? > > On Sun, Feb 18, 2024, 12:58=E2=80=AFPM Joe Schaefer = wrote: > >> For the past 25 years, I have been the lead developer of the libapreq2 >> subproject within the Apache HTTPd Server Parent Project. The original i= dea >> of libapreq as a safe/performant HTML form and Cookie parsing library ca= me >> out of a collaboration between Lincoln Stein and Doug MacEachern in the >> late 90s. >> >> It was my vision back then to transform the library into a generic, >> non-Perl related C library that would support language bindings from oth= er >> programming languages, which is why I pushed for the project to be homes >> under the HTTPd umbrella instead of the Apache-Perl project. >> >> While this vision was wildly successful, with language bindings availabl= e >> for several languages like Perl, TCL, R, etc, ever since about 2010 its >> proven tragic for the existing user community consisting of all of them, >> not just Perl. >> >> What happened? Philip Gollucci, a Perl/FreeBSD olleague of mine at the >> time, started agitating that we promote the project to be released from >> inside the HTTPd server itself. What Philip didn=E2=80=99t know very wel= l back then >> was how utterly vapid and territorial that team had become, which would >> have meant having to collaborate with them directly on user-facing >> decisions about the code base. >> >> In 2012, Philip got what he wanted and I stopped resisting, so he forked >> the existing project and copied the C library components into HTTPd core= . >> >> In 2016 I resigned from the Foundation en masse. You can guess the >> reasons. >> >> In 2020 or so, Google=E2=80=99s Security Team took advantage of an alpha= release >> of httpd 2.5 by fuzzing its 8 year old copy of apreq. It found a few >> hotspots that needed repair. >> >> Instead of having the courtesy of reaching out to me, or anyone else >> involved in development of apreq, a junior engineer on the HTTPd team we= nt >> about the business of =E2=80=9Cbug fixing=E2=80=9D the vulnerabilities G= oogle found. You >> can see a record of his trial and error work in every release since then= . >> >> But the coup de grace was the 2022 release of 2.17, wherein the rookie >> developer purposely introduced a fatal bug into the codebase, breaking a >> fifteen year old regression test. >> >> If you are wondering how something with a broken regression test winds u= p >> on CPAN, you=E2=80=99ll have to look into how RELENG is done in the serv= er project. >> >> Long story short, they commented out the test and shipped it anyway, and >> called it a Security Release that fixed a vulnerability every prior rele= ase >> was susceptible to. >> >> Why do I care now? Because I=E2=80=99m the sucker users reach out to for= answers >> as a known subject matter expert. >> >> This sucks, but I=E2=80=99m sorry to tell you that my days wearing the S= uperman >> cape at Apache ended 8 years ago. >> >> -- >> Joe Schaefer, Ph.D. >> >> Orion - The Enterprise Jamstack Wiki >> >> >> 954.253.3732 /954.253.3732> >> >> >>
--0000000000000d3a860611acc10b Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
class=3D"gmail_quote"> ail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-le= ft:1ex">So is there a cleaner/saner version of libapreq2 = or is the 2012 version better ?
r=3D"ltr" class=3D"gmail_attr">On Sun, Feb 18, 2024, 12:58=E2=80=AFPM Joe S= chaefer < joe-at-sun= starsys.com> wrote: =3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">=3D"ltr"> ans-serif;font-size:13.3333px;background-color:rgb(246,246,239)">For the pa= st 25 years, I have been the lead developer of the libapreq2 subproject wit= hin the Apache HTTPd Server Parent Project. The original idea of libapreq a= s a safe/performant HTML form and Cookie parsing library came out of a coll= aboration between Lincoln Stein and Doug MacEachern in the late 90s.= nt-size:13.3333px;background-color:rgb(246,246,239)">It was my vision back = then to transform the library into a generic, non-Perl related C library th= at would support language bindings from other programming languages, which = is why I pushed for the project to be homes under the HTTPd umbrella instea= d of the Apache-Perl project. mily:Verdana,Geneva,sans-serif;font-size:13.3333px;background-color:rgb(246= ,246,239)">While this vision was wildly successful, with language bindings = available for several languages like Perl, TCL, R, etc, ever since about 20= 10 its proven tragic for the existing user community consisting of all of t= hem, not just Perl. na,Geneva,sans-serif;font-size:13.3333px;background-color:rgb(246,246,239)"= >What happened? Philip Gollucci, a Perl/FreeBSD olleague of mine at the tim= e, started agitating that we promote the project to be released from inside= the HTTPd server itself. What Philip didn=E2=80=99t know very well back th= en was how utterly vapid and territorial that team had become, which would = have meant having to collaborate with them directly on user-facing decision= s about the code base. rdana,Geneva,sans-serif;font-size:13.3333px;background-color:rgb(246,246,23= 9)">In 2012, Philip got what he wanted and I stopped resisting, so he forke= d the existing project and copied the C library components into HTTPd core.=
f;font-size:13.3333px;background-color:rgb(246,246,239)">In 2016 I resigned= from the Foundation en masse. You can guess the reasons. lor:rgb(130,130,130);font-family:Verdana,Geneva,sans-serif;font-size:13.333= 3px;background-color:rgb(246,246,239)">In 2020 or so, Google=E2=80=99s Secu= rity Team took advantage of an alpha release of httpd 2.5 by fuzzing its 8 = year old copy of apreq. It found a few hotspots that needed repair. tyle=3D"color:rgb(130,130,130);font-family:Verdana,Geneva,sans-serif;font-s= ize:13.3333px;background-color:rgb(246,246,239)">Instead of having the cour= tesy of reaching out to me, or anyone else involved in development of apreq= , a junior engineer on the HTTPd team went about the business of =E2=80=9Cb= ug fixing=E2=80=9D the vulnerabilities Google found. You can see a record o= f his trial and error work in every release since then. r:rgb(130,130,130);font-family:Verdana,Geneva,sans-serif;font-size:13.3333p= x;background-color:rgb(246,246,239)">But the coup de grace was the 2022 rel= ease of 2.17, wherein the rookie developer purposely introduced a fatal bug= into the codebase, breaking a fifteen year old regression test. e=3D"color:rgb(130,130,130);font-family:Verdana,Geneva,sans-serif;font-size= :13.3333px;background-color:rgb(246,246,239)">If you are wondering how some= thing with a broken regression test winds up on CPAN, you=E2=80=99ll have t= o look into how RELENG is done in the server project. rgb(130,130,130);font-family:Verdana,Geneva,sans-serif;font-size:13.3333px;= background-color:rgb(246,246,239)">Long story short, they commented out the= test and shipped it anyway, and called it a Security Release that fixed a = vulnerability every prior release was susceptible to. rgb(130,130,130);font-family:Verdana,Geneva,sans-serif;font-size:13.3333px;= background-color:rgb(246,246,239)">Why do I care now? Because I=E2=80=99m t= he sucker users reach out to for answers as a known subject matter expert.<= /p> ;font-size:13.3333px;background-color:rgb(246,246,239)">This sucks, but I= =E2=80=99m sorry to tell you that my days wearing the Superman cape at Apac= he ended 8 years ago.
ix">--
--0000000000000d3a860611acc10b--
--===============1208559818== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
_______________________________________________ Hangout mailing list Hangout-at-nylxs.com http://lists.mrbrklyn.com/mailman/listinfo/hangout
--===============1208559818==--
|
|