Linux-Advocacy Digest #136, Volume #30 Thu, 9 Nov 00 08:13:03 EST
Contents:
This whole Indrema business... ([EMAIL PROTECTED])
Re: A Microsoft exodus! (Stefan Ohlsson)
Re: Open Source at work :) (Roberto Selbach Teixeira)
Re: Spontaneously Crashing Sun Server Coverup (Giuliano Colla)
Re: The Sixth Sense ("Toon Afish")
Re: The Sixth Sense ("Toon Afish")
Re: The Sixth Sense ("Toon Afish")
Re: A Microsoft exodus! ("Christopher Smith")
Re: Spontaneously Crashing Sun Server Coverup (Giuliano Colla)
Re: A Microsoft exodus! ("Ayende Rahien")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: This whole Indrema business...
Date: Thu, 09 Nov 2000 11:21:49 GMT
Check this out. Been in the news recently...
http://idn.indrema.com/
Good thing because it'll encourage standards?
Bad thing because it'll discourage innovation through competing
platforms?
Good thing because it'll give the XBox a run for its money?
Bad thing because if it fails due to lack of market muscle, Linux's rep
will be tainted?
Good thing because it's using open standards and libraries?
Bad thing because it's using open standards and libraries?
Also, would it be legal if somebody who'd worked on PS games came up
with libraries that'd make porting a PS2 game to an Indrema console
easier (sort of like Mesa giving us a free OpenGLish implementation),
so this Linux console can ship with the promise of something more
exciting than KTron?
(I mean, don't get me wrong, I like KTron...)
-ws
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Stefan Ohlsson)
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: A Microsoft exodus!
Reply-To: Stefan Ohlsson <[EMAIL PROTECTED]>
Date: 9 Nov 2000 12:37:41 +0100
Christopher Smith wrote:
>"Stefan Ohlsson" <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
>>Christopher Smith wrote:
>Once again, I sincerely doubt that anything short of a large black man
>beside each end user with a gun would have made a significant difference in
>the ILOVEYOU thing.
>
:-)
>If a user is dumb enough to open an attachment, they're
>dumb enough to save it and run it.
>
Some people will probably do it. But I'm sure fewer will if it's more involved
than just a double click.
>>There are several possible reasons for this. Number one is nag, nag nag.
>>It asks about every single file type every time until you tell it to stop.
>>Then it doesn't say anything about that file type any more. So the user
>>got tired of it warning for harmless files like pictures and didn't
>>believe the warning any more. It's like the boy who cried wolf. When the
>>wolf really came no one believed him.
>This is a good point, but the converse of the problem is maintaing a list of
>"safe" and "unsafe" attachments _and_ keeping said list up to date and
>present on machines.
>
Some sacrifices will have to be made, of course.
>You'll be pleased to know the betas for the newest version of office stop
>scripts from silently running commands that do things like delete files and
>access your address book.
>
Yep, I'm pleased to know that. It would be great if it's on by default
but possible to turn off too.
>Indeed. But the point is Outlook already behaves sensibly in that it *asks*
>the user, with a *default* of "not execute" whether they really want to
>execute the attachment.
>
What it asks it wheter or _open_ or save to disk. In case of an
executable file, "open" is equal to "execute". In case of a text file
"open" is equal to "view". What exactly happens when you "open" an
attachment is for Windows to know and you to find out or guess.
That is bad.
[...]
>>That is the core of the problem. The border between secure and insecure
>>gets blurred. Things coming from a place as untrustable as the Internet
>>_must_ be handled differently.
>But not all mail comes from the internet. Indeed, in some environments a
>_majority_ of it is probably internal.
>
As long as some mail comes from the internet there's a way in for nasty
stuff. And once it's in it can spread through local mail too.
>>No. When you pipe (via Pine for example) you say _specifically_ what
>>program
>>is to take care of the attachment. When you doubleclick on the icon in
>>Outlook you have _no control_ over where it goes. Unless you're an admin
>>and have altered the registry to suit.
>Anyone can change (their) filetype mappings in a default setup.
>
Anyone that knows how to. And you must know which to change to make
it more secure.
>>The equivalent to a pipe would be Rightclick->SendTo->program
>>Why? Because there is no default pipe. You always have to tell it where
>>to go.
>The point is the exact same thing could have happened if the email had
>instructions on how to pipe out of the mailer. And probably would have.
>
It could have. But I think that the number of people who would have done
that would have been smaller. I mean, you could give all sorts of
instructions like how to save it to disk and run it from there too.
>This is also consistent with Unix's interface as well - you do have to
>specifically tell it which programs open which files every time. In Windows
>you operate with files and objects, not with programs and data files.
>
I mailers like Pine, choosing to display an attachment will look up
in /etc/mailcap what to run.
A snippet:
image/jpeg; xv '%s'; description="JPEG Image"; test=test "$DISPLAY"
image/tiff; xv '%s'; description="TIFF Image"; test=test "$DISPLAY"
It will start xv to view the image.
>>>>Allright, all handing off of scritps to the *shell* should be
>>>>disabled by default.
>>>How do you decide what a script is ?
>>Interesting dilemma. It would have to have some sort of table to look up
>>in.
>The problem is not in maintaining the table (although a separate table for
>each program offends my sense of good design), the problem is in
>*maintaining* that table with "safe" and "unsafe" filetypes. And also
>deciding what "safe" and "unsafe" filetypes are.
>
/etc/mailcap does that for Unix, via mime types. It works.
[...]
>>They most likely didn't know they ran a .VBS file. The full name was
>>ILOVEYOU.TXT.vbs. Windows hides extensions for known file types per
>>default so it appeared as ILOVEYOU.TXT. Hey, what's dangerous about
>>a .txt file?
>The icon would have been different from a text file. And given that's how a
>person *used* operating in "hidden extensions" mode would be to identifying
>filetypes, it would have been no different to not having extensions hidden
>and noticing the .vbs.
>
A person used to looking at the icon to determine the file type would
have a greater chance of spotting it, sure.
However having an icon saying one thing and an exetension another is
conflicting information and no good can come out of that.
>>>How would you propose a mailer protect against that ?
>>Don't run it unless specifically enabled. Or better yet, don't run it at
>>all.
>I was speaking of how a mailer would protect people from saving files and
>executing them later.
>
Sorry. Well, there must be some way of executing trusted scripts of
course. And the mailer can't have any power of what happens outside it.
About ILOVEYOU.TXT.vbs, I'm pretty sure it appeared as ILOVEYOU.TXT in
Outlook _also_. That would certainly in part explain the large spread
of it.
>(Useful) Security is all about trading off convenience against safety.
>Computers are here to make our lives more convenient, but to do that they
>have to make assumptions. Security is about refining those assumptions to
>the point where they are the same assumptions we would make in the same
>position.
>
Of course one can overdo security measures. I think that the security
measure outlined below is an acceptable trade of convenience/security
though.
>>>>Granted. Downside is that you disable execution system-wide.
>>>>No double-clicking on script icons any more (unless you want to edit
>>>>them in Notepad of course). Personally, I'd disable it easy.
>>>You can, of course, define an alternate action (say, "Execute") that will
>>>appear on .vbs file context menus. Then you can just right click ->
>>>execute. It's nearly as quick. This is what we did where I work.
>>That is good. View on doubleclick, execute when selected specifically.
>
>But it's inconvenient to some. Some users who actually use VBScript a bit
>asked to have the association changed on their machines. We relented
>eventually, under dire warnings of "If your stupidity fucks you up, don't
>come crying to us".
>
Of course, and they chose it and know of the danger involved.
I just think that the way you changed it at work could be the default.
Then upon doubleclicking one would see the vbscript and go something
like this:
Hey this isn't a love letter, it's just gibberish/some sort of code/vbscript!
/Stefan
--
[ Stefan Ohlsson ] · There will always be survivors - Robert A Heinlein · []
------------------------------
From: Roberto Selbach Teixeira <[EMAIL PROTECTED]>
Subject: Re: Open Source at work :)
Date: 09 Nov 2000 09:38:34 -0500
>>>>> "Relax" == Relax <[EMAIL PROTECTED]> writes:
Relax> But, someone _has_ to coordinate, or total anarchy would
Relax> work best?
In any free software project someone _does_ coordinate tasks. What I
said was that in Mozilla's case, the control was held by a
corporation. It is not necessarily bad all the time, really, but in
this specific case it is. Netscape has to please share holders and
stuff and thus needs to put lots of pressure on those developers to do
this and not to do that.
In most projects you have people responsible for different tasks and
each one of them takes responsability for their own parts.
regards,
Roberto Teixeira.
------------------------------
From: Giuliano Colla <[EMAIL PROTECTED]>
Crossposted-To:
alt.destroy.microsoft,comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy
Subject: Re: Spontaneously Crashing Sun Server Coverup
Date: Thu, 09 Nov 2000 11:56:26 GMT
Ayende Rahien wrote:
>
> "Giuliano Colla" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Bruce Schuck wrote:
> > >
> > > <[EMAIL PROTECTED]> wrote in message
> news:n86du8.b6b.ln@gd2zzx...
> > > > In article <8ud0k7$mi4$[EMAIL PROTECTED]>,
> > > > "Ayende Rahien" <[EMAIL PROTECTED]> wrote:
> > > > >
> > > > >
> > >
> http://uptime.netcraft.com/graph?display=uptime&site=www.bbc.co.uk&find_site
> > > > > =GO
> > > > >
> > > > > BBC.co.uk being the X most views site in the world?
> > > >
> > > > I remember when first using netcraft to see what the bbc used
> > > > and it was Microsoft. Now it is Sun Solaris. Why did they change? :-)
> > >
> > > The love the excitement from spontaneously crashing Sun boxes.
> >
> > How do you explain their uptime if spontaneous crashing
> > occurs so frequently?
> > No system I know of is perfect. Reliability is MTBF related.
> > If uptime is high, MTBF is high, therefore the crashing
> > problem must have a very low probability to occur.
>
> Tell this to ebay.com and the NDA that Sun had them sign.
I forgot a small detail:
what you didn't mention is that what you're referring to is
a hardware problem in the cache memory affecting approx. 1%
of Sun boxes, which are missing the sophisticated error
detecting software required to cope with such a problem.
How is implemented the sophisticated error-correction
software in Windows in order to cope with cache memory
errors?
I'd suggest you to read the full article referenced and
compare Sun attitude with MS attitude.
http://www.msnbc.com/news/487061.asp?0nm=N13G&cp1=1
Maybe also the NDA will result less Microsoft-like.
------------------------------
From: "Toon Afish" <[EMAIL PROTECTED]>
Crossposted-To:
alt.destroy.microsoft,comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy
Subject: Re: The Sixth Sense
Date: Thu, 9 Nov 2000 06:58:25 -0500
If you read his posts, then you will see that he claimed that Windows isn't
capable of remote administration. It is. Terminal server and the Dameware
utilities are two examples. He has only displayed his ignorance to the
world, nothing more, nothing less. If you want more information on Terminal
Server, visit MS's web site. I don't have time to conduct classes.
"." <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> > > Unix has NEVER needed 3rd-party anything for remote administration.
> >
> > So what?
>
> So it's nice to pay one price only?
>
>
> > > Once again, LoseDOS is more than 17 years BEHIND unix.
> >
> > Nothing you've claimed has been true. Time to put up or shut up.
>
> I disagree. For example, he said earlier:
>
> > > Unix has NEVER needed 3rd-party anything for remote administration.
>
> I think that's fairly true. How about you provide some evidence of
> everything he's claimed being false? In other words, put up or shut up.
------------------------------
From: "Toon Afish" <[EMAIL PROTECTED]>
Crossposted-To:
alt.destroy.microsoft,comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy
Subject: Re: The Sixth Sense
Date: Thu, 9 Nov 2000 06:56:32 -0500
Sigh. You are correct, of course. Sign me out, after just one more smart
remark.
"Christopher Smith" <[EMAIL PROTECTED]> wrote in message
news:8ucdqr$qf8$[EMAIL PROTECTED]...
>
> "Toon Afish" <[EMAIL PROTECTED]> wrote in message
> news:h8eO5.8$[EMAIL PROTECTED]...
> >
> > "Aaron R. Kulkis" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > > Toon Afish wrote:
> > >
> > > Unix has NEVER needed 3rd-party anything for remote administration.
> >
> > So what?
> >
> > >
> > > Once again, LoseDOS is more than 17 years BEHIND unix.
> > >
> > >
> >
> > <large snip>
> >
> > So you admit that your initial statements were wrong? Do you also admit
> > ignorance of the Windows OS in general? Nothing you've claimed has been
> > true. Time to put up or shut up.
>
> You're wasting your time trying to have any sort of discussion with Lord
> Signess and should killfile him immediately. He has absolutely nothing
> useful to say. Really. Just Say No.
>
>
------------------------------
From: "Toon Afish" <[EMAIL PROTECTED]>
Crossposted-To:
alt.destroy.microsoft,comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy
Subject: Re: The Sixth Sense
Date: Thu, 9 Nov 2000 07:00:09 -0500
Sort of like clinging to a 30 year old OS, isn't it?
"Aaron R. Kulkis" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> In essence, they're still clinging to an 1970's 8-bit 8080's machine
>
>
>
> --
> Aaron R. Kulkis
> Unix Systems Engineer
> ICQ # 3056642
>
------------------------------
From: "Christopher Smith" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: A Microsoft exodus!
Date: Thu, 9 Nov 2000 22:15:38 +1000
"Stefan Ohlsson" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Christopher Smith wrote:
> >"Stefan Ohlsson" <[EMAIL PROTECTED]> wrote in message
> >news:[EMAIL PROTECTED]...
> >>Christopher Smith wrote:
>
> >Once again, I sincerely doubt that anything short of a large black man
> >beside each end user with a gun would have made a significant difference
in
> >the ILOVEYOU thing.
> >
> :-)
>
> >If a user is dumb enough to open an attachment, they're
> >dumb enough to save it and run it.
> >
> Some people will probably do it. But I'm sure fewer will if it's more
involved
> than just a double click.
Yes. In fact it goes from a double click to a double click plus an
additional ~3 clicks. Now, I'm well aware of the dangers of overestimating
the intelligence of the average end user, but I daresay if they can save
their word documents and find them again, they can save an attachment and
run it.
OTOH, think about it, someone seduced by a topic line of ILOVEYOU (no
spaces, all capitals) is going to let a measly 3 mouse clicks get in the way
of their quest for love ? I doubt it.
I would estimate it might have affected 5% less users, and that's being
generous.
> >>There are several possible reasons for this. Number one is nag, nag nag.
> >>It asks about every single file type every time until you tell it to
stop.
> >>Then it doesn't say anything about that file type any more. So the user
> >>got tired of it warning for harmless files like pictures and didn't
> >>believe the warning any more. It's like the boy who cried wolf. When the
> >>wolf really came no one believed him.
> >This is a good point, but the converse of the problem is maintaing a list
of
> >"safe" and "unsafe" attachments _and_ keeping said list up to date and
> >present on machines.
> >
> Some sacrifices will have to be made, of course.
Personally I believe the important sacrifices have already been made. I
doubt many of the people who were burnt the first time will allow it to
happen again. Lessons learnt hard are lessons learnt well.
> >You'll be pleased to know the betas for the newest version of office stop
> >scripts from silently running commands that do things like delete files
and
> >access your address book.
> >
> Yep, I'm pleased to know that. It would be great if it's on by default
> but possible to turn off too.
It doesn't appear to be optional in beta 2, but I must admit I haven't
looked that hard.
> >Indeed. But the point is Outlook already behaves sensibly in that it
*asks*
> >the user, with a *default* of "not execute" whether they really want to
> >execute the attachment.
> >
> What it asks it wheter or _open_ or save to disk. In case of an
> executable file, "open" is equal to "execute". In case of a text file
> "open" is equal to "view". What exactly happens when you "open" an
> attachment is for Windows to know and you to find out or guess.
> That is bad.
No, you think that because you are using the concept of programs acting on
data files. In the Windows, Mac, OS/2 etc GUIs you manipulate and execute
icons, whose behaviour is determined globally and identifiable by the icon
and/or extension.
An icon representing a word document does the same thing no matter where it
is double clicked. So does an executable file or a script. This is UI
consistency and IMHO is a Good Thing. I don't want to have to remember a
different way to do everything from every different program. That's why
Unix sucks.
In short, in Windows, "Open" doesn't mean "open in a viewer", it means
"activate this icon". What the "activation" does is determined by the file
handler.
> >>That is the core of the problem. The border between secure and insecure
> >>gets blurred. Things coming from a place as untrustable as the Internet
> >>_must_ be handled differently.
> >But not all mail comes from the internet. Indeed, in some environments a
> >_majority_ of it is probably internal.
> >
> As long as some mail comes from the internet there's a way in for nasty
> stuff. And once it's in it can spread through local mail too.
Anything that comes in from anywhere is a way in for nasty stuff.
Downloads, floppy disks, network shares etc. It's just as easy (easier, in
fact) to open Bad Things from those locations than it is from email.
> >>No. When you pipe (via Pine for example) you say _specifically_ what
> >>program
> >>is to take care of the attachment. When you doubleclick on the icon in
> >>Outlook you have _no control_ over where it goes. Unless you're an admin
> >>and have altered the registry to suit.
> >Anyone can change (their) filetype mappings in a default setup.
> >
> Anyone that knows how to. And you must know which to change to make
> it more secure.
That can be explained in about 10 lines of instructions. Or it can be
centrally distributed as a registry patch by the sysadmin.
The latter course is the one we took. Smaller networks where there isn't
really any administration would probably choose the 1/2 page of text method.
> >>The equivalent to a pipe would be Rightclick->SendTo->program
> >>Why? Because there is no default pipe. You always have to tell it where
> >>to go.
> >The point is the exact same thing could have happened if the email had
> >instructions on how to pipe out of the mailer. And probably would have.
> >
> It could have. But I think that the number of people who would have done
> that would have been smaller. I mean, you could give all sorts of
> instructions like how to save it to disk and run it from there too.
The only possible reasons I can think of that the number of people not
bitten by mailers running under Unix are a) the inconsistencies between the
programs (they all use different methods) and b) the fact the average Unix
user is a lot more cluey than the average Windows user.
> >This is also consistent with Unix's interface as well - you do have to
> >specifically tell it which programs open which files every time. In
Windows
> >you operate with files and objects, not with programs and data files.
> >
> I mailers like Pine, choosing to display an attachment will look up
> in /etc/mailcap what to run.
> A snippet:
> image/jpeg; xv '%s'; description="JPEG Image"; test=test "$DISPLAY"
> image/tiff; xv '%s'; description="TIFF Image"; test=test "$DISPLAY"
>
> It will start xv to view the image.
>
> >>>>Allright, all handing off of scritps to the *shell* should be
> >>>>disabled by default.
> >>>How do you decide what a script is ?
> >>Interesting dilemma. It would have to have some sort of table to look up
> >>in.
> >The problem is not in maintaining the table (although a separate table
for
> >each program offends my sense of good design), the problem is in
> >*maintaining* that table with "safe" and "unsafe" filetypes. And also
> >deciding what "safe" and "unsafe" filetypes are.
> >
> /etc/mailcap does that for Unix, via mime types. It works.
For suitably small values of works. It still has to be maintained. It is
inconsistent UI (which Unix types might be used to, but scares the hell out
of end users).
> >>They most likely didn't know they ran a .VBS file. The full name was
> >>ILOVEYOU.TXT.vbs. Windows hides extensions for known file types per
> >>default so it appeared as ILOVEYOU.TXT. Hey, what's dangerous about
> >>a .txt file?
> >The icon would have been different from a text file. And given that's
how a
> >person *used* operating in "hidden extensions" mode would be to
identifying
> >filetypes, it would have been no different to not having extensions
hidden
> >and noticing the .vbs.
> >
> A person used to looking at the icon to determine the file type would
> have a greater chance of spotting it, sure.
> However having an icon saying one thing and an exetension another is
> conflicting information and no good can come out of that.
The icon and the extension are dependant on each other. Either someone is
used to identifying files by the icon (extensions off) or by the icon and
the extension (extensions on).
> >>>How would you propose a mailer protect against that ?
> >>Don't run it unless specifically enabled. Or better yet, don't run it at
> >>all.
> >I was speaking of how a mailer would protect people from saving files and
> >executing them later.
> >
> Sorry. Well, there must be some way of executing trusted scripts of
> course.
Well you either need a sandbox, or you need to check the file out before you
run it. I'm not sure how easy (ie practical) it would be to implement a
sandbox for an email program on single user OSes like MacOS and Windows 9x,
however.
> And the mailer can't have any power of what happens outside it.
They don't.
> About ILOVEYOU.TXT.vbs, I'm pretty sure it appeared as ILOVEYOU.TXT in
> Outlook _also_. That would certainly in part explain the large spread
> of it.
But the icon wouldn't have looked like a txt file. So, if a person is used
to identifying a file by its icon, they would have seen something strange
and if they were used to seeing extensions they also would have seen
something strange (strange = different).
[chomp - we'll just have to agree to disagree]
------------------------------
From: Giuliano Colla <[EMAIL PROTECTED]>
Crossposted-To:
alt.destroy.microsoft,comp.os.ms-windows.advocacy,comp.os.ms-windows.nt.advocacy
Subject: Re: Spontaneously Crashing Sun Server Coverup
Date: Thu, 09 Nov 2000 12:13:41 GMT
Ayende Rahien wrote:
>
> "Giuliano Colla" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Ayende Rahien wrote:
>
> > > Tell this to ebay.com and the NDA that Sun had them sign.
> >
> > http://uptime.netcraft.com/graph/?host=www.ebay.com
>
> Downtime of ebay while using solaris?
> Downtime of ebay while using win2k?
Can't tell, I made my homework, and ebay turned out NOT to
be using Sun, which I found quite amusing, in the light of
the fierce discussion which was going on. If you can locate
relevant data we may discuss the subject further.
------------------------------
From: "Ayende Rahien" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: A Microsoft exodus!
Date: Thu, 9 Nov 2000 14:14:41 +0200
"Stefan Ohlsson" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Christopher Smith wrote:
> >If a user is dumb enough to open an attachment, they're
> >dumb enough to save it and run it.
> >
> Some people will probably do it. But I'm sure fewer will if it's more
involved
> than just a double click.
It already invovles more than a double click.
> >You'll be pleased to know the betas for the newest version of office stop
> >scripts from silently running commands that do things like delete files
and
> >access your address book.
> >
> Yep, I'm pleased to know that. It would be great if it's on by default
> but possible to turn off too.
It probably will be.
> >Indeed. But the point is Outlook already behaves sensibly in that it
*asks*
> >the user, with a *default* of "not execute" whether they really want to
> >execute the attachment.
> >
> What it asks it wheter or _open_ or save to disk. In case of an
> executable file, "open" is equal to "execute". In case of a text file
> "open" is equal to "view". What exactly happens when you "open" an
> attachment is for Windows to know and you to find out or guess.
> That is bad.
Only for someone who doesn't know windows.
In windows, open is the same for executables & files, a matter of
terminology here.
And you know what it is, you've icon & extention (or just the icon, if
you've extentions disabled)
> >Anyone can change (their) filetype mappings in a default setup.
> >
> Anyone that knows how to. And you must know which to change to make
> it more secure.
If I were the admin of a large network and was aware of this, I would've
dedicated the 15 minutes it would take me to write & distribue a file which
will fix this problem for the dumb users.
> It could have. But I think that the number of people who would have done
> that would have been smaller. I mean, you could give all sorts of
> instructions like how to save it to disk and run it from there too.
I don't agree with you here.
> It will start xv to view the image.
Good thing it didn't start netscape, a security risk.
> A person used to looking at the icon to determine the file type would
> have a greater chance of spotting it, sure.
> However having an icon saying one thing and an exetension another is
> conflicting information and no good can come out of that.
If you've extentions disable, and you see an extention, it's alarming.
If you see that it's conflicting with the file type, it should start bell
ringing.
If you've extentions enabled, you'll see the true extention as well as the
icon.
> Sorry. Well, there must be some way of executing trusted scripts of
> course. And the mailer can't have any power of what happens outside it.
> About ILOVEYOU.TXT.vbs, I'm pretty sure it appeared as ILOVEYOU.TXT in
> Outlook _also_. That would certainly in part explain the large spread
> of it.
If you have something like ILOVEU.TXT in an extention disable workstation,
it's alarming.
And most people recognize files by their icons, which is quite different
than the txt one.
> >But it's inconvenient to some. Some users who actually use VBScript a
bit
> >asked to have the association changed on their machines. We relented
> >eventually, under dire warnings of "If your stupidity fucks you up, don't
> >come crying to us".
> >
> Of course, and they chose it and know of the danger involved.
> I just think that the way you changed it at work could be the default.
> Then upon doubleclicking one would see the vbscript and go something
> like this:
> Hey this isn't a love letter, it's just gibberish/some sort of
code/vbscript!
I disagree, I use vbscripts all the time to do various automations in
various computers, requiring user input would only make my life harder.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.advocacy) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Advocacy Digest
******************************
