Slashdot Mirror
Why We Should Stop Hiding File-Name Extensions
An anonymous reader writes 14 years after the Anna Kournikova virus took advantage of users' ignorance about file-name extensions in order to wreak worldwide havoc, virus writers and hackers are still taking advantage of the tendency of popular consumer operating systems to hide file-name extensions: Windows users still need to activate extension visibility manually – even though email-transmitted viruses depend most on less savvy users who will never do this. Additionally applications on even the latest versions of Apple's OSX operating system still require the user to 'opt in' to including a file-name extension during an initial save. In looking at some of the eccentricities of the modern user experience, this article argues that it might be time to admit that users need to understand, embrace and responsibly use the only plain-text, obvious indicator of what a file actually is.
The crap ones like Windows and OSX, they hide it because they assume the user is a drooling moron.
And most of the time they are right.
The first thing I do on windows is change the settings to show tilename extensions. Much of the confusion I see in others can be directly traced to the fact that they don't know what their files are.
Stop being afraid to make someone learn something useful to use a computer.
That being said, don't make people learn useless things. Design a powerful set of useful things to learn each of which is valuable and worth learning and remembering and then reward people for learning them by maintaining their usefulness
Making things overly simple robs users of the power to make things simple for themselves, and ends upt complicating their interaction with the computer.
...
The malware writers will never agree to i!
Sent from my ASR33 using ASCII
There's a whole slew of weird extensions now, that when clicked, do things.
The problem isn't not looking at file name extension. It's trusting them. .txt name extension. Looking at the name extension will tell you absolutely nothing.
File name extensions are just a convention, and are not prescriptive except on very immature operating systems. There is nothing that prevents a JPEG file from being saved with a
I have a web server set up at home that serves html files with a .gif extension, and expects images to have a .html name extension. It works great, because the file name extensions are only advisory.
And then there's the Amiga, where you have prefixes, like mod.filename to signify a music score file with embedded samples. Again, it's just a convenience, and should never be trusted.
Instead of insisting that modern OS design carry forward an old and archaic standard set of digits describing the type of file, show users visual information about the file type/associations in way that is meaningful to them. If it is an executable file, don't make users parse that .exe is short for that, and in many cases .com and .bat can kinda work the same way. Give users a visual identifier that lets them know clicking this file will lead to this action. A web icon for anything that'll attempt to open itself from a browser, a document icon for something that will open in a document viewer, and so on.
Insisting on showing people a 3 character code that 99% of them are entirely ignorant of solves nothing.
You really think this will happen with the current level of OS dumbing down?
I am Bennett Haselton! I am Bennett Haselton!
That always baffles me.
I'm kind-of-sort-of willing to concede to the demands by that fuckstick hipster who works in marketing who thinks that aesthetically filename extensions make the product too technical for other fuckstick hipsters who are also wound up about appearances. I don't agree, but I'm tired of arguing about it, at least when it comes to the consumer desktop OS.
But WHY IN THE FUCKING FUCK does the server operating system have the same goddamn "hide everything that might be confusing to marketing types and the mentally retarded" settings out of the box? What shithead, or group of shitheads, made that decision and WHY? As far as I'm concerned this is a deeper, more profound and transcendental stupidity than making Win Server use the Win8 start menu.
I find it particularly ironic given the Microsoft push to capture mindshare from CLI propellerheads with PowerShell Everything.
The filetype is now contained in the icon
The icon of an executable is set by the executable. Enjoy your porn.jpg.exe with a thumbnail icon.
If I have been able to see further than others, it is because I bought a pair of binoculars.
Modern operating systems flag downloads and show warnings before executing. This seems more useful than a file extension which will commonly be truncated from view, even if the OS is set to display them.
it might be time to admit that users need to understand, embrace and responsibly use the only plain-text, obvious indicator of what a file actually is.
Oh man, good one! You had me going until that line. Beautiful!
I just responded in another thread where actual programmers argued about whether or not it counts as "confusing" to split a delimited string without actually using the name "split" for the method that does the work.
And you want to try to get the average end user to understand the difference between ".XLS", ".XLSX", and ".XLSX.EXE"?
May as well swing for the fences, I suppose.
this article argues that it might be time to admit that users need to understand, embrace and responsibly use the only plain-text, obvious indicator of what a file actually is.
"You can lead a horse to water but you can't make it drink."
The Microsoft horse already knows where the watering hole is; the problem is getting the horse to drink. They don't want to drink. To them making something appear user friendly is far more important than actually making it user friendly.
I remember decades ago when email was safe so long as you didn't open the attachments. Email was just plain text that got displayed, not interpreted, so it was pretty hard for email to do harm. Then one day my dad sent me an a lot of his friends an email warning about a new virus that you could get just by opening an email (you didn't have to open the attachment). I emailed him and his friends back telling them that that wasn't how email worked. Just don't open the attachments and you'll be fine, etc. Then I saw on the news that there was in fact such a virus because Microsoft had decided that it would be a great idea to interpret and execute code in email automatically. It still amazes me today that they did such a thing.
Anyway, yes it is SOP for me to enable showing extensions on any computer I use or have the opportunity to modify. Hiding extensions is like refusing to look at or smell any food you're given before eating it.
I often don't like the choices people make, but I like the fact that people make choices. That's why I'm a conservative.
No, I think that I name my files using something like a 255.3 format, and decrepit Windows gives me grief on having files that are nested too deep when combined with directory names.
The tendency to treat the user like a moron is common on all the widely adopted consumer operating systems and it really does need to stop.
It just leaves otherwise intelligent people utterly baffled when simple things happen because they're kept in a fantasy land by their GUI.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
But WHY IN THE FUCKING FUCK does the server operating system have the same goddamn "hide everything that might be confusing to marketing types and the mentally retarded" settings out of the box?
The idea is that your receptionist should be able to follow the instructions, install Windows, and set up your small office. "Back in the day" it was ordinary to make the receptionist the sysadmin because they were the person in the building deemed to have time to take on additional duties. I've spent some fun times doing UUCP support with someone who has to have Unix characters (like bang and pipe) explained to them as a result.
I find it particularly ironic given the Microsoft push to capture mindshare from CLI propellerheads with PowerShell Everything.
The GUI is still the primary way to do things.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Yeah but that's the problem. You get a "movie" file that's actually a .exe with a VLC icon or whatever. Not that I've ever downloaded a movie...
Well if that VLC icon isn't a sign that something is wrong, then I don't know what will ever stop you!
This seems irrelevant. If you have a jpeg with a TXT extension, Windows at least will treat the file as a text file not an image.
Exactly. That's idiotic. If I walked up to you and stuck a sticker with ".cat" onto your back, would you meow?
What a file is, and the portion of the filename after the final dot, if any, should not have anything to do with one another. The assumption that any random file is what it says on the tin may have worked fine when computers were slow and security consisted of a big lock on the door to your office, but it has no place in 2015.
If you're trying to determine what the file type of a file is from an extension on the end of its name, you're engaging in industrial archaelology, not computer use. You can rename any file to have any 'extension'; consequently this idea is completely broken. The idea that you deal with this misfeature by hiding it just compounds the error.
I'm old enough to remember when discussions on Slashdot were well informed.
i've never understood why the unix file 'magic' approach wasn't used universally - it determines the type of a file based on the contents, usually the first few characters or lines.
As ever, wikipedia has an article on the file type detector command.
It's quick and easy, and usually more robust than relying on an appended file extension or even a declared MIME type.
"we demand rigidly defined areas of doubt and uncertainty!"
Leave Mac out of this discussion. The idea of using the file extension for anything is a more recent development on the Mac and one that was mainly driven by exchanging files with (mostly) the Windows world. On old Mac OS you had "type-codes", in OS X you still have "Uniform Type Identifiers". You cannot magically hide executes the same way you can on Windows.
On top of that "even" (or rather especially) in the most recent OS X version(s), by default you could not run anything unless the program was actually signed, approved and the certificate and app hadn't been revoked.
"Only one thing is impossible for God: To find any sense in any copyright law on the planet." - Mark Twain
The problem isn't not looking at file name extension. It's trusting them. File name extensions are just a convention, and are not prescriptive except on very immature operating systems. There is nothing that prevents a JPEG file from being saved with a .txt name extension.
I don't care how a file is saved so much as how it's "opened" (e.g. when it's double-clicked), particularly if "opened" == executed. Program files forced to display an "exe" extension to declare their capabilities (no matter their actual contents) can be treated with caution, but extension hiding by the OS ruins this safeguard.
This is not about how your own application react to a file. this is how the operating system *does*. There is a convention in the operating system, particularly windows, that a .gif will be tried to be displayed as a picture and a .html as a web page. Your application may *chose* to interpret it as music for all we care, but the operating system will react by default as described.
This is why displaying and showing this is an executable is important. Although nowadays the windows operating system should warn you you are about to run an executable.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
No shortage of stupid user interface choices. Some of the ones I've hated the most.
* Hiding menu options, aka personalized menus
* Wholesale rearranging and renaming of user interfaces between versions, esp. for infrequently used options
* Super secret hidden files.
* Windows 8
I think the idea, at least for Windows, is that extensions are a legacy thing, and are still supported because they are the basis for determining file type. BUT, the reasoning is likely that they can be hidden from the user and only show the user the actual file type. Which is fine in theory, except that now you are training the user to recognize file type solely by icon, making it trivial to give a dynamic-icon type (like EXE, or the old SCR which users are unlikely to recognize) the same icon as a text file and subvert the user's expectations and make them think the file is safe. If you are not in Details mode or not grouping by File Type it is IMPOSSIBLE to reliably determine the type of a file without the extension!
Of course MS has added the whole Zone Identifier scheme and displays a nasty warning when trying to run dangerous files from the internet. I think this is a good measure to prevent this type of trickery, unfortunately people tend to click past such dialogs.
The idea of using file name extensions as a means to denote content/application association dates to the 1970s (or even earlier). It's an idea that deserves to die, along with Disco music.
Mac OS 9 and earlier got the OS/file system mechanisms right, with two file attributes. One denoted the contents of the file, and the other denoted the default (usually creating) application.
The challenge for OS designers is how to present this information to the user in some meaningful way. Cryptic text strings at the end of file names aint' it! And the ease by which these can be changed (particularly by malicious programs) are a bug, not a feature. If there's a way to prevent these attributes from being mis-applied/forged, that would be a real accomplishment.
The right approach would be to stop encoding metadata such as "executableness" in filenames (that are under the control of an attacker.)
Good luck with that.
Windows users still need to activate extension visibility manually - even though email-transmitted viruses depend most on less savvy users who will never do this.
Live today, because you never know what tomorrow brings
When I did Windows XP images for clients, I always set the Default User profile to display extensions.
I did this without asking, without any discussion beforehand, and only had to defend the decision once near the end of the design project... my defense was, "This is the right way to do it, so that's what we're doing." End of discussion.
The GUI is still the primary way to do things.
Not if you're running a core install, which is happening more.
Grammer Nazis - I mod you "troll" unless you actually add something on-topic. Yes, I know I have mispellings in my sig.
...I'm kind-of-sort-of willing to concede to the demands by that fuckstick hipster who works in marketing who thinks that aesthetically filename extensions make the product too technical for other fuckstick hipsters who are also wound up about appearances....
Hiding filename extensions predates the hipsters by decades. Don't blame the hipsters for everything you don't like...
Hiding the extensions, is quite frankly, a slow motion disaster. Thousands and thousands of people clicking on the wrong file, staring in bafflement as to why they have multiple duplicate filenames. It cost, I'm sure, millions of hours of lost productivity worldwide over the years, all because some 20-something C++ programmer had a brainwave. That guy should have been fired the day after the release.
Moral of the story? STOP HIDING STUFF! I need to know where my folder is. I need to know what the filenames are. I need to know if they're read-write, read-only and what the permissions are. I need the IMPORTANT stuff easily available. What I don't need to know about are the friggin' media extensions, the color, font, size or any other trivial fact about the file.
Please do not read this sig. Thank you.
Whenever I see a Windows desktop with file extensions disabled, I always try to explain to the person that they should be switched back on, and most people are quite happy to do so (they only had them off because that was the default).
However I was quite dismayed when I looked at my mother's laptop (which I had installed Linux Mint on for her), and she had no file extensions either. It turned out that she thought they looked untidy, and had gone through and manually removed the extensions from every single file in her home directory!
Fortunately the file and mmv commands made short work of fixing this, but I was surprised to say the least.
What does this have to do with OS X? On Windows the extension determines how the file is treated/opened when double clicked. In OS X this is done differently.
Sig?
doing UUCP support with someone who has to have Unix characters (like bang and pipe)
Odd. I found most receptionists understood what I meant by bang and pipe perfectly well.
Have gnu, will travel.
There are two problems. The first is that the OS allows you to run porn.jpg.exe having downloaded it from some random place on the 'net. I don't think that either OS X or Windows do: they'll both pop up a thing saying 'You are trying to run a program downloaded from the Internet, do you really want to?', which isn't normally something that happens when people try to open a file so ought to trigger them to avoid it (if it doesn't, then seeing the .exe extension probably won't either).
The second is that the OS allows programs and other file types to set icons at all before their first run. This also leads to confused deputy-like attacks where you think you're opening a file with one program but are actually opening it with something that will interpret it as code. The solution to this is probably to have programs keep their generic program icon until after their first run. If you double click on something that has a generic program icon, then you probably intend to run it...
I am TheRaven on Soylent News
Name + extension is not enough. Files should have a name, a type, and a subtype.
The types shouldn't be optional, but restricted to a list common to all OSs.
The subtype could be the "write whatever you want, and put as many exes as possible because exes are like painting things red so they go faster" crap that extensions are right now.
Enjoy your porn.jpg.exe with a thumbnail icon
What makes you think I'd be stupid enough to click on an icon resembling the tip of a person's thumb?
Not sure how Macs have training wheels, but my antediluvian MacBook running Yosemite shows all file extensions in the Finder, and when I'm using a shell window, ls -l and ls -la work just as well as in AIX, Linux, BSD, Solaris, or any other UNIX or UNIX variant.
I'm OS agnostic, and OS X has some annoying qualities [1], but being able to see file extensions isn't one.
[1]: My biggest complaint about not OS X specifically, but Mac hardware is that Apple killed off the XServe, You -can- rackmount a Mac Pro with a RackMac kit, but it would be nice if Apple still kept a toehold in the enterprise.
I don't mean to digress, but if Apple could make Macs that could connect to each other via Infiniband and read/write to each other's storage, it would be a platform that could run applications at SAN speed and reliability, but without the SAN, just local drive arrays. Doing this would ensure a niche in the enterprise. Apple even has a clustered filesystem, XSan, so in theory, if Apple did a bit of design, one could have a bunch of Macs with fault tolerance of failed drives and systems, similar to how the EMC Isilon arrays work.
We force the setting to show the file extensions to all users.
But I agree, it should be enabled by default.
"A plan fiendishly clever in its intricacies"- Homer Simpson
Icons change. Text doesn't.
No, the problem is with extensions, and we should get rid of extensions once and for all. Those are an artifact of 1980s DOS times, and should not be used at all by modern systems. Maybe they are convenient for the user to see what kind of type the user should expect, but nothing more and the "hide extension" "feature" just shows the _problem_ of file extensions.
Modern systems should recognize file types based on the content of the file, not on some stupid extension. For example, a .jar, .ooxml and .odf file is just a zip file with special content. The system should recognize the content and open it as a Jar executable, or in your office app. That way, the system can ensure that the file type matches the file name, and activate anti-virus scans on any executable, be it .com, .exe or .jar or the silly nakedpic.jpg.exe.
http://www.mueller-public.de - My site http://www.anr-institute.com/ - Advanced Natural Research Institute
I would add #4 -- detect when someone is trying to trick the end user. Multiple file extensions. The combination of a visible file extension that's harmless with one that's executable. Trap these conditions and treat the file with an extra level of harshness.
If one of us would see it as an obvious attempt to abuse the Windows file handler, then make it something that the common rube would not be able to execute even if they wanted to.
A Pirate and a Puritan look the same on a balance sheet.
Then we build verification code into software so that when a program needed X file, it would only load it if it had the right extension.
Then things got a lot more complicated. We started building verification code into the first bytes of the data and added icon to tell humans what it was.
So someone decided that 'hey, we don't need this older, more primitive system of file extensions, lets' deprecate it by defaulting to hide it."
But the problem is the extension system is STILL useful and always has been useful. People like it because it lets them type into a search what kind of file to look for.
On top of that, icons are not in any way related to the system that the computer uses - the first few bytes of a data file. More importantly, we have found OTHER, BETTER uses for icons than to signify what kind of data it is - specifically the concept of displaying a short bit of the data - a micro photo of the photo, or a micro photo of a still shot from a movie.
As such, that leaves us NO simple way for a human to tell what kind of file the photo is.
File extensions have multiple real purposes. The attempt to deprecate and eliminate it was a stupid idea and needs to end. We need to tell the difference between a jpeg and a tiff, an mpg and wav.
The file extension in the main way a human can easily do that. We need file extensions and anyone that doesn't think that is a fool
excitingthingstodo.blogspot.com
Meanwhile, trying to use the browser on a Windows Server is an exercise in futility as everything has to be white-listed.
What seems even more stupid is that some OS's seem to think the last 4 characters of a filename convey some magical meanings -- like if it should be executable; or what application is should magically launch when clicked.
Are there any filesystems still in regular use that use extensions to file names? Or is everyone just talking about suffixes - that is, any characters that people append to the end of a filename to make a new filename?
Fiel name extensions were something subtly different than that.
Because it's a stupid idea.
If the extension determines something that the user should be aware of (what program will open it), then it needs to be shown, and modifiable to correct mis-identified files.
If the extension is merely a nice name, then the user need not care about seeing it or knowing it and should be able to change it at will.
Sadly, in Windows, the extension determines what program is associated and therefore opens a file (and, in part, whether it's executable!). It's encoding a file attribute into the name itself, which is a "layering" violation as far as I'm concerned.
Ideally, the mimetype would be associated with the file metadata and be as easily changeable as the name (e.g. drop-down box to "change" the file type it's interpreted as whatever the extension), but that's a nightmare that no sensible OS seems to have tackled. It wouldn't be that hard to "default" the mimetype to whatever the "file" utility detects it at on introduction of a new file, but nobody seems to want to do that.
Similarly,the "dot-hidden" files of Linux suffer the same fate. Just the name determines a kind of file attribute, which is silly and potentially dangerous or confusing ("I renamed it .jpg and it disappeared!").
While we're still using OS that trust and encode the filetype into the filename itself, we need the facility to change the detected filetype, and the facility to view the detected filetype. Hiding extensions only achieves the later (with a separate file type column, "Adobe Reader Document", etc.). Any cleverness with showing the extension on rename where it wasn't showing before will mean the user will strip out the file attribute when they rename over the top, and not showing the extension makes it more difficult to change what it opens in.
We created this problem back in the 8.3 filename days and NEVER properly solved it. Encoding metadata into the filename is the cause. Removing it is the solution. But without the infrastructure for that in place in every app, it's pointless to attempt it on a commercial world-wide OS.
YES, yes please.
Aside from the security issue it's such a waste of time and so confusing for people.
It is utter ridiculous that we still have to take ages to try to explain to people that they can't see the file we're talking about because they don't have any concept of what is because they've never seen the extension, even if they have any idea of what extensions are.
Then they'll try make their new file, only it won't work because notepad will save it out to 'config.cfg.txt' except of course they don't see the .txt, so you have to talk them through turning off 'show hidden file extensions', more time wasted.
I'm still shocked they left this unfriendly waste of time in windows 7, let alone 8 and 8.1.
Until windows uses a system similar to OSX for determining file type and exec status which is probably never going to happen, it is just a real hassle for a huge number of people to try and just hide it away and make out it's the same thing.
The computer's demeanor is, "It's my way or the highway and all the roads are closed."
Your professors will cover this later.
It little behooves the best of us to comment on the rest of us.
I hear the faint and cryptic laughter of Steve Jobs echoing in the distance...
Hiding Things?
Well of course, because modern UI design is all about obfuscating control over your device and interface.
Microsoft and the rest(this includes Linux desktops) don't want a "cluttered" user experience. UI designers seem to forget that people to need to modify and control their device and interface.
UI designers are too quick to "googlify" interfaces to such a degree that vast uncounted eons of time are wasted simply trying to modify simple things because UI designers have mandated a "spartan" and oh so Sprockets-like look and feel.
Users are tricked into thinking they shouldn't see the nuts and bolts.
Users are treated like idiots, and then become idiots.
We play the game with the bravery of being out of range
Completely agree. The fact that file extensions are hidden by default is, for me one of the most retarded and annoying things about Windows. Its literally the first thing I set after I renstall windows or get given a new windows PC at work, or even fix a friends PC.
Of course I always ask and explain first when I do it on someone elses PC.
Its surprises me how most people do actually prefer to see the extensions but never acutally enable it for themselves.
"Hipster" is just the nom de jure for a general type of douchebag we've had for years.
Usually associated with marketing, advertising and other sundry jobs which allow them to indulge their facile obsession with appearances and promote a bought-and-paid-for sense of aesthetic superiority and pseudo artistic sensibility.
I just got done cleaning up a client's system because they downloaded what they thought were MP3s from a site call MP3Boo or something like that, but one of the files wasn't an MP3. It injected his system will all kinds of malware, and it took a while to get all the crap scraped out of his file system.
I'm certainly not saying it's a panacea, but had he been able to see that the "song" was actually an executable, he *might* not have proceeded.
*** *** You're just jealous 'cause the voices talk to me... ***
If you are working at Apple, Google, Adobe, etc... PLEASE stop using the godamn ".jpg" extension and recognize my ".jpeg" files as being fucking JPEG files.
Get free satoshi (Bitcoin) and Dogecoins
Wrong.
The executable assigned to open the file is "contained" in the icon.
Even that is not always true: the wrong icon can be used intentionally by malware, and in the past I've had MS Windows mess up icon assignments.
I was once told by a MS-Windows user that he would be fine (or even welcome) showing the extensions but he can't set it that way. As then when you click a filename in File Explorer for renaming and write the new name (sure without typing the dot-and-extension) the file loses its extension.
This post...is so awesome.
What the fuck year is this? Do you still name your files using the 8.3 format? The filetype is now contained in the icon. With long file names that are abbreviated it's not like I can see what the extension is anyway. When I need to know the extension I'll right click thanks.
What? The icon is arbitrary. I can give a file any icon I want. If I change the extension of a file, it affects how the file is handled by the OS. The icon, no so much.
"What the American public doesn't know is what makes them the American public." -Ray Zalinsky (Tommy Boy)
Given that from 10.9 onwards you have IP over Thunderbolt, I don't think you need Infiniband anymore. You can run XSan over Thunderbolt just fine, with a bunch of macs in a mesh network. All you need is thunderbolt cables, no other hardware needed.
A successful API design takes a mixture of software design and pedagogy.
I never understood why Windows hides file extensions by default. Doing so makes Windows much more difficult to use. Changing that setting is literally the first thing I do with Windows. Hiding file extensions was one of the worst decisions made for Windows.
I always show the file extensions. I use detail view, too. Fuck icons, fuck folders, and as always fuck Apple.
Filename extensions are embedding file metadata in the file name, which is never a good idea. It's a kludgy solution to a problem we had when computers were significantly less capable than they are now. The fact that we haven't already eliminated them is yet another indication of the sad state of original thinking in the current generation of software engineers. And yes I know that the original MacOS let you put metadata in the resource fork of the file three decades ago.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
I don't know but I guess it's for the same reason that windows server 2012 (and r2) have the modern UI
What you wanna tell me that that windows 2012 datacenter edition is not running on a tablet???
and stop embedding and showing icons inside executable files and stop deciding what is an executable or not based on the file name (that is manipulable by the sender)
In most situations that downloaded file confirmation dialog is just a nagging thing you need to click through, so its usefulness in preventing users from executing disguised .exe files is limited, especially because you need to understand the significance of the dialog in the first place, which most users probably don't. The users might as well just think that it's a glitch that the image viewer is suddenly displaying a confirmation dialog. Showing the file extension would help about as much as having this confirmation dialog, if not more, but the real solution would be not making the files executable by default in the first place. You should have to right click and click 'Run' or something along those lines to run downloaded executable files.
Deus est fatalis
Extensions do nothing for non-developers besides lulling them into false sense of security. An average user is not going to know that .cpl is an executable. And what could be safer than .doc? Well, Word has a turing complete macro language that has been exploited countless times. Extensions will not even help you because you just have to fat finger an icon once to have persistent malware on your computer for years.
Nope, the real answer is system level protection to ensure that an app can not do any more damage than a text file. Application sandboxing works pretty well on mobile. Yes, there is always cat and mouse game with malware, but infected phones/tablets are much less common than desktops or laptops. Most "infections" are free games that run on background and open ads in your browser rather than credit card number keylogging. I think this should be default experience on a consumer device. Freedom of tinkering and development is also very important, but should involve explicit steps and visual reminders to make sure no software or person can gain unrestricted access to your device without your knowledge and understanding.
File extensions were originally something that humans put on files to tell each other what they were. Around 1974, for example, I might have a file called "phlist.txt" on an PDP-11 and my cow-orkers would know that was a phone list in raw ASCII format. The OS did not care, labels were for humans. If you wanted to tell the OS to execute a program, you typed "run filename" and if it wasn't an executable you'd get an error message.
Then unix and friends came along, and put an "executable bit" in the metadata for each file, so that you didn't have to type "run" any more. If you typed the name of a file, and it had the executable bit set, the system treated that as if you'd run it. Saved some ink on the teletype, don't you know.
Well, 8-bit micro computers running CP/M and DOS came along, and they sort of half-assed the concept. They still didn't have very much metadata on files, but the extensions .exe and... hmmm... something else I forget right now... were designated as "special". If you typed a word that the system did not recognize, it would look for a file with that name followed by .exe, and try to execute it.
But then Apple came along and built resource forks into their file system metadata, so they were able to associate information about what applications and/or utilities were used to create a file, and give some recommendations on what should be done if a user simply clicked the file. A really significant advance for filesystems, at least in theory.
Now, Microsoft wanted to make people believe that their OS and file system were as capable as the early Apple Macintoshes (pre-OSX) so they faked up a sort of back-alley version of the resource fork using file extensions. They were already checking for that .exe extension anyway, so most of the infrastructure to do this was already in place, they just jammed some hacks in to generalize the mechanism for all file extensions. And then they hid the extensions, so that to a clueless end-user it looked exactly like an Apple mac - you clicked on a file named "phone list" and the phone list application opened up.
This hare-brained scheme doesn't really work like Apple's, of course, because instead of including extra information about the file in the file metadata, instead they have built a separate list of file "types", designated by extension, and actions to associate with those types. In terms of the required slashdot car analogy, this is the difference between having the name of your state or country blazoned on your license plate, or having a giant book where you can look up the number of a car's license and see what state the car was registered in. Obviously the latter is inefficient and scales poorly as well as being fundamentally less capable and having no consistency across individual machines. Using the Apple method, if someone gives me a file with a resource fork, I get the resource metadata with the file. Using the Microsoft method, somebody gives me a file and maybe - if I'm lucky, and have the same applications installed - I will have the same resources associated with the file extension that the person giving me the file had on their machine.
But people who grew up after all this was invented can rarely see how stupid this all is, and always has been. It's like the idiocy of having the label of the volume MFD being the same as the subfolder separator character - nearly all of you young folks think that actually makes sense, in the same way that people brought up in the Westboro Baptist Church think raving bigotry makes sense. You've been conditioned to accept it.
This is only one of several giant steps backwards in computer technology. We used to have automatic file versioning but now programmers are so thoroughly conditioned they don't even seem capable of understanding why that was so awesome.
Now get off my damn lawn, you whippersnappers!
You forgot the obligatory reference.
Have gnu, will travel.
Isn't one of the first steps after the base install is done to fix that brain-dead default? Seriously, there is zero need for discussion here, there are just people with a minimum of understanding and clueless morons. The clueless morons are beyond help anyways.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Why trust users to know what file extensions are "safe" and which are not? Surely the same computer that shows "ImportantFile.doc" to the user when it's really "ImportantFile.doc.exe" can be smart enough to pop up a message when someone clicks on it: "Hey, this filename *looks* like a document, but it's really an executable so instead of opening a document, I'm going to run it. It's probably a terrible idea to run it, so I'm not going to do it, you'll have to rename it to something less ambiguous if you really want to run it. But you should't do that. Really. I'm not kidding."
The old Mac OS - pre 10 - had a separate resource fork in the file that carried around what app created the file and the file type. I really can't believe that we're still using file extensions. The name of a file should be completely separate from the type.
Like
/*" > fubar.txt
echo "sudo rm -rf
chmod 777 fubar.txt
Yep, can't be harmful, it's a text file.
It's always the first thing I do when I install a new version of windows... Why people even want to work without the extentions is a mystery to me..
But then again, I always like to know what a file exactly is.. I also never understood why it's off by default...
I have noticed this trend in OSs, Windows/OSX hide file extensions. Windows hides filesystem structure in "Libraries" (Complete Bullshit by the way. I went through and removed them from the registry, only to have them reappear after an update). Windows hides system files. Web browsers hide the protocol info. HTTP:\\ or FTP:\\ I do not like it.
Testdisk.
I find adding "FOSS" to the search term instead of "Free" makes a huge difference.
The idea of using file name extensions as a means to denote content/application association dates to the 1970s (or even earlier).
I first encountered filename extensions in 1966, on a DEC PDP-6. We had 36 bits (six characters) for the file name, and 18 bits (three characters) for the extension. Early extensions were .FOR (for Fortran) and .REL (for relocatable binary). The .EXE extension on executable programs was invented in the late 1960s for the Execute command, which would compile and link your program if your sources were newer than your executable.
We gave them extensions for a reason - to let people easily tell what kind of code it was.
Historically, that isn't correct. File extensions were invented in the 1960s to distrnguish files for the same program but with a different purpose. For example, I might have a program named FOONLY. It is written in Fortran, so its source file is FOONLY.FOR. When I compile FOONLY.FOR the output of the Fortran compiler is FOONLY.REL. When I link FOONLY.REL the output of the linker is FOONLY.EXE.
In a system like this, hiding the file extensions would be counter-productive.
The main thing for me is the default taskbar layout. Why does it use unnecessarily huge icons by default (even before Win8 and it's touchscreen stuff)? Why does it group all the windows of one application into one button, making it take longer to switch to specific windows? Why doesn't it display names of the open windows by default even if there's plenty of space on the taskbar?
Microsoft seems to have a fetish for hiding as many words and buttons as possible from the user. That seems to be their definition of "user friendly".
I disagree, hiding file extensions is an excellent idea which helps buy countless cars and houses for microsoft certified people every year. Just think of all those poor struggling technicians who spend all their time re-imaging systems!
The use of file name extensions to indicate file types is a feature of some Digital Operating Systems like VMS that has been aped by CP/M and MS-DOS. The MacIntosh System uses a separate file type indicator and Unix uses magic (4) bits even though they sometimes use suffixes for C source files.
Every single computer on which I work, or set up new, in my shop has file extensions enabled straight away!
This is why.
Of course, part of the problem ifs that I'm using an "everything" computer. Then having to do some other task or wait on an existing one since it's nowhere near complete and has to be done later. Then these windows build up.
If they weren't group, I'd be hunting through 82 buttons, which has the same effect as having to click twice.
Huh, they run just fine on mine. Must be all the Wine.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
As far as I'm aware most people find the grouping on the taskbar useful. Fortunately Microsoft did the right thing here and not only made a helpful feature but also remembered to make it optional. I wish they'd do that more often.
To disable it and have a separate button on your taskbar for each window, right-click on your taskbar and click "Properties". Look for a combo box labelled "Taskbar buttons"; it should have a value of "Always combine, hide labels" by default. Change it to one of the other values and press "OK" - no more button-grouping on your taskbar.
I used to support an office of several hundred clerks starting from the Windows 3 days.
When the extensions are exposed, some people would change the extensions for some reason known only to the non-verbal half of their brain or perhaps just typing clumsiness.
Now they can't open the spreadsheet by just clicking on it, and worse yet, they seem to most often do that in the shared departmental folders.
One typical thing that happened was when gradualy transitioning the office newer versions of MS Word, so some people could open .docx documents and some could not. .docx to .doc. Yay! that should work.
The solution? Just rename
Anyway, a long time ago it became obvious that making it difficult for users to change file extensions would reduce support calls, and so here we are now.
As many other posters above me pointed out, the real problem is that the extension is used to determine the file-type association.
So why not have it group only when the taskbar is full? IIRC that used to be the default, but now it groups even if there's plenty of room.
"du jour" is what you're after : "of the day" while de jure means "by law"
It is much slower to do it this way. It means that instead of just parsing the directory entries it needs to open every file and read the header to figure out the file type.
This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
Adobe Acrobat icon = PDF, or malware executable masquerading as a PDF by co-opting the Acrobat icon.
Fixed that for you.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
Windows Server is in fact a desktop operating system too. What was called Citrix, then TSE, then RDS is a facility to push the Windows Server's desktop onto plain Jane office users and possibly your marketing execs. Though these days, it is possible to push a single app (I'd do that in a heartbeat if it was free as beer)
The Anna Kournikova virus did not "wreak worldwide havoc". In fact all it did was generate additional spam of itself.
Let me guess why people don't change the executable permissions in Windows more often. One is that it's not as clearly visible as the "Allow this file to run as a program" checkbox in Nautilus or Thunar or other X11/Linux file managers. The other is that permissions other than "write" don't stick on most removable media, which is formatted FAT32 or exFAT.
perhaps the solution is not to automatically display a file extension, but rather show the file/object that it will be launched with when clicked on. You don't see 'trip photo.png' but instead, 'trip photo (Photoshop)'. This makes naming files things like 'readme.txt.vbs' less useful of an attack vector.
HA! I just wasted some of your bandwidth with a frivolous sig!
It's not clear if the music folder is for own composed music or purchased music.
I assume that Microsoft assumed that "own composed music" is such a small edge case that music industry professionals would be able to handle it with their own in-house best practices. Evidence is that Microsoft includes the "Xbox Music" (formerly Zune) app in Windows but doesn't include even the simplest sequencer. Or has Microsoft added one to Windows 10?
Well this is one of the things I do everytime I log on a new Windows (like unhiding those damn extensions!) but it's not working very well since all instance of the same app are still grouped, just with separate entries.
i.e. if I have 2 or whatever instance of whatever app I use, I can't just put one at the top of my taskbar, and the other on the bottom or wherever I want it - they always stay together but with 2 entries in the taskbar instead of one.
Oh well, guess it could be worse - they could have forced the default options and I would be stuck with both grouped taskbar entries and have it icon-only (just can't find myself with those meaningless icons. Text please! I have the screen space, thank you. No my taskbar is not at the bottom, stop assuming everyone use the same settings).
My biggest beef is they changed how default file search operates in explorer on win7, old search just looked at filenames, new one looks inside files. Complete pain in the arse, I'm the gate keeper for a large cvs repository, I don't want a list of 5000 .c files when I'm searching for a particular .h file, I want a list with just the .h file in it. If they must try and compete with grep then a simple "look inside files" checkbox on the old dialog would have been better. Or better still put the search feature from Visual Studio into explorer as a separate "search in files" right click option.
Personally I think MS's tendency to kill useful stable features and move the carcass to a different UI location is a 'plot' to sell more MS training courses for non-technical staff.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
I'm curious:
Is there anyone here who does not, upon sitting at another person's computer, immediately un-hide file extensions if they are hidden?
Further, has anyone here ever had a user object to having their file extensions un-hidden?
I suspect the answer to both is "no".
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
Windows do: they'll both pop up a thing saying 'You are trying to run a program downloaded from the Internet, do you really want to?', which isn't normally something that happens when people try to open a file
I beg to differ. Occasionally on Windows 8.1, I've opened a text file and still seen an alert to the effect "You are opening a text file downloaded from the Internet; are you sure?".
These days it's all the rage to abuse unicode control characters to hide the extension, for example a file that appears to be called "big_narcs.jpg" might actually be "big_nagpj.scr". If the extension is shown it just looks like a relatively harmless jpeg image, but in reality it is a malicious windows executable with a .scr extension. Executables can of course define their own custom icon so they can still be made to look like an image file as well.
Anyone with a large item inventory on Steam and public comments enabled on their profile over the last few months has almost certainly been hit with numerous attempts to infect them with malware using this trick with the line "here's a screenshot of my trade offer".
Pretty much. The user double clicks the icon and answers "No" and doesn't get to see jiggly bits. So the user double clicks the icon again and says "Yes" this time.
If I have been able to see further than others, it is because I bought a pair of binoculars.
It's a problem in two parts, but what it really comes down to is that when you double click, you don't actually know if data will be viewed or a program will execute. Is it REALLY a surprise to anyone that that's a gamble you will lose sooner or later?
Fundamentally, having the same action mean more than one thing is asking for trouble. There needs to be one action to open and another to execute.
Next, the icons themselves should indicate an executable even if it does not end in .EXE. Some sort of emblem should take care of it.
Ugh, trust MS to fuck up a reasonable UI choice. On OS X, by default, it only happens for programs and requires you to close the dialog and then bring up the context menu for the program while holding a modifier key. You don't know how to do it unless you've actually read all of the way to the end of the dialog, so it generally protects people.
There are some interesting corner cases though, such as shell scripts. The file manager doesn't know if the thing that you tell it to open a shell script with is a text editor or a script interpreter, so may warn spuriously.
I am TheRaven on Soylent News
Whenever I create a new install, physical or vm, setting the option to show file extensions is one of the first tasks. If a VM, it is a task to run before the first snapshot.
I always bugs me when hair extensions are obvious.
Star Trek transporters are just 3d printers.
MIME types have both standard types defined, plus a defined process for vendor extensions. Yes, via IANA.
The RFCs specifying what is needed before an IANA "designated expert" will accept a new Internet Media Type are a lot of documentation for a new programmer to read and understand, and my attempts to search the web for easier-to-digest introductory information from third parties weren't very fruitful. There's also a week's turnaround for this designated expert to make a decision. And if, say, the development of a new video game produces 20 different internal asset data formats used by the game and by its modding tools, would the designated expert appreciate having to review the registration of each of these formats as an Internet Media Type? I think I'm misunderstanding something very fundamental, and I know there's much I don't know.
Thirdly file types which have no additional requirements for registration, yet unambiguous are easy, by simply prefixing them with an already registered domain (usually reversed). e.g. com.google.whateverthefuckgooglewanttocalltheirnewfiletype.
Or io.github.some_username.some_projectname.some_type, right? I can get behind that in theory. But it'll take a lot of reengineering of container formats such as file systems and archives. Does FAT32, the default file system for removable storage media 32 GB or smaller such as USB flash drives and SDHC cards, support attributes such as content type? Wikipedia says FAT32 does not support extended attributes. Does exFAT, the default file system for larger removable storage media such as SDXC cards? Wikipedia does not say one way or the other. And Zip, a very common archive format, currently doesn't fully support extended attributes either and won't until Info-ZIP Zip 3.1 comes out.
Even worse, the file can also mask the .exe part in Windows Explorer so it just displays porn.jpg yet somehow Windows Explorer does show the file type as an application.
Displaying file extensions is just good measure and turning them off by default is one of the biggest flaws in Windows. Still, changing the file extension is easy. Anyone can turn a .exe file into a .txt file or if malicious into something that is likely getting sent to an application that will attempt to execute the file as in run the instructions in it.
The real fix here is to make use of the magic number in the file header that truly tells what kind of file it is. Additionally, any app accepting file submissions has to check for that magic number and not just rely on flaky browse box extension filters that are easy to override or dumb checks on extension alone. As often, this comes down to properly testing applications, something that is just dropped in our new Agile world where delivering features as quickly as possible always trumps quality.