Slashdot Mirror
Why We Should Stop Hiding File-Name Extensions
An anonymous reader writes 14 years after the Anna Kournikova virus took advantage of users' ignorance about file-name extensions in order to wreak worldwide havoc, virus writers and hackers are still taking advantage of the tendency of popular consumer operating systems to hide file-name extensions: Windows users still need to activate extension visibility manually – even though email-transmitted viruses depend most on less savvy users who will never do this. Additionally applications on even the latest versions of Apple's OSX operating system still require the user to 'opt in' to including a file-name extension during an initial save. In looking at some of the eccentricities of the modern user experience, this article argues that it might be time to admit that users need to understand, embrace and responsibly use the only plain-text, obvious indicator of what a file actually is.
The crap ones like Windows and OSX, they hide it because they assume the user is a drooling moron.
And most of the time they are right.
The first thing I do on windows is change the settings to show tilename extensions. Much of the confusion I see in others can be directly traced to the fact that they don't know what their files are.
Stop being afraid to make someone learn something useful to use a computer.
That being said, don't make people learn useless things. Design a powerful set of useful things to learn each of which is valuable and worth learning and remembering and then reward people for learning them by maintaining their usefulness
Making things overly simple robs users of the power to make things simple for themselves, and ends upt complicating their interaction with the computer.
...
The malware writers will never agree to i!
Sent from my ASR33 using ASCII
There's a whole slew of weird extensions now, that when clicked, do things.
Hiding file extensions is the second thing I disable when installing or first using a new Windows machine (right after auto-hiding the taskbar).
If I wanted a computer with training wheels I can't take off, I'd buy a Mac.
The problem isn't not looking at file name extension. It's trusting them. .txt name extension. Looking at the name extension will tell you absolutely nothing.
File name extensions are just a convention, and are not prescriptive except on very immature operating systems. There is nothing that prevents a JPEG file from being saved with a
I have a web server set up at home that serves html files with a .gif extension, and expects images to have a .html name extension. It works great, because the file name extensions are only advisory.
And then there's the Amiga, where you have prefixes, like mod.filename to signify a music score file with embedded samples. Again, it's just a convenience, and should never be trusted.
Instead of insisting that modern OS design carry forward an old and archaic standard set of digits describing the type of file, show users visual information about the file type/associations in way that is meaningful to them. If it is an executable file, don't make users parse that .exe is short for that, and in many cases .com and .bat can kinda work the same way. Give users a visual identifier that lets them know clicking this file will lead to this action. A web icon for anything that'll attempt to open itself from a browser, a document icon for something that will open in a document viewer, and so on.
Insisting on showing people a 3 character code that 99% of them are entirely ignorant of solves nothing.
It tells you nothing about the actual contents of the file.
Using extensions is just a convention as the file may actually contain an executable, or plain text, a jpeg.. or even an entire video.
The FAILURE is in those systems that ASSUME the extension contains what convention held.
And those that assume every file is an executable...
You really think this will happen with the current level of OS dumbing down?
I am Bennett Haselton! I am Bennett Haselton!
I've tried educating my users in the past to avoid this very same issue. Those who see computers as purely appliances no different than a refrigerator, don't care about file extensions even when it's enabled. They can't remember that .exe .com .bat .pif can potentially be dangerous, or that it's not part of their job responsibility. If anything, having extensions enabled increased confusion especially when the end-user would rename the file and remove or also change the file extension, rendering it unreadable. This is why file extensions are hidden in the first place. Icons make more sense and they can "get" what type of file it is without having thinking too hard about the extension - ie. Adobe Acrobat icon = PDF.
People are already used to icons and it's part of the technology lexicon. Just look at Apple and all of their i-devices; and Windows mimicking this. File extension is great for the people in IT and surrounding it, but for everyone else it's redundant or invisible already.
The real issue is not that file name extensions are hidden, the problem is the operating system does not properly detect and handle the file. The operating system should protect users in three ways:
1. Accurately detect and indicate what a file is (executable, image, video, document)
2. Warn if the file is executable and coming from an outside source. Modern versions of Windows do this.
3. When a new file comes onto the system from e-mail or the web, it should default to read/write access only, no executable permissions. This means the user must at least be savvy enough to change file permissions in order to become infected by an executable binary.
That always baffles me.
I'm kind-of-sort-of willing to concede to the demands by that fuckstick hipster who works in marketing who thinks that aesthetically filename extensions make the product too technical for other fuckstick hipsters who are also wound up about appearances. I don't agree, but I'm tired of arguing about it, at least when it comes to the consumer desktop OS.
But WHY IN THE FUCKING FUCK does the server operating system have the same goddamn "hide everything that might be confusing to marketing types and the mentally retarded" settings out of the box? What shithead, or group of shitheads, made that decision and WHY? As far as I'm concerned this is a deeper, more profound and transcendental stupidity than making Win Server use the Win8 start menu.
I find it particularly ironic given the Microsoft push to capture mindshare from CLI propellerheads with PowerShell Everything.
The filetype is now contained in the icon
The icon of an executable is set by the executable. Enjoy your porn.jpg.exe with a thumbnail icon.
If I have been able to see further than others, it is because I bought a pair of binoculars.
Modern operating systems flag downloads and show warnings before executing. This seems more useful than a file extension which will commonly be truncated from view, even if the OS is set to display them.
it might be time to admit that users need to understand, embrace and responsibly use the only plain-text, obvious indicator of what a file actually is.
Oh man, good one! You had me going until that line. Beautiful!
I just responded in another thread where actual programmers argued about whether or not it counts as "confusing" to split a delimited string without actually using the name "split" for the method that does the work.
And you want to try to get the average end user to understand the difference between ".XLS", ".XLSX", and ".XLSX.EXE"?
May as well swing for the fences, I suppose.
You can also switch to less retarded software. Well, maybe you can't. Even redmond publicly figured it out somewhere last year, but failed to amend their own defaults. After having been a true believer in hiding extensions for decades right in the face of the damage it caused. And all the users? They see the problem and can't be arsed to hit that "user friendly, intuitive" tick mark?
The real question then becomes, why even bring this up again? Why even try and bring reason to this thing? We know this. Everybody knows this. The manufacturer knows this. AND NOBODY DOES ANYTHING.
Me, I won't be doing anything because on my systems extensions have neither been hidden nor are significant to the system. I already made my choice, and I acted on it. Many years ago. All I can say is that apparently the simplest things are hard for you. But I've long ago lost my capability to even pity you.
Malware writers anticipated this, and simply use a file name that's so long, the extension part is not visible without scrolling. Combined with a convincing favicon, stuff gets clicked anyway.
this article argues that it might be time to admit that users need to understand, embrace and responsibly use the only plain-text, obvious indicator of what a file actually is.
"You can lead a horse to water but you can't make it drink."
The Microsoft horse already knows where the watering hole is; the problem is getting the horse to drink. They don't want to drink. To them making something appear user friendly is far more important than actually making it user friendly.
I remember decades ago when email was safe so long as you didn't open the attachments. Email was just plain text that got displayed, not interpreted, so it was pretty hard for email to do harm. Then one day my dad sent me an a lot of his friends an email warning about a new virus that you could get just by opening an email (you didn't have to open the attachment). I emailed him and his friends back telling them that that wasn't how email worked. Just don't open the attachments and you'll be fine, etc. Then I saw on the news that there was in fact such a virus because Microsoft had decided that it would be a great idea to interpret and execute code in email automatically. It still amazes me today that they did such a thing.
Anyway, yes it is SOP for me to enable showing extensions on any computer I use or have the opportunity to modify. Hiding extensions is like refusing to look at or smell any food you're given before eating it.
I often don't like the choices people make, but I like the fact that people make choices. That's why I'm a conservative.
No, I think that I name my files using something like a 255.3 format, and decrepit Windows gives me grief on having files that are nested too deep when combined with directory names.
Yeah but that's the problem. You get a "movie" file that's actually a .exe with a VLC icon or whatever. Not that I've ever downloaded a movie...
The tendency to treat the user like a moron is common on all the widely adopted consumer operating systems and it really does need to stop.
It just leaves otherwise intelligent people utterly baffled when simple things happen because they're kept in a fantasy land by their GUI.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
But WHY IN THE FUCKING FUCK does the server operating system have the same goddamn "hide everything that might be confusing to marketing types and the mentally retarded" settings out of the box?
The idea is that your receptionist should be able to follow the instructions, install Windows, and set up your small office. "Back in the day" it was ordinary to make the receptionist the sysadmin because they were the person in the building deemed to have time to take on additional duties. I've spent some fun times doing UUCP support with someone who has to have Unix characters (like bang and pipe) explained to them as a result.
I find it particularly ironic given the Microsoft push to capture mindshare from CLI propellerheads with PowerShell Everything.
The GUI is still the primary way to do things.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Yeah but that's the problem. You get a "movie" file that's actually a .exe with a VLC icon or whatever. Not that I've ever downloaded a movie...
Well if that VLC icon isn't a sign that something is wrong, then I don't know what will ever stop you!
When there were only a few file types capable of carrying an infectious payload, it was considered good design to execute a file based on header information, not file extension.
Now with so many different file types that are capable of carrying infectious payloads, I prefer an OS that executes files based on extension. Showing tiny little icons doesn't give me enough information. Put me in the camp of "Show me the Extension!" even if it is more than 3 characters.
This seems irrelevant. If you have a jpeg with a TXT extension, Windows at least will treat the file as a text file not an image.
Exactly. That's idiotic. If I walked up to you and stuck a sticker with ".cat" onto your back, would you meow?
What a file is, and the portion of the filename after the final dot, if any, should not have anything to do with one another. The assumption that any random file is what it says on the tin may have worked fine when computers were slow and security consisted of a big lock on the door to your office, but it has no place in 2015.
If your security model relies on users, then it's broken. Why should a user have to know what file extensions are? Make the OS secure and stop blaming users.
If you're trying to determine what the file type of a file is from an extension on the end of its name, you're engaging in industrial archaelology, not computer use. You can rename any file to have any 'extension'; consequently this idea is completely broken. The idea that you deal with this misfeature by hiding it just compounds the error.
I'm old enough to remember when discussions on Slashdot were well informed.
i've never understood why the unix file 'magic' approach wasn't used universally - it determines the type of a file based on the contents, usually the first few characters or lines.
As ever, wikipedia has an article on the file type detector command.
It's quick and easy, and usually more robust than relying on an appended file extension or even a declared MIME type.
"we demand rigidly defined areas of doubt and uncertainty!"
Leave Mac out of this discussion. The idea of using the file extension for anything is a more recent development on the Mac and one that was mainly driven by exchanging files with (mostly) the Windows world. On old Mac OS you had "type-codes", in OS X you still have "Uniform Type Identifiers". You cannot magically hide executes the same way you can on Windows.
On top of that "even" (or rather especially) in the most recent OS X version(s), by default you could not run anything unless the program was actually signed, approved and the certificate and app hadn't been revoked.
"Only one thing is impossible for God: To find any sense in any copyright law on the planet." - Mark Twain
Many people think porn is the dangerous thing to surf for.
I've removed malware from many a relative's PC. Only to have them go "but I never go to porn sites, how does this happen?"
It's terms like "free", "mp3", "wallpaper" and "download" that are dangerous, porn is actually relatively safe.
http://arstechnica.com/information-technology/2013/06/download-me-saying-yes-to-the-webs-most-dangerous-search-terms
The problem isn't not looking at file name extension. It's trusting them. File name extensions are just a convention, and are not prescriptive except on very immature operating systems. There is nothing that prevents a JPEG file from being saved with a .txt name extension.
I don't care how a file is saved so much as how it's "opened" (e.g. when it's double-clicked), particularly if "opened" == executed. Program files forced to display an "exe" extension to declare their capabilities (no matter their actual contents) can be treated with caution, but extension hiding by the OS ruins this safeguard.
Gui is not the primary way to do things in many cases the GUI is only a front end for the powershell that actually configures the product.
This is not about how your own application react to a file. this is how the operating system *does*. There is a convention in the operating system, particularly windows, that a .gif will be tried to be displayed as a picture and a .html as a web page. Your application may *chose* to interpret it as music for all we care, but the operating system will react by default as described.
This is why displaying and showing this is an executable is important. Although nowadays the windows operating system should warn you you are about to run an executable.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
No shortage of stupid user interface choices. Some of the ones I've hated the most.
* Hiding menu options, aka personalized menus
* Wholesale rearranging and renaming of user interfaces between versions, esp. for infrequently used options
* Super secret hidden files.
* Windows 8
I think the idea, at least for Windows, is that extensions are a legacy thing, and are still supported because they are the basis for determining file type. BUT, the reasoning is likely that they can be hidden from the user and only show the user the actual file type. Which is fine in theory, except that now you are training the user to recognize file type solely by icon, making it trivial to give a dynamic-icon type (like EXE, or the old SCR which users are unlikely to recognize) the same icon as a text file and subvert the user's expectations and make them think the file is safe. If you are not in Details mode or not grouping by File Type it is IMPOSSIBLE to reliably determine the type of a file without the extension!
Of course MS has added the whole Zone Identifier scheme and displays a nasty warning when trying to run dangerous files from the internet. I think this is a good measure to prevent this type of trickery, unfortunately people tend to click past such dialogs.
The idea of using file name extensions as a means to denote content/application association dates to the 1970s (or even earlier). It's an idea that deserves to die, along with Disco music.
Mac OS 9 and earlier got the OS/file system mechanisms right, with two file attributes. One denoted the contents of the file, and the other denoted the default (usually creating) application.
The challenge for OS designers is how to present this information to the user in some meaningful way. Cryptic text strings at the end of file names aint' it! And the ease by which these can be changed (particularly by malicious programs) are a bug, not a feature. If there's a way to prevent these attributes from being mis-applied/forged, that would be a real accomplishment.
I'll take the contrary point: why? What has changed? How is this any different than for the last couple of decades? I refused to use that OS until NT4, as the first useful version, but you could make exactly the same arguments (and we tried then too). Even though it was meant as a server OS for technically savvy users, it still talked down to you: you still had to go in to fix the defaults.
The right approach would be to stop encoding metadata such as "executableness" in filenames (that are under the control of an attacker.)
Good luck with that.
Windows users still need to activate extension visibility manually - even though email-transmitted viruses depend most on less savvy users who will never do this.
Live today, because you never know what tomorrow brings
wouldn't know a file extension if it hit her in the face
I mean, aren't all the people who care already doing something ?
aren't computers supposed to make life easier ?
the answer IS NOT more human intervention; the answer is automated in the background defense software
I mean, if we go back to pen and paper, don't all the virus issues go away ?
how about clay tables; the cost of transport will reduce spam
When I did Windows XP images for clients, I always set the Default User profile to display extensions.
I did this without asking, without any discussion beforehand, and only had to defend the decision once near the end of the design project... my defense was, "This is the right way to do it, so that's what we're doing." End of discussion.
The problem is that the OS is basing decisions on the file name extension, rather than some inherent property of the file. A property harder to change than just renaming the file.
(Granted, even *nix systems applications can make bonehead assumptions about files based on their extension (try passing a C code file that ends in something other than ".c" to gcc, for example*), but the OS won't try to execute something that doesn't have the right execute bit set.)
*(Oh, wait. gcc isn't a *nix program, it's a GNU program, and GNU's not Unix.)
The GUI is still the primary way to do things.
Not if you're running a core install, which is happening more.
Grammer Nazis - I mod you "troll" unless you actually add something on-topic. Yes, I know I have mispellings in my sig.
Filename extensions aren't as important as content type when it comes to GUIs.
...I'm kind-of-sort-of willing to concede to the demands by that fuckstick hipster who works in marketing who thinks that aesthetically filename extensions make the product too technical for other fuckstick hipsters who are also wound up about appearances....
Hiding filename extensions predates the hipsters by decades. Don't blame the hipsters for everything you don't like...
Hiding the extensions, is quite frankly, a slow motion disaster. Thousands and thousands of people clicking on the wrong file, staring in bafflement as to why they have multiple duplicate filenames. It cost, I'm sure, millions of hours of lost productivity worldwide over the years, all because some 20-something C++ programmer had a brainwave. That guy should have been fired the day after the release.
Moral of the story? STOP HIDING STUFF! I need to know where my folder is. I need to know what the filenames are. I need to know if they're read-write, read-only and what the permissions are. I need the IMPORTANT stuff easily available. What I don't need to know about are the friggin' media extensions, the color, font, size or any other trivial fact about the file.
Please do not read this sig. Thank you.
And they'll fling poo everywhere. Hint: 1/2 the people out there are below average, and you can't fix that by dumbing down something that takes a small sliver of brains to handle.
Whenever I see a Windows desktop with file extensions disabled, I always try to explain to the person that they should be switched back on, and most people are quite happy to do so (they only had them off because that was the default).
However I was quite dismayed when I looked at my mother's laptop (which I had installed Linux Mint on for her), and she had no file extensions either. It turned out that she thought they looked untidy, and had gone through and manually removed the extensions from every single file in her home directory!
Fortunately the file and mmv commands made short work of fixing this, but I was surprised to say the least.
But WHY IN THE FUCKING FUCK does the server operating system have the same goddamn "hide everything that might be confusing to marketing types and the mentally retarded" settings out of the box?
But you repeat yourself.
What does this have to do with OS X? On Windows the extension determines how the file is treated/opened when double clicked. In OS X this is done differently.
Sig?
doing UUCP support with someone who has to have Unix characters (like bang and pipe)
Odd. I found most receptionists understood what I meant by bang and pipe perfectly well.
Have gnu, will travel.
The other reason is that Anna Kournikova exploded on the male world 14 years ago. At first she wasn't hyped, she was a top-ranked female tennis player and guys suddenly found themselves spending 10 minutes or more watching a woman's tennis match on TV.
Now, she's old hat. Back then was different.
There are two problems. The first is that the OS allows you to run porn.jpg.exe having downloaded it from some random place on the 'net. I don't think that either OS X or Windows do: they'll both pop up a thing saying 'You are trying to run a program downloaded from the Internet, do you really want to?', which isn't normally something that happens when people try to open a file so ought to trigger them to avoid it (if it doesn't, then seeing the .exe extension probably won't either).
The second is that the OS allows programs and other file types to set icons at all before their first run. This also leads to confused deputy-like attacks where you think you're opening a file with one program but are actually opening it with something that will interpret it as code. The solution to this is probably to have programs keep their generic program icon until after their first run. If you double click on something that has a generic program icon, then you probably intend to run it...
I am TheRaven on Soylent News
Name + extension is not enough. Files should have a name, a type, and a subtype.
The types shouldn't be optional, but restricted to a list common to all OSs.
The subtype could be the "write whatever you want, and put as many exes as possible because exes are like painting things red so they go faster" crap that extensions are right now.
They ought also to stop lying about the actual filesystem layout in explorer by projecting somewhat too virtual (fake, buggy) namespaces.
Enjoy your porn.jpg.exe with a thumbnail icon
What makes you think I'd be stupid enough to click on an icon resembling the tip of a person's thumb?
.exe files don't run on my Mac but thanks tho. Enjoy your winbloze box.
We force the setting to show the file extensions to all users.
But I agree, it should be enabled by default.
"A plan fiendishly clever in its intricacies"- Homer Simpson
Are you autistic? Serious question.
It's the same indication of the Open Door Mentality in regards to Security that MS devs have. Most of them were born in a fucking barn that was on fire and all of the new ones they've hired now live in the same fucking burning barn.
Good example is the fight I had with a recent Skype install. Skype Wifi was included and activated by default on a fucking desktop w/o any wifi. Don't know about you but Skype charge folks to use Skype Wifi and it's not for my fucking benefit if I've got a bandwidth cap as they're not paying me for using my bandwidth. It's the same thinking in regards to the Click to Call feature. Have to fight to disable it. My phone service is a flat fee per month for unlimited within the country so why in hell would I use Skype to call someone when it's basically free for me anyhow?
Icons change. Text doesn't.
No, the problem is with extensions, and we should get rid of extensions once and for all. Those are an artifact of 1980s DOS times, and should not be used at all by modern systems. Maybe they are convenient for the user to see what kind of type the user should expect, but nothing more and the "hide extension" "feature" just shows the _problem_ of file extensions.
Modern systems should recognize file types based on the content of the file, not on some stupid extension. For example, a .jar, .ooxml and .odf file is just a zip file with special content. The system should recognize the content and open it as a Jar executable, or in your office app. That way, the system can ensure that the file type matches the file name, and activate anti-virus scans on any executable, be it .com, .exe or .jar or the silly nakedpic.jpg.exe.
http://www.mueller-public.de - My site http://www.anr-institute.com/ - Advanced Natural Research Institute
nudge nudge, wink wink
Then we build verification code into software so that when a program needed X file, it would only load it if it had the right extension.
Then things got a lot more complicated. We started building verification code into the first bytes of the data and added icon to tell humans what it was.
So someone decided that 'hey, we don't need this older, more primitive system of file extensions, lets' deprecate it by defaulting to hide it."
But the problem is the extension system is STILL useful and always has been useful. People like it because it lets them type into a search what kind of file to look for.
On top of that, icons are not in any way related to the system that the computer uses - the first few bytes of a data file. More importantly, we have found OTHER, BETTER uses for icons than to signify what kind of data it is - specifically the concept of displaying a short bit of the data - a micro photo of the photo, or a micro photo of a still shot from a movie.
As such, that leaves us NO simple way for a human to tell what kind of file the photo is.
File extensions have multiple real purposes. The attempt to deprecate and eliminate it was a stupid idea and needs to end. We need to tell the difference between a jpeg and a tiff, an mpg and wav.
The file extension in the main way a human can easily do that. We need file extensions and anyone that doesn't think that is a fool
excitingthingstodo.blogspot.com
Meanwhile, trying to use the browser on a Windows Server is an exercise in futility as everything has to be white-listed.
What seems even more stupid is that some OS's seem to think the last 4 characters of a filename convey some magical meanings -- like if it should be executable; or what application is should magically launch when clicked.
Many people think porn is the dangerous thing to surf for.
I've removed malware from many a relative's PC. Only to have them go "but I never go to porn sites, how does this happen?"
It's terms like "free", "mp3", "wallpaper" and "download" that are dangerous, porn is actually relatively safe.
http://arstechnica.com/information-technology/2013/06/download-me-saying-yes-to-the-webs-most-dangerous-search-terms
Yes, "free", but that's still a porn (though not porn specific) issue. I couldn't count the number of times I've seen porn sites that require you to download and run some executable in order to get access.
Are there any filesystems still in regular use that use extensions to file names? Or is everyone just talking about suffixes - that is, any characters that people append to the end of a filename to make a new filename?
Fiel name extensions were something subtly different than that.
Because it's a stupid idea.
If the extension determines something that the user should be aware of (what program will open it), then it needs to be shown, and modifiable to correct mis-identified files.
If the extension is merely a nice name, then the user need not care about seeing it or knowing it and should be able to change it at will.
Sadly, in Windows, the extension determines what program is associated and therefore opens a file (and, in part, whether it's executable!). It's encoding a file attribute into the name itself, which is a "layering" violation as far as I'm concerned.
Ideally, the mimetype would be associated with the file metadata and be as easily changeable as the name (e.g. drop-down box to "change" the file type it's interpreted as whatever the extension), but that's a nightmare that no sensible OS seems to have tackled. It wouldn't be that hard to "default" the mimetype to whatever the "file" utility detects it at on introduction of a new file, but nobody seems to want to do that.
Similarly,the "dot-hidden" files of Linux suffer the same fate. Just the name determines a kind of file attribute, which is silly and potentially dangerous or confusing ("I renamed it .jpg and it disappeared!").
While we're still using OS that trust and encode the filetype into the filename itself, we need the facility to change the detected filetype, and the facility to view the detected filetype. Hiding extensions only achieves the later (with a separate file type column, "Adobe Reader Document", etc.). Any cleverness with showing the extension on rename where it wasn't showing before will mean the user will strip out the file attribute when they rename over the top, and not showing the extension makes it more difficult to change what it opens in.
We created this problem back in the 8.3 filename days and NEVER properly solved it. Encoding metadata into the filename is the cause. Removing it is the solution. But without the infrastructure for that in place in every app, it's pointless to attempt it on a commercial world-wide OS.
YES, yes please.
Aside from the security issue it's such a waste of time and so confusing for people.
It is utter ridiculous that we still have to take ages to try to explain to people that they can't see the file we're talking about because they don't have any concept of what is because they've never seen the extension, even if they have any idea of what extensions are.
Then they'll try make their new file, only it won't work because notepad will save it out to 'config.cfg.txt' except of course they don't see the .txt, so you have to talk them through turning off 'show hidden file extensions', more time wasted.
I'm still shocked they left this unfriendly waste of time in windows 7, let alone 8 and 8.1.
Until windows uses a system similar to OSX for determining file type and exec status which is probably never going to happen, it is just a real hassle for a huge number of people to try and just hide it away and make out it's the same thing.
The computer's demeanor is, "It's my way or the highway and all the roads are closed."
Your professors will cover this later.
It little behooves the best of us to comment on the rest of us.
I hear the faint and cryptic laughter of Steve Jobs echoing in the distance...
Hiding Things?
Well of course, because modern UI design is all about obfuscating control over your device and interface.
Microsoft and the rest(this includes Linux desktops) don't want a "cluttered" user experience. UI designers seem to forget that people to need to modify and control their device and interface.
UI designers are too quick to "googlify" interfaces to such a degree that vast uncounted eons of time are wasted simply trying to modify simple things because UI designers have mandated a "spartan" and oh so Sprockets-like look and feel.
Users are tricked into thinking they shouldn't see the nuts and bolts.
Users are treated like idiots, and then become idiots.
We play the game with the bravery of being out of range
Dont forget "recovery", try to find a legit file recovery software on the internet, i dare you!
Completely agree. The fact that file extensions are hidden by default is, for me one of the most retarded and annoying things about Windows. Its literally the first thing I set after I renstall windows or get given a new windows PC at work, or even fix a friends PC.
Of course I always ask and explain first when I do it on someone elses PC.
Its surprises me how most people do actually prefer to see the extensions but never acutally enable it for themselves.
"Hipster" is just the nom de jure for a general type of douchebag we've had for years.
Usually associated with marketing, advertising and other sundry jobs which allow them to indulge their facile obsession with appearances and promote a bought-and-paid-for sense of aesthetic superiority and pseudo artistic sensibility.
I just got done cleaning up a client's system because they downloaded what they thought were MP3s from a site call MP3Boo or something like that, but one of the files wasn't an MP3. It injected his system will all kinds of malware, and it took a while to get all the crap scraped out of his file system.
I'm certainly not saying it's a panacea, but had he been able to see that the "song" was actually an executable, he *might* not have proceeded.
*** *** You're just jealous 'cause the voices talk to me... ***
Actually, yes. And now I once again feel dumb when I realized what I did. :) Yeah, yeah, he meant the mini image and not an actual human thumbnail. Facepalm for me.
why do we even need filename extensions?
If you are working at Apple, Google, Adobe, etc... PLEASE stop using the godamn ".jpg" extension and recognize my ".jpeg" files as being fucking JPEG files.
Get free satoshi (Bitcoin) and Dogecoins
So why in 2015 can't the operating system look at the extension, compare it to the MIME type (yes, you can detect the MIME type of the file) and warn you if they don't match?
You click on reports.from.sue.2015.05.txt.pdf.txt.xls.txt.exe and it says:
"The file you're opening says it's a .TXT file, but it's really an executable. Do you really want to run it and trash your system?"
Wrong.
The executable assigned to open the file is "contained" in the icon.
Even that is not always true: the wrong icon can be used intentionally by malware, and in the past I've had MS Windows mess up icon assignments.
I was once told by a MS-Windows user that he would be fine (or even welcome) showing the extensions but he can't set it that way. As then when you click a filename in File Explorer for renaming and write the new name (sure without typing the dot-and-extension) the file loses its extension.
This post...is so awesome.
They are hidden because they shouldn't exist. What you choose to name a file has nothing to do with what format it is in. Being able to rename myfile.jpg to myfile.txt would never make any sense as it wouldn't actually change the format of the file. We need to drop the file extensions entirely and go back to metadata. This hiding business is just to hide confusion for average users.
Furthermore, The format of the file has nothing to do with what application it should be opened in. Just because a school essay, a c++ source file, and a bash script could all technically be of the same text file format doesn't mean your OS should open your essay in a script editor, or open your c++ file in Microsoft Word. Meanwhile developers were creating .txf files which were identical to .txt files just to get them to open in the correct application forcing a user to change the file extension to .txt, if they wanted to open it in a different editor that didn't know what a .txf file was.
Yes, I admit I'm from the Classic MacOS camp which used metadata (type/creator codes). Then the file extensions crept in so that our friends' windows computers could know how to open our jpg or text files we emailed them. then file extensions crept in and became default in OSX and windows. Then I started see other platforms admitting the deficiency of file extension. I saw windows started to support metadata, I see linux using #! at the top of text files.
The dumbass at Microsoft who first came up with the idea of dropping the file extension. 'Oh, well, our users are really much too naive and unsophisticated to ever understand what file types are. It will just confuse them!"
Yeah, right. And by default? Godz .. that exceeds stupid and starts to move into criminal.
What the fuck year is this? Do you still name your files using the 8.3 format? The filetype is now contained in the icon. With long file names that are abbreviated it's not like I can see what the extension is anyway. When I need to know the extension I'll right click thanks.
What? The icon is arbitrary. I can give a file any icon I want. If I change the extension of a file, it affects how the file is handled by the OS. The icon, no so much.
"What the American public doesn't know is what makes them the American public." -Ray Zalinsky (Tommy Boy)
My understanding is that this sensibility included a respect for what might be considered vintage or old school. I'd think file-name extensions would definitely be old school.
I thought it was pretty funny. I'm glad I'm not alone in being overly literal at times :D
I never understood why Windows hides file extensions by default. Doing so makes Windows much more difficult to use. Changing that setting is literally the first thing I do with Windows. Hiding file extensions was one of the worst decisions made for Windows.
I always show the file extensions. I use detail view, too. Fuck icons, fuck folders, and as always fuck Apple.
Filename extensions are embedding file metadata in the file name, which is never a good idea. It's a kludgy solution to a problem we had when computers were significantly less capable than they are now. The fact that we haven't already eliminated them is yet another indication of the sad state of original thinking in the current generation of software engineers. And yes I know that the original MacOS let you put metadata in the resource fork of the file three decades ago.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
I don't know but I guess it's for the same reason that windows server 2012 (and r2) have the modern UI
What you wanna tell me that that windows 2012 datacenter edition is not running on a tablet???
and stop embedding and showing icons inside executable files and stop deciding what is an executable or not based on the file name (that is manipulable by the sender)
In most situations that downloaded file confirmation dialog is just a nagging thing you need to click through, so its usefulness in preventing users from executing disguised .exe files is limited, especially because you need to understand the significance of the dialog in the first place, which most users probably don't. The users might as well just think that it's a glitch that the image viewer is suddenly displaying a confirmation dialog. Showing the file extension would help about as much as having this confirmation dialog, if not more, but the real solution would be not making the files executable by default in the first place. You should have to right click and click 'Run' or something along those lines to run downloaded executable files.
Deus est fatalis
Hey man, no kinkshaming.
Extensions do nothing for non-developers besides lulling them into false sense of security. An average user is not going to know that .cpl is an executable. And what could be safer than .doc? Well, Word has a turing complete macro language that has been exploited countless times. Extensions will not even help you because you just have to fat finger an icon once to have persistent malware on your computer for years.
Nope, the real answer is system level protection to ensure that an app can not do any more damage than a text file. Application sandboxing works pretty well on mobile. Yes, there is always cat and mouse game with malware, but infected phones/tablets are much less common than desktops or laptops. Most "infections" are free games that run on background and open ads in your browser rather than credit card number keylogging. I think this should be default experience on a consumer device. Freedom of tinkering and development is also very important, but should involve explicit steps and visual reminders to make sure no software or person can gain unrestricted access to your device without your knowledge and understanding.
File extensions were originally something that humans put on files to tell each other what they were. Around 1974, for example, I might have a file called "phlist.txt" on an PDP-11 and my cow-orkers would know that was a phone list in raw ASCII format. The OS did not care, labels were for humans. If you wanted to tell the OS to execute a program, you typed "run filename" and if it wasn't an executable you'd get an error message.
Then unix and friends came along, and put an "executable bit" in the metadata for each file, so that you didn't have to type "run" any more. If you typed the name of a file, and it had the executable bit set, the system treated that as if you'd run it. Saved some ink on the teletype, don't you know.
Well, 8-bit micro computers running CP/M and DOS came along, and they sort of half-assed the concept. They still didn't have very much metadata on files, but the extensions .exe and... hmmm... something else I forget right now... were designated as "special". If you typed a word that the system did not recognize, it would look for a file with that name followed by .exe, and try to execute it.
But then Apple came along and built resource forks into their file system metadata, so they were able to associate information about what applications and/or utilities were used to create a file, and give some recommendations on what should be done if a user simply clicked the file. A really significant advance for filesystems, at least in theory.
Now, Microsoft wanted to make people believe that their OS and file system were as capable as the early Apple Macintoshes (pre-OSX) so they faked up a sort of back-alley version of the resource fork using file extensions. They were already checking for that .exe extension anyway, so most of the infrastructure to do this was already in place, they just jammed some hacks in to generalize the mechanism for all file extensions. And then they hid the extensions, so that to a clueless end-user it looked exactly like an Apple mac - you clicked on a file named "phone list" and the phone list application opened up.
This hare-brained scheme doesn't really work like Apple's, of course, because instead of including extra information about the file in the file metadata, instead they have built a separate list of file "types", designated by extension, and actions to associate with those types. In terms of the required slashdot car analogy, this is the difference between having the name of your state or country blazoned on your license plate, or having a giant book where you can look up the number of a car's license and see what state the car was registered in. Obviously the latter is inefficient and scales poorly as well as being fundamentally less capable and having no consistency across individual machines. Using the Apple method, if someone gives me a file with a resource fork, I get the resource metadata with the file. Using the Microsoft method, somebody gives me a file and maybe - if I'm lucky, and have the same applications installed - I will have the same resources associated with the file extension that the person giving me the file had on their machine.
But people who grew up after all this was invented can rarely see how stupid this all is, and always has been. It's like the idiocy of having the label of the volume MFD being the same as the subfolder separator character - nearly all of you young folks think that actually makes sense, in the same way that people brought up in the Westboro Baptist Church think raving bigotry makes sense. You've been conditioned to accept it.
This is only one of several giant steps backwards in computer technology. We used to have automatic file versioning but now programmers are so thoroughly conditioned they don't even seem capable of understanding why that was so awesome.
Now get off my damn lawn, you whippersnappers!
You forgot the obligatory reference.
Have gnu, will travel.
Isn't one of the first steps after the base install is done to fix that brain-dead default? Seriously, there is zero need for discussion here, there are just people with a minimum of understanding and clueless morons. The clueless morons are beyond help anyways.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Why trust users to know what file extensions are "safe" and which are not? Surely the same computer that shows "ImportantFile.doc" to the user when it's really "ImportantFile.doc.exe" can be smart enough to pop up a message when someone clicks on it: "Hey, this filename *looks* like a document, but it's really an executable so instead of opening a document, I'm going to run it. It's probably a terrible idea to run it, so I'm not going to do it, you'll have to rename it to something less ambiguous if you really want to run it. But you should't do that. Really. I'm not kidding."
The old Mac OS - pre 10 - had a separate resource fork in the file that carried around what app created the file and the file type. I really can't believe that we're still using file extensions. The name of a file should be completely separate from the type.
Like
/*" > fubar.txt
echo "sudo rm -rf
chmod 777 fubar.txt
Yep, can't be harmful, it's a text file.
A filename is the key to access a file. A part of this key is not enough to identify the file. If the operatiing system displays only part of the name it is broken and defect. To hide some parts of the filename (extension is never used in the file system accessing the data on the disk) is a badly broken idea. It is like you have only part of the key to your flat or car and the car is guessing the other part.
It's always the first thing I do when I install a new version of windows... Why people even want to work without the extentions is a mystery to me..
But then again, I always like to know what a file exactly is.. I also never understood why it's off by default...
I have noticed this trend in OSs, Windows/OSX hide file extensions. Windows hides filesystem structure in "Libraries" (Complete Bullshit by the way. I went through and removed them from the registry, only to have them reappear after an update). Windows hides system files. Web browsers hide the protocol info. HTTP:\\ or FTP:\\ I do not like it.
Testdisk.
I find adding "FOSS" to the search term instead of "Free" makes a huge difference.
The idea of using file name extensions as a means to denote content/application association dates to the 1970s (or even earlier).
I first encountered filename extensions in 1966, on a DEC PDP-6. We had 36 bits (six characters) for the file name, and 18 bits (three characters) for the extension. Early extensions were .FOR (for Fortran) and .REL (for relocatable binary). The .EXE extension on executable programs was invented in the late 1960s for the Execute command, which would compile and link your program if your sources were newer than your executable.
There should not even be extensions on files. A fork (metadata) containing the MIME type with appropriate icon or tooltip is sufficient. But all these OSes wish to be maintain legacy compatibilty with a convention that has been obsolete since the early days of the Amiga and Macintosh.
I somewhat prefer the model of Xerox Star (or was it Alto?) in that there were not applications, but views/handlers for different types of documents.
Then give me the option to use a better UI.
It doen't matter how smart a user is. Extensions are a part of a filename and under control of the user. Just do:
mv foo.exe foo.jpg
Now a user who sees the extension happily clicks it and *boom*.
libmagic does a fantastic job identifying file types. Why does not even one OS use it to display the right thing?
We gave them extensions for a reason - to let people easily tell what kind of code it was.
Historically, that isn't correct. File extensions were invented in the 1960s to distrnguish files for the same program but with a different purpose. For example, I might have a program named FOONLY. It is written in Fortran, so its source file is FOONLY.FOR. When I compile FOONLY.FOR the output of the Fortran compiler is FOONLY.REL. When I link FOONLY.REL the output of the linker is FOONLY.EXE.
In a system like this, hiding the file extensions would be counter-productive.
The main thing for me is the default taskbar layout. Why does it use unnecessarily huge icons by default (even before Win8 and it's touchscreen stuff)? Why does it group all the windows of one application into one button, making it take longer to switch to specific windows? Why doesn't it display names of the open windows by default even if there's plenty of space on the taskbar?
Microsoft seems to have a fetish for hiding as many words and buttons as possible from the user. That seems to be their definition of "user friendly".
I disagree, hiding file extensions is an excellent idea which helps buy countless cars and houses for microsoft certified people every year. Just think of all those poor struggling technicians who spend all their time re-imaging systems!
The use of file name extensions to indicate file types is a feature of some Digital Operating Systems like VMS that has been aped by CP/M and MS-DOS. The MacIntosh System uses a separate file type indicator and Unix uses magic (4) bits even though they sometimes use suffixes for C source files.
Every single computer on which I work, or set up new, in my shop has file extensions enabled straight away!
they think they're trying to open a data file. so they don't think what they're clicking on is a program downloaded from the internet.
you want to thumbnail pictures as their icons and you want to let programs choose an icon. the only way to make sure files that look like data aren't run as programs with the user's permissions is to show which files will be opened as programs. ls shows files with x permission in green, and only files with x permission can be run directly. and you don't just type the name of a file to get it to open, anyway.
in a visual environment, need some unmistakable, unforgable flag for things that will be run when doubleclicked.
This is why.
Of course, part of the problem ifs that I'm using an "everything" computer. Then having to do some other task or wait on an existing one since it's nowhere near complete and has to be done later. Then these windows build up.
If they weren't group, I'd be hunting through 82 buttons, which has the same effect as having to click twice.
Huh, they run just fine on mine. Must be all the Wine.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
As far as I'm aware most people find the grouping on the taskbar useful. Fortunately Microsoft did the right thing here and not only made a helpful feature but also remembered to make it optional. I wish they'd do that more often.
To disable it and have a separate button on your taskbar for each window, right-click on your taskbar and click "Properties". Look for a combo box labelled "Taskbar buttons"; it should have a value of "Always combine, hide labels" by default. Change it to one of the other values and press "OK" - no more button-grouping on your taskbar.
I used to support an office of several hundred clerks starting from the Windows 3 days.
When the extensions are exposed, some people would change the extensions for some reason known only to the non-verbal half of their brain or perhaps just typing clumsiness.
Now they can't open the spreadsheet by just clicking on it, and worse yet, they seem to most often do that in the shared departmental folders.
One typical thing that happened was when gradualy transitioning the office newer versions of MS Word, so some people could open .docx documents and some could not. .docx to .doc. Yay! that should work.
The solution? Just rename
Anyway, a long time ago it became obvious that making it difficult for users to change file extensions would reduce support calls, and so here we are now.
As many other posters above me pointed out, the real problem is that the extension is used to determine the file-type association.
So why not have it group only when the taskbar is full? IIRC that used to be the default, but now it groups even if there's plenty of room.
focusesm.ind
savespa.ce
makesyou.mad
"du jour" is what you're after : "of the day" while de jure means "by law"
Windows Server is in fact a desktop operating system too. What was called Citrix, then TSE, then RDS is a facility to push the Windows Server's desktop onto plain Jane office users and possibly your marketing execs. Though these days, it is possible to push a single app (I'd do that in a heartbeat if it was free as beer)
Extensions are hidden because they instruct the operating system what program should be used to open a file. Without it the file will be useless. Everyday users won't be careful enough to not mess up the file extension when they create a new file or rename a file.
The Anna Kournikova virus did not "wreak worldwide havoc". In fact all it did was generate additional spam of itself.
Let me guess why people don't change the executable permissions in Windows more often. One is that it's not as clearly visible as the "Allow this file to run as a program" checkbox in Nautilus or Thunar or other X11/Linux file managers. The other is that permissions other than "write" don't stick on most removable media, which is formatted FAT32 or exFAT.
perhaps the solution is not to automatically display a file extension, but rather show the file/object that it will be launched with when clicked on. You don't see 'trip photo.png' but instead, 'trip photo (Photoshop)'. This makes naming files things like 'readme.txt.vbs' less useful of an attack vector.
HA! I just wasted some of your bandwidth with a frivolous sig!
It's not clear if the music folder is for own composed music or purchased music.
I assume that Microsoft assumed that "own composed music" is such a small edge case that music industry professionals would be able to handle it with their own in-house best practices. Evidence is that Microsoft includes the "Xbox Music" (formerly Zune) app in Windows but doesn't include even the simplest sequencer. Or has Microsoft added one to Windows 10?
You forgot one: the Ribbon. Not only is it the only user interface change I have ever seen that caused multiple experienced power users of a product be unable to find basic functionality, even now that I have been forced to get used to it, I find it slows me down considerably, because most things take an extra click or two (usually at near-opposite ends of the ribbon, adding all the seek time as well) and (unlike a toolbar) there's no guarantee that a common button is going to be where you expect it. Yes, there are keyboard shortcut alternatives, but because they're not advertised until you hit the ALT key (and they're unlike anything from previous versions or other programs) I find I don't learn them. It's like someone read research on UI design and thought "how many of these things can we get away with ruining?", though I realise the more likely scenario is that some suit thought "hey, I personally don't like our current toolbar+menus layout, and this Ribbon is a pretty design, let's use it everywhere!" without actually reading any UI design research or checking with real users.
Also, Clippy. ;-)
After Windows defaults to showing file extensions again, could they please stop chaning to reight-to-left mode in the middle of a file name (using Unicode) ?
Whith this trick, the file extension is displayed somewhere in the middle of the filename, and some midle 3 characters are displayed as the file extension.
"the only plain-text, obvious indicator of what a file actually is"
Yeah, because when i switch the "hot" and "cold" labels on my shower, that also changes the water temperatures? You realize that's what you are saying here, right? WOW
And people are talking about idiot users...what about idiot posters!
Well this is one of the things I do everytime I log on a new Windows (like unhiding those damn extensions!) but it's not working very well since all instance of the same app are still grouped, just with separate entries.
i.e. if I have 2 or whatever instance of whatever app I use, I can't just put one at the top of my taskbar, and the other on the bottom or wherever I want it - they always stay together but with 2 entries in the taskbar instead of one.
Oh well, guess it could be worse - they could have forced the default options and I would be stuck with both grouped taskbar entries and have it icon-only (just can't find myself with those meaningless icons. Text please! I have the screen space, thank you. No my taskbar is not at the bottom, stop assuming everyone use the same settings).
Other than libmagic, the only other library I have seen with this capability is https://github.com/technosaurus/MIMEtype ... the extension based MIME guessing is more extensive than libmagic while the magic matching is considerably less extensive (mostly image types IIRC). If you are working with known files, MIMEtype's extension-only matching is up to 100x faster because it doesn't need to open any files and only does a single binary search vs. libmagic's exhaustive linear search against a large dataset.
My biggest beef is they changed how default file search operates in explorer on win7, old search just looked at filenames, new one looks inside files. Complete pain in the arse, I'm the gate keeper for a large cvs repository, I don't want a list of 5000 .c files when I'm searching for a particular .h file, I want a list with just the .h file in it. If they must try and compete with grep then a simple "look inside files" checkbox on the old dialog would have been better. Or better still put the search feature from Visual Studio into explorer as a separate "search in files" right click option.
Personally I think MS's tendency to kill useful stable features and move the carcass to a different UI location is a 'plot' to sell more MS training courses for non-technical staff.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
When first run, an Windows should present the user with choices for setup.
1. I am an advanced user.
2. I am an average user.
3. I am a complete moron.
Then set it up with all settings easily available for 1. For 2, it should have a little more hand holding. And for 3, it should just shut down, possibly with the message "Get a Mac."
I'm curious:
Is there anyone here who does not, upon sitting at another person's computer, immediately un-hide file extensions if they are hidden?
Further, has anyone here ever had a user object to having their file extensions un-hidden?
I suspect the answer to both is "no".
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
even the original thread starter seems to have forgotten about certain control codes and their uses inside a filename?! ...read on: ...and we have the same morons to thank for that fact, yep: microsoft
unfortunately we are already way *past* the point where not hiding the filename extension (alone) anymore would do any good even to the more experienced users - meaning the ones who actually *could* give you a more comprehensive list of which file extensions actually are considered an executable...
am i really the only one who some time in the past came across certain files that suddenly listed different filenames (including different file extensions!) with some nonprintable crap when copied to a samba file server and viewed from the linux directory listing ?
reason: some idiot at microsoft decided some malware authors needed an even better helping hand than just hiding file extensions. ...or does *anyone* think there really is a *need* for the following functionality *outside* malware ?
there are control codes to reverse the writing direction -- yes, some languages are written left-to-right, some others right-to-left.
a modern multi-language capable OS needs to deal with that -- *but* WTF *inside* one and the same filename ?
(why not restricted at least to directory level, like "all files in here are in language xy, so list accordingly", even if i really would prefer it to not be part of any file system / control code at all, but rather a trigger for the directory viewer a.k.a. explorer: menu entry like "view using language configured : a b c" that is only there if configured for multi-language, for obvious security reasons).
the following example hopefully makes my point clear:
the way it is now you can construct a file like "some-title_ripped_by_some-nickname-ending-with-exe.mp3" looking like a non-executable mp3 that when listed on any OS that does *not* honor those control code crap convention, like any linux for example....
there it suddenly looks this way: "some-title_ripped_by_some-nickname-ending-with-#3pm.exe" where "#" is showing as undecipherable graphics crap -- the above mentioned control code to reverse the filename printing direction to "from-right-to-left"... inside the very same filename !
this is no fool's joke i have actually seen malware disguised using this technique "in the wild" for example on usenet...
so the minimum requirement must be to equip the user with a kill-switch for that stupid functionality -- i do not know of any, as of now in my windows7 professional that is configured to only use one single language -- in addition to not hiding the filename extension
Windows do: they'll both pop up a thing saying 'You are trying to run a program downloaded from the Internet, do you really want to?', which isn't normally something that happens when people try to open a file
I beg to differ. Occasionally on Windows 8.1, I've opened a text file and still seen an alert to the effect "You are opening a text file downloaded from the Internet; are you sure?".
Brogrammers.
captcha: repulse
How could you possibly blame this on filename visibility?
The user is given a single interface which does one of two things:
A) view a file's contents
B) perform arbitrary actions to whatever it wants on your computer
There are various problems here (not the least of which is that "arbitrary" part, due to horribly broken security models, which think that the least-protected files should be the ones which are not automatically verifiable or automatically replaceable), but the most obvious, and easiest to correct, is the part that calls "execute" and "view" from the same button.
These days it's all the rage to abuse unicode control characters to hide the extension, for example a file that appears to be called "big_narcs.jpg" might actually be "big_nagpj.scr". If the extension is shown it just looks like a relatively harmless jpeg image, but in reality it is a malicious windows executable with a .scr extension. Executables can of course define their own custom icon so they can still be made to look like an image file as well.
Anyone with a large item inventory on Steam and public comments enabled on their profile over the last few months has almost certainly been hit with numerous attempts to infect them with malware using this trick with the line "here's a screenshot of my trade offer".
Pretty much. The user double clicks the icon and answers "No" and doesn't get to see jiggly bits. So the user double clicks the icon again and says "Yes" this time.
If I have been able to see further than others, it is because I bought a pair of binoculars.
It's a problem in two parts, but what it really comes down to is that when you double click, you don't actually know if data will be viewed or a program will execute. Is it REALLY a surprise to anyone that that's a gamble you will lose sooner or later?
Fundamentally, having the same action mean more than one thing is asking for trouble. There needs to be one action to open and another to execute.
Next, the icons themselves should indicate an executable even if it does not end in .EXE. Some sort of emblem should take care of it.
Yeah, they were called "Trendsetters" back then. Blame the fucking trendsetters!
Ugh, trust MS to fuck up a reasonable UI choice. On OS X, by default, it only happens for programs and requires you to close the dialog and then bring up the context menu for the program while holding a modifier key. You don't know how to do it unless you've actually read all of the way to the end of the dialog, so it generally protects people.
There are some interesting corner cases though, such as shell scripts. The file manager doesn't know if the thing that you tell it to open a shell script with is a text editor or a script interpreter, so may warn spuriously.
I am TheRaven on Soylent News
Whenever I create a new install, physical or vm, setting the option to show file extensions is one of the first tasks. If a VM, it is a task to run before the first snapshot.
I always bugs me when hair extensions are obvious.
Star Trek transporters are just 3d printers.
MIME types have both standard types defined, plus a defined process for vendor extensions. Yes, via IANA.
The RFCs specifying what is needed before an IANA "designated expert" will accept a new Internet Media Type are a lot of documentation for a new programmer to read and understand, and my attempts to search the web for easier-to-digest introductory information from third parties weren't very fruitful. There's also a week's turnaround for this designated expert to make a decision. And if, say, the development of a new video game produces 20 different internal asset data formats used by the game and by its modding tools, would the designated expert appreciate having to review the registration of each of these formats as an Internet Media Type? I think I'm misunderstanding something very fundamental, and I know there's much I don't know.
Thirdly file types which have no additional requirements for registration, yet unambiguous are easy, by simply prefixing them with an already registered domain (usually reversed). e.g. com.google.whateverthefuckgooglewanttocalltheirnewfiletype.
Or io.github.some_username.some_projectname.some_type, right? I can get behind that in theory. But it'll take a lot of reengineering of container formats such as file systems and archives. Does FAT32, the default file system for removable storage media 32 GB or smaller such as USB flash drives and SDHC cards, support attributes such as content type? Wikipedia says FAT32 does not support extended attributes. Does exFAT, the default file system for larger removable storage media such as SDXC cards? Wikipedia does not say one way or the other. And Zip, a very common archive format, currently doesn't fully support extended attributes either and won't until Info-ZIP Zip 3.1 comes out.
You don't get it. It's not "right". The problem people find stupid is simply the name. You could just call "My Documents" Documents and be done with it. It's the "My" part that we find condescending, patronizing, and just awkward to say. It ends being a Who's on First type discussion.
Wrong again, AC! You get your work done because you get left alone in your basement cube to rot since no one can stand interacting with your Oh So Bubbly(tm) attitude. Since everyone wants to hang out with me, I don't get hardly anything done, yet the boss still loves me. You sound jelly, bro.
Oh you mean like a short set of letters attached to the end of the file? Genius!
It's 2015 and the title of this article isn't "Why We Should Stop USING Filename Extensions".
It's worse these days, because Windows got smarter and more "helpful". You can have a file called image.png and if it's actually an executable, it will be identified as an executable and run. I think in particular IE is very prone to this, because it tries to guess what a file really is and execute the associated action. So if you are downloading image.png that's a Office doc, it will open in Office instead of showing a broken image.
Even worse, the file can also mask the .exe part in Windows Explorer so it just displays porn.jpg yet somehow Windows Explorer does show the file type as an application.
Displaying file extensions is just good measure and turning them off by default is one of the biggest flaws in Windows. Still, changing the file extension is easy. Anyone can turn a .exe file into a .txt file or if malicious into something that is likely getting sent to an application that will attempt to execute the file as in run the instructions in it.
The real fix here is to make use of the magic number in the file header that truly tells what kind of file it is. Additionally, any app accepting file submissions has to check for that magic number and not just rely on flaky browse box extension filters that are easy to override or dumb checks on extension alone. As often, this comes down to properly testing applications, something that is just dropped in our new Agile world where delivering features as quickly as possible always trumps quality.