Why We Should Stop Hiding File-Name Extensions 564
An anonymous reader writes 14 years after the Anna Kournikova virus took advantage of users' ignorance about file-name extensions in order to wreak worldwide havoc, virus writers and hackers are still taking advantage of the tendency of popular consumer operating systems to hide file-name extensions: Windows users still need to activate extension visibility manually – even though email-transmitted viruses depend most on less savvy users who will never do this. Additionally applications on even the latest versions of Apple's OSX operating system still require the user to 'opt in' to including a file-name extension during an initial save. In looking at some of the eccentricities of the modern user experience, this article argues that it might be time to admit that users need to understand, embrace and responsibly use the only plain-text, obvious indicator of what a file actually is.
Good operating systems Dont. (Score:5, Insightful)
The crap ones like Windows and OSX, they hide it because they assume the user is a drooling moron.
And most of the time they are right.
Re:Good operating systems Dont. (Score:5, Funny)
I can't get OS X to hide extensions on my machine. Is there a special flag you have to pass to ls?
Re:Good operating systems Dont. (Score:5, Informative)
Yes, it's | sed s/\.[^\.]*$//
Re:Good operating systems Dont. (Score:4, Informative)
It's a Finder preference. Press command comma. The first checkbox is "Show all filename extensions".
Re:Good operating systems Dont. (Score:5, Insightful)
The crap ones like Windows and OSX, they hide it
I am using OSX right now. File extensions are not hidden. There are some dialogs that optionally hide them, usually when only one extension is possible, such as .pdf in Adobe Reader, but in general, they are not hidden. But even where extensions are hidden, it is not at the same level of stupidity as hiding them on Windows. On Windows, the extension actually changes how the operating system interacts with the file, such as whether it is executable. So Microsoft uses the extension to convey very important information, and then hides that information from users.
Re:Good operating systems Dont. (Score:4, Informative)
I am using OSX right now. File extensions are not hidden.... But even where extensions are hidden, it is not at the same level of stupidity as hiding them on Windows. On Windows, the extension actually changes how the operating system interacts with the file
Just asking, never having used OSX, which I understand to be a Unix system, aren't filename extensions non-functional? ie they are merely part of a filename that happens to include a period near the end. In which case hiding the extension is hiding part of the filename - why TF would anyone do that? And why stop at hiding after the dot? They might as well hide everything after the first occurence of the letter "p" say, or after the first four characters, or the first eight (Oh wait! like FAT16).
Re:Good operating systems Dont. (Score:5, Informative)
Just asking, never having used OSX, which I understand to be a Unix system, aren't filename extensions non-functional?
In Mac OS X you can associate an extension with an app. For instance, I have .pdf associate with Adobe Reader, so I can click on a PDF file, and it will pop open in Adobe Reader. These associations are under user control, so you can add, change or delete. But extensions don't change whether a file is executable like .exe, .com, or .bat do on Windows. You use chmod to do that, just like on any other Unix.
Re: (Score:3)
To be fair on Windows, you can also change the security on files/directories and remove the executable permission just like what chmod does too. It's just that noone ever does that.
Re: (Score:3)
Re:Good operating systems Dont. (Score:4, Interesting)
The way OSX does it is correct, IMO. And 4 years ago I never thought I'd be saying that.
Re: (Score:2)
Honestly, I think the original Mac OS did it better with four character file type and creators; meta-properties that the file can have.
Re:Good operating systems Dont. (Score:5, Informative)
Honestly, I think the original Mac OS did it better with four character file type and creators; meta-properties that the file can have.
This was a much superior solution in many ways. (If you're interested in a detailed exploration of why, read any of John Siracusa's in-depth OS X reviews on Ars Technica for his fierce and well developed defenses of the old method.)
Unfortunately, the downfall of this method came in sharing files across platforms. For much of the 1990s, Mac users would send files via FTP or e-mail which - lacking file extensions - were difficult for PC users to deal with when they received them. For example, my Word doc titled "Briefing" worked fine on my Mac but when I e-mailed it to a colleague using Windows, he would get a file that his PC didn't know what to do with. He would have to ask me what type of file it was (.doc? .pdf? .ppt?), and manually append the correct extension, yadda yadda.
Macs, as the minority in a nearly all-PC world (especially the business world) needed to create as few waves as possible and "get along" with the Windows standard. So, when designing OS X, Apple decided to deprecate file/creator types and go along with the inferior system that the rest of the desktop computing world was using.
Even worse - extensions == "chmod +x" ?!? (Score:3)
Re:Even worse - extensions == "chmod +x" ?!? (Score:5, Insightful)
The extension vs file system property is a trade off case. If I see a .EXE file I expect it to be a binary file. if I see a file which a 755 mod to it. How would I know if it is a binary file vs. a script without looking into it. Renaming a .bat file to a .exe will prevent it from running. A file that is chmod 755 will try to run. So the file extension is actually a good way to know what type of file it is.
Re:Even worse - extensions == "chmod +x" ?!? (Score:5, Informative)
How would I know if it is a binary file vs. a script without looking into it.
type 'file /path/to/file'.
e.g:
/bin/bash
/bin/bash: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, BuildID[sha1]=bla, stripped
user@host:~ $ file
or:
user@host:~ $ file a_script.rb
a_script.rb: a ruby1.9.1 script, ASCII text executable
Re:Even worse - extensions == "chmod +x" ?!? (Score:5, Insightful)
So the file extension is actually a good way to know what type of file it is.
No, it's brain dead. The filename is a name. The filetype should be another piece of metadata. (and not just an executable flag either - a complete file type.)
If the file type needs to be seen by the user, then that's a UI design issue, not a reason to have brain dead mixed purpose metadata fields.
Re:Good operating systems Dont. (Score:5, Informative)
Re: (Score:3)
True. I really long for the day we have that, and AnnaKournikova.jpg is actually an executable file because of some meta-information that's probably hidden by default.
I wonder what could possibly go wrong there.
Yes, I agree (Score:5, Insightful)
The first thing I do on windows is change the settings to show tilename extensions. Much of the confusion I see in others can be directly traced to the fact that they don't know what their files are.
Stop being afraid to make someone learn something useful to use a computer.
That being said, don't make people learn useless things. Design a powerful set of useful things to learn each of which is valuable and worth learning and remembering and then reward people for learning them by maintaining their usefulness
Making things overly simple robs users of the power to make things simple for themselves, and ends upt complicating their interaction with the computer.
Re:Yes, I agree (Score:5, Insightful)
"The first thing I do on windows is change the settings to show filename extension"
Hear hear! Hide the extensions is one of the stupidest things Microsoft has ever done and it is a huge disservice to the end user.
The condescending My Docs, My Music, et al should also go.
Re:Yes, I agree, but no shortage of stupid GUI (Score:4, Insightful)
No shortage of stupid user interface choices. Some of the ones I've hated the most.
* Hiding menu options, aka personalized menus
* Wholesale rearranging and renaming of user interfaces between versions, esp. for infrequently used options
* Super secret hidden files.
* Windows 8
Re: (Score:3)
The condescending My Docs, My Music, et al should also go.
WHY?! This actually teaches / encourages people to store their documents / pictures / music in *one spot*, which makes things much more simple to back up. Granted, not every user actually uses these folders for their intended purposes (I recall backing up a ~120GB "My Documents" folder becuase the user threw *all* files, picutres / music / videos / documents into it, with *no* sub-folders to sort everything, for example)...
Re:Yes, I agree (Score:4, Insightful)
Me: Hey, did you save that in My Places?
Them: No, I logged you out. I saved it on my profile.
Me: I know. Did you save it to your My Places, or somewhere else?
Them: Oh yeah, I saved it on my desktop.
Re: (Score:3, Insightful)
The condescending My Docs, My Music, et al should also go.
WHY?! This actually teaches / encourages people to store their documents / pictures / music in *one spot*, which makes things much more simple to back up. Granted, not every user actually uses these folders for their intended purposes (I recall backing up a ~120GB "My Documents" folder becuase the user threw *all* files, picutres / music / videos / documents into it, with *no* sub-folders to sort everything, for example)...
The reason to not use that structure is because it is a bad structure.
First of all the "My" prefix is terrible. Yes, I know that they just want the user to feel at home, but in a work related environment "My" doesn't make sense. (And the categories are aimed at a home user anyway.)
When it comes to the categories they are not laid out in a way home users or company users want to work with them.
I have never encountered someone that wants to split up their vacation data into photographs and videos. Typically t
Re: (Score:3)
There speaks somebody who's not managed other systems, presumably.
"My Documents" is stupid when it's not even a document-storing account. Local Administrators having My Documents is stupid. Plus, then, they aren't My Anything. They are Company Documents.
That aside, I rename My Computer (or, nowadays, create a shortcut to the same) to This PC. It just makes more sense, whether you are at home or at work.
On top of that, the My Document folder is full to the brim of "CompanyName" folders for every concieva
Re: (Score:2)
Re: (Score:2)
That being said, don't make people learn useless things.
What's a useless thing?
Any knowledge is useful for something.
Re: (Score:2)
Re: (Score:2)
A better solution would either be something obvious about the icon (runnables bordered in red or something), or even have two different mechanisms for 'load this file in its proper application' and 'run this application'. Having the same action for both behaviors was
Re:Yes, I agree (Score:4, Insightful)
This. I've seeing users create directories where they save the same file in different formats for different purposes, and the only thing different is the extension. If you can't see the extension, it looks like you've got multiple files named "foo" where only the icons differ.
Re: (Score:3)
I have to disagree. The extensions are part of the unique filename; that much is well established across different operating systems. The only hack is using extensions to indicate the content type to the OS.
Apple got this right ages ago, by using the resource fork as a place to keep file metadata. They had their own version of MIME types ages ago, whereby they encoded both the file type and the program that created the file in the resource fork. A user could rename a .jpg to a .doc and the OS would stil
Re:Yes, I agree (Score:5, Insightful)
I just went through setting up a new Windows 8.1 machine.
And the sheer quantity of places where Microsoft has more or less gone out of their way to hide basic stuff about your computer, and make it as difficult to find as possible -- well, that is kind of mind boggling (and very frustrating).
And when they do make it available to you, they couch it in a "well, everything hereafter is your fault".
Essentially, in my opinion, Microsoft has tried to dumb down the system so far that when you try to do anything it is almost useless, and if you need to see more information it just throws up its hands and says "fuck it, not my problem".
So, maybe instead of trying to write a crappy, useless system for the users who will be scared to know they're looking at a text file or an exe ... Microsoft should try to write something which isn't crap, isn't still predicated on using that crap autorun to ensure every possible source of malware is ran without being prompted, and from the get go tells users "this is a computer, we're not hiding this from you".
It boggles my mind even at work on a Windows server, when my account is an admin and I'm doing admin tasks how Microsoft goes out of their way to hide the actual functionality. And when they don't their "helpful" error messages are garbage ... like "something bad happened, contact your administrator". Tell you what, I'm the fucking administrator, why don't you tell me an actual error message instead of assuming I'm a child?
It seems like the more Microsoft tries to dumb things down for their users, the worse they actually make their software. Because it actively tries to be sure you can't see what you know, and simply can't (or won't) tell you what happened when it should.
Microsoft is way too focused on pointless eye candy (like the Metro interface on my desktop I had to remove), and dumbing down the user experience ... and seems to utterly fail to make it possible for someone who actually has some idea of what they're doing to find what they need.
The more "helpful" they try to be, the less helpful and usable they actually are.
Re: Yes, I agree (Score:5, Insightful)
There's set in my ways, and then there's confronted with a modern piece of shit that some marketing wanker thinks is helpful.
And, I'm sorry to say it, but almost all of the crap I had to figure out how to remove was garbage, intended to give a tablet like interface, using a UI which is mostly about eye candy.
It serves no purpose, and provides no value to me.
It's crap. But it's pretty.
My problem with Microsoft is they seem to have forgotten that many of us still actually use computers to do our fucking work.
Metro was a steaming pile of crap which wasn't useful for that.
The OS itself seems good. The user interface has been designed by morons.
Re: (Score:3)
Hell hath no fury like a nerd that has to clean up after boneheaded design decisions made by incompetent engineers with billions of dollars in resources who should really know better.
Re: Yes, I agree (Score:4, Insightful)
No angst here about it - I make beer money every so often just by backing up a users actual data files they care about, browser profiles, mail client storage, wipe windows and reinstall, all updates, etc. and then put their data back. If you wanted to dedicate yourself to running a business with yourself and maybe a couple of part time PFY employees, you could make a very good living fixing these issues that are the result of what you consider poor design, and the stupid decisions users have made.
Re: (Score:3)
Because it has been demonstrated for a long time that it can be dangerous to hide stuff.
So if I set something to be "malware.jpg.exe", Microsoft will present that as "malware.exe".
The act of hiding this stuff to try to make it "user friendly" leads the users to make stupid decisions.
Just like autorun, which says "I'm going to run any executable on any media which is connected to this machine".
Re: (Score:2)
Was just going to post this. It's so annoying that they're hidden by default. Like, why? How does it help even the no-savvy user?
Re: (Score:2)
I agree but I will give you one warning from a previous experience from way back in the Win3.x/95 days. We had a user that changed used file extensions as part of their random naming. Some were initials, some were 3 letter acronyms, etc. This user had no clue where they saved their files (scattered over the years) and it was a real PITA to find them so they could migrate them to a server drive.
Are you nuts? (Score:5, Funny)
Also, too many executables. (Score:2, Insightful)
There's a whole slew of weird extensions now, that when clicked, do things.
Better idea (Score:4, Insightful)
Instead of insisting that modern OS design carry forward an old and archaic standard set of digits describing the type of file, show users visual information about the file type/associations in way that is meaningful to them. If it is an executable file, don't make users parse that .exe is short for that, and in many cases .com and .bat can kinda work the same way. Give users a visual identifier that lets them know clicking this file will lead to this action. A web icon for anything that'll attempt to open itself from a browser, a document icon for something that will open in a document viewer, and so on.
Insisting on showing people a 3 character code that 99% of them are entirely ignorant of solves nothing.
Re: (Score:2)
Re: (Score:2)
The reason this doesn't work is that executables have their own icons, thus can pretend to be an image, document, etc. This is the same reason why we had to move the secure connection web symbol because malicious (or stupid) sites used a lock symbol as their favicon tricking users.
Which is why my recommendation was and is to change that. Have a secondary OS assigned mini-icon in the upper right showing what the OS identifies the file type as.
Re: (Score:2)
Wait...TWO icons in one? How the fuck are users going to parse that? A picture and a gear - does that mean it automatically opens the file? A picture and a hamburger? A picture and a small bird? A document and two lines with a dot between them?
Users will screw things up no matter how you do it because there is no common language for executable, text file, picture, slide, pdf, rich text, etc. And with the propensity for UI designers to change the look of icons just to be "new and hip" with every other OS re
Re: (Score:2)
Wait...TWO icons in one? How the fuck are users going to parse that? A picture and a gear - does that mean it automatically opens the file? A picture and a hamburger? A picture and a small bird? A document and two lines with a dot between them?
Users will screw things up no matter how you do it because there is no common language for executable, text file, picture, slide, pdf, rich text, etc. And with the propensity for UI designers to change the look of icons just to be "new and hip" with every other OS release (ex: settings icons), the users will never "catch up" before accidentally "executing" what they think is a picture file.
The same way windows already does. Ever notice the shortcut icon ontop of icons? MS already is doing exactly what I'm saying, just that they've only applied it for a the singular file type of shortcuts. Extend this to all file types...
Re: (Score:2)
With the Windows Start Screen and OSX Launchpad there's no excuse for showing executables as anything but a generic executable icon in the file system. let the custom icons for executables live in the app launcher (where everything is an executable so you don't need to be told that the one that looks like a document is not a simple document).
Yeah, we tried that with Windows 3.1, but Win32 permitted storing the icon in the executable because you could do that on the Macintosh.
If you want all exes to have a boring icon, use a boring file manager for admin tasks.
Re: (Score:2)
You can't possibly remember what each and every file type icon is on a typical computer these days. It is also subject to change if you have multiple applications fighting for control of the same types of files. A text extension can give a language parseable hint of what it is without requiring memorization of all possible file types. We are also no longer limited to three characters. Longer extensions are perfectly usable and silly anachronisms like .htm should just be phased out.
Re: (Score:2)
Instead of insisting that modern OS design carry forward an old and archaic standard set of digits describing the type of file, show users visual information about the file type/associations in way that is meaningful to them.
That's an issue of he UI, not how the attribute is atached to the file. Processors still prefer 'digits' to dancing icons. Its up to the O/S to map one to the other consistently and in a manner the user will still understand.
Keep in mind* that many of the bits and pieces of a system will never be seen by the user. It's one executable calling another, unseen by any human.
*A problem I repeatedly see in communicating with Windows vs Unix users. With Windows, the paradigm is that everything is a clickable ico
Dumbing Down of The OS (Score:3)
And why is hiding shit the default in Win server? (Score:4, Interesting)
That always baffles me.
I'm kind-of-sort-of willing to concede to the demands by that fuckstick hipster who works in marketing who thinks that aesthetically filename extensions make the product too technical for other fuckstick hipsters who are also wound up about appearances. I don't agree, but I'm tired of arguing about it, at least when it comes to the consumer desktop OS.
But WHY IN THE FUCKING FUCK does the server operating system have the same goddamn "hide everything that might be confusing to marketing types and the mentally retarded" settings out of the box? What shithead, or group of shitheads, made that decision and WHY? As far as I'm concerned this is a deeper, more profound and transcendental stupidity than making Win Server use the Win8 start menu.
I find it particularly ironic given the Microsoft push to capture mindshare from CLI propellerheads with PowerShell Everything.
Re: (Score:2)
But WHY IN THE FUCKING FUCK does the server operating system have the same goddamn "hide everything that might be confusing to marketing types and the mentally retarded" settings out of the box?
The idea is that your receptionist should be able to follow the instructions, install Windows, and set up your small office. "Back in the day" it was ordinary to make the receptionist the sysadmin because they were the person in the building deemed to have time to take on additional duties. I've spent some fun times doing UUCP support with someone who has to have Unix characters (like bang and pipe) explained to them as a result.
I find it particularly ironic given the Microsoft push to capture mindshare from CLI propellerheads with PowerShell Everything.
The GUI is still the primary way to do things.
Re: (Score:2)
The GUI is still the primary way to do things.
Not if you're running a core install, which is happening more.
Re:And why is hiding shit the default in Win serve (Score:5, Funny)
doing UUCP support with someone who has to have Unix characters (like bang and pipe)
Odd. I found most receptionists understood what I meant by bang and pipe perfectly well.
Re: (Score:3)
...I'm kind-of-sort-of willing to concede to the demands by that fuckstick hipster who works in marketing who thinks that aesthetically filename extensions make the product too technical for other fuckstick hipsters who are also wound up about appearances....
Hiding filename extensions predates the hipsters by decades. Don't blame the hipsters for everything you don't like...
Irrelevant Complaint (Score:3)
Re: (Score:2)
Good luck with that. (Score:4, Informative)
Oh man, good one! You had me going until that line. Beautiful!
I just responded in another thread where actual programmers argued about whether or not it counts as "confusing" to split a delimited string without actually using the name "split" for the method that does the work.
And you want to try to get the average end user to understand the difference between ".XLS", ".XLSX", and ".XLSX.EXE"?
May as well swing for the fences, I suppose.
Re: (Score:2)
I just responded in another thread where actual programmers argued about whether or not it counts as "confusing" to split a delimited string without actually using the name "split" for the method that does the work.
Did you? All I saw in that discussion was an argument over whether it was stupid to need seven lines to split a string instead of one. And it is. It's still a stupid argument, because any problem you can solve with a free and common library is not a real problem.
You can lead a horse to water. (Score:2)
this article argues that it might be time to admit that users need to understand, embrace and responsibly use the only plain-text, obvious indicator of what a file actually is.
"You can lead a horse to water but you can't make it drink."
The Microsoft horse already knows where the watering hole is; the problem is getting the horse to drink. They don't want to drink. To them making something appear user friendly is far more important than actually making it user friendly.
I remember decades ago when email was safe so long as you didn't open the attachments. Email was just plain text that got displayed, not interpreted, so it was pretty hard for email to do harm. Then one da
Stop talking down to the user (Score:4, Insightful)
The tendency to treat the user like a moron is common on all the widely adopted consumer operating systems and it really does need to stop.
It just leaves otherwise intelligent people utterly baffled when simple things happen because they're kept in a fantasy land by their GUI.
Re: (Score:2)
We're not talking about the same thing. Your opinion doesn't touch on my comment and I couldn't comment on your opinion without strawmanning you by making connections you didn't make... or unless I allowed you to randomly take me on whatever tangent you wanted to talk about.
The only thing that you said that crossed my point was that you think end users are not dumb as well. Here we agree. After that... no connection.
Good operating systems don't use extensions (Score:2)
If you're trying to determine what the file type of a file is from an extension on the end of its name, you're engaging in industrial archaelology, not computer use. You can rename any file to have any 'extension'; consequently this idea is completely broken. The idea that you deal with this misfeature by hiding it just compounds the error.
file magic - use the content to determine type (Score:2)
i've never understood why the unix file 'magic' approach wasn't used universally - it determines the type of a file based on the contents, usually the first few characters or lines.
As ever, wikipedia has an article on the file type detector command [wikipedia.org].
It's quick and easy, and usually more robust than relying on an appended file extension or even a declared MIME type.
Re: (Score:2)
It's hard to make extensible for newly installed products, and nowadays lots of file formats are a renamed zip file that contains other files.
Re: (Score:3)
Because something system-level with access to run the file (presumably) has to apply regexp's to almost it's entire contents to correctly determine the type of it (e.g. is it a ZIP or is it a JAR with the same compression?).
No, it would only have to examine the first few bytes.
Leave Mac OS out of this. (Score:2)
Leave Mac out of this discussion. The idea of using the file extension for anything is a more recent development on the Mac and one that was mainly driven by exchanging files with (mostly) the Windows world. On old Mac OS you had "type-codes", in OS X you still have "Uniform Type Identifiers". You cannot magically hide executes the same way you can on Windows.
On top of that "even" (or rather especially) in the most recent OS X version(s), by default you could not run anything unless the program was actually
Extensions (Score:3)
I think the idea, at least for Windows, is that extensions are a legacy thing, and are still supported because they are the basis for determining file type. BUT, the reasoning is likely that they can be hidden from the user and only show the user the actual file type. Which is fine in theory, except that now you are training the user to recognize file type solely by icon, making it trivial to give a dynamic-icon type (like EXE, or the old SCR which users are unlikely to recognize) the same icon as a text file and subvert the user's expectations and make them think the file is safe. If you are not in Details mode or not grouping by File Type it is IMPOSSIBLE to reliably determine the type of a file without the extension!
Of course MS has added the whole Zone Identifier scheme and displays a nasty warning when trying to run dangerous files from the internet. I think this is a good measure to prevent this type of trickery, unfortunately people tend to click past such dialogs.
A '70s idea whose time is long past (Score:2)
The idea of using file name extensions as a means to denote content/application association dates to the 1970s (or even earlier). It's an idea that deserves to die, along with Disco music.
Mac OS 9 and earlier got the OS/file system mechanisms right, with two file attributes. One denoted the contents of the file, and the other denoted the default (usually creating) application.
The challenge for OS designers is how to present this information to the user in some meaningful way. Cryptic text strings at the
Wrong approach (Score:2)
The right approach would be to stop encoding metadata such as "executableness" in filenames (that are under the control of an attacker.)
Good luck with that.
Displaying doesn't mean understanding (Score:2)
Windows users still need to activate extension visibility manually - even though email-transmitted viruses depend most on less savvy users who will never do this.
If I create the image... (Score:4, Interesting)
I did this without asking, without any discussion beforehand, and only had to defend the decision once near the end of the design project... my defense was, "This is the right way to do it, so that's what we're doing." End of discussion.
Typical Microsoft human factors fail (Score:2)
Hiding the extensions, is quite frankly, a slow motion disaster. Thousands and thousands of people clicking on the wrong file, staring in bafflement as to why they have multiple duplicate filenames. It cost, I'm sure, millions of hours of lost productivity worldwide over the years, all because some 20-something C++ programmer had a brainwave. That guy should have been fired the day after the release.
Moral of the story? STOP HIDING STUFF! I need to know where my folder is. I need to know what the filenames a
When people aren't used to seeing extensions (Score:5, Interesting)
Whenever I see a Windows desktop with file extensions disabled, I always try to explain to the person that they should be switched back on, and most people are quite happy to do so (they only had them off because that was the default).
However I was quite dismayed when I looked at my mother's laptop (which I had installed Linux Mint on for her), and she had no file extensions either. It turned out that she thought they looked untidy, and had gone through and manually removed the extensions from every single file in her home directory!
Fortunately the file and mmv commands made short work of fixing this, but I was surprised to say the least.
OS X? (Score:3)
Two fields are too few (Score:2)
Name + extension is not enough. Files should have a name, a type, and a subtype.
The types shouldn't be optional, but restricted to a list common to all OSs.
The subtype could be the "write whatever you want, and put as many exes as possible because exes are like painting things red so they go faster" crap that extensions are right now.
Group Policy to the rescue! (Score:2)
We force the setting to show the file extensions to all users.
But I agree, it should be enabled by default.
No, extensions are bad and evil (Score:2)
No, the problem is with extensions, and we should get rid of extensions once and for all. Those are an artifact of 1980s DOS times, and should not be used at all by modern systems. Maybe they are convenient for the user to see what kind of type the user should expect, but nothing more and the "hide extension" "feature" just shows the _problem_ of file extensions.
Modern systems should recognize file types based on the content of the file, not on some stupid extension. For example, a .jar, .ooxml and .odf fil
Hiding it and always was a bad idea (Score:2)
Then we build verification code into software so that when a program needed X file, it would only load it if it had the right extension.
Then things got a lot more complicated. We started building verification code into the first bytes of the data and added icon to tell humans what it was.
So someone decided that 'hey, we don't need this older, more primitive system of file extensions, lets' deprecate it by defaulti
"Hiding Things" (Score:5, Insightful)
Hiding Things?
Well of course, because modern UI design is all about obfuscating control over your device and interface.
Microsoft and the rest(this includes Linux desktops) don't want a "cluttered" user experience. UI designers seem to forget that people to need to modify and control their device and interface.
UI designers are too quick to "googlify" interfaces to such a degree that vast uncounted eons of time are wasted simply trying to modify simple things because UI designers have mandated a "spartan" and oh so Sprockets-like look and feel.
Users are tricked into thinking they shouldn't see the nuts and bolts.
Users are treated like idiots, and then become idiots.
Why trust users to do it? (Score:4, Insightful)
Why trust users to know what file extensions are "safe" and which are not? Surely the same computer that shows "ImportantFile.doc" to the user when it's really "ImportantFile.doc.exe" can be smart enough to pop up a message when someone clicks on it: "Hey, this filename *looks* like a document, but it's really an executable so instead of opening a document, I'm going to run it. It's probably a terrible idea to run it, so I'm not going to do it, you'll have to rename it to something less ambiguous if you really want to run it. But you should't do that. Really. I'm not kidding."
Re:Missing the problem by a mile (Score:4, Insightful)
That's the problem (Score:2, Funny)
This seems irrelevant. If you have a jpeg with a TXT extension, Windows at least will treat the file as a text file not an image.
Exactly. That's idiotic. If I walked up to you and stuck a sticker with ".cat" onto your back, would you meow?
What a file is, and the portion of the filename after the final dot, if any, should not have anything to do with one another. The assumption that any random file is what it says on the tin may have worked fine when computers were slow and security consisted of a big lock on the door to your office, but it has no place in 2015.
Re: (Score:3, Insightful)
No. A user should be able to trust the name of the file.
If the file isn't really what it says it is, then that should be a BIG RED FLAG for the user shell. At that point the OS should know to treat the file as a threat.
A deceptively named file should immediately go into quarantine.
Instead, the user (assumed to be an idiot) is just left to fend for themselves.
Re: (Score:3)
No. A user should be able to trust the name of the file.
They can. The user is guaranteed that the name of the file is what the filename is. They can have 100% trust in that.
You seem to be confusing that with file types. Your name is jedidiah (or at least your alias). But that's not your file type. I assume you're human. Yet we don't call you jedidiah.human.
Re: (Score:2, Insightful)
My favorite is the config files for .Net programs.
When you create an "app.config" file, Visual Studio handily renames it to be [compiled output file name].config. So if you have program named "foo", and you compile it to make "foo.exe", your app.config file is going to be named "foo.exe.config". Now, hide the file extension and see the confusion erupt on all sides. "foo.exe" becomes "foo", and "foo.exe.config" becomes "foo.exe". So instructing someone to run that executable becomes an exercise in frustratio
Re:Missing the problem by a mile (Score:5, Informative)
Looking at the name extension will tell you what the system will attempt to do with it by default. This can be very important to know.
Re: (Score:3)
Actually, it doesn't tell you what the system will attempt to do with it by default. It tells you what would happen on a normal system, without anybody playing with the file extension meanings. There's a difference there, and when we're talking about malware it's a very important distinction.
It's Not About Saving (Score:2)
The problem isn't not looking at file name extension. It's trusting them. File name extensions are just a convention, and are not prescriptive except on very immature operating systems. There is nothing that prevents a JPEG file from being saved with a .txt name extension.
I don't care how a file is saved so much as how it's "opened" (e.g. when it's double-clicked), particularly if "opened" == executed. Program files forced to display an "exe" extension to declare their capabilities (no matter their actual contents) can be treated with caution, but extension hiding by the OS ruins this safeguard.
Re: (Score:2)
Re: (Score:3)
Missing the point (Score:3)
This is not about how your own application react to a file. this is how the operating system *does*. There is a convention in the operating system, particularly windows, that a .gif will be tried to be displayed as a picture and a .html as a web page. Your application may *chose* to interpret it as music for all we care, but the operating system will react by default as described.
This is why displaying and showing this is an executable is important. Although nowadays the windows operating system should warn
Re: (Score:2)
This is not about how your own application react to a file. this is how the operating system *does*. There is a convention in the operating system, particularly windows, that a .gif will be tried to be displayed as a picture and a .html as a web page. Your application may *chose* to interpret it as music for all we care, but the operating system will react by default as described.
But the defaults are mutable, and not to be trusted to stay consistent. .gif from opening in [gif viewer of choice] to executing them. If someone then sends you an executable with a .gif extension, and you double-click it, it will execute the executable. .gif file is always a GIF picture is folly. It's the default, but it is very changeable, and a couple of trojans do indeed change the file name extension association
There is nothing that prevents an application from changing the default for
Trusting that a
Re:Missing the problem by a mile (Score:5, Informative)
On Windows, extensions are meaningful to the operating system. It doesn't identify all files by magic numbers. Files are typed by their extensions. If the file is "fishhead.jpeg" then it is not a Win32 executable binary (barring flaws in the JPEG rendering system that lead to arbitrary execution).
You miss that it isn't like that in Windows either. A file named fishhead.jpeg can indeed be a a Win32 executable binary that gets executed by the OS as a binary if called without a named program to open it. That depends on what the end user and the programs he (spit) trusts have set the .jpeg extension to signify. It is only a recommendation. Windows provides defaults, but it is silly to presume that no program would ever be mean enough to change any of that on you.
You cannot trust the extensions any more than you can trust the "From:" address in an e-mail. Not in Windows either.
Re:File extensions? (Score:5, Insightful)
The filetype is now contained in the icon
The icon of an executable is set by the executable. Enjoy your porn.jpg.exe with a thumbnail icon.
Re: (Score:3)
There are two problems. The first is that the OS allows you to run porn.jpg.exe having downloaded it from some random place on the 'net. I don't think that either OS X or Windows do: they'll both pop up a thing saying 'You are trying to run a program downloaded from the Internet, do you really want to?', which isn't normally something that happens when people try to open a file so ought to trigger them to avoid it (if it doesn't, then seeing the .exe extension probably won't either).
The second is that
Re: (Score:3)
Re: (Score:2)
Icons change. Text doesn't.
Re: (Score:2)
Yeah but that's the problem. You get a "movie" file that's actually a .exe with a VLC icon or whatever. Not that I've ever downloaded a movie...
Well if that VLC icon isn't a sign that something is wrong, then I don't know what will ever stop you!
Re: (Score:3)
Not sure how Macs have training wheels, but my antediluvian MacBook running Yosemite shows all file extensions in the Finder, and when I'm using a shell window, ls -l and ls -la work just as well as in AIX, Linux, BSD, Solaris, or any other UNIX or UNIX variant.
I'm OS agnostic, and OS X has some annoying qualities [1], but being able to see file extensions isn't one.
[1]: My biggest complaint about not OS X specifically, but Mac hardware is that Apple killed off the XServe, You -can- rackmount a Mac Pro wi
Re: (Score:2)
I would add #4 -- detect when someone is trying to trick the end user. Multiple file extensions. The combination of a visible file extension that's harmless with one that's executable. Trap these conditions and treat the file with an extra level of harshness.
If one of us would see it as an obvious attempt to abuse the Windows file handler, then make it something that the common rube would not be able to execute even if they wanted to.