Windows 7 Users Warned Over Filename Security Risk

nandemoari writes "Would-be Windows 7 users have been warned to change a default setting which could leave them vulnerable to attack via bogus files. As a result, Microsoft is taking flak for failing to correct a problem found in previous editions of Windows. The issue involves the way Windows Explorer displays filenames. In all editions of Windows after Windows 98, the default setting hides the filename extension (which identifies what type of file it is). This means that a Word file titled 'partyinvite.doc' will show up in Windows Explorer as simply 'partyinvite'. The only exception to this rule is if Windows does not recognize the file type. The reason for this setting is that it makes for a less cluttered look and avoids filling the screen with redundant detail. However, a flaw in the way it works leaves it liable to exploitation by hackers. They can take an executable file (which can do much more damage to a computer when opened) and disguise it by calling it 'partyinvite.doc.exe.'"

How can this be?

[Burkin]

How can this possibly be? I thought this was the most secure OS on the planet.

Re:How can this be?

[Kadagan+AU]

I see your sarcasm, but honestly this isn't as much of a security flaw in the OS as it is a "feature" in the OS that makes stupid users even stupider. A maliciously named file does nothing on its own, only when a user double-clicks it does it turn bad. Stupid users will break things on any OS.

Re:How can this be?

[Foofoobar]

but honestly this isn't as much of a security flaw in the OS as it is a "feature" in the OS that makes stupid users even stupider.

Wow. What an amazing feature. Looks like the development team at Microsoft has been hard at work on the new OS as per usual.

Re:How can this be?

[pugugly]

This is something I have instantly turned off in every version of Windows so far. Thank god for nLite - you can create your install disk with all this bs turned off to start with!

Re:How can this be?

[David+Gerard]

Bah. Vista is far superior. Windows 7 is for Mac-wannabes who want to "do" things with their computer, not just admire its AWESOME MIGHT as your CPU fan starts lifting your house into the air.

Re:How can this be?

[cayenne8]

I do the same thing.

For the life of me, I've never understood why they turn off the extensions by default, and not only that,why do they keep burying the windows explorer further and further away? Don't people use that to find files? Start applications?

Does no one still get into the tree structure to create their own folders to organize things?

Or...do most people just put everything in My Documents?

Re:How can this be?

[snowraver1]

Does no one still get into the tree structure to create their own folders to organize things?

Or...do most people just put everything in My Documents?

You forgot option 3: Whereever the default save path is.or option 4: I save my important files in (recycle bin|temp folder|ram drive)

Re:How can this be?

[matazar]

It's even worse than that. People save everything to the desktop and expect everything to either start automatically or have a shortcut on the desktop.
I also didn't understand this feature. It should never have been implemented.

Re:How can this be?

[Qzukk]

How can this be?

It is the Kwisatz Haderach?

Re:How can this be?

[dave562]

Windows Explorer is always in the same place no matter what version of Windows you are using. WindowsKey+E.

Standard best practice is to put everything in My Documents. My Documents can be redirected to a network file share. The network file share can be backed up. As long as data is stored in My Documents, it is safe. That approach presents a problem when users want to store gigs of music or photos in there, but for a typical work place environment, it works great. It sure beats the old method of having to manually adjust file storage locations for each individual program.

Re:How can this be?

[commodore64_love]

At my workplace the "My" folders are protected. In fact the whole c: drive is protected, because we're supposed to store everything on the network. However there are certain files that I don't want publicly shared - those I store on the Desktop which they conveniently forgot to block. I even store programs like Lynx there since I can't access any other folder.

Re:How can this be?

[RabidOverYou]

> For the life of me, I've never understood why they turn off the extensions by default

The 'feature' was born, oh so many years ago, because some Windows Program Manager had Macintosh Envy. The Mac allowed you to have "Letter to Grandma", not "Letter to Grandma.doc". What this dork PM failed to recognize is that extensions, a very simple concept, is really quite useful, and easy to use. C'mon MS, turn them back on (by default) in Win7.

Re:How can this be?

[commodore64_love]

VISTA is a monument to everything that makes us the country we are!

Fat, slow, and obsessed with superficialities like pretty shiny colors?

Re:How can this be?

[jjrockman]

Does no one still get into the tree structure to create their own folders to organize things?

Real Windows users drop to the command prompt.

Re:How can this be?

[supernova_hq]

WHAT command prompt?

Re:How can this be?

[commodore64_love]

P.S.

There is one good thing about Vista. When you click and have to wait 30 seconds for something to happen, it reminds me of my grade school days writing book reports using GEOS on my Commodore 64. Yay. We've made a lot of progress in 25 years time:
http://video.google.com/videoplay?docid=5707213540697742201 (actual machine)
http://www.youtube.com/watch?v=j1Mnvead8Tc (on a Windows PC)

Re:How can this be?

[santiagodraco]

So your solution is what exactly? Blame the users for not being technically savvy? That shows a complete lack of understanding of the purpose of computing and the audience who uses it.

Security is a much technical implementation as it is smart design, and this choice by Microsoft is not smart security design.

If the infrastructure is designed poorly and makes poor security practices easy, it's not the users fault, it's the fault of those who implemented the infrastructure.

Re:How can this be?

[rgo]

bash.exe

Re:How can this be?

[Thinboy00]

Start->Run...->Type "command" without the quote marks and hit enter.

Re:How can this be?

[hellwig]

Where do you work? I have worked at a few major companies (former/current DJIA companies) and IT won't do anything they don't want to, and manager buy in doesn't mean squat cause they don't work for your manager. However, at those same companies, most of them provide a private users area to store files, and then the groups themselves have public shared folders, both on the network.

Re:How can this be?

[Barny]

Time for an upgrade :)

Re:How can this be?

[mrcleaver]

Same here, this feature is absolutely awful and it boggles my mind why this is not disabled in Vista and Windows 7

Re:How can this be?

[siloko]

or 'cmd' if you want to save key strokes

Re:How can this be?

[Vexorian]

It isn't exactly a 'feature' it is a design flaw. Specially because of the whole "double clicking something runs strange program" deal.

By the way, the security problem is not that much with hiding the extensions (though it is certainly VERY annoying) The real issue comes with the fact that executable files can be anywhere and all that is needed to [a) display an icon determined by the executable and b) being executable by double click] is to just change the extension to .exe , that's rather bad for security.

A similar misguidance was present in Linux, at least gnome and KDE desktops' support of the .desktop extension, if Linux had more users you can be sure that thing was going to have social engineered the heck of all people into installing rootkits in their systems. That's right, just like windows' .exe non-sense, just the .desktop file extension allowed you to have an icon that [ a)Had a bogus extension/name. b) Had a custom icon, in fact it was easier to use the system's icon for folder or doc file. and c) launched a script with double click. ] I personally was happily surprised to see that after my Jaunty Jackalope update, these .desktop monstrousities finally need an executable permission to work.

For people noticing how lame these things are in both windows and Linux, I am tagging the story as "suddenoutbreakofcommonsense".

Re:How can this be?

[LaskoVortex]

A maliciously named file does nothing on its own, only when a user double-clicks it does it turn bad.

This is true, but people are more or less expect an OS not to had maliciousness from them. I found a pretty good video describing user expectations and how these play out in a security setting. I think the conclusions of the study are profound.

Re:How can this be?

[Sir_Lewk]

I would hardly call that toy a proper CLI.

Re:How can this be?

[Thantik]

Kind of like my /home folder. I don't like to put everything in there. I like to scatter my pictures, documents, programs, and everything else around in /var/lib /usr/bin maybe throw a couple in /boot sometimes just for the hell of it I'll just pick a random directory and throw my things there.

Re:How can this be?

[Darth_Ramirez]

Stupid users? I would rather say stupid designers who impose stupid constraints on John Doe...

Re:How can this be?

[fatbuttlarry]

SECURITY WARNING: MacOSX has a "flaw" where it renames folders ending in .App to executable applications!!

Re:How can this be?

[140Mandak262Jamuna]

Or...do most people just put everything in My Documents?

Nah. Lots and lots of people (mostly brain dead dumb programmers and installation script writers) dump everything in c:\Windows folder, hardwired, by default.

Re:How can this be?

[arminw]

....You are never going to have to worry about losing unrecoverable data when your workstation hard drive take a crap....

Users of OSX with its time machine back up system have the freedom to put their files anywhere in their user space and have a backup on the network Time capsule drive of all files. Surely there must be software available for Windows, albeit at extra cost, that does this backup also.

Re:How can this be?

[beav007]

As far as I can tell, there IS no Start -> Run in Vista with the default setup. You either have to revert the Start menu to classic mode (which I do anyway - the Vista way annoys the CRAP outa me), or use Win+R, which I do anyway.

Re:How can this be?

[cinderblock]

Or if you're lazy like me, it's just "cmd"

Re:How can this be?

[dave562]

My understanding of how Time Machine works is akin to the Volume Shadow Copy service in Windows. Basically certain volumes will retain a pre-determined number of snap-shot backups of any particular file. If the user then accidentally erases a file or saves over it, they can revert to one of the previous copies. It isn't exactly the same functionality of being able to save anywhere in user space, but it is close. There are also third party backup utilities that will backup the entire workstation, or any subset of directories and/or files. To me those seem like a band-aid for bad administration, rather than a solution that you want to rely on. Why take a remote copy of a workstation if you can just put the files on the server, or SAN in the first place?

Re:How can this be?

[dave562]

most of them provide a private users area to store files, and then the groups themselves have public shared folders, both on the network.

That has been my experience just about everywhere I have worked and consulted. Users are given their own "home" directory, and then departments and working groups have common shared folders to facilitate information exchange among those units. Depending on the organization and how the permissions are delegated, sometimes there are administrators within departments or working groups who can modify file permissions on the share. That's why I suggested that perhaps bringing up the issue with the manager might get results. Other reason was because often times, the manager should be able to provide a reasonableness check to determine whether or not there is even a need for a private file storage area or directory for any given content. The OP wasn't making much sense. In a business context, there really isn't a need for completely private information. People are paid to work and do things for the company. That involves creating documents and information that needs to be shared, or at least backed up. Even the most paranoid director of HR understands the utility of a home directory and the importance of backing it up.

Re:How can this be?

[Rynor]

My Documents? Don't be silly! Everything should just be placed on the desktop.

Re:How can this be?

[Curien]

> Security is a much technical implementation as it is smart design, and this choice by Microsoft is not smart security design.

The article and all the discussion I've read so far completely misses the boat. The poor design choice was in having a friggin *filename* determine whether a file was executable or not. There is absolutely no reason whatsoever that some random file downloaded from the Internet or found on a thumb drive should be allowed to execute without the user going through a very explicit hoop (eg, right-click, properties, permissions, check the "execute" box).

Re:How can this be?

[Dachannien]

Fat, slow, and obsessed with superficialities like pretty shiny colors?

I resent that implication. I may be fat and slow, but I have never been distracted from my important duties by mere shiny OOOH THE ICE CREAM TRUCK!!!

Re:How can this be?

[mightyteegar]

Which is why they released PowerShell, and PS is quite well done.

Re:How can this be?

[MadChicken]

Wow. Get back to us when you understand what Time Machine actually does.

Re:How can this be?

[hairyfeet]

As a PC repairman with nearly 15 years in the biz, allow me to answer your questions. First of all, there is a REASON,right or wrong, why show file extensions is turned off by default. Because folks just hit "rename" when they want to change the name of something and every version of Windows(don't know about Vista, customers hate it so i don't stock it) allows you to rename the file AND the file extension by default. Most folks then just rename the file, say "sally's trip" and then when it doesn't work because they have tossed the .jpg, .raw, whatever, they tend to get pissy.

As for "do they put everything in My Documents"? They save wherever the default saves to. I have seen desktops sp buried in .exe files you couldn't even tell what kind of wallpaper they had because Firefox by default saves to the desktop. So since many of the most popular programs save to "My Documents" by default, that is where their files are. But there isn't any planning on the users part, they simply hit save and have no fricking clue where it went after that. To access the file they simply launch the program that made it.

I personally use Xplorer2 as a file manager with Aston as the shell, not only because it uses less resources and is less buggy than Windows Explorer, but it also fixes that stupid explorer bug. Xplorer2 by default shows the file names but when you click rename it highlights ONLY the part BEFORE the dot3, allowing me to quickly rename without having to constantly type .txt,.jpg,etc. It also gives me the classic two pane commander style layout which has always made more sense to me than Windows Explorer. I just use a little command hack in Aston that tells it to launch Aston instead of Explorer and I never have to deal with that fugly mess.

But most of my customers can't honestly tell you where ANY of their files are, or even what the extension is. They just know to launch their picture software and the file is listed there. Which is why you have to be careful not to use anything like Crap cleaner as it will clean recent lists which blows their whole system to shit.

Re:How can this be?

[DavidD_CA]

I'll assume that you're being sarcastic, but just in case you're not...

No, normal users do not use Windows Explorer to open documents they're normally working on. They tend to go to the application that created the file (like Word or Access) and quickly get to it from that app's Recently Used Documents. And if it's not there, they use that app's File | Open, which only shows filetyes registered to that program.

It's more effecient than the way you're suggesting.

The only time Windows Explorer is commonly used (by normal users) is when they need to manage a bunch of files of different types, or move/copy/delete stuff around. And most users don't even touch that stuff.

As for folder structure, most users are doing that from within the application too, not Windows Explorer.

As for starting applications, no one does that but your most hard-core geeks. That's what the Start Menu is for.

I used to turn on the file extensions when I got a new install, but after a while I stopped doing it. After all, there is a whole column called "Type" which proudly shows you the filetype should you be curious. And, you can sort by that column (and in Vista, you can filter, too).

Let's face it, most people don't need to see the extension. They don't even need to know what kind of file it is. They double-click and Windows opens the right app.

Re:How can this be?

[fractoid]

Actually cmd is a slightly different (and better) command prompt than command. It supports up/down arrows to select previous lines, among other things.

Re:How can this be?

[bolt_the_dhampir]

Nah. People are better than that. Recently recovered files from a crashed drive where all important files were in c:\harddrive\

Re:How can this be?

[Zonnald]

Fortunately, the search facility (found on the Start menu) allows you to just type cmd and it will find the program for you to run.

Re:How can this be?

[dudpixel]

well here's a novel idea. How about REMOVING the "feature"?

Its simple.

Step 1: Remove the "feature".
Step 2: If anyone complains about it being removed, explain to them the security risk it poses.

Users (no matter how stupid) should not be able to break the OS. Admins yes, users no. They can wipe their own data sure, but not bring down an OS. Thats the OS's fault.

Re:How can this be?

[hitmark]

Another option is the "recent files" entry on the start menu...

I have seen more then one complaint from people about missing files because it dropped of the end of said menu...

Re:How can this be?

[hitmark]

Useful? Maybe.

But not as a designator for executable files (.exe, .com)...

Re:How can this be?

[DavidD_CA]

No kidding.

Office 2007 has a very cool feature that "fixes" that. You might already have noticed, but in Word, Excel, etc, you can "pin" your favorite documents to the Recently Used Files from within tha application. Quite awesome.

FYI, from the Start Menu's "Recent Documents", you can also right-click a file and choose "Send To" and "Desktop (as Shortcut)" for easy shortcut creation. Then again, show your clients this and they might end up with a desktop full of shortcuts.

Re:How can this be?

[Opportunist]

But a "feature" that keeps information from a user, information that would be important to identify bogus files, at the very least faciliates the exploit.

Re:How can this be?

[Meski]

Yes, but it isn't going to be obviously malicious to a dumb user, or even a smart user who sits down at a dumb user's computer and isn't having a good day. If you see a file that is called minutes (it won't have any extension supplied, and it will have a faked icon that will make it appear to be a word document) then blaming a user for double-clicking it isn't what you should be saying.

Please, Microsoft, have a setting that allows for examining the magic number as a default, instead of relying on the extension. Also, start using Windows File streams for something useful, like maybe storing the application used to create the document. Hmmm, seems like another well known company does that.

Re:How can this be?

[Meski]

Or...do most people just put everything in My Documents?

You can alter that to point to other locations. I've found it works *much* faster pointing it to a ramdrive :^)

Re:How can this be?

[Meski]

But Mac didn't implement this by simply hiding the extension. THey implemented it properly. Which I which Microsoft would do.

Re:How can this be?

[Meski]

DOes it destroy them, or are they just hidden as your old user name?

Re:How can this be?

[xtracto]

see your sarcasm, but honestly this isn't as much of a security flaw in the OS as it is a "feature" in the OS that makes stupid users even stupider.

And this is why I believe that Windows is still not ready for the Desktop... you see, while in Windows the user has to worry about all these file "extensions" jpg, exe iso, com, bat, etcetera, other user friendly OS (like Ubuntu or OSX) automagically know what type of file is it by actually reading the file (usually only the beginning).

I still can not believe that it is 2009 and some Operating Systems still rely on these 80's "extensions"

Re:How can this be?

[xtracto]

Fine the Meta key, idiot. Here's a tip, when you play stupid people are going to think that you're stupid. Do you want people to think that you're stupid?

Meta key?
which meta key?

Re:How can this be?

[gullevek]

Why? It keeps the previous version, unless it runs out of disk space.

Re:How can this be?

[baboo_jackal]

It's even worse than that. People save everything to the desktop and expect everything to either start automatically or have a shortcut on the desktop.

No, it's actually even worse than that! With newer versions of Windows, people install things, with no desktop shortcuts at all, and then they just type stuff into the search bar in the Start menu and expect it to somehow show up and...

Oh wait.

Seriously though, you make a good point - given that most people want their computer to work just like how you said (install programs, don't care how they're stored, and kind of hope that somehow they'll be accessible), doesn't the windows search feature fulfill that desire? I mean, I get that most technically-inclined users (including me) like to be able to interact with the file system directly to access programs and data. But non-technical users just don't care.

When it comes down to it, a file system is just another level of abstraction built on top of the low-level OS kernel-implemented secondary storage interface (which is, of course, built on the abstraction of the physical disk's interface). Maybe we're witnessing the next level of abstraction being built as we speak - the ability to completely ignore the filesystem, and pay attention to what really matters to users - the functionality provided by the applications they install.

Re:How can this be?

[noundi]

Fortunately, their software is much better than their web design.

Thanks for the seizure.

Re:How can this be?

[shutdown+-p+now]

Or...do most people just put everything in My Documents?

No. Most people just put everything on the desktop. And some actually put everything into Recycle Bin (yes, I've seen this IRL).

Re:How can this be?

[noundi]

Because folks just hit "rename" when they want to change the name of something and every version of Windows(don't know about Vista, customers hate it so i don't stock it) allows you to rename the file AND the file extension by default.

Great fix! Just great! Nautilus automatically marks the name of the file and leaves the ."filetype" unmarked when you hit rename. When you begin typing you will only replace the name and the ."filetype" will be left untouched on the right side of your marker. Was that so fucking difficult? That's called a fix. If it leaves a hole bigger than it fills it's a flaw.

Re:How can this be?

[beav007]

That's great if you want to use cmd :P

Re:How can this be?

[supernova_hq]

whooosh

Re:How can this be?

[supernova_hq]

whooooosh

Re:How can this be?

[Keeper+Of+Keys]

MS are about to release a new OS version, so they are clearly doing what they always do in these situations and unleashing their horde of tame Slashbots with mod points.

Re:How can this be?

[bruce_the_loon]

More than that. cmd.exe has more features and is a 32 bit app, while command.exe dates from 95/98 and runs inside the 16 bit NTVDM.

Re:How can this be?

[bruce_the_loon]

Or right-click on the Start Menu, go to Properties, Customize and check the Run Command option that is unchecked. Same way you can take it off of a XP Start Menu if you wanted to.

Re:How can this be?

[sopssa]

I personally use Xplorer2 as a file manager with Aston as the shell, not only because it uses less resources and is less buggy than Windows Explorer, but it also fixes that stupid explorer bug. Xplorer2 by default shows the file names but when you click rename it highlights ONLY the part BEFORE the dot3, allowing me to quickly rename without having to constantly type .txt,.jpg,etc. It also gives me the classic two pane commander style layout which has always made more sense to me than Windows Explorer. I just use a little command hack in Aston that tells it to launch Aston instead of Explorer and I never have to deal with that fugly mess.

Heh, I was replying to this post to note that Vista selects before the dot, but I guess its just xplorer2 :) I changed to it aswell after I started using Vista, before that I used Turbo Navigator from Win98 times. However it kinda broke with Vista's UAC, and doesnt pop up that admin accept dialog. Now I've learned the nice sides of xplorer2 too aswell tho.

I should probably try Aston Shell aswell, I hope they're fixed tray icons now a days tho. Before they didnt have any (or atleast good) support to those and you just didnt see them.

Re:How can this be?

[Mr+Z]

I always run with extensions visible myself. But even for the crowd that runs with extensions hidden, it seems like it still ought to be trivial for Microsoft to add a rule to expose extensions (and maybe even highlight in some other way) files with double-extensions, such as the example file "partyinvite.doc.exe".

That is, if you ever see a "double extension", don't hide anything, and perhaps highlight it. Thus, instead of showing up as "partyinvite.doc.exe", it'd show up as "partyinvite.doc.exe".

Re:How can this be?

[FreakyGreenLeaky]

Or...do most people just put everything in My Documents?

No, most people store everything on the desktop.

When I see this I get a sharp pain in my gut.

I don't know how many desktops I've seen with almost no real estate left open... my wife's desktop for one. Drives me up the fucking wall.

Re:How can this be?

[commodore64_love]

>>>If you don't want them publically shared then you should ask IT to provide you with an ACL

Ha! "Sorry but that's not allowed according to General Dynamics IT usage policy."

>>>If they really need to be private, your boss should back you up.

hahahahahahahahahahahahaha! My boss is an ass who doesn't help us engineers accomplish anything, and even if he was the nicest guy in the world he has no more power to subvert corporate mentality than I do. A few weeks ago I tried to order a connector, and I asked him to assist. Despite his best efforts and schmoozing his own upper-level manager, we were still forced to follow the procurement procedure which took two weeks. (Being frustrated, I secretly ordered a sample directly, and almost got fired by HR for it.) Yep. Doesn't my job sound like a fun place to work?

Re:How can this be?

[hairyfeet]

I haven't had any trouble with Aston and tray icons in the last 2 versions. Yeah in the old days they had some problems in that area but they seemed to have fixed the bug nicely. Now it is VERY stable and frankly a joy to use. It is nice to have a much more sensible desktop and file manager and have it be the same across my Win2K and my WinXP boxes.

I don't know if it will show up with the funky way Slashdot treats characters, but here is the code that I use in Win2K/XP in Aston to replace Explorer with Xplorer2. Like I said I have NO clue about Vista, as my customers hate it as do I so I don't use or stock it. I have been selling newly built XP boxes as fast as I can get in the parts. Anyway the code is....

"C:\Program Files\zabkat\xplorer2\xplorer2_UC.exe" ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}

Just pick "edit element" by right clicking on the icons and set your desktop elements to "application or document" instead of my computer,my documents, etc and paste that code into the application box at the top. If you are using Xplorer2 lite just replace with its path in the above code. This will keep your icons from launching Explorer and instead will launch Xplorer2 with your drives and documents loaded. Xplorer2 is just SO much nicer, and with Aston you can have your Windows shell YOUR way, be it Win9x or Mac or even the Vista black if you prefer, as well as dozens of original designs. They have a free trial so why not give the latest version a spin? If you already use Xplorer2 you are just a couple of clicks from having a completely sane and low resource using Windows experience that is the same across Win98-Vista. Definitely worth the little bit of time it takes to give it a spin around the block and kick the tires.

Re:How can this be?

[TravellingMan]

There are loads of users out there that are stupid enough to rename files and forget to leave the extension intact, so they create files called xxyy which they later cannot open because they do not know which program to use when asked. There are also lots of users that never ever create folders, I know some of them personally :-) they just put things wherever MicroSnot decides it should go. One of the things I always do when starting a new machine is to Partition the disk into at least 4 partitions: 1. System, 2. Programs, 3. Data, 4 Pagefile I try to stick to that but there are always some programs that like to dump their data where they feel fit.

Re:How can this be?

[plague3106]

powershell

Re:How can this be?

[plague3106]

Xplorer2 by default shows the file names but when you click rename it highlights ONLY the part BEFORE the dot3, allowing me to quickly rename without having to constantly type .txt,.jpg,etc

Vista does this now as well, so I suspect Win7 continues this behavior.

Another useful feature in Vista is that if you hit the Rename, type a new name and then hit tab (or shift tab, to reverse direction) instead of enter, it will move to the next file and put that into rename mode... very useful if you have to rename a bunch of files at once.

Re:How can this be?

[Kadagan+AU]

Doesn't mac do this? sorta..

Re:How can this be?

[oobayly]

I've always heard that it's best to keep the Page File on the 1st partition. However I do always fix the size of it so that it shouldn't become fragmented.

Re:How can this be?

[bami]

windows-r cmd enter

Re:How can this be?

[clone53421]

Buy one that has it. It's not like keyboards are expensive. The Windows key is something I could not live without.

Re:How can this be?

[gid]

Open up "Taskbar and Start Menu Properties" from the control panel. Select start menu tab, click customize, check "run command", ok.

Another way is to just open up a command prompt by searching for "cmd", then hit enter.

Re:How can this be?

[clone53421]

More often I can launch what I need directly from the Run dialog. Plus, the Run dialog appears to have a broader PATH than the command prompt. I've tried launching things from the command prompt that would have run from the Run dialog and had it not find the file because it wanted the full path.

Re:How can this be?

[clone53421]

Parent is exactly correct. cmd.exe and command.com are not the same.

For one thing, command.com doesn't support long filenames.

Re:How can this be?

[clone53421]

They probably figured everyone who used it already knew about the hotkey... which, in this case, was probably not a terribly inaccurate assumption.

Re:How can this be?

[clone53421]

First of all, there is a REASON,right or wrong, why show file extensions is turned off by default. Because folks just hit "rename" when they want to change the name of something and every version of Windows(don't know about Vista, customers hate it so i don't stock it) allows you to rename the file AND the file extension by default.

They somewhat fixed that in Vista. It doesn't highlight the extension when you rename the file, so you have to deliberately highlight it if you want to change it. Which, IMO, is the way it ought to be, other than the fact that they still don't display the extensions by default.

Re:How can this be?

[clone53421]

Perhaps you've never heard of Windows XP, or NTFS?

Besides, Grandma will never learn to turn on the execute bit if you have to go into the file properties somewhere. That's too confusing.

Re:How can this be?

[clone53421]

Users shouldn't be running as Administrator. Is that what you're saying?

Re:How can this be?

[theaceoffire]

To extrapolate your last sentence, when I used Gmail offline in Ubuntu 9.04 it created a desktop link that looked like a generic bin file (no logo), and when I clicked it, it informs you that "this is an untrusted launcher", and you can approve it or not.

^_^ After approval, it looks like it is supposed to (icon, etc).

I like the new system much better.

Re:How can this be?

[Chabil+Ha']

First item of business on a clean installation is to disable that 'feature', not for security reasons, but because it makes it cumbersome to change file extensions. Guess it has security benefits too.

Re:How can this be?

[clone53421]

FYI, from the Start Menu's "Recent Documents", you can also right-click a file and choose "Send To" and "Desktop (as Shortcut)" for easy shortcut creation.

That works on any file in any folder, not just in the Start Menu -> Recent menu.

Re:How can this be?

[clone53421]

People still wouldn't notice.

Re:How can this be?

[Blakey+Rat]

For the life of me, I've never understood why they turn off the extensions by default, and not only that,why do they keep burying the windows explorer further and further away?

The vast majority of people don't use (the explorer view of) Windows Explorer.

Don't people use that to find files?

No. Most people either use a shortcut to their My Documents folder, or they just look at the "Recent" in whatever program they want to use at the time. Ask any IT support person, they've probably had to support a user who's favorite document slid out of the top 10 in Word, and had to walk them through finding it "manually."

Start applications?

No, that's what the Start menu is for. Or, again, shortcuts on the desktop.

Or...do most people just put everything in My Documents?

Duh. It's mapped to the network drive, so your files will roam across logins and get backed-up correctly. That's the entire *point* of the My Documents folder.

Sometimes I think most people on Slashdot commenting on Windows don't even actually use Windows-- or alternatively, they use Windows in some kind of weird mutant fashion that no normal person ever would.

Does no one still get into the tree structure to create their own folders to organize things?

That's what you put inside the My Documents folder, you weirdo. DUH! You act as if using My Documents to store files makes it IMPOSSIBLE to make a folder tree-- that's the most moronic thing I've ever heard.

Where did you learn to use Windows? Mars? Where the hell are you keeping files?

Re:How can this be?

[Blakey+Rat]

The Search field in Vista doubles as "Start -> Run." Try it. It's not just for launching applications, you can run "ipconfig", "net use", whatever.

I wish people would actually learn Vista before bashing it. Go back to the classic menu mode if you want, but don't lie and tell us that Vista doesn't have the feature just because the feature's in a different field.

Re:How can this be?

[mjs_ud]

i think just windows key and start typing because it will execute from the Vista Search bar.

Re:How can this be?

[Blakey+Rat]

The fact that your company has a shitty IT department doesn't invalidate the fact that the entire point of the My Documents folder is to be mapped to a network drive. (If available.)

Re:How can this be?

[quacking+duck]

If You think Time Machine is a safe backup method you are in for a surprise. If you delete or overwrite any file you will lose the deleted and the overwritten file in the history as well.

Have you even used Time Machine?

I demonstrated this to a friend last weekend, I recovered a file from my desktop which I'd deleted six months and countless backup cycles ago.

File changes are also preserved--but at every hour or whatever it's set to, not every time you hit "Save."

The only times a deleted file disappears from TM is if you explicitly tell it to delete all its backups, or your backup drive is running out of space and starts removing older backup sets.

Re:How can this be?

[Gonoff]

I have seen so many users confused by this sort of setup!

They "know that C is their hard disc and D is the CD/DVD drive. They are not sure what the other drives are and I have seen a case where a user managed to delete the contents of additional partitions because they thought it was a virus.

Another problem is that you should keep your page file on C:\ anyway.

Keep it simple. If you want to keep some things separate, move My Documents to another drive. This helps when trying to fix things. I think I have managed to do this without even having it show up as another drive letter.

Re:How can this be?

[Impy+the+Impiuos+Imp]

> The reason for this setting is that it makes for a less cluttered look
> and avoids filling the screen with redundant detail.

The reason for this setting is that it apes Apple, which put the file type in a different field rather than adding it to the file's name itself.

I still recall being stunned at seeing you being able to start a program by "running" one of its files, as were several of my buddies. How in god's name did the OS know to go start that word processor or whatever?

Re:How can this be?

[TemporalBeing]

Installed and tried out Powershell - nice that it lets you traverse a lot of things (like the Registry) that you are not able to otherwise, but I find it more gets in the way than anything else - especially since they took over a lot of commands (e.g. ls, cp, etc.) that I normally use (GNU Win32 installed) and don't provide anything remotely similar.

So no, it's not nearly as useful for normal use. Likely for some nice scripting capabilities for a systems administrator, but not for everyday use by hand. It's just not what it's designed for.

OTOH, I can easily use bash or the GNU Win32 tools (under cmd) to do a lot more useful stuff. Now if only cmd would support pipes better (they often break).

Seriously, cmd could have been made to do a lot of what bash and other do via GNU Win32 and some better shell support.

I still prefer bash as it is far more useful - but cmd+GnuWin32 suffices.

Re:How can this be?

[cayenne8]

"Buy one that has it. It's not like keyboards are expensive. The Windows key is something I could not live without."

Funny, maybe its because I don't use windows at home, and only when jobsites give me a windows box...but, I honestly NEVER knew what that button did!!

:)

Re:How can this be?

[clodney]

That is, if you ever see a "double extension", don't hide anything, and perhaps highlight it. Thus, instead of showing up as "partyinvite.doc.exe", it'd show up as "partyinvite.doc.exe".

Unfortunately, the rules for double extensions quickly become untenable. I see a lot of files with names like "Release plan for v2.3.doc". Is that a double extension? What about "Status report 10.5.09.doc?"

And I really don't see where this is a security hole at all. If people have extensions hidden then seeing a file show up as partyinvite.doc doesn't imply any particular safety, because they never expect to see partyinvite.exe.

Re:How can this be?

[TemporalBeing]

They probably figured everyone who used it already knew about the hotkey... which, in this case, was probably not a terribly inaccurate assumption.

That pre-supposes you have access to the hot key. Since you can't remap them in Windows, if you don't have a WinKey you can't access the hot keys - and yes, there are still systems out there (especially laptops) that don't have WinKey's on their keyboard.

The ThinkPad's just got WinKeys either just before IBM sold off the unit or after it was purchased by Lenovo (likely after). But they're not the only culprit.

Re:How can this be?

[cayenne8]

"Where did you learn to use Windows? Mars? Where the hell are you keeping files?"

I started with windows for workgroups 3.11 I think it was. I've always set up folders for different things on the 'tree'. I've never really ever used the MyDocuments thing much to tell the truth...

I'm used to the unix/linux way...treating everything as a folder...so, I am used to setting up folders for my work, and storing things in their place...not all jumbled up.

Re:How can this be?

[Blakey+Rat]

I'm used to the unix/linux way...treating everything as a folder...so, I am used to setting up folders for my work, and storing things in their place...not all jumbled up.

That's fine, but you can do that *in* the My Documents folder.

It's just the way you phrased your original post, as if these two statements:

"Does no one still get into the tree structure to create their own folders to organize things?"
"Or...do most people just put everything in My Documents?"

were mutually-exclusive somehow.

I still don't get *where* you're putting files, if not in My Documents. Do you just put them on the root of the HD? If so, why? (Or is it just an old habit you've never re-examined, even as Microsoft has been giving "subtle hints" and made it increasingly harder and harder to do that?)

Also, what does your workplace do with their files? They don't use My Documents?

Re:How can this be?

[greed]

Time machine backs up everything on the root (/) volume by default, with exclusion lists (some built-in, some user-settable). I haven't bothered finding out if it can back up automounted volumes (mounted under /Volumes), or how it handles static mounts (mounted wherever you like), because I've had a Retrospect system doing The Real Backups for quite a few years now.

Time machine _works_ by maintaining a hardlink farm on the backup volume. So if you get into the backups without the Time Machine UI, all the backups are just plain files in the UNIX sense. One directory per backup event.

So, there's no requirement to save to your Documents folder. Anywhere in your User folder is fine; and so is /Applications, /Library, /Developer, /local, /mygnubuildfolder, or whatever.

Re:How can this be?

[Mr+Z]

Unfortunately, the rules for double extensions quickly become untenable. I see a lot of files with names like "Release plan for v2.3.doc". Is that a double extension? What about "Status report 10.5.09.doc?"

How does it become untenable? Windows already only hides extensions that it knows about, as opposed to "any string of characters after a period is an extension." If I name a file "Release plan for v2.3" without the .doc, it won't hide the ".3". So, only apply the double-extension rule to things with two or more recognized extensions.

If people have extensions hidden then seeing a file show up as partyinvite.doc doesn't imply any particular safety, because they never expect to see partyinvite.exe.

I'm not sure I follow your reasoning here. If someone sees "partyinvite.doc", they are likely to think it's a Word DOC file, whether or not it is. If someone sees "partyinvite.doc.exe", that's clearly unusual. At no point did I suggest that Windows might display "partyinvite.exe". You're right, nobody expects that one.

I would actually go a step further: If Windows notices a double-extension, where last extension is an executable type (.com, .exe, .scr, .bat, .inf, .dll, etc. etc.), pop up a warning if the user tries to run the file saying "WARNING: This is an executable file. This is not a insert name of registered file type for second extension file. Continue launching? If you are unsure, click No." Make the definition of "executable" sufficiently broad to cover all bases.

I guess you're saying that if the file were named "partyinvite.exe", Windows machines that hide the extension would simply show it as "partyinvite". Calling it "partyinvite.doc.exe" so it shows up as "partyinvite.doc" seems to be gilding the lily a bit. My counterargument is that seeing ".doc" (without seeing ".exe") can lull a user into thinking any generic warning they see about "executable file" is in error. That's why I suggest the much more sternly worded warning that says "Seriously, this file is NOT what you think it is."

Re:How can this be?

[clone53421]

I would actually go a step further ...

That's not a half-bad idea. You should work for Microsoft.

Re:How can this be?

[cayenne8]

Interesting, I just had to go look.I thought that the MyDocuments thing was just some preset stuff from MS. I didn't think of adding folder IN the thing. I know it is usually kept at C:\Documents and Settings\[username]\My Documents.

No, taking for instance that I have only one drive, C: I open up windows explorer, and I see that most programs install by default in C:\Program Files. I often set up things like c:\database and from there c:\database\oracle_info or c:\database\postgresql_stuff c:\pictures c:\picture\cancun_2009

Stuff like that. I didn't think that was such an unusual thing. I'd frankly never really noticed the MyDocuments thing so much until the past years when I saw so many apps trying to put stuff there by default...but like I said, never thought of of making a separate tree there, and thought everything was just thrown in one big pile.

"Also, what does your workplace do with their files? They don't use My Documents?

What do you mean my workplace uses? I've never been directed by a company/contract/customer where to put my files on my computer??

But the main answer, I'm used to creating my own subfolders off the root directory to sort out my files.

Re:How can this be?

[dingonix]

How can this possibly be? /. article linking a page that explains what an executable file is... I really hope people don't have to click that link other than to verify that someone did actually link that garbage.

Re:How can this be?

[Blakey+Rat]

Interesting, I just had to go look.I thought that the MyDocuments thing was just some preset stuff from MS. I didn't think of adding folder IN the thing. I know it is usually kept at C:\Documents and Settings\[username]\My Documents.

You have to be shitting me. My Documents has been around since Windows 95, and you've never even LOOKED at it? Not even to find out if it's a normal folder (which it is) or some ... other weird thing you assumed it was? On that point, why would you even assume it's anything but a normal folder?

Am I on candid camera?

No, taking for instance that I have only one drive, C: I open up windows explorer, and I see that most programs install by default in C:\Program Files. I often set up things like c:\database and from there c:\database\oracle_info or c:\database\postgresql_stuff c:\pictures c:\picture\cancun_2009

Even though that:
1) Breaks virtually all Windows multi-user features, and many security features (UAC in Vista, for example, will be broken by that.)
2) Takes a lot more effort than just putting them in My Documents in the first place?

What do you mean my workplace uses? I've never been directed by a company/contract/customer where to put my files on my computer??

Do you have an IT person in charge of your computer?

If you're freelance, then the question doesn't apply. If you *do* have an IT department in charge of your computer, how would you expect them to be able to back up your files if you're shitting them all over the root level of the drive instead of putting them in the proper place?

But the main answer, I'm used to creating my own subfolders off the root directory to sort out my files.

The world has changed since 1992, grandpa. You are seriously unbelievable. Only on Slashdot could you hope to find someone who works with computers, and yet is *that* monumentally out-of-touch with how computers work.

Re:How can this be?

[TravellingMan]

Depends on who you speak to, if you can a seperate partition solely for a pagefile is better as you can then set it to use up the whole partition and not have to worry about fragmentation.

Re:How can this be?

[TravellingMan]

My Optical drives don't start until M and the mapped network drives go from Z to V, that would really confuse them ;-| There are many thoughts on where the pagefile should reside, some say that you should have them only on C others say that you should have them on all drives/partitions but I prefer the seperate partition theory, that way you use the whole partition for your pagefile and nothing else.

Re:How can this be?

[supernova_hq]

whoooooosh

Re:How can this be?

[supernova_hq]

You mean the black window with ~10 commands, no piping and no ability to properly resize horizontally. Dream on!

Re:How can this be?

[cayenne8]

Most all of my work has been DoD.

And no...I've not run into much of what you describe....I work mostly on servers Solaris and Linux, when on a windows box, I mostly just use it as a terminal. Not much to back up, and on a recent gig, doing something different..coding some java to work with IBM websphere....you worked on modules...and when done, checked it into CM..so it is backed up there.

Only on that last gig...was my computer fairly locked down...but, even then, no there was no backup thing set up like you describe.

"1) Breaks virtually all Windows multi-user features,"

Hmm...windows isn't really much of a multi-user system...I've never been to a site where > 1 one person uses a single computer...we all get one each to use.

Well, you learn something new every day I guess...I've never been to work in an environment like you describe. I do a lot of admin work, so I guess I've never had to deal with a computer as locked down and ruled by an IT department like you describe, I've had generally full run with about any box I've had to work on...and most of what I do often is in dev environments..so, I guess I've always worked where I have the flexibility to experiment and 'play' with my boxes I'm on.

Interesting to hear what you and some others here have described...

Re:How can this be?

[Blakey+Rat]

Only on that last gig...was my computer fairly locked down...but, even then, no there was no backup thing set up like you describe.

How do you know? You never used the damned My Documents folder! For all you know, if you had used it, you'd have gotten roaming profiles, shadow copy/previous versions, backup-- all with zero effort on your part.

Hmm...windows isn't really much of a multi-user system...

Yes it is, as much so as any other OS.

I've never been to a site where > 1 one person uses a single computer...we all get one each to use.

Same here, but what the fuck is your point? If you worked at a Linux shop where every Linux user had their own computer, would you then declare that "Linux isn't really much of a multi-user system..."

Again: how in the world is it possible you work with computers and, somehow, simultaneously know NOTHING about computers? It boggles the mind.

I do a lot of admin work, so I guess I've never had to deal with a computer as locked down and ruled by an IT department like you describe,

What does using the My Documents folder have anything to do with being "locked down and ruled"? You're conflating two entirely different things here. And they are not mutually-exclusive.

For the record, my workplace maps My Documents to a network share, meaning we get the features mentioned above (backups, shadow copy, roaming profiles) and we also have full control and full administrative access over our own computers.

Interesting to hear what you and some others here have described...

How have you NOT heard it?

It's not new, and it's not like your Solaris and Linux computers work any differently. (You *do* save Linux/Solaris files in your user account and not the root directory, right? Or maybe you're doing it wrong there, too.) It's almost unbelievable that you don't know that Windows also does this. So does OS X, BTW, if you ever end up in front of a Mac.

I feel really secure knowing the DoD hires such clueless people for development tasks.

Re:How can this be?

[cayenne8]

"How do you know? You never used the damned My Documents folder! For all you know, if you had used it, you'd have gotten roaming profiles, shadow copy/previous versions, backup-- all with zero effort on your part."

Nope...wasn't mandated or set up that way at that gig.

The did have a shared drive the allocated to you and would tell you where to map it, and if you wanted to save something on the network, you put it out there...but was never hooked to MyDocuments. That's the way it has been set up anywhere that did want you to save on network.

And...I'm on a mac now...I set up my own folders there too.

:)

Goodness...I've never seen anyone get so upset or adamant about how someone keeps their filesystem organized. I learned something how people and some companies organize their windows stuff...interesting.

Re:How can this be?

[atraintocry]

You could probably do this on a Mac, too. There is no security against a user that's insistent on running a trojan and has the privileges needed to do so. I know at least a few people who've installed fake anti-virus programs, and even one who paid for one. You'd think it'd be common sense to verify that an instruction is coming from a trustworthy source before following it, but some people will always be easy marks and there's not much you can do for them short of a hard slap to the face.

As far as telling a document from an app: Windows and OS X both prompt you before launching a recently-downloaded executable. Linux users should be using repositories.

I guess I just think that "design flaw" is a little harsh. The holes in a toaster are large enough to jam your hand into, but I wouldn't call that a design flaw, just lack of monkeyproofing.

Re:How can this be?

[baboo_jackal]

Probably. Desktop search is something kind of universally "cool" nowadays. Linux has at least a few desktop search apps, too (Beagle, Tracker, etc.).

My point wasn't that MS is the only one doing this - it's that search is probably one of the next big user interface shifts in personal computing. If you think about it, the file/directory concept (i.e. hierarchically organizing your documents in a directory tree) is just one variety of search indexing - albeit a manual kind, that you do yourself. You manually index, you manually search.

Next step I think would be automating that process, which is something that all the major OSes provide nowadays.

Re:How can this be?

[plague3106]

You clearly have never even started powershell.

Re:How can this be?

[mightyteegar]

That's more or less what PowerShell was intended to do: scripting that batch files can't do and is too much of a headache to do in VBS. One of the nice things about PS is that it can interface directly and cleanly with stuff like Exchange and Active Directory. But yeah, it's not a *shell* shell in the traditional sense.

As for ZSH, I don't need to head over there because I've been using it for five years on my Debian box. But I'm glad you mentioned it because my .zshrc is getting a little cluttered and I need to clean it up. Thanks!

umask 224

[ArsonSmith]

it shouldn't be made executable by the default umask though, so when you go to click on it it'll just try to associate an application with the .exe extension.

Re:umask 224

[tilandal]

Less clutter? How about showing file information in a list by default instead of as 1000 little icons without any useful information? Really, who in the world though that was a good way to display file information?

Re:umask 224

[jisatsusha]

That's exactly what Vista and Windows 7 seem to do. Have you used either?

Re:umask 224

[ais523]

Well, here on Ubuntu, the .exe extension is actually associated with WINE. (And, of course, the actual native executables mostly have no extension, but you can easily determine what they are using file or just by looking for the +x flag.)

Re:umask 224

[Hurricane78]

Well, there are Xerox, Microsoft, Apple, KDE and Gnome, and pretty much every other mindless imitator. Notice how the icons got bigger and bigger. I heard the new "standard" in Windows and KDE is already at 120px.

It is just as stupid as navigating folders by just being shown the contents of the actual folder, and its path (or even just the name). KDE is worse in this than even Windows. Windows had a default of showing such a folder window. But you could always add a folder tree pane, and save it as the default. In KDE's (3.5) Konqueror appears to be more a non-loved part of the program. Very ofter the position of in the tree and in the list view are not in sync. (Especially when opening the program for a specified folder.) Also you have to explicitly press enter, whenever you select an item in the tree view. Etc. In Krusader, the feature seems to be completely missing.

No, I like the concept of Norton-Commander-style file managers. I just think the list view should be a tree view. Controllable with the cursor:
Up/Down: Next/Prev. item.
Left: Folder up.
+/-: Open/close folder.
Right: ? (Assignable command?)
Space: Mark/Select (and/or with Shift and Ctrl, depending on your taste)

A good example of this is the tree view of the Process Viewer for Windows.

As for the icons: If they are recognizable unique and meaningful symbols (like they are used for programs), and also comfortably accessible with the keyboard, they are rather nice. You recognize such icons, when you notice that you can disable the text next to it, without it being any problem for you.

Re:umask 224

[EdZ]

Could be worse. Could be a pile of little icons with huge spacing between them, and a default scrolling direction of 'sideways' (i.e. the way every mouse in existence DOESN'T scroll). Thanks for that, Apple.

Re:umask 224

[RabidMoose]

Microsoft calls that "Windows Media Center"

Re:umask 224

[dillee1]

I wish I have mod point for you. The "Thumbnail" view in winxp is just about as useless can it can be for displaying file information. "Detail" view with file extension shown as in win2003 is much more sensible.

Re:umask 224

[Anpheus]

That's not the new standard, however by default in Vista and 7, they've made every attempt to increase icon quality so that the internal versions can scale up to 256 or 512 pixels for high DPI displays.

Re:umask 224

[Unoti]

It is just as stupid as navigating folders by just being shown the contents of the actual folder, and its path (or even just the name). KDE is worse in this than even Windows. Windows had a default of showing such a folder window.

Agreed. OSX is crappy in this way also. Windows file explorer and their file dialog is better than anything comparable I've seen on Linux or OSX, and it baffles me. Sometimes I think that Microsoft must have it patented or something. Because it's so much better. Every few months I start to consider writing a file explorer and just blatantly imitate Microsoft's UI.

Re:umask 224

[Unoti]

It is just as stupid as navigating folders by just being shown the contents of the actual folder, and its path (or even just the name). KDE is worse in this than even Windows. Windows had a default of showing such a folder window.

Agreed. OSX is crappy in this way also. Windows file explorer and their file dialog is better than anything comparable I've seen on Linux or OSX, and it baffles me. Sometimes I think that Microsoft must have it patented or something. Because the Windows dialogs and explorer are so much better, yet it's certainly not rocket science. Every few months I start to consider writing a file explorer and just blatantly imitating Microsoft's UI.

Perhaps someone will straighten me out and tell me that only noobs use Finder or Gnome desktop for file exploring, and I should be using (insert name of something here). Almost certainly someone will tell me I should just be using the command line all the time. Well, sometimes being able to poke around the directory structure graphically is just more efficient. For people that haven't been assimilated by the Borg, anyway.

Re:umask 224

[Christophotron]

detail view is the easiest for me to navigate. I have never understood why people with 20/20 vision would use Icon view for anything other than images, or even consider using list view. when i am looking for the file I want, I either know its Name, its Size, its Type, or its Date Modified. I click one of those buttons at the top to sort by that criterion and the file I want emerges before my eyes. There is one way to scan the files -- vertically.

With icon view, you have the useless icons taking up space and obscuring the file name, and you have to scan the files both horizontally and vertically to find a file. Unless I am looking at image thumbnails, I can't ever stand using icon view for longer than 5 seconds. I can only assume that icon view is useful to people with crappy vision and as the common denominator for people who didn't know you could change the view in to begin with.

The first thing I do on every Windows system I use is to enable file extensions, view all hidden and system files, and force detail view for all folders.

[vista rant]
Since Vista came out, MS has added an incomprehensible folder categorization feature, so anytime you open a folder it is completely random what view you will get and what properties will be displayed. I think the intent was to "guess" that you want thumbnail view and look at metadata like "tags" or "artist" because a folder contained some images, for example. It never works and is f***ing retarded. You can set a default view for all folders "of this type", whatever that means, but not for truly "all folders". For that you need to edit the registry. So long story short, my standard Windows UI modifications now include a registry edit to get my plain detail view back. I wonder if this is still necessary in Win7.
[/vista rant]

Re:umask 224

[noundi]

Bitmap = fail. Scalable vector graphics = success.

Re:umask 224

[Dal+Platinum]

Yup, still necessary.

I make the same changes as you do on first boot. Icon view drives me up the fucking wall. Detail view all the way, unless it's images, then I go for thumbnails.

The first thing I install on every version of Windows is Directory Opus. It's shareware, but is a superb explorer replacement. There's not a lot it won't do. Without wanting to sound like a shill (too late), I would advise this to anyone that still likes to find their shit manually. Detail view offers levels of detail far beyond what most people will need, thumbnail view is sweet. It has a built in image/video viewer, and audio playing capabilities.

If I'm not mistaken, I used to use a version of it on my Amiga back in the day, and it was central to everything I did back then, and it still is today.

There may be free Explorer replacements out there, but I found this one first in my search, and never bothered to look again.

It also does the neat thing of only highlighting the filename when you go to rename a file, which would solve most of the issues caused by having viewable file extensions.

Re:umask 224

[Anpheus]

Which is what WPF, by Microsoft, is doing for applications well ahead of most other GUI APIs.

Re:umask 224

[spitzak]

Yes if you ignore Iris and NeWS and several other things that only date to about 1986.

Re:umask 224

[Anpheus]

If you don't care about being able to distribute your application, then I suppose I am. But if you had said, "Oh, but QT is moving to an interface entirely DPI and bitmap independent," I would be delighted to admit my wrongness.

Sure, there are vector GUI APIs that preceded WPF, as there will be vector APIs that succeed it. What makes WPF different is that it's installed on millions of computers right now, and Microsoft is slowly but surely moving to it as the basis of their GUI applications. Visual Studio 2010, for example, is a WPF application and that shows their commitment to it.

Now, if you want me to list some bugs and oddities in WPF, I'd be delighted to tell you how f'ed it is in some places :)

Re:umask 224

[atraintocry]

For GUI elements I can see that being an eventuality but with icons you can always just use a picture larger than what's intended.

In fact, including pictures for various size targets is easier on the artist than trying to do "hinting"* for a vector. A lot of icons are drawn as vectors to begin with, and one fine day it'll maybe go straight from artist to desktop, but using bitmaps as intermediaries is not the worst thing in the world.

I know that, at least with Gnome, SVG icons are usable today. Unfortunately, I haven't seen any that I'd actually want to use. I tried lots of SVG wallpaper with KDE at one point, and anything remotely complex takes forever to load up, at which point it probably gets cached as a bitmap anyway. Anything icon-related usually looks great on OS X and the solution has always been to just throw huge bitmaps at it. It works.

In summary, bitmap =/= fail but like you I can't wait for a day when everything (that can be) is vector.

* Scaling up and retaining the look is easy...down, not so much.

Re:umask 224

[atraintocry]

DOSShell was my first thing resembling a GUI (not counting a couple of different 3rd-party attempts) that I'd used, and I believe it had the tree on the left. But I was happy to use Windows once it arrived on the scene.

I tried to get into the Commander style for a while, but I can't get used to it. It's great for a series of complicated file transfers, but other than that, I don't find myself needing it.

I wouldn't say that the tree-on-left or even a complete multiple pane setup is better or worse. But I will say that at this point I think the people who prefer those setups are in more of a niche and there is still plenty of good third-party software for that.

OS X, for all the crappiness of Finder, does excel in one area here: the tree view is a real tree view that includes files. And you can expand one folder's contents without the last one hiding again. So it's sort of a multi-pane setup, except you can move the panes around because they're windows :)

Bah

[MyLongNickName]

This is a non-issue. With all of the vulnerabilities in applications that think they are a programming interface (like Acrobat), EXE's might actually be safer to open.

I never did like that feature

[EvilBudMan]

or any of the others that make you jump through hoops to get at something.

1. Partial menus (Office)
2. The Search Dog (Windows XP)
3. I don't what else but the way they have features turned off and on makes no sense at all.

The I'm done sig.

Re:I never did like that feature

[TheBig1]

I don't what else ... makes no sense at all.

Ahh.... Irony at its best... ;-)

Re:I never did like that feature

[Aranykai]

Actually, I don't that is ironic at all.

Re:I never did like that feature

[colourmyeyes]

The Search Dog was one thing that whenever I installed XP and had to sit through it before being able to turn it off had me asking myself "and this is 'enterprise' software?" Why have a cartoon built into your operating system?

Re:I never did like that feature

[shutdown+-p+now]

The Search Dog was one thing that whenever I installed XP and had to sit through it before being able to turn it off had me asking myself "and this is 'enterprise' software?" Why have a cartoon built into your operating system?

You mean, you didn't get that exact reaction earlier, when you first saw XP's default blue Luna theme?

Re:I never did like that feature

[Keeper+Of+Keys]

It's aimed at people who don't do much with their computer. The rest of us are hopefully smart enough to turn all the missing stuff back on.

But MS have been criticised about this feature for a long, long time. They have clearly decided to keep it in W7.

Extensions

[LogarithmicSpiral]

In most explorer views isn't there a little thumbnail that shows an image of a type of file? Partyinvite.doc.exe would show a cmd window probably, instead of a blue W. Either way, you should be able to tell what type of file it is.

Re:Extensions

[lukas84]

You can easily add the Word icon to your malware, and this will fool users easily.

Re:Extensions

[Burkin]

You do realize it's trivially easy to change the icon of a .exe file to be anything you want, right? The common tactic is to have it use the same icon as a word document or whatever filetype it's attempting spoof.

Re:Extensions

Only if the creator is stupid. All it takes is to get an icon from a doc and use that icon as the default icon resource within the exe file, and voilà - not only it seems to be named .doc, it looks like a word file, too.

The only correct solution is stop trying to hide information from users: showing extensions should be the only acceptable alternative. Hiding them could make sense before, but since Vista even the UI is correct: you click on a filename to edit it and only the non-extension part is selected by default.

Re:Extensions

[Whyte+Panther]

It's trivial for the writer of the "application" to include the legitimite Word document file icon as part of the .exe. Heck, at that point, calling it Partyinvite.exe would be enough to fool most people who have the extensions hidden, because they wouldn't be used to seeing .doc at the end of the name.

Re:Extensions

[orclevegam]

If it's a windows executable you can specify the icon to use (and if it isn't it's probably not going to run very well). All you'd need to do is specify the generic word doc icon (pick the one from Word 2003 and you'd probably get most people). The icon being displayed should not be an indicator of the file type anyway, that's merely a convenience for skimming a long list of files.

Re:Extensions

[Burkin]

Actually most users don't bother to read the warning and just click through. The problem is that no matter how many warnings the OS throws up, the average user will still run programs they shouldn't.

Re:Extensions

[SCPRedMage]

Again, even with the average idiot's tendency to click through just about anything, this warning STILL is far more likely to help than seeing the file extension, because the average idiot has NO idea what a file extension is in the first place.

Re:Extensions

[tsa]

The average user is not an idiot but just ignorant.

Re:Extensions

[MaskedSlacker]

This changes nothing about GP's point.

Re:Extensions

[dotgain]

Hasn't even generation of the preview in the past been risky, with PNG and JPEG library exploits?

Re:Extensions

[Endo13]

I'm not so sure about that any more. Lately, the average user seems more likely to be too paranoid to click through anything, even things they should.

Re:Extensions

[Burkin]

I'm not so sure about that any more.

Then you haven't apparently been following much of the aftermath of UAC because most users are apparently just clicking allow blindly without caring.

Re:Extensions

[Bio)-(azard]

"Think how stupid the average person is, and then remember that half the fucking people out there are dumber than that." - George Carlin

There are ignorant and there are idiots. How many times have you told a user "Don't click that". And 10 minutes later they do it anyway. Is this ignorant or stupidity?

Re:Extensions

[khellendros1984]

Unless some infection had changed the default icon for executable files or something...

Re:Extensions

[tsa]

Certainly not, but calling people idiots because they have difficulties with things you don't even think about is a bit arrogant IMO. I think the word 'clueless' describes beter how the average person experiences the technical world.

Re:Extensions

[clone53421]

Don't forget PDF.

Re:Extensions

[dotgain]

Don't remind me about PDFs.

Isn't this a dupe?

[Thornburg]

Maybe I read this somewhere else, as I can't find it on here.

Anyway this is just some prick trying to get a bunch of publicity over something stupid.

You want a solution? How about this: Windows should only hide file extensions for files that don't use custom icons. IOW, a .doc would show up as a Word document (by icon), so it doens't need the .doc. But if you change the icon of your .exe file to be the word doc icon, then the .exe still shows up.

Now, I'll go make a quick patch and submit the .diff... oh, wait, nevermind.

Re:Isn't this a dupe?

[lukas84]

Yeah, that makes perfect sense. Sometimes it shows, sometimes it doesn't.

Re:Isn't this a dupe?

[tepples]

Now, I'll go make a quick patch and submit the .diff

I wonder if ReactOS, the project to make a free Windows XP clone, might take it.

Re:Isn't this a dupe?

[Hatta]

You want a solution? How about this: Windows should only hide file extensions for files that don't use custom icons

How about we never hide the extension for any reason? If you're worried about clutter, and redundant information on screen, ditch the icons. The extension is all of 3 bytes, and it's far, far easier to read 3 letters than it is to squint at the icon and guess what it's supposed to be.

Re:Isn't this a dupe?

[vertinox]

You want a solution? How about this: Windows should only hide file extensions for files that don't use custom icons. IOW, a .doc would show up as a Word document (by icon), so it doens't need the .doc. But if you change the icon of your .exe file to be the word doc icon, then the .exe still shows up.

Why not just have the OS make anything that has the extension of *.exe to display no matter what?

That way, docs and pdfs won't show extensions but no matter what icon is being used and no matter the name, the exe file will always end in exe.

Re:Isn't this a dupe?

[VGPowerlord]

Well, if users are stupid enough to click on something labeled partyinvite.doc (really partyinvite.doc.exe) when file extensions for every other file are hidden, what makes you think they'll notice partyinvite.doc.exe?

Re:Isn't this a dupe?

[TrixX]

You want a solution? How about this: Windows should only hide file extensions for files that don't use custom icons. IOW, a .doc would show up as a Word document (by icon), so it doens't need the .doc. But if you change the icon of your .exe file to be the word doc icon, then the .exe still shows up.

I have an easier, better one: executability is not part of the file type. Use extensions to indicate file type (and hide it or show it at leisure), but put executability as an extra attribute of the file in the filesystem.

If it sounds familiar, it's because that's what UNIX has been doing since the '70s

Re:Isn't this a dupe?

[yeremein]

if you change the icon of your .exe file to be the word doc icon, then the .exe still shows up

That doesn't make sense. How is Windows supposed to tell that your binary's icon looks like Word's icon? I suppose Windows could cache icons from various versions of popular programs to compare against, but then malware writers would just make a change that would be visually undetectable, like modifying a single pixel.

Re:Isn't this a dupe?

[ClosedSource]

And how exactly does this prevent a careless user from downloading and running malware?

Re:Isn't this a dupe?

[holmstar]

No. It would apply to any executable that specifies a custom icon of any sort. It wouldn't have to be a document icon, or a pdf icon or whatever. Just a different icon than default.

Re:Isn't this a dupe?

[Quantumstate]

Or even if there is too much clutter by having every single file show the extension then exe files should be an exception (and .bat, .scr etc.). This solves the problem.

Re:Isn't this a dupe?

[spitzak]

Actually it is easier to recognize a small 3-letter combo. Try it sometime. Also extremely helpful if you want to describe what to recognize in a text or voice message.

Re:Isn't this a dupe?

[spitzak]

Supposedly because the execute bit will not get set by the program that downloaded the file.

However I very much suspect that if Windows had done this, the downloading programs would have helpfully set the execute bit. It certainly would be a pain if the user had to run some other program to fix it. So this would serve no security purpose.

The exectute bit is really just an artifact of early Unix systems. To make the shell fast it needed a list of all the programs that would work in memory. People put lots of non-executable files in the path so listing all files would make too big of a list (memory was really small back then). Reading the disk was slow so opening each file was out of the question. The executable bit was the fastest way to throw away all the non-executables so the in-memory list could be made as quickly and as compactly as possible.

Turning this historical artifact into a security feature is somewhat bogus. I suppose it is turning into a security feature (it's being used to fix the .desktop vulnerability and apparently effectively) but I think it is an accident and not a real carefully thought-out feature.

Re:Isn't this a dupe?

[keatonguy]

Because permissions are stripped over the network. Once it hits the system it's being downloaded into, it gets set to read/write for the user that downloaded it, and read-only for all other non-administrators. Absolutely everything that is downloaded has to be chmod'ed with the +x flag before you can execute it for security's sake.

Re:Isn't this a dupe?

[Soubrause]

It won't... but it will prevent that user from ever opening a file they've renamed since it will no longer have an extension.

Re:Isn't this a dupe?

[Actually,+I+do+RTFA]

The extension is all of 3 bytes

Close, but off. Windows uses UTF-16, so it would be 6 bytes. Plus two more for the period.

Pedantic man, away!

Re:Isn't this a dupe?

[ClosedSource]

Thanks for the historical perspective. I think a number of Unix features that younger folks use as evidence of its greatness were actually tied to the limitations of the era.

For example, a CLI while quite useful wasn't chosen for Unix because the creators thought it was better than a GUI, but rather because it was the only feasible choice.

This again?

[Anenome]

Gah, these things never die, do they. You'd think the only people falling for this old trap are senior-citizens and six-year-olds.

Today I had to explain to my father that he didn't need to reinstall flash just because some website said so. One of those video sites had simply changed media-servers and since it wasn't on the whitelist the vids began suddenly getting blocked by noscript again.

So I glad I was young when computers were new ._. and old before they got really dangerous (in virus terms).

Re:This again?

[Darkness404]

Today I had to explain to my father that he didn't need to reinstall flash just because some website said so. One of those video sites had simply changed media-servers and since it wasn't on the whitelist the vids began suddenly getting blocked by noscript again.

But that is mostly a flaw in noscript (which, judging from your post, you installed on your father's machine) rather then the site or any viruses.

So I glad I was young when computers were new ._. and old before they got really dangerous (in virus terms).

Really most viruses actually aren't dangerous now. Most try to sell you something via adware or other malware. On the other hand, most viruses before that became popular decided to wreck havoc on Windows (or DOS) by changing registry values, clobbering partion tables, wiping hard disks, infecting floppies, etc. Today, viruses are merely annoyances unless by chance you get a nasty keylogger or such.

Plus, OSes other than Windows are immune to most viruses (sure, they might get them in the future, but not now), OS X is quite mature and very much usable, and same with Linux. Plus both have lower total cost of ownership.

Re:This again?

[twidarkling]

Plus both have lower total cost of ownership.

[citation needed]
Seriously. It's not like I paid for my A/V software. It's not like I run scans when I'm using the system, so my work isn't being slowed.

Then, vs. just OSX, the hardware's cheaper, you can upgrade it and futureproof it, so you don't need to buy an entirely new $1.5k machine, and software's same price or cheaper, with more options. And as for security, may I point you to the Mac-only botnet that was recently discovered due to pirated copies of iLife, or iWork, or whatever it was? Stupid people will fuck up any system you give them, regardless of OS. Windows is not inherently superior or inferior, it's just the one that does what I need.

Re:This again?

[Darkness404]

[citation needed] Seriously. It's not like I paid for my A/V software. It's not like I run scans when I'm using the system, so my work isn't being slowed.

Ok, but that either means one of many things:

A) You pirated your AV software, which, being illegal, should include the full retail price when figuring out total cost of ownership

B) You have a free AV, which, might not be protecting you enough (depending on which AV you have) And either way, you aren't necessarily 100% protected without it being scanned often

Then, vs. just OSX, the hardware's cheaper, you can upgrade it and futureproof it, so you don't need to buy an entirely new $1.5k machine, and software's same price or cheaper, with more options

The hardware is not cheaper. Find me a notebook with a built in multi-touch trackpad, decent resolution webcam, nice-ish keyboard, about 2 gigs of DDR3 RAM, Intel Dual Core CPU, GeForce 9400M or equivalent graphics and you will get a system close to $1300, the price of a Macbook with the same specs. Sure, one could argue that you don't need all the hardware, but the hardware itself isn't that expensive compared to the competition.

While Windows does have more software choices, a Mac is going to be able to do a whole lot more out of the box. And third party software is about the same price, but first party isn't. You can get iWork for about $50, while Office costs much more.

And as for security, may I point you to the Mac-only botnet that was recently discovered due to pirated copies of iLife, or iWork, or whatever it was? Stupid people will fuck up any system you give them, regardless of OS. Windows is not inherently superior or inferior, it's just the one that does what I need.

Yes, any system you allow to execute an untrusted binary can be compromised. The difference is, by hiding file extensions and other exploits, Windows makes it a lot easier to run said untrusted stuff.

Re:This again?

[twidarkling]

No it doesn't. Not when I don't have it actively running. I only turn it on to do overnight scans. Task jobs are wonderful things, after all.

Re:This again?

[twidarkling]

[citation needed]
Seriously. It's not like I paid for my A/V software. It's not like I run scans when I'm using the system, so my work isn't being slowed.

Ok, but that either means one of many things:

A) You pirated your AV software, which, being illegal, should include the full retail price when figuring out total cost of ownership

B) You have a free AV, which, might not be protecting you enough (depending on which AV you have) And either way, you aren't necessarily 100% protected without it being scanned often

I don't pirate software, and I've yet to hear anything negative against Avast, which I run in conjunction with Spy-Bot. So no, no added cost, nor comprimise in protection. And for the record, I've only ever had one virus, and it was from my roommate's computer, over the network. And he was running Windows ME. So I'd say I'm plenty protected.

As for the iWork vs. Office scenario, academic discounts are a *wonderful* thing. Or how about just OpenOffice.org? I've got that on my flash drive, for if I need to do work on someone else's computer, since there's no guarantee they'll have anything I can use. And fine, hardware costs being equal, TCO still isn't radically different.

Lastly, I'm on a Mac at work right now. I can tell you, it doesn't show file extensions all the time, either. I'd say that's even worse. Why just on some? And hell, if we're going for "easy to run untrusted stuff," installing random things in OSX is stupid easy. Easier than Windows, even, I'd say. So random programs end up on the computer, file extensions are only sporadically shown, so what's to stop someone from just double-clicking any random thing on their desktop? The only reason you don't see more Mac viruses and etc are because there's not the user base there to make the ROI worth it. You manage to infect 1% of the Mac user base, that's a pittance compared to 1% of the Windows user base. Statistics work in favour of OSX, but only because of applied "security through obscurity." Apple itself has suggested people should use A/V software on their Macs.

You know, I used to be a fairly hardcore Windows fanboy, but as I've aged, I've realized something. No OS is inherently superior. They tend to be better at different things. The failings of one could quite easily have been the failings of the other. If Apple's marketshare tripled, it'd have more viruses written for it. If Linux became more "user friendly" to compete with Windows, it'd alientate its core user base, and become less useful. To trumpet one OS over another for something like security, which is completely in the hands of the machine's admin and users is quite ridiculous. And no one's still managed to convince me OSX has a lower TCO than Windows.

Re:This again?

[VGPowerlord]

[citation needed] Seriously. It's not like I paid for my A/V software. It's not like I run scans when I'm using the system, so my work isn't being slowed.

Ok, but that either means one of many things:

A) You pirated your AV software, which, being illegal, should include the full retail price when figuring out total cost of ownership

B) You have a free AV, which, might not be protecting you enough (depending on which AV you have) And either way, you aren't necessarily 100% protected without it being scanned often

As much as I hate to defend Microsoft, they do make an anti-virus program... but can't bundle it with Windows or give it away for free because Symantec has made it known that they will pursue antitrust actions if Microsoft does.

While Windows does have more software choices, a Mac is going to be able to do a whole lot more out of the box. And third party software is about the same price, but first party isn't. You can get iWork for about $50, while Office costs much more.

Three things:
1. According to the Apple Store, iWork '09 is $79.
2. Microsoft Works 9 is $40. Works doesn't contain anything like Keynote or Powerpoint, but then again, it includes a database program instead.
3. Office Home and Student 2007 (Windows) and Office Home and Student 2008 (OSX) are $150.

Re:This again?

[VGPowerlord]

As for the iWork vs. Office scenario, academic discounts are a *wonderful* thing. Or how about just OpenOffice.org? I've got that on my flash drive, for if I need to do work on someone else's computer, since there's no guarantee they'll have anything I can use. And fine, hardware costs being equal, TCO still isn't radically different.

Those aren't the only discounts either. If your employer has a volume license, they may have opted into the Employee Purchase Program, which offers discounts on things like Office.

I know my employer has, even though I don't use Office at home.

Re:This again?

[Endo13]

Ok, but that either means one of many things:

A) You pirated your AV software, which, being illegal, should include the full retail price when figuring out total cost of ownership

B) You have a free AV, which, might not be protecting you enough (depending on which AV you have) And either way, you aren't necessarily 100% protected without it being scanned often

You need better information. There's actually a good number of free AV's out there now that do just as well as any you can buy. AVG for example is one of the best in the business. It's also one of very few that offers any kind of protection for all the fake antivirus malware that's been popping up a lot recently. I myself don't use any AV at all because I don't need one. Everyone that uses the network my PC is on is capable of avoiding malware.

The hardware is not cheaper. Find me a notebook with a built in multi-touch trackpad, decent resolution webcam, nice-ish keyboard, about 2 gigs of DDR3 RAM, Intel Dual Core CPU, GeForce 9400M or equivalent graphics and you will get a system close to $1300, the price of a Macbook with the same specs. Sure, one could argue that you don't need all the hardware, but the hardware itself isn't that expensive compared to the competition.

You may be right about the TCO for a Mac being lower (depending on the circumstances) but you're not right about the hardware being cheaper. Honestly, I can't believe anyone is even still trying to use this argument any more. Here, for example, is an HP with the same screen size that exceeds the capabilities of the $1300 Macbook in almost all aspects, and it sells for a whopping $900. Oh, and it has a mail-in rebate on it right now so you could actually get some money back on it too. But hey, the Macbook is only about 50% more expensive, so that's not a big deal right? Oh wait, I get it. The 50% price hike is for the multi-touch touchpad right? That's gotta be worth at least $450.

While Windows does have more software choices, a Mac is going to be able to do a whole lot more out of the box. And third party software is about the same price, but first party isn't. You can get iWork for about $50, while Office costs much more.

Sure. But then, all of that "out of the box" capability for the Mac is just a few free downloads away for the Windows PC.

That being said, Macs are great machines. They definitely have their place. And depending on the user, it certainly can have a lower total cost of ownership. For users who don't have the time or desire to learn how to fix their own software problems, the Mac system is definitely the way to go. Anyone who works at a PC repair shop or does phone support at any place that handles both PCs and Macs can tell you that without a doubt the Mac will have far fewer software problems. It's to be expected, because you're a lot more limited on what software you can run on it. (And particularly what free programs you can download online and run on it.) But for a Windows-savvy user who knows how to repair or avoid the majority of potential software problems and has the time to do it, the total cost of ownership is significantly lower with the Windows PC. For myself, I would not currently even remotely consider buying a Mac because it's just not worth it for me. For my sister though, the Macbook is perfect. It does exactly what she needs and she never has trouble with it.

Re:This again?

[setagllib]

So it will not have a chance to pick up the virus which you ran during the day, and has already removed itself. Good job. Enjoy your false sense of security.

Re:This again?

[Dr.Merkwurdigeliebe]

Sure. But then, all of that "out of the box" capability for the Mac is just a few free downloads away for the Windows PC.

You think that people know to download software?

For users who don't have the time or desire to learn how to fix their own software problems, the Mac system is definitely the way to go.

My time is valuable. I pay a small premium on my computers and in return, some Apple engineer spends more time working so I don't have to. It's a fair trade, so I'll pay it. If you disagree, then don't. No one is forcing you too.

Re:This again?

[Endo13]

You think that people know to download software?

Yes.

My time is valuable. I pay a small premium on my computers and in return, some Apple engineer spends more time working so I don't have to. It's a fair trade, so I'll pay it. If you disagree, then don't. No one is forcing you too.

Eh.. that's exactly what I just said.

It's not worth it to me to pay Apple engineers because a.) I have the time to fix my own stuff, and b.) I have software I want to use that doesn't run on Mac OSX.

I'm neither biased for nor against Macs. It's just that where Mac OS and Windows differ, I currently get a lot more value from what Windows offers than from what Mac OS offers. Who knows, maybe in 5 years that won't be the case.

Re:This again?

[noundi]

+7, Reality check

Re:This again?

[spitzak]

iWork is $39.99 from the Apple website if you are adding it to a machine. I know because I just decided to not bother getting it with a new machine.

However I think there are equivent discounts on home-Word/etc when you buy from Dell, etc. I thought it was sometimes thrown in for free?

Perspectives

[MikeOtl67of]

Why is this happening everytime there is a new important release from Microsoft? Is it because everybody focuses on that or because they did not do their homework?

Not really news, and a non-issue

[lukas84]

Most people wouldn't change their behaviour even if the did see the file extension.

Email programs such as Outlook block .exe attachments, and Executables downloaded using IE display a stern warning before execution.

Changing this wouldn't have helped anyone.

And associating this with Windows 7 is mostly FUD, jumping on the bandwagon just because you don't like it.

Re:Not really news, and a non-issue

[Archangel+Michael]

Hey, here's an idea. WHY not have the file contain the meta data needed for it, within it, and not use Extensions to decide what runs, what is a doc, and what opens a particular file? That way, I can have one JPG file that opens in GIMP, and another that opens in Firefox?

I know, I know, that is too complicated for the user to figure out, and extensions (which are hidden) are SO much easier to figure out.

Re:Not really news, and a non-issue

[lukas84]

The metadata-thing is what Apple did and it has the same security issues - there's no way to tell from the icon or filename if something is an application or a document.

Think of the file-extension as filename embedded meta-data, and it starts to make more sense.

Re:Not really news, and a non-issue

[clone53421]

Because an extension is far easier to change when I actually want to change it than the meta-data would be.

There are already the "Open with" and "Send to" options if you want a choice of applications to open the file with.

Re:Not really news, and a non-issue

[twidarkling]

That way, I can have one JPG file that opens in GIMP, and another that opens in Firefox?

I know, I know, that is too complicated for the user to figure out, and extensions (which are hidden) are SO much easier to figure out.

No, the issue is the massive time sink in needing to tell the OS what to open the file with on each "first-run." I rip a CD, that's 14 times telling it to, yes, open with VLC. Even batch processing would slow it down, since the OS would need to tag each file, then double-check each one if you ever tried to open them individually. And then what happens if you run, say, WMP, and it opens the files? Does it retag them to open in WMP? If it doesn't, are you going to have issues trying to run an auto-play list, since when the file opens, it might decide that it wants to run in its tagged app? Just use the "Open With" feature, since predominately, you'll want to open all of one extension with one type of application. Saves time instead of trying to remember what's tagged with what app.

Unless you're suggesting that downloaded files are already told via the metadata what to open with, which kills any security gains, and can potentially fuck up anyone who gets a file that's told to open with a program they don't have, or to open in a program that doesn't handle that file type.

Re:Not really news, and a non-issue

[lukas84]

You mean it's just like in Windows?

Re:Not really news, and a non-issue

[clone53421]

Let's see.

.exe .com .bat .cmd .scr .js .vbs .hta

...I'm running out. Did I forget any? I guess .msi should be included.

Ok, let's throw in .url and .lnk (which are always hidden from the user – which I think is stupid, but oh well).

Hell, I'll even throw in .jar, assuming they have a Java runtime environment installed.

How many did I miss?

Re:Not really news, and a non-issue

[clone53421]

Yeah, I left them out intentionally since they can't be "run" from the Explorer window (i.e. an actual executable file is necessary to be the attack vector; the .dll or whatever is, in itself, not a threat).

Re:Not really news, and a non-issue

[RiotingPacifist]

I'm fairly sure its a unix thing, but your point still stands. The sensible thing is to have icons that show and warn if its an exe that depend on the metadata, short of that showing file extentions is the best alternative.

Re:Not really news, and a non-issue

[dotgain]

.pif, and how could you? .dll, since their default action modifies the system.

Re:Not really news, and a non-issue

[Hurricane78]

Depends on if the file manager supports it. Imagine a column for it. Just like the -rwxrwx--- column, but clickable, and togglable with the keyboard. But of course, not even the Linux developers have figured *that* out. Sometimes I have the feeling that the whole Linux desktop world revolves around imitating Windows. Sometimes even badly (aka. "simpler", which it is *not*). The Unix philosophy of small parts that you can put together, seems to be completely missing. I hope KDE can get to that with this Plasmoids idea. Although they are still very far away from the same usefulness as the pipe on the shell.

Re:Not really news, and a non-issue

[Moridineas]

Actually, I'm pretty sure that's new since Leopard (10.5).

If what you're talking about is the com.apple.quarantine file xattr that is set on safari downloaded files?

Re:Not really news, and a non-issue

[robmv]

better yet, there is no need to check extensions or metadata, just do a magic test (file command from the CLI) to know the content type of the file. I remember old versions of GNOME did it, but I see a different behavior now. a file with random data named .jpg is opened by eog by default

Re:Not really news, and a non-issue

[FrankieBaby1986]

Why the hell would I want a different program to open for each JPG I click on? That would drive me nuts! If you need a different program from the default, just open that program, and then open your file from there.

Re:Not really news, and a non-issue

[symbolset]

Hey, here's an idea. Why don't we just embed the software for what the content is supposed to do inside the content? That way we can just execute everything and the data will be able to take care of its own presentation and conversion needs.

Re:Not really news, and a non-issue

[adavies42]

god that's annoying. i wrote a launchservices script to kill it, and i'm seriously annoyed apple won't let me do it any other way. (unless there's a hidden defaults setting i haven't heard about....)

Re:Not really news, and a non-issue

[clone53421]

Good catch on .pif, but the default action on .dll files is to ask what to open it with. I left that one out on purpose... double-clicking a .dll cannot infect your machine.

Re:Not really news, and a non-issue

[clone53421]

I'm not referring to the permissions, I'm referring to the file type. Presently, the easiest way for me to create a new .html, .php, .bat, etc. is to create a new text document and change the extension. I doubt that a meta-data "solution" to file types will allow me to do this without significantly more trouble.

Re:Not really news, and a non-issue

[clone53421]

Hmm, yeah, I thought I was probably forgetting something.

Re:Not really news, and a non-issue

[spitzak]

I can tell you that OS9 behavior like that is a pain in the ass. Widnows (and Linux) are a lot easier in this regard.

When I have a .jpg I want to open it in my favorite .jpg viewer, or pick the program to open it with from a popup menu. I don't want to open it in whatever the person who touched it up painting program.

I am at a loss to explain why hiding the extensions is considered user friendly by Microsoft. Talking to novice computer users and helping them out, it is pretty obvious that they know what the extensions are and what they mean. They even know they can "fix" a file to open correctly by changing the extension. They are also visible in all the file open/save dialogs and in the recent-files list in applications.

Re:Not really news, and a non-issue

[Haeleth]

better yet, there is no need to check extensions or metadata, just do a magic test (file command from the CLI) to know the content type of the file.

Great. So instead of just looking at the filename, you propose that my OS should distinguish between OpenOffice documents and Java applications by decompressing a ZIP archive and examining the contents?

"Okay, the XML files in this archive don't validate against the ODF schema. Let's try OOXML..."

And it gets really fun when it comes to text files. Hmm, should I display this source code with the Java icon, the C# icon, or the C++ icon? Let me just compile it to find out, because that's so much more reliable than checking the last few characters of the filename!

Ah, hang on a second, it looks like that file's on a remote filesystem anyway. Hang on, I'll display the icons as soon as the robot on the other end has retrieved the relevant tapes and started restoring their contents.

Re:Not really news, and a non-issue

[robmv]

Did you ever use GNOME? IIRC icons where shown by file extension, but when I clicked to open an file, it checked its content type using the file. I remember it sometimes told me about XML files that really where not XML files (only had xml extension)

I think that was partially a good implementation, warn the user or just refuse to open a file (when the user interact with the system shell, for example double click to open) if the extension does not match the real file content type.

With remote files this is not really a problem, because if you double click on it is because you want to read it, let the kernel fs cache do its work and cache it to be read later by the associated program

And by the way. ODF files add a non encrypted file to the zip as the first embedded file on the zip with the contents type, a magic test on an ODF file does not need to unzip anything.

some files maybe difficult to detect, like text files, but the shell don't really need to know it is a Java source code file, it only needs to know that .java files are text/plain and program X can open text/plain files

This has been around for a long time.

[gcnaddict]

Here's the thing: UAC is one layer of defense against this (even though UAC is never called a protective layer, it seems). If there is no verified publisher, UAC will say that the publisher is unknown and thus, in theory, it should trigger a red flag with people. That's how all of my computer illiterate friends approach it, and they've never had problems.

Second, the default view for most folders in 7 is the details view, which means whether a file is an executable will be exposed to the viewer by default regardless of whether extensions are hidden.

By all means, edit this setting if you must, but realize that 7 has already taken a good number of steps to deal with the danger.

Re:This has been around for a long time.

[lukas84]

UAC doesn't really come that much into play here. It's still possible to capture all your credit card data without elevating to admin.

That said, Explorer blocks execution of files downloaded from the Internet, and Outlook blocks executable attachments completely.

Re:This has been around for a long time.

[Darkness404]

Here's the thing: UAC is one layer of defense against this (even though UAC is never called a protective layer, it seems). If there is no verified publisher, UAC will say that the publisher is unknown and thus, in theory, it should trigger a red flag with people. That's how all of my computer illiterate friends approach it, and they've never had problems.

Heck, just about all legitimate programs I download from a non-major publisher says that the publisher is unknown. About the only programs that I have installed with a "known" publisher are Firefox, and iTunes. The rest still say unknown publisher.

Re:This has been around for a long time.

[Parker+Lewis]

Most people disable UAC or click on it without think (cause they don't have idea what this prompt means, they just known they should accept to open the file).

Tell me: Why hidden a file extension?

Um

[Man+On+Pink+Corner]

Welcome to Windows 95?!

Filename extensions have been hidden by default for many years now, in all shipping versions of Windows. And they've been making it easy for malware authors to fool users for just as long.

It was an insanely stupid policy on MS's part, and it borders on negligence that they're still doing it.

Not new, not unique to Windows

[nine-times]

OSX hides extensions, too, and what's arguably worse, OSX allows you to arbitrarily replace the icon of any file, thereby allowing you to disguise files more easily. Don't some Linux DEs do the same thing?

It's sort of unfortunate that we rely on filename extensions to identify file type at all. Users have a tendency to accidentally remove extensions when they're renaming if you don't hide them. But then if you hide them, then users are missing the single most important cue as to what file-type a file is.

Re:Not new, not unique to Windows

[clone53421]

True. Ideally, the extension would be visible, but would not be changed unless the user deliberately intended to.

For instance: When renaming, the extension would not be highlighted by default. Deliberate selection with the mouse would permit the extension to be highlighted. Ctrl-A would initially highlight only the filename; to select both filename and extension, you would need to press Ctrl-A twice.

Re:Not new, not unique to Windows

[gEvil+(beta)]

Yeah. It's almost like we should move towards some type of hidden metadata that indicates what a file's type is, and maybe another one indicating what application created it. That way, a user could change the filename as much as they want, but the file will still retain the key information that identifies what it really is (which lets other programs open it), as well as what program initially created it (so that program will launch when the document is opened or double-clicked). Probably too advanced for modern systems, though...

Re:Not new, not unique to Windows

[StikyPad]

Vista (and 7) decrease the likelihood of accidental file extension deletion by highlighting only the filename (sans extension) when renaming files through explorer. Personally, I'm usually renaming the extension, or adding ".old".

Re:Not new, not unique to Windows

[techno-vampire]

Don't some Linux DEs do the same thing?

Hiding extensions in Linux is rather pointless because Linux doesn't use the extension to decide what kind of file it is. (It does, granted, use it to decide the default application to use with it, but that's easy to override.) As an example, shell scripts don't need to end in .sh, they just need to have the executable flag set.

Re:Not new, not unique to Windows

[nine-times]

I don't know if you're being sarcastic or something, but that's what the old MacOS used to do. Of course, it became a problem because, if you transfered the files to some other filesystem, you could lose that metadata. With OSX, Apple switched over to using extensions in order to have greater compatibility.

It doesn't completely solve the problem, though. It was still possible to change the icon of programs and documents, and I don't know of anything that prevented people from disguising a program as a document. Another option would be for the OS to use some kind of overlay on every application's icon so that you know it's an executable file. Of course, there still wouldn't be any protection against users ignoring that overlay, so it's not quite so simple.

Re:Not new, not unique to Windows

[Hatta]

God help you though if you wish to communicate with a system that does not handle such hidden metadata. You could end up with an executable file, that your system thinks is text, and be completely unable to run it. What's worse is if the file you are transferring is the program you need to change file types. Then you're just fucked.

I encountered that exact problem just last week when hooking a Mac Classic II up to my IIgs via Appletalk. I could transfer any file I wanted to the Mac, but had no way to run it. Thankfully there was already a copy of Clarisworks (which supports MacBinary archives) on that old hunk of junk. If it was a virgin install of System 7, I would have been completely out of luck. It's really an awful hack.

Anyway, the correct solution is to not throw the file at the OS and expect it to figure out what you want to do with it. Open the file with the application you want to open with. This is one big reason why the command line is superior to GUI launchers. I never have to mess with file associations. I just type 'firefox foo.html' or 'vim foo.html' or 'scp foo.html remotehost:' and it does what I tell it to.

Re:Not new, not unique to Windows

[nine-times]

Is that really the way all DEs handle scripts, by the executable flag? Like I know I can rename a shell script as "test.txt" and still run it from the command line, but if I double-click on that file from Gnome, KDE, of Xfce, will it run or will it open it in a text editor?

Re:Not new, not unique to Windows

[clone53421]

What, then, when I want to create "index.php", "launcher.js", "run.bat", etc? Meta-data is never going to be as clean and simple as just changing the extension when I actually want to change the file type.

Re:Not new, not unique to Windows

[nine-times]

But what it you copied and pasted:

'firefox foo.html'

And there was a script in your path called "firefox\ foo.html"?

OK, I'm being ridiculous, but it's not as though CLIs are completely fool-proof either.

Re:Not new, not unique to Windows

[0racle]

OS X still uses a forked filesystem, its just that it can ALSO deal with extensions if that metadata is missing.

It made our mac users incapable of dealing with NFS because their apps don't write file extensions by default and the datafork was lost over NFS. Heaven forbid they do it themselves, but that was seen as far too much work and take far to much of their valuable time.

God damn that netatalk monstrosity.

Re:Not new, not unique to Windows

[RiotingPacifist]

whats a real shame is that it wouldn't be too hard to put a big fat warning on all executable (well anything with +x anyway).

Re:Not new, not unique to Windows

[King_TJ]

Yep... and it's one reason I've always questioned if it was really a step BACKWARDS with OS X, vs. the classic MacOS method of doing things?

I know people got sick and tired of the whole "resource fork" issue, where a native Mac file would lose its extra info when copied over a network to a non-Mac system, or media formatted in a foreign file system (or perhaps archived with a not fully compliant archiving program). But it seems like that wasn't Apple's fault, so much as nobody else having an understanding (or caring) how their file format worked.

I thought it made a lot more sense than having 3 letter "extensions" designating filetype. Many situations come up where an extension is used by multiple different programs - so it's not certain what the file really goes to.

Re:Not new, not unique to Windows

[techno-vampire]

Yes, it's the way all DEs handle scripts because that's the way Unix and all its variations (including Linux) work. If you double-click on a text file with the execute bit set, your DE will ask you if you want to run it, run it in a terminal or display it.

Re:Not new, not unique to Windows

[Tony+Hoyle]

It wouldn't do anything unless he typed 'firefox\ foo.html'.

Even then it probably wouldn't do anything, because on sane systems the current directory is not on the default path.

Re:Not new, not unique to Windows

[nine-times]

Heaven forbid they do it themselves

I'm not sure who you're talking about here, but Apple did have a sort of solution for this. When writing to a foreign filesystem, OSX will write the resource fork to a hidden file with a "._" prefix. It works well enough until someone with another OS decides to move those files around without moving the resource fork file, or some Windows administrator gets annoyed with all those mysterious hidden files and decides to delete them. I know that happens when you copy via SMB, so I would assume it would work over NFS.

Still, it's a problem. Until other operating systems support this sort of thing, both in the filesystem and in network protocols, you have to assume that the resource fork can be lost.

Re:Not new, not unique to Windows

[nine-times]

Yes, I think resource forks were a good idea. On the other hand, once you have to transfer files to any platform that doesn't support them, it's not practical. Also, I saw many problems with OSX accidentally dropping/corrupting resource forks on its own, making some files completely useless, so the reality wasn't all rosy.

Re:Not new, not unique to Windows

[Khashishi]

Windows pops up a dialog warning you if you try to rename the extension of a file. There shouldn't be a problem.

Re:Not new, not unique to Windows

[nine-times]

It wouldn't do anything unless he typed 'firefox\ foo.html'.

Yeah, I'm saying if the file were called "firefox foo.html" (all that in the quotes) and therefore in order to name it you had to type "firefox\ foo.html", but when copying/pasting you accidentally copied the quotes.

But yeah, whatever, my point wasn't that this particular thing was likely to turn into a major problem, but rather that it's possible to do stupid things in either a GUI or CLI. How many people have done "rm /rf" only to realize afterwards that they were in the wrong directory or on the wrong machine?

Re:Not new, not unique to Windows

[elfprince13]

the .desktop file format used by KDE, GNOME and Xfce is fairly dangerous actually. It's really easy to embed script in it and disguise it as whatever you want. I emailed all my linux using friends a .desktop disguised as an OpenOffice Document that actually installed a python script which would open a random xkcd comic in firefox every 45 seconds until you figured out how to remove the script and it's auto-reinstaller.

Re:Not new, not unique to Windows

[Dewin]

Considering that your shell would treat 'firefox' and 'foo.html' as separate cmdline arguments since you didn't escape the space or wrap it in quotes, nothing.

Re:Not new, not unique to Windows

Linux DEs are not identifying files by their exceptions but by their MIME type. That is, they call libmagic, or something else to determine what is actually inside the file in question and will fall back to extension only if they have no other choice.

Furthermore Unix executables (this applies to both Linux and Mac OSX) need to be given permission to be executed and it is not set by default. Therefore user has to manually do "chmod a+x evilworm" or equivalent in order to fry his computer.

That said I wonder what the attack vectors would be like if Linux gained popularity.

Re:Not new, not unique to Windows

[nine-times]

Yeah, sorry if it wasn't clear, my point was that if you copied/pasted and accidentally left the quotes in (which is why I put the single-quotes in the <quote> tags).

Why you would have a path that included such a script is another problem, which is why I said, "I'm being ridiculous". But whatever, nitpick because you don't want to acknowledge that anything could ever go wrong while using a CLI.

Re:Not new, not unique to Windows

[EvilIdler]

If you sneak in an extra extension in OS X, you can't hide any of the extensions anymore.

If you rename a trojan app to name.jpg and distribute via mail, Preview tries to open it and gives you an error.

If you rename a command line trojan to include .app, you see the extension in e-mail, and double-clicking it in Finder will make the system think it's a Classic app, therefore failing. It expects a .app bundle, a directory with the actual executable in a special place.

If it's not a bundle, it doesn't show an icon. I don't see how this can be exploited. An exploit in a picture or sound format loader seems much more likely.

Re:Not new, not unique to Windows

[noidentity]

OSX hides extensions, too, and what's arguably worse, OSX allows you to arbitrarily replace the icon of any file, thereby allowing you to disguise files more easily. Don't some Linux DEs do the same thing?

But doesn't Mac OS X warn you the first time you're running a program? (or am I thinking of that case when you're opening a document that uses said program?)

Re:Not new, not unique to Windows

[inject_hotmail.com]

Yeah. It's almost like we should move towards some type of hidden metadata that indicates what a file's type is, and maybe another one indicating what application created it. That way, a user could change the filename as much as they want, but the file will still retain the key information that identifies what it really is (which lets other programs open it), as well as what program initially created it (so that program will launch when the document is opened or double-clicked). Probably too advanced for modern systems, though...

Actually, NTFS allows for something called an ADS (Alternate Data Streams). Any amount of data can exist there. It's even possible to have multiple data streams...so...why not just reserve one or two for application information? Well, only a handful of popular file systems use/understand an ADS...any version of FAT, CDFS, ISO9660 etc can't story that data, so if one copies data to a volume with one of these file systems, the ADS data is lost.

Some very smart viruses like to hide in ADS land...as in, you might see a file with 0k allocated, but in fact, in an ADS, it might have its payload. Unfortunately, until Vista, Windows Explorer didn't tally the ADS in it's "Total Size on Disk" line in a file's properties dialog, so you could have a file report as 1k, but actually take up gigs, and there isn't a way to account for it.

Try it! Bring up a command shell in Windows 2000 through Win 7. Go to a temp dir, and create a file like this:

      echo Regular Stream > testfile.txt

Then create an ADS, but use of the semicolon:

      echo Alternate Stream > testfile.txt:anything

Then display your newly created file:

      type testfile.txt

      more (less-than sign) testfile.txt:anything

(Sorry, I don't know how to properly escape a less-than sign)

Note the use of "more" for the alternate stream. I suppose "type" doesn't understand an ADS.

There you have it. A relatively surreptitious way to protect data in plain sight.

Re:Not new, not unique to Windows

[Xyde]

I'm pretty sure Windows does this too now, but isn't there a warning when running an unsigned executable downloaded from the internet? I'm sure this was implemented in OS X to negate this exact thing. It even tells you when/where it was downloaded and gives you an option to open it's source web page. It even warns you about downloading a disk image with an executable inside it, though I've disabled that option obviously.

Re:Not new, not unique to Windows

[ThrowAwaySociety]

On the plus side, an OS X executable has to be zipped (or tar'd, or packaged in a disk image) before it can be sent as an email attachment or downloaded from a website. It's more than a little suspicious when you have to unzip a Word doc.

The biggest flaw in OS X's handling of file types, though, is the default setting in Safari which will unzip archives and mount disk images that are downloaded automatically. WTF?!! That checkbox shouldn't exist, much less be the default.

For what its worth, OS X does warn you when you run a downloaded executable for the first time. (So do Vista and Win 7, I believe.)

Re:Not new, not unique to Windows

[sydb]

You're grasping at straws, like most people I don't have a file named rf in my root directory and if I did I'd rather it was rm'd.

Re:Not new, not unique to Windows

[ClosedSource]

You can download and run apps in Linux without manually invoking chmod.

Re:Not new, not unique to Windows

[tb3]

But doesn't Mac OS X warn you the first time you're running a program? (or am I thinking of that case when you're opening a document that uses said program?)

It actually does both. And it does it by placing the name of the downloader program and the source URL as key/value pairs in the file's extended attributes. Pretty clever, really.

Re:Not new, not unique to Windows

[clone53421]

until someone with another OS decides to move those files around without moving the resource fork file, or some Windows administrator gets annoyed with all those mysterious hidden files and decides to delete them

I know perfectly well what they are. They piss me off, and I delete them on that basis.

When moving from a resource-based filesystem to an extension-based filesystem, the damn files should be converted. Why the hell do I want "book report" with a ".book report" file saying it should open in Word? Windows doesn't know what the hell to do with that. Thanks a lot for nothing.

Re:Not new, not unique to Windows

[nine-times]

Why the hell do I want "book report" with a ".book report" file saying it should open in Word?

Because that's not all resource forks do. These days, they're pretty much reserved for non-vital metadata. I can associate all of my Word documents to open in Word, but then I can set a particular Word document to open in OpenOffice or Pages in that file's resource fork, or I can add keywords or a "Label" (in OSX you can make files show up as highlighted in a different color). The resource fork might also include a thumbnail preview so I can see the contents of the file in Finder.

But those are just the things resource forks are typically used for now. Once upon a time, some Mac files were perfectly useless without their resource forks. Font files, for example, might include pretty much all their data in the resource fork and no data in the data fork-- don't ask me why because I have no clue.

Now all of those resource forks are perfectly useless if you're viewing the file from a Windows machine, so I can understand the desire to delete them. However, I've see a Windows admin delete all the resource forks from a Windows server even though that server was being used for no purpose other than as a file server for Mac clients, which was a pretty pointless thing to do. The people using that file server were not happy, especially since they had some old fonts that were rendered completely useless.

Re:Not new, not unique to Windows

[clone53421]

Because that's not all resource forks do. These days, they're pretty much reserved for non-vital metadata.

True, but in the interests of portability, I'd like to see extensions when Mac files get copied onto an NTFS or FAT volume. I mean... really.

I'm mainly just pissed off over them because Finder adds all those damn resource files as soon as I open the folder on a Mac. WTF? No new information is being created. Now when I plug my flash drive into my Windows box, I'll see all these stupid useless hidden files that serve absolutely no purpose even on the Mac (the only relevant detail would be the icon arrangement in the folder, and unless I moved them around, that's default anyway). They just clutter up the folder.

Re:Not new, not unique to Windows

[nine-times]

Well they should be more or less hidden in any operating system you move them to. I think it sets the flag for Windows to be a hidden file, and starts the filename with a period, which should take care of hiding them in Unix variants. Windows does something pretty much just as obnoxious by adding "Thumbs.db" all over the place, except that doesn't get hidden in non-Windows operating systems.

Anyway, I agree that it's annoying. One of the first things I do with a new Mac is tell it to not write ".DS_Store" files to network shares. In my opinion, the real solution is to get better support for metadata into more operating systems. If we're going to be hamstrung to only support metadata that's supported in the lowest-common-denominator of filesystems, then it's be nice if the lowest-common-denominator weren't so damned low.

Re:Not new, not unique to Windows

[clone53421]

Well they should be more or less hidden in any operating system you move them to.

I disagree with that statement on principle: I don't want my OS hiding any files from me, regardless of what whoever copied them onto my device thought.

Windows does something pretty much just as obnoxious by adding "Thumbs.db" all over the place, except that doesn't get hidden in non-Windows operating systems.

That can be disabled; I've forgotten how. It pissed me off, too; now my computer doesn't.

Re:Not new, not unique to Windows

[nine-times]

I disagree with that statement on principle: I don't want my OS hiding any files from me, regardless of what whoever copied them onto my device thought.

Well in my opinion, it's a little silly to demand that your computer show you everything, only to turn around and complain that you're seeing too many things and it's cluttered. Sure, I want the *option* of being able to see anything I want to see, but I definitely also want the option of saying, "I don't need to see this, so don't show me.

Even in Unix command lines, there are hidden files. The gross majority of the time, I don't need to see .bash_history or .ssh when I get a directory listing of my home directory. So hide them it's fine. I know they're there, and if I'm not sure, it's easy enough to get the shell to show them to me.

What's wrong with that? The ideal interface would be one that always showed you the things you needed to see and never showed you anything you didn't need to see. Of course, the computer can't really know what you do or do not need to see, so we're left with someone's best guess along with the option to override.

Re:Not new, not unique to Windows

[clone53421]

Files that I don't want/need to see should be "hidden" by putting them in other folders where they won't clutter up the folder I'm keeping my documents in.

For instance, in Windows, my %userprofile% folder contains the hidden folders "Application Data", "Local Settings", "NetHood", "PrintHood", "SendTo", and "Templates". However, the "My Documents" folder is relatively free from unnecessary hidden/system files. (Well, Excel insists on putting "My Data Sources" in there, which pisses me off. But I digress.)

Re:Not new, not unique to Windows

[nine-times]

Ok, but let's say the resource forks were kept in the filesystem as they were intended. It would be just as hidden, but I bet you wouldn't have a problem with it.

The problem is both a cross-platform compatibility problem as well as a psychological/perceptual problem (no offense, I'm not saying your crazy). OSX uses metadata that other operating systems don't have support for, and you don't like knowing the files are there, even if they're not causing a problem.

Re:Not new, not unique to Windows

[clone53421]

Ok, but let's say the resource forks were kept in the filesystem as they were intended. It would be just as hidden, but I bet you wouldn't have a problem with it.

I'm not really thrilled about it, no, and the fact that the resource fork is even harder to detect than a normal hidden file makes it even worse.

Um, Win7 is not yet a release

[cptnapalm]

I am a Microsoft Hater.

Having said that, Win7 is *not* yet a release, so I do not think that they can be blamed for this with regards to Windows 7.

That this was apparently a real problem on every OS they have released in the last 11 years, on the other hand, is blameworthy.

Re:Um, Win7 is not yet a release

[David+Gerard]

Then this is the time to make a big fuss about it: so that it will be fixed for Win7.

Re:Um, Win7 is not yet a release

[cptnapalm]

Perfectly true.

My reply was based upon this particular sentence: "Microsoft is taking flak for failing to correct a problem found in previous editions of Windows."

So it is both true that this would be the right time to make a fuss and it isn't yet a release, so I don't think they should be taking flak for it (with regards to Win 7).

Re:Um, Win7 is not yet a release

[MikeUW]

The purpose of betas and rcs is to get feedback *before* a release. If nobody makes any criticisms before the release, then you'll be stuck with the same problems later on anyway.

I agree somewhat with your second remark. But I don't personally think this is a big deal. I prefer to see the extensions at all times, but it's more for convenience to me, rather than a security issue.

Re:Um, Win7 is not yet a release

[cptnapalm]

Perhaps I wasn't as clear as I could have been. I was certainly not saying that there should not be somebody saying "hey, fix this" as this is a release candidate and that is what they are for. What prompted the post was that both the title and the summary kept referring to Windows 7, but this isn't Windows 7. As it is still a release candidate, the default now might not be the default when Windows 7 is actually released.

If Microsoft says that it will be the same way in the final release regardless, then bile would be appropriate.

Personally, I never understood why they did that in the first place. It isn't like it makes the OS any easier to use or anything.

Re:LOL

[lukas84]

Yeah, a default account that can elevate to admin privileges in some cases. Just like in other operating systems, like Mac OS X or Ubuntu.

Microsoft been PC (politically correct)

[juanhf]

Security risk or not, most email programs Microsoft has put out already block potentially harmful files by blocking them from been executed by an uncanny user.

Having said that, why bother using double extension? If you are already hiding file extensions what is to stop you from creating an EXE file with the icon for a word document? That would avoid the mysterious trailing ".doc" on the file - oh no lock up your daughters and your wives!

I'm for having a good anti-virus program and educating users.

i seen js javascript the same way

[FudRucker]

many years ago when i was using win98 i would always set folder options to NOT hide file extensions and it still hides that second extension, i had what looked like an ordinary bitmap file file_name.bmp but i clicked on it to open it and bam! its true colors show up and it disappears completely even with show all files enabled (file_name.bmp.js) shows for a second and its gone, so i fdisk windows off and reinstall since anti-virus did not find anything and that looked too fishy to be innocent, that taught me no not click on a file to open it, always open a graphics editor/viewer and use file > open to open them then if something is wrong the graphics app will complain if something is wrong with the file.

Re:i seen js javascript the same way

[BikeHelmet]

Win98's Explorer had a lot of such issues. XP's isn't so bad. If you tell it to display the extensions, you'll see the correct extension.

Re:i seen js javascript the same way

[Khashishi]

Unless it's a .lnk file.

Re:i seen js javascript the same way

[BikeHelmet]

Indeed! But link files have their own problems. (mainly security ones - malformed file code execution)

You won't hear me saying this very often, but XML-based .lnk files would be best!

Re:i seen js javascript the same way

[vic-traill]

Unless it's a .lnk file.

Hey, good catch, didn't know this. Under XP SP3, it appears that, having renamed the file by adding a .lnk extension using Win Explorer, you can't shake the .lnk. No matter what you change the filename too, it continues to be identified as a shortcut, with the .lnk extension hidden in Explorer, even with the setting for displaying filename extensions turned on.

Had to hit the command line to get rid of the .lnk extension.

Re:i seen js javascript the same way

[clone53421]

Same goes for .url ... which, by the way, is a text-based format.

"Slashdot Windows 7 Users Warned Over Filename Security Risk.url":

[InternetShortcut]
URL=http://it.slashdot.org/article.pl?sid=09/05/07/1937248&art_pos=1

Re:i seen js javascript the same way

[atraintocry]

Microsoft loves strange binary formats. I mean, they collectively as a company have romantic feelings about wacky binary formats. You are asking the impossible. They will use XML to contain info about a versioning scheme that's independent of whatever they used previously, then a tag called "shortcut" that will contain the binary-format link file.

To be fair, the situation with Mac plist files (like reg keys but not stored in a single massive hive of fail) isn't much better. From what I remember they tried to go completely XML but had speed issues so now you have both.

natural selection

[castironpigeon]

At least it'll take the really dumb Windows users out of the loop for a while so the rest of us don't look so bad.

Re:natural selection

[clone53421]

Hardly. No, they'll just become new zombie nodes in some massive botnet.

Extensions? No extensions?

[clone53421]

Do we really think that it's going to make a difference to Joe Schmoe? If it has a Word document icon, our hapless friend is going to be duped regardless of whether it ends in ".doc" or ".doc.exe".

May I remind you that, with file extensions hidden by default, ONE SHOULD NEVER SEE A FILE ENTITLED "partyinvite.doc", because that extension should be hidden. The fact that it isn't hidden is already a glaring red flag — which Joe Schmoe is obviously oblivious to.

I turn extensions on by default, but I really don't think that would help Mr. Clueless. Somebody needs to sit him down and explain to him what's going on, and nothing is going to save him from the trouble of paying the proper attention to the files he opens.

Re:Extensions? No extensions?

[taustin]

ONE SHOULD NEVER SEE A FILE ENTITLED "partyinvite.doc",

That is true. However, an .exe can have it's own icon embedded in the file, so one could name it partyinvite.exe and give it the icon from a Word doc, and Joe Schmoe would have no clue. In fact, a lot of people would miss that.

Re:Extensions? No extensions?

[clone53421]

True enough. Even so... if that was going to make a huge difference in the number of people who were duped, malware authors would have surely figured this out and you'd see it happening more often.

Re:Extensions? No extensions?

[clone53421]

"partyinvite.doc.exe" WILL be displayed as "partyinvite.doc" when extensions are hidden

Yes, but the real "partyinvite.doc" won't. Congratulations, you completely missed my point.

Re:Extensions? No extensions?

[thetoadwarrior]

Do we really think that it's going to make a difference to Joe Schmoe? If it has a Word document icon, our hapless friend is going to be duped regardless of whether it ends in ".doc" or ".doc.exe".

You're right but this is because computing has been dumbed down and because file extensions have been turned off by default for so long people don't really pay attention to the name of their files.

In my experience, when you teach someone who things should be done, even if they are a clueless user, they'll take your advice seriously and generally avoid doing what you told them not to do.

This is why MS should have focused more on information people how to use their computer rather than changing the OS to be idiot friendly.

Perhaps there people should have to take a test to earn a computing licence before being able to connect to the internet. At this point I think that's the only thing we could do to undo the mess we have now.

Re:Extensions? No extensions?

[ClosedSource]

"You're right but this is because computing has been dumbed down"

Yes, that's why you and I can afford our own computer - because "lusers" made mass manufacturing of computers economically feasible. If you don't like it, submit your punched cards to the clerk behind the glass.

Re:Extensions? No extensions?

[mightyteegar]

This is why MS should have focused more on information people how to use their computer rather than changing the OS to be idiot friendly.

Thank you for your common sense and stating what should be ridiculously obvious to most people here but apparently isn't. While reading this thread all I could think of was my experience with the thousands of users I've dealt with, all of whom look up to "the IT guy" for information and, in a roundabout way, training. If "the IT guy" tells them something is bad, they'll listen, pay attention, maybe even take notes or ask questions. And they will remember.

Even a massively stupid user can be taught simple things. They may still continue to be a stupid user, but in most cases they wind up being a stupid user whose harm is limited to their own selves rather than everyone in their contacts list or the Internet at large (botnet node).

Extensions on by default, icons, metadata, executable flags, random new ideas -- none of that is a substitute for knowing the basics of how the hell the "infernal machine" works in the first place and how to defend against attacks, and It is my prerogative as a nerd (and I also consider it an obligation) to teach every "stupid user" I come in contact with how to recognize when something isn't right and how to avoid easily-avoidable malicious activity. Then again, it shouldn't be a surprise that the only "solutions" being bandied about here are technical rather than philosophical.

Re:Extensions? No extensions?

[AndyCanfield]

Years ago I received an e-mail attachment named "SEXYLADY.JPG". Did Outlook Express hide extensions? I didn't know. But saving it to the hard disk and using the DOS window I could see it was really "SEXYLADY.JPG.EXE". That's when I started hating Microsoft's extension policy. I hope this means they will soon eliminate this security hole.

And yes, every dumb user I know opens files by double clicking. Many of them don't even know you can run Excel from the menu! Indeed, I've seen people save an HTML web page as "Pagename.xls" just so that when they double click on the name Excel will open it.

Becoming a verified publisher costs $$$

[tepples]

If there is no verified publisher, UAC will say that the publisher is unknown and thus, in theory, it should trigger a red flag with people.

In general, software not sponsored by a corporation has no verified publisher. This includes a lot of freeware and free software, as a lot of developers don't feel like blowing upwards of $200 per platform per year on certificates to digitally sign new versions of each program.

kill the filename.extension paradigm

[line-bundle]

The filename should not contain any metadata. The date is not included in the filename, so why is the filetype in there?

Re:kill the filename.extension paradigm

[thomasdn]

The filename should not contain any metadata. The date is not included in the filename, so why is the filetype in there?

No metadata in the filename? But isn't the filename metadata in itself? By giving the file a name -- a description of the content -- I provide some metadata that lets me know what the file contains. I don't think it is all that stupid to have a convention for file naming.

Re:kill the filename.extension paradigm

[BikeHelmet]

Perhaps for speed?

I'd like to see files without an extension auto-resolved to whatever they were - but I do find extensions handy.

On Windows I can open a folder with say... 200 ~350MB files, and they show up instantly - but on Linux (with its wonderful libmagic), it takes dozens of seconds.

I feel it should go like this:

1) No extension -> Resolve extension
2) Extension -> Check if file compatible with programs registered to handle that file type

Extensions are handy for searching, too. The more specific you can get, the easier it is to find something - and .jpg is very specific, as opposed to just searching all images or heck, all files.

Re:kill the filename.extension paradigm

[The+MAZZTer]

Compatibility. Back in the days of DOS, you got 11 characters per filename. 8 before the dot, 3 after. The 3 determined the file type. It probably seemed reasonable given the limitations of those computers.

Now, one of MS' top goal with each Windows is compatibility with old apps (except for DOS games, pfft). Hence file types remain... not just because DOS used them, but because for this compatibility every Windows OS has used them as well! You can turn off part of this compatibility by stopping the generation of short file names, though this will break 16-bit apps as well as some Windows 9x apps which were poorly coded to use short file names.

Re:kill the filename.extension paradigm

[Khashishi]

Dunno, but it's a much better solution than sticking the file type into the file data in *nix style. There should be a separate field in the file table, like date.

Re:kill the filename.extension paradigm

[thetoadwarrior]

When the file type can determine what will happen when you click on it then yes it should be easily viewable. Plus certain metadata is valuable which is why people sometimes put metadata, like the date, within the file name if they feel it's relevant.

Re:kill the filename.extension paradigm

[maxume]

I put dates in file names all the time.

Re:kill the filename.extension paradigm

[line-bundle]

I have no idea who modded this insightful.

There are (at least) two types of metadata, the mutable and immutable variety. The immutable variety (data dependent data) includes information like file size, creation date, etc... The mutable variety (things you can change without changing the underlying data) are things like file name, location etc...

My position is that file type is immutable data. 99% of the time you want to change a file type you do some sort of magic to it, be it compiling, converting to PDF etc.. I can't think of a case where changing the filename should change how the file is processed. You could rename a jpeg file all you want but it's still a jpeg file (a rose by any other name ...)

Yes the filename is metadata. So what? It's the mutable variety, a reminder to yourself what the file is.

 

Re:kill the filename.extension paradigm

[FrankieBaby1986]

I would argue that just as the file name isn't being considered metadata, then the file type isnt either. These are almost always the two most relevant things to the selection and use of a file, and so it makes sense to have the filetype be part of the name.

Re:kill the filename.extension paradigm

[m50d]

Oh fuck off. There have been filesystems which tried that, you know, and there's a reason that they failed; to someone who tries to actually use the damn things rather than sitting around theorising, the filename is the *only* appropriate place for metadata.

Re:kill the filename.extension paradigm

[nine-times]

On the other hand, one of the beneficial things about using the file-type as part of the filename is it allows you to have multiple files of different file-types but with the same filename in the same directory. So if I have a word document called "example.doc" and I convert it into a PDF called "example.pdf", then those two files can coexist in the same directory without accidentally overwriting one with the other.

Not that this is necessarily the only or even the best way to deal with that.

Re:kill the filename.extension paradigm

[nine-times]

Good point, but at least that's your choice. Your operating system doesn't cease to recognize the file if you remove the date from the filename.

Re:kill the filename.extension paradigm

[clone53421]

99% of the time you want to change a file type you do some sort of magic to it, be it compiling, converting to PDF etc.

For you, perhaps. I do it all the time. Usually I'm renaming "New text document.txt" to give it an extension of .php, .html, .bat, etc.

Re:kill the filename.extension paradigm

[clone53421]

Same here, a filename starting with 2009.05.08 will sort by date when I sort by name. Since I don't necessarily want all the files sorted by "date created", and since thumb drives tend to sort by name by default when you plug them in, this is ideal.

Re:kill the filename.extension paradigm

[jrothwell97]

A lot of people do put the date in the filename. That doesn't stop the concept of metadata in the filename being any more silly, though.

Re:kill the filename.extension paradigm

[spitzak]

Actually it's not running libmagic. The slowness is due to the attempt to make thumbnail versions of the files. Microsoft started doing this as well, with the same problems (though I think Nautilus is much worse).

Re:kill the filename.extension paradigm

[atraintocry]

If the filetype was stored in a fork (as opposed to the way ID3 tags are done) then I don't see why there would be a huge speed difference. The name has to be looked up too, after all.

As for searching by .JPG, image/jpeg would be a suitably specific replacement. I'm not saying you're wrong, just that what you listed aren't criteria that are specific to file extensions.

Re:kill the filename.extension paradigm

[atraintocry]

I'm going to assume that the guys who modded this informative have a hard drive full of files like -rw-r--r--@_1_myname_users_1903_May_9_18:00_addressbook.csv...

perhaps

[jsnipy]

Maybe an OS should think to something beyond a file extension to identify the role of a file.

Re:perhaps

[clone53421]

Oh, you mean a sort of magic system?

How exactly would that prevent me from making an application, embedding the default "Word document" icon, and calling it whatever the hell I want?

"But the OS would warn the user..." you begin to say.

It already can, based on the extension. "Magically" detecting the file type isn't going to change anything...

Well, I take that back. It'll make it hard as hell to intentionally change the file type when I need to. Changing "New text document.txt" to "Launcher.js" will now undoubtedly be a PITA.

Re:perhaps

[twidarkling]

Best idea I've seen in the thread so far. Would it be that difficult, or resource intensive to add in a quick verification of file-types? Not being a programmer of any time, I honestly don't know, but if it can work without user intervention, or slowing the system down, it's a damned good idea.

Re:perhaps

[clone53421]

Extensions are all the verification that are needed. If the file has a certain extension, it will be launched in a certain way. The primary issue is presenting this to the clueless user in such a way that they aren't tricked into thinking that an executable is actually lolcats.

Verifying that "hmm, .exe extension, and yup, it's actually an executable" is redundant.

if less clutter was the design goal

[yanyan]

If less clutter was the design goal, MS could have started somewhere else. Like the explorer toolbar (just leave the up, back, and forward buttons thank you), the "Go" button beside the address bar, the big explorer sidebar with the many superfluous items, the cluttered search side bar, the pointless icon view, i could go on. They could probably even drop the whole Start menu paradigm and move to right-click on desktop to display the start menu contents, leaving the whole taskbar for application tabs.

How to rename files

[tepples]

Users have a tendency to accidentally remove extensions when they're renaming if you don't hide them.

That's why a good file manager, like the version of Nautilus that comes with Ubuntu Hardy, selects everything before the extension when the user chooses "Rename".

Re:How to rename files

[jonbryce]

The Vista file manager does that too.

Re:How to rename files

[nine-times]

You think that will stop users from accidentally removing the extension? Have you ever worked helpdesk?

Murphy's Law applies. If the user can mess things up, they will.

Re:How to rename files

[BikeHelmet]

A better solution is to just append the same extension if one isn't specified, and then if the user does it a second time (with the same name), allow it. This way idiots that select the entire filename for some unknown reason won't be vulnerable. :P

Or *gasp* have a popup that warns that the file's extension was dropped. (oh, wait! Explorer does have that - but the file save dialog doesn't.)

I feel the first option is best. Any power user will just hit F2, select the extension, and press delete. Takes all of 3 seconds, but protects the newbies. :) And a power user should know that if he wants to save from his email client without an extension, flip the file type to "All Files (*.*)"

Re:How to rename files

[Blakey+Rat]

Windows does that too, but it's not a great solution. There's nothing preventing the user from selecting past the name into the extension-- Windows asks "are you sure you want to change the extension?" in a dialog, but of course people frequently hit Ok to dialogs without reading them.

The ideal solution has already happened: what Apple implemented for Mac Classic, where a file had two pieces of meta-data:
1) It's type,
2) It's preferred editor

So you could have a TEXT/Word file, which was a TEXT file that was saved, or last-edited by, Word. If another user didn't have Word, they could open it with any application that accepted TEXT files. You could also have a TEXT/Word and a TEXT/Visual Studio file side-by-side in the same folder, and double-clicking the file would open up the appropriate editor for each.

Of course, then comes Windows compatibility and (even worse) the Internet, designed based on crummy Unix filesystems with no meta-data at all, and poor Apple has no way of putting all this meta-data through the wire. Sure there's hacks, like BinHex and MacBinary formats, but the Internet has a way of killing-off good ideas by making everybody conform to the lowest common denominator.

The best the Internet has to offer is MIME types, and those suck compared to what Mac Classic had.

Re:How to rename files

[elfprince13]

and OS X has done it for ages...

Re:How to rename files

[mobby_6kl]

>He was talking about good file managers.

Yeah, but then he contradicted himself by using Nautilus as an example.

Re:How to rename files

[barzok]

Finder does this.

But it's not a great file manager.

Re:How to rename files

[Philip_the_physicist]

The latest version of Nautilus is pretty decent once you fix all the moronic defaults. The only issue I have with it is that it occasionally loses the scrollbars for no particularly good reason, making you reload the directory to show them. If you need something powerful and feature-rich, you could use Gnome Commander, which has an ugly theme and looks primitive, but is very powerful and feature rich.

Re:How to rename files

[adavies42]

ditto OS X, now

Re:How to rename files

[PitaBred]

Between 98 and XP, it didn't. And there are FAR more XP installs out there than Vista and later. It's still a very valid problem with Windows design.

Re:How to rename files

[Phroggy]

Um, no, that's a new feature on Leopard (Mac OS X 10.5). On Tiger (10.4), the entire visible part of the filename will be selected, including any extension.

Re:How to rename files

[clone53421]

The ideal solution has already happened: what Apple implemented for Mac Classic, where a file had two pieces of meta-data:
1) It's type,
2) It's preferred editor

...and god help you if you ever need to change it. No thanks, I like extensions.

Re:How to rename files

[Blakey+Rat]

Ok, a few things here:

You didn't specify which "it" you wanted to change.

1) You can change the default opener for, say, TEXT files in a control panel, the same way you can in every other OS-- that means if that particular TEXT file didn't have a preferred opener, it'd open in your default opener. Mac Classic included an control panel that would do this mapping, and also would map based on DOS-style file extensions (if present.)

2) Or, if you want to change the preferred opener, all you need to do is open the file in that program and hit "Save." That's it. There's no step 2.

3) If you want to change the file's type code, without corrupting the content of the file, you open it in a program that supports multiple types and hit "Save As". That's it. There's no step 2.

4) If you want to change a file's type and don't care whether the content of the file matches the type or not, and I can't imagine this would ever come up but let's just included it here for completeness, you can use a programmer's tool to edit the meta-data. In Classic Macintosh, this would be ResEdit.

Now what you're probably actually bitching about is: "well how do I do it without having to click an icon because people who click icons are LUSERS! and I heard from a very reputable LUG that icons give you cancer so I'd rather type in obscure CLI commands!!!"

The answer to that is: use your fucking imagination. Mac Classic didn't have a CLI, so therefore it didn't have any CLI tools to change any of this meta-data. That's not because it would be *impossble* to build a CLI tool to do it, it's just because Apple had no need to.

So if this filesystem is used in a hypothetical future system, hopefully designed by somebody with more imagination than you, all those tools would need to be built. Well, duh. In this hypothetical system, the entire filesystem and almost all apps running in it would have to be built, also-- building in a few tools to work with file types and preferred openers would be a drop in the bucket.

But the real flaw is that the Internet was designed by people as unimaginative as you, you couldn't think outside their narrow little Unix box, and now it's going to be utterly impossible to move away from file extensions, as there's no way to pass arbitrary file meta-data over web protocols.

Re:How to rename files

[clone53421]

...none of which is as easy as changing the extension.

This, my point being.

Re:How to rename files

[Blakey+Rat]

Possibly, but how the fuck often do you do that? Maybe once a year? "OH NOES! That task I do once every year now takes fifteen seconds instead of 3!"

If you *are* changing extensions more often than that, doesn't that indicate something wrong with the *current* system? I think the entire point of this exercise should be finding a system where you don't ever have to change extensions, any more than you ever have to change any other piece of meta-data in the file. That should all just happen without you having to think about it, like it did in good ol' Mac System 6.0.

Anyway, the extension only indicates the file type. The real problem with the current system is that I have no way of treating "a text file that contains Javascript" (.js) differently from "a text file that contains HTML" (.js). They're both text files, so the current method of changing the type doesn't make any damned sense. If we have another field, say, a field to indicate a preferred opener, then-- gasp! Suddenly the type makes sense, *and* my JS will open in Visual Studio instead of Windows Script Host. We killed tons of birds with this stone!

I still stand by my assertion that you're simply not imaginative enough to imagine a better system than the current one. You've probably had your head buried in computers (well, non-Mac computers) for so long you simply don't even recognize the possibility for improvement. And I'm not trying to be a Mac snob, the only reason I mention them so much in this topic is that they had this all down pat almost 20 years ago. (If it was something BeOS had down pat, like dynamic driver loading, I'd be talking about BeOS.)

Re:How to rename files

[Blakey+Rat]

Or, I can right-click, N, T, which takes less than half a second. Renaming it to give it the correct extension doesn't take much longer. Hit enter 3 times, and it opens in the appropriate application. I'm sure it's far easier and quicker than any "improved" system you could come up with.

Well, first of all, how can you definitively declare it's faster than anything else ever, since the "anything else" doesn't even exist? That's like people pre-1904 saying heavier-than-air flight is impossible and, again, just reinforces my point that you have no imagination whatsoever.

Secondly, your method doesn't even work with most files. If you create a new Excel file, for example, and rename it to be ".doc" it just doesn't work. It only works when you're creating files that are the same TYPE of file in the first place (i.e. if you create a text file using "New Notepad File" and then rename it to a Javascript file, that would work.)

In short, your method doesn't work *now* for the vast majority of file types.

Um, what? "A text file that contains HTML" has a .html extension. What sort of .js file contains HTML? Obviously HTML files can contain Javascript, but these end in .html, not .js. Opening and editing is no problem, because both HTML and Javascript are understood by the browser and are editable in any text editor.

I apologize; my explanation was riddled with typos.

Here's the point I was trying to make, and this time I'll proof it better before hitting submit.

Both the .html and the .js file are the same type: they're both text files. I can open both of them in ANY application that supports opening text files, everything from Notepad to Word to OpenOffice to Visual Studio. There's no reason both of those files shouldn't have the type of (in the old System 6 parlance) "TEXT".

But! I want some text files (.js) to open in Visual Studio, others to open in Expression Web (.html) and yet others to open in Notepad (.txt.) Right now, we use file extensions to communicate this to the computer-- "this text file is the type of text file I want to open in a HTML editor." This is obviously a wrong way of doing that, since there's no actual difference in the format of a file that contains HTML and one that contains Javascript. They're both text files.

Currently, there's no way to communicate this subtlety to the computer. So we end up with a situation where, for example, Word is capable of opening a .js file but it doesn't *know* it's capable of it.*

You also end up with a situation where it's impossible for me the user to say, "I want this .html file to open in Visual Studio, and this other .html file to open in Expression Web." There's no additional piece of meta-data to support that.

All those subtleties could be communicated in Mac System 6, none can be in any modern OS.

That's what "Open With..." is for, and if you have enough .js files that you want to open with MSVS as opposed to wscript, go into Folder Options -> File Types, add it as an action, and change the default.

But "Open With" doesn't know one .html file from another. I have no way of telling it that I *always* want to this particular .html file with X, and this other particular .html file with Y. And that's just on my own personal machine. There's another layer of complexity getting *other* systems to recognize that preference, when I move the file around various networks.

I'd have to go into some properties window to change it, which would be a pain. Thanks, but no thanks. Changing the extension is easy and simple.

How do you know you would? It's not even implemented yet!

and all of the "better" solutions are just the opposite.

But you don't know that because it's not even implemented yet! Christ,

Re:How to rename files

[spitzak]

Which makes it even stranger that Microsoft keeps hiding extensions. Obviously some people there understand how to do this in a safe way.

I also think the OS/X solution of warning if you actually try to change the extension is a good idea. Combined with the Vista selection of only the name it would be the best one.

Metadata/etc appeals to academics but it is pretty obvious that it is not what real users prefer or understand.

Re:How to rename files

[Blakey+Rat]

Well, obviously. It works in enough cases, though, that I find it to be an indespensible feature.

It only works on accident, though. Because it just so happens that you're renaming a text file (with a certain extension) into another text file (with a different extension).

In fact, I think it's safe to say that text-based formats are the ONLY formats your method works with. You just happen to spend most of your time on text-based formats... what about the poor guy who edits photos for a living? Or creates Excel spreadsheets? So your method still doesn't work for the majority of people and the majority of formats, and it only works for you by accident.

Other than the fact that they aren't? One is HTML, a text-based format, and the other is Javascript, a different text-based format.

If you're going to redefine "file format" to mean something other than "the format of the file," then I suppose I can't argue with your logic.

But both .html and .js files are in the same format, to any normal human being who doesn't twist the meaning of words at a whim. They're both text files. (Given, HTML has some additional formatting that goes beyond text files, but it's still a text file.)

I'm just saying that opening a dialog is almost by definition slower than hitting F2 and typing something. I'd have to mouse to the correct field, select it, modify it, and confirm.

Well, two points:
1) Who the fuck said it was going to be in a dialog? You pulled that out of your ass; I certainly said nothing of the type.
2) You can use the keyboard to navigate dialogs, too.

Re:How to rename files

[clone53421]

It only works on accident, though. Because it just so happens that you're renaming a text file (with a certain extension) into another text file (with a different extension).

Like I said... I find it useful. As a computer geek, I work with a lot of files that are editable as plain-text. Furthermore, this is by design, not accident.

If you're going to redefine "file format" to mean something other than "the format of the file," then I suppose I can't argue with your logic.

But both .html and .js files are in the same format

You're abstracting it to a useless level. We could abstract it all the way to "binary data", and every file would qualify. It would be totally useless, though, because we'd lose the primary utility of filetypes: they describe how we go about EDITING AND USING THE FILE. I don't want to open and use HTML files the same way I want to open and use Javascript files or text documents. Thus, they are different types of files.

to any normal human being who doesn't twist the meaning of words at a whim

"Any normal human being" probably doesn't have the slightest idea what a HTML or Javascript file is, and doesn't care as long as they open correctly. If you ask "any normal human being" whether a HTML file and a Javascript file are the "same format", they'll double-click one, double-click the other, compare (HTML = web browser, Javascript = who knows, as it's executable on Windows), and say they're not. At least, I hope they'd have the ability to distinguish between the two.

Who the fuck said it was going to be in a dialog? You pulled that out of your ass; I certainly said nothing of the type.

Ok, then you're basically taking "extension" and moving it into a separate column and calling it the "format". How do I edit this? Double-click it and type something in? What do I use – a short mnemonic to refer to the application that should open it, perhaps? Or is it going to be a drop-down list containing all the known file-types (which is going to take several seconds to populate, if the one in the New file type dialog is any indication, and will require scrolling through to find the correct one)?

All in all, I prefer Vista's approach (after you've turned extensions on): when renaming, select the filename initially, but the extension can be selected and modified if you want to.

You can use the keyboard to navigate dialogs, too.

Of course, but not as quickly as typing a short mnemonic and hitting Enter twice.

I'm glad it's finally news but..

[yakumo.unr]

I never did understand why this fuss wasn't made when it was still such an idiot default setting in XP.... and then AGAIN in vista. I was utterly flummoxed it was still so in win7. I'm sure they have the 'well we've got security right now so it doesn't matter' attitude but they're still wrong.

Similar with OS X

[Charles+Dodgeson]

As an Apple fan-boy, I am chagrined to have to point out that there is an analogue of this problem on OS X. Meta information about a file will contain information about its "Creator" (which is often used to determine what application it should be opened with) and also the file Icon.

This allows for a file to have, say a plain text icon but open as something else altogether. Apple has taken some mitigating steps (warnings before executing downloaded files for the first time), but has not changed the underlying problem which stems from concealing information from the user.

Re:Similar with OS X

[SCPRedMage]

(warnings before executing downloaded files for the first time)

Hmm... that seems oddly familiar...

Re:Similar with OS X

[SCPRedMage]

Let me guess...

Apple from Xerox, right?

Re:Similar with OS X

[atraintocry]

It's 2008 now and Xerox makes multifunction printers. A for effort, though.

Re:Similar with OS X

[atraintocry]

and a red F to me for knowing what year it is

Mod Parent UP

[iamhigh]

As informative. never knew about the reactos project... just burned the live cd to try it out!

Re:LOL

[twidarkling]

Actually, mine does that. Just installed Win7, the default admin account still asks me to run things as admin. Hmm.

Should be on anyway

[labnet]

On every windows system I've configured, one of my first tasks is to change the file exlporer to show extensions and a detailed list view.
I've always found extensions much easier to use than an icons, and a list view with size/dates much easier than a page of freaking big icons.
I assume most /.ers would be the same, but what do you find your users prefer?

Re:LOL

[lukas84]

A Linux distribution is the equivalent to commercial operating systems like Windows or Mac OS X. I just didn't want to make my sentence that convoluted, but i should've known someone would go and nitpick that.

How can this be? sufixication

[goombah99]

How can this possibly be?

Your question actually has a face value in excess of it's sarcasm content. How did we get here?

I'm stating common knowledge but it's worth reflection since it paints a large picture. In the begining there was the file and the file was just a marked off stretch of physically contiguous bytes on a tape or drum. it had no internal structure. Have a directory that associated names with files regions was something you had to implement yourself. The filesystems formalized this to having names, hierarchies, and even non-contiguous allocation tables for blocks.

Since that time every new file system has tried to codify the notion of metadata. And in this land of babble, the only common durable hiding place for meta data has turned out to be the filename itself.

Look at HFS for example as a valiant effort in defining meta data like "kind" and "creator", and defining different kinds of forks some of which had uniform storage protocols for resource, so that programs other than the creator could inspect and edit them. And boy what a snarl that has perpertually been. While these still exist, apple has punted and gone to just using file structures and a specially named file (plists) to hold meta data in a quasi XML format.

And so here we are 30 years later and were still putting suffixes on our files just like back in the days of DEC and Prime and even before.

And think about perhaps the biggest failure of the Longhorn Debacle. The promise of a revolutionary new filesystem that put meta data and it's inspection first. An entirely relational storage system underneath that only mimmiced the hierachical system for legacy purposes.

Deleted from Longhorn, promised again for vista, and then gone. Promised for windows 7 then gone.

It's bizzare. Everyone knows what the problem is. HFS was much maligned precisely because it was more complex than suffixes but it's what we really needed back in 1984. and all the others all made so much sense too.

Why are suffixes so enduring? How can this be?

Re:How can this be? sufixication

[colourmyeyes]

Why are suffixes so enduring?

Because the human using the computer wants a quick way to determine what the file most likely contains.

Re:How can this be? sufixication

[mrbene]

Why are suffixes so enduring? How can this be?

Because they always end up being the default. Because they have the final say / last word. Because they are enduring.

OK, prolly could come up with more, but I don't think it's really worth it.

Re:How can this be? sufixication

[goombah99]

Well yes. But how hard would it be to have a colum in the either the gui or the command line file list that provided that info right beside the file name. indeed that's what OS9 and all it's predecessors did. Even posix will show you the privledge masks in the listings. And if you wanted a more compact "ls" format then have one called "lse" that faked the file extensions back on to the names from the creator meta data.

it's not hard or even incompatible with how the user views the files right now. It's just not done because there's no standard implementation of how to store that metadata that is common to file systems, api's or programs.

Re:How can this be? sufixication

[SCPRedMage]

Deleted from Longhorn, promised again for vista, and then gone.

You DO know that Longhorn was the internal codename for Vista, right?

Re:How can this be? sufixication

[D+Ninja]

And, I don't remember it ever being promised for Windows 7. In fact, Microsoft didn't really promise a whole lot for 7 (presumably) after learning their lesson from Vista.

Re:How can this be? sufixication

[clone53421]

And changing it. You have any idea how many files are plain text, if you actually want to look at them?

Let's see... txt bat cmd htm(l) hta js vbs url scf php asp ...well, you get the picture.

Re:How can this be? sufixication

[coolsnowmen]

my "file" command seems to do a pretty good job. So there are some standards even if they are just because of common practices of using a so-called "magic number" in the file data itself.

Re:How can this be? sufixication

[vtcodger]

Surely, we are talking about Windows File System here. As I recall, WinFS was pulled from Vista, but was promised to be released as an update to XP and other future Windows OSes. Windows 7 is a future MS OS, No? As for what happened to WinFS. My guess is that the metadata must simply be too buggy, idiosyncratic, and unreliable for WinFS to work.

If somebody actually knows what happened to WinFS and it isn't a corporate secret, I'm sure that I am not the only person who would like to know why it has never been released.

Re:How can this be? sufixication

[colourmyeyes]

You're right about implementation with respect to my "human-readable" comment - in practice it wouldn't be much different if there were a standard and ls could tell me the file type as well (kind of an integration of file and ls... which wouldn't be hard to hack together just to see what it would look like, but I digress).

But I still think there are situations in which there is no way to get that info - e.g. a list of links on a page, each to a file of a different type. If it says http://example.com/file.doc, you know what to expect. Metadata sufficient to render file extensions obsolete would leave us with http://example.com/file, with no way to tell what it contains.

There may be a quick fix to this situation that I'm overlooking, but my point remains - there are some times when it's just good to know from the filename what you'll be dealing with.

Re:How can this be? sufixication

[The+End+Of+Days]

I wouldn't guess buggy, idiosyncratic, or unreliable so much as a performance pig. The file system isn't a good place to chew cycles for kicks.

Re:How can this be? sufixication

[nine-times]

Why are suffixes so enduring? How can this be?

That's a pretty good summary, and though I take your question to be sarcastic, I'm going to try to answer it anyway.

AFAICT, filename extensions are enduring because we can't get enough people to agree on a common filesystem, or at least a common specification for metadata stored in the filesystem. HFS basically had an alternate solution with resource forks, but other operating systems didn't support HFS as the default/native filesystem, and the filesystems and network protocols didn't really support resource forks. The result was that if you copied a file from the old MacOS over a network or to another OS, you were risking losing any data stored in the resource fork. Even though OSX doesn't have resource forks, Apple has discouraged putting any important information in those resource forks to prevent important information from being lost.

Now I'm not expert, but as far as I know NTFS, UFS, and ext3 (some of the other most common filesystems) don't have sufficient metadata support to hold these kind of resource forks. When transferring a text file from Linux to Windows to OSX and back, there's no way to identify it as a text file except in the file name. Seeing as we can't even get all the open source operating systems to agree on a new filesystem, I don't see how we're going to get Microsoft to go along.

Now OSX 10.6 has been said to support ZFS, and I've heard rumors that ZFS would be able to support this kind of metadata, and that Apple may be looking to drop HFS+ in favor of ZFS. Could that be a way forward? I don't know, but people seem to think that ZFS licensing is incompatible with the GPL, so I'm not holding my breath.

On the other hand, I don't really know what I'm talking about.

Re:How can this be? sufixication

[andi75]

> Metadata sufficient to render file extensions obsolete would leave us with http://example.com/file, with no way to tell what it contains.

That's where MIME types come in to save you. While it is true that from the URL you can't tell the contents, the moment you do a "GET /file" the server will tell you the mime type (e.g. application/msword), and you can save that information in the file's meta data on your local filesystem (e.g. save it as file.doc).

Re:How can this be? sufixication

[vux984]

Well yes. But how hard would it be to have a colum in the either the gui or the command line file list that provided that info right beside the file name. indeed that's what OS9 and all it's predecessors did.

That's great if you only look at files in detail view. In the file explorer.

Sorry, but in the real world, files are all over the place. I've got a bunch of them sitting as icons on my desktop. There's another one as an attachment to an email I've got up on the screen. And links to download a few more on the website I was just at. Then I open up photoshop and decide to open a recent file via the "Open Recent" menu item... something.pdf, somethingelse.psd, anotherfile.eps...

By embedding the type into the name, its ALWAYS there.

Re:How can this be? sufixication

[Blakey+Rat]

They already have that, it's called an "icon". It worked just fine on your 1984 Macintosh.

The problem is that the Internet is the lowest common denominator. Anything that wasn't envisioned by the creators of MIME types (which is a *lot*) simply cannot exist over the Internet.

Re:How can this be? sufixication

[man_of_mr_e]

Ummm. no. WinFS was canceled. Completely. Kaput. It was never promised for a future version. The people working on WinFS were disbanded and most of their work became the basis for the new Entity Framework database model.

Re:How can this be? sufixication

[IntlHarvester]

Files provide their own icons on every Macintosh vintage, so I don't see how that helps you avoid malicious executables.

Re:How can this be? sufixication

[Blakey+Rat]

You're right, but there's nothing to prevent a potential Apple-like system from indicating a file is executable in another way-- a special outline on the icon, or overlay.

That doesn't make it a bad system, that just makes it a system that hasn't been adapted to the network-connected world.

Re:How can this be? sufixication

[Burkin]

No. there was a predecesseor to Vista that never made it out the door. it too was called longhorn.

Sorry, but no. Longhorn was always the just the codename for the early versions of Vista prior to it being rebranded Vista in 2005.

Re:How can this be? sufixication

[SCPRedMage]

From Wikipedia:

Microsoft began work on Windows Vista, known at the time by its codename Longhorn in May 2001, five months before the release of Windows XP.

Vista IS Longhorn. There was never any other "Longhorn" at Microsoft.

Re:How can this be? sufixication

[TrixX]

To solve this security issue (malicious execution), you don't need separate forks, complex metadata, or anything like that. You just need a single bit of metadata, telling you if the file is executable or not. In other words (Henry Spencer's, not mine): Those who do not understand UNIX, are comdemned to reinvent it, poorly. With that metadata, the worst that somebody can do is name a file foo.txt.jpg to trick you into opening an image making you think it's a text file, but nothing that makes a security risk.

Re:How can this be? sufixication

[Thinboy00]

How about that really annoying dialog box that windows pops up whenever you try to run an executable that lusers just ignore and hit "yes" on?

Re:How can this be? sufixication

[David+Gerard]

NTFS does have alternate streams (forks), actually. It's a great place to hide a malware payload because far too much software and far too many people don't know about it.

Re:How can this be? sufixication

[Thinboy00]

Wrong:

WinFS was billed as one of the pillars of the "Longhorn" wave of technologies, and would ship as part of the next version of Windows. It was subsequently decided that WinFS would ship after the release of Windows Vista, but those plans were shelved in June 2006, with some of its component technologies being integrated into upcoming releases of ADO.NET and Microsoft SQL Server. While it was then assumed by observers that WinFS was finished as a project, in November 2006 Steve Ballmer announced that WinFS was still in development, though it was not clear how the technology was to be delivered.

Re:How can this be? sufixication

[ThrowAwaySociety]

ere is no way to get that info - e.g. a list of links on a page, each to a file of a different type. If it says http://example.com/file.doc, you know what to expect. Metadata sufficient to render file extensions obsolete would leave us with http://example.com/file, with no way to tell what it contains.

Such metadata already exists. You cannot depend on a URL to tell you the file type of the resulting downloaded object. It's too easy for a malicous site to use server-side URL mapping to redirect the apparent URL http://example.com/file.pdf to a server-side application that delivers up an executable, complete with HTTP header like
Content-Disposition:attachment;filename=file.pdf.exe

Which will trigger your browser to ask you where you'd like to save file.pdf.exe.

Re:How can this be? sufixication

[Cl1mh4224rd]

That's where MIME types come in to save you. While it is true that from the URL you can't tell the contents, the moment you do a "GET /file" the server will tell you...

And how will the server know? Yeah, a number of file formats include that information in their header, but there are plenty that don't. How would the server determine HTML from XHTML from CSS from JavaScript?

Re:How can this be? sufixication

[CodeBuster]

HFS was much maligned precisely because it was more complex than suffixes but it's what we really needed back in 1984.

The HFS makes sense for file storage on external media because of the data structure most often used to implement it in all modern file systems, the B-Tree (and its variants). The relational databases out there often use the B-Tree internally in their own db file structures too, but they impose additional restrictions to support relational queries and there is the problem. A general purpose file system, unlike a database, cannot endure such restrictions without losing substantial value as a generic data storage system. The problem of database + queries and efficient large scale file storage are really two separate problems and it is better to keep them separate. In fact, many of the successful search and query implementations employ this strategy. They build an indexed database file that points into the separate addressing scheme (i.e. file paths) maintained by the HFS, using the strengths of each concept to complement the other and really that is the right way to do it. Attempting to combine HFS and relational database into a single structure on the disk is unnecessary, messy, and bound to produce a worse result then simply combining the two concepts into two separate layers as described above.

Re:How can this be? sufixication

[Philip_the_physicist]

Part of the problem is that File has some difficulty guessing filetypes. For example, it thinks most of my java source files are Perl5 source and some are C++, and only manages to identify some of the backups correctly as java. (Of course, some of this may be my coding style, but even so, it shows that I know more about the file type than file)

Re:How can this be? sufixication

[adolf]

Yeah. Because concocting a Bash script to wrap around file to separate all of the mp3 files out of a directory full of randomness and into their own directory is so much easier than "mv *.mp3 ../mp3".

Everyone knows that.

Further, it seems that it should be common knowledge by now that it's always faster to inspect every file for magic, than to just have equivalent information built into the filename itself -- especially over a network.

And it should be plain, but it's positively impossible to ever confuse (deliberately or otherwise) the magic that file looks for.

[/sarcasm]

Re:How can this be? sufixication

[hitmark]

Lets just say that microsoft's past efforts at backwards compatibility have now put them into so much inertia that they are fighting their own previous efforts when it comes to attempts at introducing proper fixes to old issues.

Also, metadata stored outside of the file proper do not survive the net...

Re:How can this be? sufixication

[coolsnowmen]

WTF are you talking about?!
My parent said

It's just not done because there's no standard implementation of how to store that metadata that is common to file systems, api's or programs.

I responded that 'file' seems to do a pretty good job at figuring out what type of file each is. Thus was going along with the idea that a gui could have some sort of metadata displaying the file type easily. No one said anything about scripting.

Re:How can this be? sufixication

[andi75]

> How would the server determine HTML from XHTML from CSS from JavaScript?

The server obviously knows this from the meta data contained in his file system.

Re:How can this be? sufixication

[andi75]

> MIME types are for the browser, not the user.

The browser and the user are the same thing, from the servers point of view.

The user wants to know what type of file it is? The browser should tell him!

As the AC post mentioned, the browser can even query that information without downloading with a simple HEAD request (e.g. if it wants to display icons instead of text links, wants user confirmation before downloading, etc.).

Re:How can this be? sufixication

[Phroggy]

By reading the MIME type stored in filesystem metadata! In this example, when you save a document in Microsoft Word and name it "file", instead of appending a ".doc" extension to the filename, Word would leave the filename alone and add a MIME type. The OS's file browser would use this MIME type to determine which application to open the file in when double-clicked (instead of using extensions the way it does now), and a web server would read the MIME type and send that to the browser, instead of looking up a file extension in a table the way it does now.

For backwards compatibility, users could choose to append an extension to the filename, but this would be completely ignored by newer operating systems. If you chose to name your Word document "file.jpg", you could, and your OS wouldn't care, but since this would cause significant confusion when sending it to users of legacy systems, you wouldn't do that.

The Macintosh filesystem (MFS/HFS/HFS+) used 32-bit "type" and "creator" codes, normally rendered as a 4-character string. This was a good idea in 1984, but not nearly as specific as MIME types (on classic Mac OS, HTML and XHTML and CSS and JavaScript files would all have their "type" field set to "TEXT"). MIME types are definitely the way to go, if you want to construct something like this today.

Re:How can this be? sufixication

[adolf]

Ok, 695297. Live in your little world with only a dozen different data files, all described by some trusted (why is it trusted???) metadata.

Anything in much greater quantity than that, if described by metadata, ends up with the same fucking mess we have right now with the assumptions made about file extensions: If you can't trust a file's extension, then you can't trust its metadata either (whether this metadata be based on magic, or based on extended attributes, umask, or whatever).

Further, with extensions instead of some slowshit GUI-centric metadata not-fixing-any-problems-here-mmmk nonsense, scripting is still easy (or, more to my original point, mostly unnecessary.)

That's WTF I'm talking about: The greater context, about the evils of file extensions (see that cute little titlebar at the top of this browser window? That context.). The context in which your suggestion ("file") is meritless.

"file," very simply, just doesn't fucking fix the problem. Your suggestion about "file," in this context of security, neither promotes safer computing nor reduces complexity. Instead, it just makes things harder. Which seems pretty fucking useless.

In this context.

(Next time, at least read the article summary. k? thx.)

Re:How can this be? sufixication

[Keeper+Of+Keys]

On the other hand, I don't really know what I'm talking about.

I admire your candour, but that's not the way to get that oh-so-important +5 Informative

Re:How can this be? sufixication

[ruiner13]

And where exacty do you think the web server looks at to determine the mime type to use? In most cases it is the file extension. Relying only on mime type isn't any safer. I can create a page that will return any mime type I want despite the data of that type actually being sent.

Re:How can this be? sufixication

[ymgve]

The good thing about standards is that there are soo many to pick from!

Seriously, "file" works by checking magic bytes, that is correct. What is also correct is that there are a thousand different ways these magic bytes are stored and found. Some formats, like MP3, don't even have reliable magic bytes.

Re:How can this be? sufixication

[Lord+Ender]

the moment you do a "GET /file" the server will tell you the mime type (e.g. application/msword)

... and in 99.999% of cases, the server determines the mime type based on the file's extension.

Re:How can this be? sufixication

[andi75]

The whole discussion is about providing information about the file in *some other way then the file extension*.

My point is that the necessary mechanisms for preserving that information over a HTTP download already exists. The mime-type.

How that information is preserved on the server side, or even during an upload is totally another point. As far as I know FTP doesn't have a mechanism to transfer meta data.

Re:How can this be? sufixication

[andi75]

Answered in this post: http://slashdot.org/comments.pl?sid=1226007&cid=27877223

Re:How can this be? sufixication

[coolsnowmen]

Yo, 21054.0, how is the weather?
I could be off base, but it seems you are still a bit too energetic over this one thought. Back to your response-

My first thread was 4 deep, which means I'm not responding to the article anymore, I'm responding to my parent poster.

Additionally, the idea behind looking inside a file to see what it does and comparing it to what it's metadata describes it as is not "meritless." That would be exactly the first/second step in preventing people from accidentally executing files named file.doc.exe, or file.pdf.bat

While any proprietary format could fake being a different format. An executable can't, and that is the greater security concern. Is it not?

I can't wait for your scathing response.

Re:How can this be? sufixication

[adolf]

No. That would be the first step in causing people to figure out how to forge metadata. Such that instead of someone maliciously and confusingly naming something ".doc.exe," it will promote malicious and confusing misuse of metadata.

It, therefore, accomplishes little or nothing positive, and it makes working with a command line much harder.

Re:How can this be? sufixication

[coolsnowmen]

You have an unclear antecedent, because your first sentence:

That would be the first step in causing people to figure out how to forge metadata.

doesn't follow my last thought:

While any proprietary format could fake being a different format. An executable can't, and that is the greater security concern. Is it not?

Re:How can this be? sufixication

[adolf]

I ignored that point because I don't make the same assumptions you do.

I assume that it's a computer, and that it just runs programs consisting of executable data. I assume that these programs use data consisting of information. I assume that all data, whether executable or not, is implicitly not trustworthy. And I assume that any program (particularly the malicious sort) can change data, whether executable or not. I further assume that, therefore, data can be a program -- at least some of the time.

Therefore, I assume that metadata (being just data, after all) might consist only of lies and deceit. It doesn't take much imagination to see the problem.

I hacked my original Xbox using a savegame file for 007, which (upon loading from the in-game menu) immediately booted Linux and proceeded to reflash the BIOS so that the whole machine would be a more complacent environment.

I don't trust data to not be executable. I don't trust metadata any more than I trust a file extension.

Re:How can this be? sufixication

[coolsnowmen]

Your assumptions are flawed. Data is not dangerous, it is what you do with it. Only the executable is dangerous (security wise). Even in your xbox example, it is the faulty design of the 007 game/program that allowed for this exploit. When loading a game state it should never allow a save file to direct it to boot linux. The data was not executing anything technically.

PS. If you ignored a point because of something unstated, then how do you expect me to get it?

Re:How can this be? sufixication

[lrucker]

Except it isn't the human that puts the extension on. I know a fair number of longtime Unix users who put ".doc" on the end of text files that contain documentation. That's an example of using the filename to know what's in the file. ".doc" to mean "Word opens me" is not going to mean much to a complete newbie who doesn't already know that correlation.

Re:How can this be? sufixication

[adolf]

I expect you to be a mind reader, of course. ;)

To expound my previous point: I don't trust programs to be well-written. I don't trust programs to not execute data when they should only be reading that data. I don't trust file extensions, and I don't trust metadata. Hell, I don't even trust metadata to be totally non-executable.

'Tis just how it is . . .

Re:How can this be? sufixication

[atraintocry]

Either you trust the metadata, or you trust the file extension (which led to TFA). If you don't trust it, then you read the file in such a way that you're sure nothing will execute as a result. A hex editor, if you're so inclined.

The trust issue has nothing to do with whether a file extension or something like a fork is used.

Re:How can this be? sufixication

[atraintocry]

sitting as icons...You can use a different icon for a different filetype, and use previews where possible. OS X as well as Windows hide associated extensions, I usually only unhide if there's a problem, and even then I can just drop to a CLI.

attachment to an email...the email has the MIME types, so a decent client will be fine there (and be less susceptible to the type of trojan in TFA)

Links to download a few more on the website I was just at...This one you've got me on. I don't think there's a solution to this that isn't needlessly complicated.

"Open Recent" menu item...Add a column for filetype. What if .eps means Epic Poetry Stanza instead of Encapsulated Postscript? There's a lot that three letters won't tell you.

By embedding the type into the name, its ALWAYS there...In a limited and ambiguous (collision-prone) way.

I get what you're saying but I think that file extensions are definitely a stone-age approach to metadata and it's not that crazy to imagine history going differently and people using more precision in this matter.

But having that information in links without any extra work on the website author's part is definitely a nice thing. Not that it couldn't be accounted for with a cultural change, but there might be more negatives than positives for that scenario.

Re:How can this be? sufixication

[atraintocry]

Generally speaking, no. But it is possible to just store the extra information in another file, along with a naming standard so that the recipient's OS invisibly merges the two on receipt.

Macs already do this...AFAIK when I send another Mac user a zipped folder, they are getting not only the files but at least some usable metadata.

You could also use a filesystem image, provided that the recipient is capable of mounting the image. When the file is moved from the image to the host filesystem, if the two are not compatible then the mounting software/driver could make the conversion. I think.

Re:How can this be? sufixication

[coolsnowmen]

ok

Re:How can this be? sufixication

[Aviation+Pete]

Why are suffixes so enduring?

Because the human using the computer wants a quick way to determine what the file most likely contains.

That's exactly what icons are for. Suffixes belong to command line based systems, and MS should have deleted them 20 years ago.

Re:sarcastic

[idontgno]

Except, you know, double-clicking on a document to activate its standard editor and double-clicking an executable is indistinguishable to a user. (at least until it's too late.) And you know a malware skidiot smart enough to take advantage of the l334 h@x0r feature of Windows will be smart enough to turn on the executable bit before releasing his opus magnum.

BULLSHIT FUD

[sexconker]

Run virus.exe in XP (SP2), Vista, or (I presume) 7.

What's that box? A security warning about unsigned code?

Rename the file to virus.txt.exe and try again.
What's that box? A security warning about unsigned code?

Fuck off insecurity experts.

Re:BULLSHIT FUD

[merreborn]

Run virus.exe in XP (SP2), Vista, or (I presume) 7.

What's that box? A security warning about unsigned code?

Rename the file to virus.txt.exe and try again.
What's that box? A security warning about unsigned code?

Fuck off insecurity experts.

Too bad users don't read dialog boxes

Re:BULLSHIT FUD

[gardyloo]

Then it's a problem with the user, as always, and NOT the operating system.

"as always"? Care to back that up?

Re:BULLSHIT FUD

[sexconker]

Yah.
I use windows xp with no antivirus or such.
I don't visit random sites and download random shit.
I get all the security updates.
No problems.

Hell, I even run as administrator!

Care to point out how a user like me could run into trouble?

If you want to talk about 0-day (or otherwise unpatched) exploits, please also detail how I would come across them.

Re:BULLSHIT FUD

[thetoadwarrior]

Then it's a problem with the user, as always, and NOT the operating system.

When the OS was designed so the user doesn't have to think and therefore the user doesn't think, the problem still lies with the OS.

Re:BULLSHIT FUD

[sexconker]

If the OS was designed so the user had to think, the user still wouldn't think.

Re:BULLSHIT FUD

[thetoadwarrior]

At this point, you're probably right. Which is why I suggested we have to be tested and earn a licence before being able to connect to the internet in another comment. :P

Re:BULLSHIT FUD

[sexconker]

I'm all in favor of mandatory intelligence testing for all sorts of things.

Re:BULLSHIT FUD

[smash]

0-day exploit using one of the many un-patched buffer over-runs still present in Windows, when one of your "trusted" sites gets hacked?

You realise that your habits leave you in the position of implicitly trusting the security of each and every web server you visit? I'm not sure if you were around in the code-red days, but by the looks of it, nope...

Re:BULLSHIT FUD

[Dahan]

Run virus.exe in XP (SP2), Vista, or (I presume) 7.

What's that box? A security warning about unsigned code?

Rename the file to virus.txt.exe and try again. What's that box? A security warning about unsigned code?

What are you talking about? Neither XP SP2 nor Vista automatically check for or verify a digital signature before running an EXE. In fact, most EXEs included with Windows aren't even signed. Try looking at the properties of, for example, C:\Windows\Notepad.exe. Note the complete lack of any digital signature (at least on XP and Vista; I haven't checked Windows 7). I'd love it if there were a setting to make Windows (or at the very least, Explorer) check the signature before running an executable, but as far as I know, there is none. (There are signing requirements for device drivers, but not for regular EXEs).

Fuck off insecurity experts.

NO U

Re:BULLSHIT FUD

[sexconker]

Give an example of a 0-day exploit that would have affected me without my interaction.

I'll let you know if any of the sites I go to got hacked.

Protip: I don't go to many sites daily, and I rarely go to sites with user generated content / annoying ads.

Re:BULLSHIT FUD

[sexconker]

You are factually incorrect.

Download an exe from some random place and run it.
Hell, couponprinter.exe (needed for that free KFC deal, before they just put up a pdf) is signed by verisign. Right click, properties, signatures. EXEs without a signature display a security warning.

You are factually incorrect.

The signing requirement for drivers is different, it is NOT a verification of the publisher of the driver but a verification of the driver's WHQL status. Drivers without WHQL approval are NOT signed by MS, and thus show you a warning when you attempt to install them.

You are factually incorrect.

All Windows system files are compared with a copy of the original every time they are accessed by the System File Checker.

Delete notepad.exe.
Refresh or wait a few seconds for the auto refresh.
It's back, bitch.

You are factually incorrect.

Re:BULLSHIT FUD

[Dahan]

You are factually incorrect.

I shall repeat: NO U

You said, and I quote, "Run virus.exe in XP (SP2), Vista, or (I presume) 7. What's that box? A security warning about unsigned code?" I gave an example of unsigned code that XP and Vista will run without any sort of security warning.

Download an exe from some random place and run it.

And so you now attempt to add another condition--the EXE has do be downloaded from some random place. What if you get the EXE from a USB flash drive? And what you're talking about only happens if whatever you used to do the download writes a Zone.Identifier alternate data stream to the EXE identifying the download as coming from the Internet zone. IE6+some update will do that, and so will Firefox 3, but most other apps won't mark the file and Explorer won't show the warning. And note that since it's not Windows itself that pops up the warning, but ShellExecute[Ex], it doesn't always show up even if the EXE is marked. Run it from a Command Prompt, for example, and you won't get any warning.

Compare this to what happens if you set the NTFS permissions to deny execute permission to the file--nothing will be able to execute it until you grant execute permission.

All Windows system files are compared with a copy of the original every time they are accessed by the System File Checker.

That's nice, but what does that have to do with the subject at hand? Which is that Windows does not check for, or verify a digital signature on EXEs before executing them. At the very least, CreateProcess() should return an error if a signature exists, but cannot be verified--that means the EXE has been tampered with or is otherwise corrupt. The caller could, perhaps, do something special if it wanted to run the EXE anyway. Something along the lines of how on Vista, when you run an EXE that is marked as requiring elevation and the caller doesn't have admin privs, CreateProcess() returns ERROR_ELEVATION_REQUIRED.

I can tell you like to think of yourself a "power user", but that you don't actually know how all of this stuff works. Come back when you get a clue.

Re:BULLSHIT FUD

[sexconker]

Again you fail.

The zone setting for usb flash drives is "local",
and thus, you don't get the warning with default settings.

If the application needs admin-level access (like any decent malware would), you still get the warning in XP.

Vista has UAC, though you may still get the warning there, I don't know.

If you're running it from the command prompt, you're seeing the real file extension, aren't you? FAIL AGAIN SIR.

Who cares about NTFS permissions? What does that have to do with anything?

"What does that have to do with the subject at hand?" you ask (about SFC)? NOTHING. YOU brought up notepad.exe, moron!

The ENTIRE fucking article is about dumb users being tricked by malware named, for example, virus.txt.exe.

I have shown that users will get a warning when opening the file.
You claimed it didn't happen, and spewed bullshit about notepad.exe.
I proved you wrong, and then you got pedantic about it not being an OS level check.
Then you brought up a filesystem permissions flag, who the fuck knows why since it's up to an OS whether or not to obey those.
Jesus, fuckface, get a clue.

Re:BULLSHIT FUD

[Dahan]

Hah, you aren't able to refute any of my points. You even reinforce then:

and thus, you don't get the warning with default settings.

Exactly--you don't get the warning. So much for "Run virus.exe in XP (SP2), Vista, or (I presume) 7. What's that box? A security warning about unsigned code?"

Contrary to your claim, Windows does not show a any warning dialog box when running an unsigned EXE. Explorer shows a dialog when running an unsigned EXE if and only if a flag is set on the EXE. However, it's very easy to get an unflagged EXE that was downloaded from the Internet. Just put it in a ZIP file--if you're lucky, whatever you downloaded it with flagged the ZIP as being from the Internet. But extract the EXE (using Window's built-in ZIP support, for example), and the extracted EXE isn't marked as being from the Internet. No warning when you run it.

You completely fail it. Give it up already.

Re:BULLSHIT FUD

[sexconker]

Man, you just keep digging, don't you?

It's obvious you knew nothing, and just kept on internetting to find a scenario that would work.

You were confusing driver signing with this, you were confusing SFC with this.

By your own admission:

EXEs and such downloaded from the internet have their zone set as such, and will put up a warning.

ANYTHING you run that needs admin access in Vista or 7 will require UAC confirmation.

EXEs and such falsely named will have their names look visibly different form other items they're trying to masquerade as: ASS.TXT appears as "ASS", MORON.TXT.EXE appears as "MORON.TXT".

The only thing you can offer up is some moron getting a virus through sneakernet, or some dipshit downloading a zipped up virus.

Either way, you're not getting around the install check or the UAC without alerting the user.

What do you want - a popup for every bit of executable code? Do you want ALL EXECUTABLE CODE OUT THERE to be flagged as potentially dangerous?

Reach some more.

Re:sarcastic

[clone53421]

Sure, and then you'd have millions of calls to tech support lines from stupid users who now have to figure out how to enable the executable bit on legitimate software that they downloaded.

Re:sarcastic

[BigJClark]

This is why the standard editor would have to be smart enough to ensure it doesn't "open" a file with the executable bit set to 1. Maybe this is too much to ask. A little AI. Sigh, I know.

Re:sarcastic

[jonbryce]

It does have such a bit. That feature has been available since at least Windows 2000.

The only problem is that the bit is turned on by default.

Suddenly everyone's a lawyer

[gatkinso]

Spouting off about "moot" this and "moot" that.

Re:Ah, he(.conf) started(.d) (in)it...

[pi_rules]

Uh, can you name a *nix variant that won't spawn a process unless it has a certain file extension?

Go rename notepad.exe to 'ntp' and try and run it in Windows.

Always confused by this

[Wilson_6500]

I've never understood what was supposed to be more "user friendly" about looking several inches over on the screen to figure out what kind of file you're looking at. It's possible, I suppose, that most people are either still not accustomed to the standard file types--and therefore need the long descriptions over in that column--or just don't mind the clunky design. Then again, I think the default display type for Windows is still "Large Icons," isn't it? With that view, I really don't even know how people keep their unrecognized-type files apart, other than perhaps memorizing their icons and re-learning them whenever they install a new program.

The way a person interacts with a computer (that they'll use for any length of time) is very much an individual preference, possibly as much as the seat and mirror positions in a car. Maybe even more so. One of the first things any of us does when we set up a new system for our own use is to go in and set up the preferences we are used to using, making up the aliases we're accustomed to use, and so on. And then we largely forget about it.

Re:Ah, he(.conf) started(.d) (in)it...

[Nick+Ives]

Take away extensions from Windows l-users and a *NIX SysAdmin noob and see who cries first.

The *NIX noob, but only cos he's a noob. The actual system would still run flawlessly assuming everything was compiled + linked appropriately, of course. Windows depends on .{exe,dll,vxd} however.

Re:sarcastic

[clone53421]

Like that would matter, if the editor isn't a POS riddled with buffer-overrun exploits?

Last time I checked, opening a .exe in Notepad didn't present an infection vector, merely a bunch of gibberish.

What's next?

[SignalFreq]

Warning! Windows 7 allows people to steal your identity! *

* if you have browser cookies enabled and password caching and they have physical access to the keyboard.

Re:Moot?

[clone53421]

It does have "shortcuts", but it puts a little arrow in the corner of the icon to show that it's a shortcut.

Re:Ah, he(.conf) started(.d) (in)it...

[nine-times]

It doesn't seem to me that line-bundle was particularly blaming Bill Gates, Windows, or Microsoft. Using extensions in filename as the identifier of file-type is a common and long-standing practice, but it's also problematic.

Old News

[daveime]

Win 95 called, they want their story back.

I mean seriously, are we going to get a "security researchers uncover HUGE NEW RISK in Windows N" story, for every damn piece of crud Microsoft haven't fixed from the previous versions.

The extension "exploit" was being used to spread malware for donkeys years, and any sensible user turns it off the minute they do a fresh install. Why MS haven't fixed the default is beyond me, but it's NOT new, NOT huge, and definately NOT news for nerds.

Re:thats cause

[clone53421]

I know. Horrible, isn't it?

The trolling on here has been unbelievable the past few days. ;-)

Simple and safe

[Parker+Lewis]

Never hide the file extension.

Re:Simple and safe

[vux984]

Never hide the file extension.

Agreed. But if they embed the word icon, and its clearly called partyinvite.doc.exe, people will click on it anyway. So really, what difference does it make? The people who are going to be fooled are STILL going to be fooled.

This exists in XP too

[KingPin27]

The same feature exists in XP too - it's simply in the folder preferences of HIDE file extensions of known file types - I fail to see how this is new. Again just another over-exaggerated "problem" with Windows 7.

Yay

[m1ss1ontomars2k4]

Great. And? Mac OS X does the same thing. WHO CARES? It's the fault of the users for being stupid, not the fault of whoever made the OS.

Multiple periods (dots)

[wfstanle]

This would not be too much of an issue if M$ just implemented a simple rule. File names with multiple periods should never be executable even if the file extension is EXE, COM, BAT, VB etc. Something like this should not be too difficult to implement.

Re:Multiple periods (dots)

[clone53421]

What a stupid rule. Why not make filenames with an odd number of vowels always open in Notepad, while you're at it? Or why don't we just go back to the 8.3 format... no risk of multiple dots then.

I mean, nobody would ever have a valid reason to want an executable with multiple dots in its filename.

Like maybe,

"GIMP 2.6.6 setup.exe"

I have an entire folder full of such files.

Re:Multiple periods (dots)

[clone53421]

Hey, I'm in a bitchy mood. Sorry, that came across much harsher than necessary. Please... laugh... and don't hate me now. It was kind of supposed to be funny.

GNU/LINUX!!!!!!!

[The+End+Of+Days]

RMS is right now hunting you down to kill you. Possibly by suffocating you in his armpit. What a way to go.

Install routine

[AsmordeanX]

Install
Disable "Start Navigation Sound" (WHY MS? WHY DO YOU KEEP THIS ON?)
Unhide known extensions
Unhide system files

Re:LOL

[koiransuklaa]

Before getting all worked up about it, go to ubuntu.com or wikipedia and see what term is used first to describe Ubuntu.

The MacOS X approach

[Midnight+Thunder]

Upon reading this, I wondered whether MacOS X suffered the same issue, so I decided to test. I disabled the showing of all extensions (Finder preferences), duplicated Text Edit, so it appeared as "TextEdit 2" and then edited the visible name to "TextEdit 2.doc". The result was displaying itself as "TextEdit 2.doc.app". For other file types, such as a PDF doing the same thing results in being asked if you are sure you want to change the filename extension, though renaming from the Terminal a PDF from "toto.pdf" to "toto.doc.pdf" resulted in the same visual behaviour as the one observed for the application. Its an interesting solution to the problem, since basically if the file has multiple extensions they are all shown.

The issue described in the post has already caused me issues in the past on Windows XP, on a developer's machine, where extensions were not shown by default. Imagine an Apache conf folder that contains:
    http.conf
    http.conf.bak
The first one appears as 'http' and the second one as 'httpd.conf'. I didn't hit me straight away that the wrong file was being edited.

Does anyone know how Linux handles this in the various GUI file managers?

Re:The MacOS X approach

[Creepy+Crawler]

I'm on Ubuntu 9.04 Desktop
Every filename is displayed in full, as does every directory name.
As expected, .files and .directories are hidden from nautilus. You can easily unhide them by CTRL+H or the menu.
Symbolic links have a => arrow in the right upper corner signifying target is elsewhere.
Binary programs are not set, by default to execute. You must set the execute flag to ON (or run "/lib/ld-linux-x86-64.so.2 /path/to/binary"). Scripts are the same way.

Re:The MacOS X approach

[OverZealous.com]

Interesting, I was assuming that Macs would have the same issue, but I just checked. Not only does it force the showing of .doc.app, but it also doesn't allow you to hide it, period (even under Get Info).

Sadly, there is no easy way to enable the viewing of hidden files and folders (dot-files) in Finder. That's probably one of my biggest gripes. I was trying to restore a corrupted config directory for Aptana Studio (Eclipse), and I had to open it from the command line.

Re:The MacOS X approach

[melatonin]

That's probably one of my biggest gripes. I was trying to restore a corrupted config directory for Aptana Studio (Eclipse), and I had to open it from the command line.

Well, if you knew the name of it you could have just done View > Go to Folder (Command-Shift-G), and typed (for example) ~/.subversion.

Re:The MacOS X approach

[OverZealous.com]

Well, if you knew the name of it you could have just done View > Go to Folder (Command-Shift-G), and typed (for example) ~/.subversion.

True, however, that doesn't help with the fact that Time Machine still won't show you hidden files. At all. The best you can hope for is to find a non-hidden parent directory to restore.

In my case I was lucky, but there is no way that I know of, just as an example, to restore ~/.bash_profile without restoring your entire home directory.

Of course, the number of times Time Machine has saved me headaches, not to mention possible data loss, makes up for just about any deficiencies on a Mac. And I never had to "set it up" or "back up" anything.

Re:The MacOS X approach

[clone53421]

on a developer's machine, where extensions were not shown by default. Imagine an Apache conf folder that contains:
    http.conf
    http.conf.bak

Unknown extensions are shown by default. If .conf and .bak were hidden, it means he associated them with an application, and if he did that, it boggles my mind that he didn't also have the sense to also turn on file extensions or at the very least change the association property so that those extensions were always displayed.

Re:The MacOS X approach

[jonaskoelker]

Does anyone know how Linux handles this in the various GUI file managers?

No.

Re:The MacOS X approach

[Midnight+Thunder]

Just did a quick search, and came up with this:

http://lifehacker.com/software/command-line/show-hidden-files-in-finder-188892.php

haven't tried it yet.

Re:The MacOS X approach

[OverZealous.com]

Yeah, I knew about that. But did you notice the killall Finder ? This means you lose all open Finder windows just to show hidden files.

Of course, you can just leave it on. Really, it's just another minor annoyance. There's enough ways around it that it only is a problem occasionally (like the back restoration)...

Re:The MacOS X approach

[Midnight+Thunder]

Yeah, I knew about that. But did you notice the killall Finder ? This means you lose all open Finder windows just to show hidden files.

I did, but then again when I use MS-Windows I just opt to show all hidden files all the time.

Re:The MacOS X approach

[spitzak]

OS/X option is "hide *known* extensions". A file called x.foo (where .foo is an unrecognized extension) will show as x.foo. Also they seem to consider the first dot to be the start of the extension (rather than the last dot which is what Windows and I think most Linux software does). Therefore ".doc.pdf" is an unrecognized extension and shows up.

I still don't see any reason for this and turn off this option on OS/X.

Re:The MacOS X approach

[clone53421]

OS/X option is "hide *known* extensions".

Same for Windows.

they seem to consider the first dot to be the start of the extension (rather than the last dot which is what Windows and I think most Linux software does)

Well, that would be annoying... you wouldn't be able to use any files with dots in the filename (e.g. final paper draft 1.3.doc).

Re:The MacOS X approach

[Jason+O'Neil]

I'm running Ubuntu 8.04, which is a year old so settings might have changed but here's the default behaviour in Nautilus (the equivalent of Windows Explorer).

• The extensions are not hidden. So "myfile.doc" and "myfile.doc.exe" both display the full name, with the extensions.
• If I choose to rename a file, by default only the portion before the final extension is selected. So "innocent.doc" will select only "innocent" and "suspicious.doc.exe" will select "suspicious.doc".
• If you do change the extension, say from ".html" to ".jpg" it will now try to open it in the image viewer (and will fail).
• If you get rid of the extension, renaming "photo.jpg" to "photo", it seems to check the mimetype and pick the appropriate icon or thumbnail to display, and opens with the correct application.
• If an executable file tries to launch it will usually ask you "Display" "Execute" or "Cancel".

I find it interesting that without file extensions, the system still seems to work just fine. But they seem to be added because that's what people are used to, and that's what they receive in downloads / attachments and the like. And if there's a malicious file executable ending in '.doc', the user is expecting it to open in OpenOffice, so the it tries that, even if it knows it's the wrong mime-type, because that's what the user is expecting.

Re:The MacOS X approach

[atraintocry]

This always felt kind of hacky to me, but it's what I use in those situations:

http://www.apple.com/downloads/dashboard/developer/hiddenfiles.html

TBH if I have to screw around with dot-files in a GUI I like it to be Windows because I know it absolutely won't hide them. But then there's the problem of it not using Unix permissions...sigh.

Companion virus

[Fuzzums]

Aw. It looks like the good old days where people created a .com virus with the same name as a valid .exe file.

Re:Companion virus

[El_Oscuro]

I did the opposite. One of my Windows machines had a virus which associated itself with .EXE. I needed to edit the registry to clean it out, but the virus was intercepting all calls to .exe to protect itself. So I renamed regedit.exe to regedit.com and nuked it.

Re:Companion virus

[Fuzzums]

Cool. I had a laptop to clean some time ago. It had tons of malware and one of them stoppen the taskmanager when it was running. Renaming it to 1337manager worked, but right now I use ProcExp. It's so much better.

Re:Companion virus

[clone53421]

command.com /k regedit.exe would probably have worked.

Re:Moot?

[VGPowerlord]

I don't use windows much, but does it have anything resembling launchers for gnome?

My point is, if you make a launcher in gnome you can give it any icon you want and any filename you want and have it run any command you want. If windows has something like that then I would say the extension problem is moot.

Windows calls them shortcuts, and they've been around since at least Windows 3.0 in 1990. Nearly everything on the desktop is a shortcut.

Granted, in Windows, they have a little "right-turn" arrow on their lower-right corner to denote that they're shortcuts... unless the user turns those off.

Warning? News?

[pgn674]

Why is this a warning? "Warning! Nothing has changed!" As TFA says, this is the way Windows has worked for years across versions. Security people have always lamented this, and over the years many have suggested turning it off. This really isn't a new warning or news.

Well, TFA is surprised that Microsoft has kept a setting unchanged from one Windows version to another. But, I would think that if Microsoft were to have a change of heart and change the default setting, they would first do it for current versions of Windows in a service pack or maybe just an update. And if they were to introduce a new policy or dialog notice to reduce the threat of this default setting, they still would have done it in an update or service pack first, before doing it in a new version of Windows.

semi ot: handy shortcut

[NotQuiteReal]

why do they keep burying the windows explorer

You can always hit "Windows Key + E" to get Windows Explorer. Ironically, for reasons that are simply a quirk in my brain, I mentally say "Apple+E" every time I hit those keys...

Re:The reason for this setting is...

[VGPowerlord]

..to allow the typical Windows users to easily rename a file without having him or her remember the particular extension of the file.

Think of a noob trying to change the name of a file: "Image1.jpg" would become "Picture of my Dog Fluffy".

Of course after changing the name and eliminating the file extension, the file would no longer work with the user's favorite program, and chaos would ensue. MS merely nipped that problem before it started (and created another problem in the process!)

Vista fixed this. Now, when you rename a file, it highlights everything except the extension, so when you start typing, the extension isn't overwritten.

So, this is no longer a valid excuse for extensions being hidden by default.

LOL Redundant info

[Datamonstar]

How is knowing what kind of file is going into your computer redundant?

What kind of gas is that you're putting in your car? 92? 87? LEADED? It's redundant!

What kind of batteries are you putting into that device? 9 volt? AA? It's redundant!

There's no way a user would actually want to know want they're clicking on, right Microsoft?

Reminds me of...

[Temujin_12]

...another Windows bug I ran into the other day with how the IE engine deals with URLs.

Given the following URL (with the server properly responding with mime-type of octet-stream and an otherwise proper response):
http://www.somedomain.com/url/path/to/file.exe?query=string
 
... IE decides that since it doesn't know what a ".exe?query=string" extension is, so it strips the "extension off" and tries to connect to:
http://www.somedomain.com/url/path/to/file
 
... which (in my case) doesn't exist.

This is another example of why injecting proprietary meaning, which often contradicts with more fundamental established protocols, into processes/protocols is problematic.

Re:Reminds me of...

[shutdown+-p+now]

It's extremely strange, since I've actually worked with sites running as .exe (via CGI), and it worked fine.

PIF files

[Repton]

F-Secure points out that .PIF files will have their extension hidden even if you change the display option.

Q: Will that make all file extensions visible?
A: Well, no. There are executable extensions that will STILL be hidden even if you turn the option off.

Q: What?
A: For example PIF. This file type was meant to be a shortcut to old MS-DOS programs. Problem is, you can rename any modern Windows Executable to .PIF and it will happily run when double-clicked.

Q: How do you I make PIF files visible then?
A: Via a registry key called "NeverShowExt". We'd link you to an article in the Microsoft Knowledgebase... except we couldn't find any. But here's a Web page on the topic, from GeoCities, made by some hobbyist a couple of years ago. Maybe it's the best source of information on the topic.

Re:PIF files

[Phroggy]

Of course that web site will be gone in a few months, and the information will be lost. Even if someone mirrors the page, links to the old location will be broken.

Re:PIF files

[clone53421]

Good find.

I just went into regedit and deleted every "NeverShowExt" registry value.

Killed Explorer and restarted it. Now all my shortcuts have ".lnk" at the end, like they ought to. I like.

I'm not kidding.

Now I get it..

[alonzoit]

That explains why I had to manually rename a .exe I downloaded for antivirus software. Figures.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:How can this be? E-Mail , of course

[MMC+Monster]

MIME?

Sigh...

[InsertCleverUsername]

This has got to be one of the dumber anti-Windows trolls presented as news I've seen in a while. An evil hacker could also put a post-it note on an idiot's computer telling them to type "FORMAT C:" at a command prompt. People too dumb to recognize icons or use AV software just shouldn't be using computers.

That all said, I've always thought that extension hiding default was one of the more annoying things I have to kill every time I install Windoze. Seems like Redmond just keeps dumbing down the interface, forcing me to work harder at getting the details I need.

Re:Sigh...

[Dwedit]

"FORMAT C:" doesn't work because Windows refuses to format a drive which is mounted (and therefore locked).

Re:The reason for this setting is...

[Anita+Coney]

"Vista fixed this."

God, I never thought that sentence could ever make sense!

This looks like a

[B1oodAnge1]

PEBKAC situation. We can't fix that. Sorry. :-\

Fsck file extensions

[supersoundguy]

that is all.

Worst, Default, Ever.

[ConceptJunkie]

So why are they just now making this suggestion?! Windows has turned off filename extensions by default for 14 years now... since Windows 95!

In my opinion it is possibly the single stupidest thing Microsoft has ever done, and is always the first thing I turn off when sitting down at a Windows machine. Well, after turning off those stupid sounds and setting the UI to the Windows 2000 theme instead of that butt-ugly default theme in XP (and Vista too, if I used it, which I don't).

Re:The reason for this setting is...

[smash]

Vista fixed a lot of things. If you took Vista SP1, slapped some different eye candy on it, and called it Windows 7, half the people who are giving Vista shit and waiting for 7 would be none the wiser...

I'm installing the 7 RC this weekend. However I am actually fairly happy with Vista SP1 to be honest. No its not perfect, but its less "crap" than most other alternatives for my purposes (browsing, gaming a bit, managing an AD environment).

First thing...

[Crimson+Wing]

First thing I do with any new windows install is to both "Hide file extensions for known file types" and enable "Show hidden files". I do not like my computer hiding things from me. Ever.

Re:First thing...

[Crimson+Wing]

Er, "disable 'Hide extensions...'", that is. ...this is what I get for posting at 1:30 in the morning...

Re:First thing...

[clone53421]

Yup. Also, this.

well...

[polkunus]

I think it would be a better idea to show the extension while hovering over the icon or highlighting it.

Yet another PBKC?

[hitmark]

This is a combo of two issues.

1. Who came up with the "smart" idea of encoding the file type in the file name in the first place?!

2. Anyone with any kind of pre-win98 experience will look for the 3 letter code anyways as its been around since ms-dos 1.0 or something...

Oh, and "dual-typed" files are not the only issue. Lately i have seen IM messages from people about some page, that really is a download link to a .com file...

Pet Peeve

[Cyanara]

Don't get me wrong, it is a useful feature. It can be really annoying to write out a new file name only to have it wiped for forgetting the file extension, for which you have to restore the original file name to discover.

The really frustrating thing however is that Windows simply refuses to let you discover what that file extension is without making you go through the tedious task of turning them all on. How hard could it be to list it in the properties window for that file? Or perhaps be wildly radical and actually even let you change the file extension there! In fact, if it unequivocally told the average user what the real file extension on a maliciously named .exe actually was, it may just be helpful to some of them. Instead, they just tell you which program has been associated with that extension. I honestly can't believe no one at Microsoft has ever even considered this. It's one of my most common grievances.

Re:Pet Peeve

[clone53421]

Agreed. Ideally, the "You're changing the file extension, dumbass. Did you really want to do that?" should respond to "No" by appending the old extension to the filename I entered, since that's obviously what I meant to do and forgot. Instead of, you know, making me type it all over again.

Often I did intend to change the extension, and I like the ease of just renaming the file and clicking "Yes" when the dummy message pops up.

Then move 'My Documents'!

[Keeper+Of+Keys]

You can make 'My xxx' point at any location you like, even on a network drive - it doesn't have to be inside your profile folder.

Re:The reason for this setting is...

[Anita+Coney]

I use Vista on a Media Center PC I built. I bought it to use the latest unreleased to the public TV Pack (or whatever it was called) which fixed QAM channels.

Anyway, because it's basically a DVR I don't really use it enough to know what's different. The only thing I notice is that lot of the features/tasks are now buried, I guess to dumb down the interface to make it easier somehow. I honestly can't think of any other reason.

Here's an example, in every other version of Windows if you want to change the balance to your speakers, e.g., make the left speaker a little louder, you could just double click on the little speaker icon in the system tray, the Volume Mixer would come up, and you'd be good-to-go.

Not so with Vista...

1. Right click on that speaker icon.
2. Choose Playback Devices.
3. Select your playback device.
4. Click Properties.
5. Choose the Levels tab.
6. Click the balance button.
7. Adjust the balance of your speakers.
8. Click "OK."
9. Click "OK."
10. Click "OK."
11. Click "OK."

Wow, all that to change your speaker's balance. I hardly call that a fix. One step forward, and 11 steps back.

Re:MY GIRLDFRIEND IS BACK !

[clone53421]

Try Limewire.

Re:Moot?

[clone53421]

Granted, in Windows, they have a little "right-turn" arrow on their lower-right corner to denote that they're shortcuts... unless the user turns those off.

Turn them off? Don't you have to break out the ol' regedit to do that?

Well, I suppose you could find something to do it in a more user-friendly fashion, but I don't think I've ever seen anyone actually turn them off. In fact, I didn't even know it was possible until I ran a customised XP installation disc and discovered that they were disabled. Then I had to get on Google and figure out how to turn them back on...

Re:Why the .doc?

[clone53421]

You are an atypical user. Most people will be completely oblivious to these details.

Social Engineering

[Demonantis]

This attack vector has been well documented. Windows usually warns you when you launch an exe so only people that have the knee jerk reaction to continue all pop-ups. These people are not even saved by linux. They probably don't use linux because the password thing slows down their experience. It is not the OS's fault.

The *real* security problem!

[jonaskoelker]

[By the way, the security problem is not hiding the extensions. The real issue ... being executable by double click].

I don't agree.

I think the real security problem is that the only way to tell what a program does is

• "theoretically": by reading the source code
• experimentally: by running it.

For proprietary software, that leaves only "by running it". I don't know about you, but I don't read all the open-source code I run. See also the underhand C code contest (write malicious code that's read-the-source-resistant).

What would improve security somewhat is if each program specified what it wanted to do*, and then got promptly killed if it did anything else; AppArmor does something like this.

* Say, like "I want to write files below /home/${user who runs me}/.emacs.d/**", or "I'd like to make outgoing connections on all tcp ports", or "I'd like to listen for connections", or "I'd like to execute the following programs: [...]".

By having programs explicitly state their externally visible behavior, the user can know what the program does, and whether it's safe to run.

It won't be a panacea, and most people probably won't understand all the implications of letting programs listen for incoming connections on all ports and be able to run arbitrary other programs. But it will allow at least the technical users to have a security policy better than trusting or not trusting the source, which is all you realistically can do.

Never saw the problem there...

[NickW1234]

Well, back when I used windows I always turned this off anyways, but do the users who leave it on not notice that their .doc.exe file is the only one that shows a .doc extension on it?

This is default in Win98 too

[llzackll]

And maybe 95

Default Setting on Windows usually suck

[DigitalSorceress]

Windows has a few of these misguided attempts at being "user friendly".

Whenever I set up a new Windows PC (or whenever I first log on to a Windows PC) the first thing I do is fix certain defaults that I hate.

Here's what I do:

* Show the file extension
* Switch all folders to "Details" view
* Turn on "always show full menus" (or turn off the "personalize menus")
* Go back to Windows classic start menu (I hate what they did to it from XP onward)
* In Vista, I disable all the theming stuff to get rid of the GIANT DAMN ICONS that you get when dragging/dropping
* Turn off "friendly HTTP errors"
* Turn off automatic searching from the address bar in IE
* Remove Live as the IE search provider and set it to Google instead
* Install Firefox with NoScript and IE Tab and make it the default browser
* Set Windows Update to notify but not download or install (I wanna SEE what they're calling "Critical"... NO, IE8 is NOT. Thank you very much)

Right up there along side hiding known file extensions in the "what were they thinking" department was the IE Auto Search option for "just take me to the most likely site". I have to think that a LOT of folks got hit by phishing sites through that wonderful feature.

Feh.

Re:Moot?

[VGPowerlord]

There's a tool named TweakUI that Microsoft makes that can disable or change the transparency levels of the shortcut icon.

Re:Moot?

[clone53421]

IIRC, "disabling" them actually requires changing the icon to a fully transparent icon located in shell32.dll. I wasn't aware they had a transparency level — do you know if that's true for XP, or just Vista?

Re:Moot?

[VGPowerlord]

Windows has supported transparency on some desktop things (including program windows) since Windows 2000.

As for the shortcut overlay icon, it can be made completely transparent. Either that or removed completely, I'm not sure.

Re:Moot?

[clone53421]

Yeah, I knew transparency was supported in XP, but I didn't know the shortcut icon overlay could have an alpha value. Interesting.