> Virtual consoles is a remote thing, FUS is a local thing.
I don't know what you're calling virtual consoles but they're definitely a
local thing here, the main difference is that I can log on twice with the
same user ID using virtual consoles, I can't with FUS.
> Increasing integration between Webcore and the OS is not necessarily
> going to lead to what MS did with IE and Windows.
No if Apple is very very careful. But Apple has already done
things like using Finder as the default FTP helper that indicate they're
not being careful.
> Webcore allows other
> apps to render HTML using Safari's engine.
That's good. IF the HTML engine is completely separate from ANY internet
related APIs and resources. Otherwise it's just a matter of time before
someone opens the door a little too wide...
And I'd almost rather go the other way, and take more advantage of the PDF
core in Quartz rather than introduce a new rendering model.
> I also hope they don't just patch in an AppleScript to check files,
> however there is a problem with changing the current default. The
> purpose of the current default is a user interface issue, Apple is
> trying to help the very uninformed user [read average guy] by hiding
> the compression of the file and just opening it up so that people can
> see the thing they were really meaning to download.
I don't think they should do that. I don't think they should hide archives
and compression utilities from users. It's *not* a big hurdle, and it *is*
a very dangerous hole.
> So what do we do? Well, I download a .sit file and then I open it and
> its essentially the same as if StuffIt had done it automatically.
I download a .sit and I sometimes open it right away, sometimes I set it
aside. If you want to have it automatically exploded then:
1. Set up a folder action to do it.
2. Set that folder as your download folder.
That way you have a single place where this happens and a single folder that
you have to worry about. Save files elsewhere and they don't leave timebombs
around the place. What should be the default?
"You're downloading a file for the first time. Would you like me to
set up a download directory where downloaded files will automatically
be unpacked...?"
> It is
> still a problem, but when turning off automatic options we are not
> fixing the vulnerability,
The vulnerability is not "double clicking a file runs code". The vulnerability
is "users can't be sure whether it's safe to double-click a file".
> its still there, its just not quite as
> automated, the real issue is the OS being able to tell the difference
> between a file and an application.
You can create an application called "virus.mp3" with an iTunes icon and
get the same result.
--
Unsupported OS X is sponsored by <http://lowendmac.com/>
Support Low End Mac <http://lowendmac.com/lists/support.html>
Unsupported OS X list info <http://lowendmac.com/lists/unsupported.html>
--> AOL users, remove "mailto:";
Send list messages to: <mailto:[EMAIL PROTECTED]>
To unsubscribe, email: <mailto:[EMAIL PROTECTED]>
For digest mode, email: <mailto:[EMAIL PROTECTED]>
Subscription questions: <mailto:[EMAIL PROTECTED]>
Archive <http://www.mail-archive.com/unsupportedosx%40mail.maclaunch.com/>
Using a Mac? Free email & more at Applelinks! http://www.applelinks.com
