• iiGxC@slrpnk.net
    link
    fedilink
    arrow-up
    28
    ·
    8 months ago

    At a conference recently, one person accidentally sent the organizer a pdf of their presentation with their notes underneath each slide, instead of the presentation itself, but it was super confusing because the file was “presentation.pptx.pdf” which of course got displayed by windows as “presentation.pptx”. The person who decided to hide extensions by default must be so proud of pulling off such a wide reaching prank

  • MonkderDritte@feddit.de
    link
    fedilink
    arrow-up
    27
    ·
    8 months ago

    Never understood why Windows’ explorer hides extension by default. Does MS fear it would confuse their users?

    • TrickDacy@lemmy.world
      link
      fedilink
      arrow-up
      22
      arrow-down
      1
      ·
      8 months ago

      Yes, they think their users will be confused by and accidentally remove extensions. To be fair that might happen sometimes but it’s nowhere near worth it

      • marcos@lemmy.world
        link
        fedilink
        arrow-up
        12
        ·
        8 months ago

        They already have a confirmation box when you try to change the extension. And could just as easily move it into another column where it’s harder to change (explorer was like this once, a long time ago).

        And yet, they keep hiding the on the rationale that it confuses the users. The most common thing on explorer is some user being confused because they can’t understand what clicking on a file is supposed to do, but that’s not an argument for showing them…

        So, yeah, that’s the surface-level explanation. But there’s a deeper reason.

        • Almrond@lemmy.world
          link
          fedilink
          arrow-up
          9
          ·
          8 months ago

          You seriously underestimate the stupidity of 80% of windows users. They could put multiple warnings and people would still click past them without reading then bitch to their IT team when they break something.

        • Ace! _SL/S@ani.social
          link
          fedilink
          arrow-up
          1
          ·
          8 months ago

          They already have a confirmation box when you try to change the extension

          I think you overestimate the average users willingness to read anything. Only thing they know is how to bitch about things not working even when they were told exactly why it’s not working/what they did (wrong)

          • towerful@programming.dev
            link
            fedilink
            arrow-up
            4
            ·
            8 months ago

            Classic ticket.
            “It’s broken, it doesn’t work”,
            “what happened?”,
            “I ran it like the instructions said, and it didn’t do anything”,
            “was there an error message?”,
            “I don’t know. Something popped up, but it was in the way so I closed it”,
            “Do it again, don’t close the error message, and tell me what it says”

            • GreyEyedGhost@lemmy.ca
              link
              fedilink
              arrow-up
              3
              ·
              8 months ago

              Or my mom.

              Me: Don’t just click OK without reading the message first.

              Mom: Don’t click OK. Got it.

      • MonkderDritte@feddit.de
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        8 months ago

        Ah, right, in the context that Windows determines filetype only on extension.

        Btw, there’s a bunch of mimeopen implementations for Linux. Is there something like that for Windows too?

        • TrickDacy@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          8 months ago

          I don’t think that anything like that exists in Windows. Generally that’s my least issue with windows honestly. It’s a POS on so many levels

      • Felix@lemmy.ml
        link
        fedilink
        arrow-up
        2
        ·
        8 months ago

        Iirc there’s a massive warning popping up saying it might fuck the file

    • Wilker@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      1
      ·
      8 months ago

      worry about users not being able to open files after renaming them since you can also edit those extensions via text, and people aren’t taught about file association.

  • rtxn@lemmy.worldM
    link
    fedilink
    English
    arrow-up
    20
    ·
    8 months ago

    What do you mean? linkin_park_-_numb.mp3 clearly has an extension, it’s all the other files that don’t!

  • DrGunjah@lemmy.world
    link
    fedilink
    arrow-up
    14
    ·
    8 months ago

    It’s not like I want to defend windows, but If it needs admin permission you usually can’t start it without confirmation.

    • r00ty@kbin.life
      link
      fedilink
      arrow-up
      25
      ·
      8 months ago

      Here’s the problem. So many legitimate things need elevation, and often multiple times in a single install. Guess what most Windows users do, when they see an elevation prompt. What do you reckon?

      • DrGunjah@lemmy.world
        link
        fedilink
        arrow-up
        7
        ·
        8 months ago

        Honestly I don’t think it’s that bad. I have to use sudo just as often on linux as I have to accept the elevation box on win. Win11 has some serious issues but UAC is harmless.

        • r00ty@kbin.life
          link
          fedilink
          arrow-up
          4
          ·
          8 months ago

          Sudo is very different. You need to explicity enter your password. It may be cached for a short time and I’d argue that’s actually better.

          If I’m installing something, it asks for my password once but can then raise to root multiple times that’s fine.

          If I’m installing something and it asks for elevation three times, for example it needs to Install multiple drivers. It generates an automatic click when installing for many unexperienced users. It’s dangerous imo.

          It can’t really be compared to Sudo.

          • glitchdx@lemmy.world
            link
            fedilink
            arrow-up
            5
            ·
            8 months ago

            Sudo is just clicking “ok” with extra steps, thus making adding and removing programs more annoying, thus meaning the common user will probably just be logged in as root all the time. I challenge you to change my mind.

            • Burninator05@lemmy.world
              link
              fedilink
              arrow-up
              2
              ·
              8 months ago

              As a Linux beginner who has a couple of false starts into it being my daily driver I’ll say that there are two stumbling blocks left for me. Permissions “issues” is the bigger problem and some programs not being as fleshed out is the other.

            • Sonotsugipaa@lemmy.dbzer0.com
              link
              fedilink
              English
              arrow-up
              2
              ·
              8 months ago

              That’s exactely what happened in my mind when I was getting started with Linux (kind of), although it’s arguably a habit that comes from using Windows where people don’t really think about OS users and permissions

          • DrGunjah@lemmy.world
            link
            fedilink
            arrow-up
            3
            ·
            8 months ago

            So you think a person that would turn off UAC wouldn’t just put NOPASSWD in the sudoers? I doubt that. And even if they had to enter their pwd… Wouldn’t that just be annoying for the casual user instead of increasing security? I doubt they would be like “Oh I have to enter my pwd now, that really makes me think twice about whatever I was going to do with sudo.”

        • r00ty@kbin.life
          link
          fedilink
          arrow-up
          10
          ·
          8 months ago

          I feel like there’s a lot of misunderstanding about what I’m trying to say.

          I’m saying the average windows user will begin to get fatigue when some installers ask for elevation 3 times (maybe more). They’ll end up just pavlovian clicking OK whenever that prompt appears. Which ends up circumventing the whole reason the prompt exists.

        • deaf_fish@lemm.ee
          link
          fedilink
          arrow-up
          6
          ·
          8 months ago

          I don’t know. Not everyone who uses a computer should be an expert. Not everyone is 100% alert all the time. I know there has to be a line somewhere.

          I feel like it would be really easy to have the OS check if the exe is appended to some other extension and force the user to rename it before allowing it to be executed.

          • Captain Aggravated@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            3
            ·
            8 months ago

            There has to be a level of “competently trained user” in there we can strive for. I think we were getting there about the time I was in high school circa 2003, where every last one of us could format an MLA essay in MS Word and do an autosum in Excel.

            Something that put me off of Microsoft products for a decade before I switched to Linux was their constant rearranging of the UI, requiring users to re-learn how to do basic tasks that worked just fine.

      • brygphilomena@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        8 months ago

        Often they don’t. If more granular permissions were to be used. Hklm/programdata needing admin to do anything in it for example. Putting permissions on hklm/software/package to write is enough to make a lot of software work without opening up the whole system.

    • ExfilBravo@lemmy.world
      link
      fedilink
      arrow-up
      4
      arrow-down
      1
      ·
      8 months ago

      Everyone knows most people turn UAC completely off after it nags them for the 10th time and they get frustrated and dump it.

      • lightnegative@lemmy.world
        link
        fedilink
        arrow-up
        4
        ·
        8 months ago

        I turn UAC off before it nags me for the 10th time.

        The only nag I want to see is the one right before it gets turned off.

        I hate things that just throw up nag screens that users get desensitized to and just click through anyway. It hasn’t increased security at all.

        Looking at you “do you trust the authors of the code in this workspace folder” VSCode. Yes I effing do, that’s why I opened it to begin with!

        • DrGunjah@lemmy.world
          link
          fedilink
          arrow-up
          0
          ·
          8 months ago

          Fair enough but then you shouldn’t complain about the lack of confirmation (like the meme does)

          • Eager Eagle@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            8 months ago

            It’s still a valid complain, but the problem is not exactly the presence or absence of a confirmation IMO, it’s a deeper matter.

            What causes user desensitization (I guess that’s a word) is a direct result of how Windows users traditionally install software - from untrusted sources or by downloading them directly from a vendor’s website then manually installing it.

            UAC would be just fine if it was a rare thing to see, but because of this “download a .exe > double click > install” flow users see it all the time, which defeats the purpose of the warning. It became just another half-measure Windows has implemented.

            • Buddahriffic@lemmy.world
              link
              fedilink
              arrow-up
              2
              ·
              8 months ago

              And it’s unhelpful because it doesn’t give any details about what it wants to do with that admin access and also treats permission for one action as permission for all actions (not that you can tell what they first action you’re permitting is).

              I like the way android does it, where you can grant or revoke special permissions by category of action.

              Though the system I’d like to see is one where each program is sandboxed and then even you close the program (or it prompts for an elevation), then you get a list of system differences between the sandbox and your system and can choose whether and which changes to push from the sandbox env into the main env. Or to combine sandboxes so that programs can interact with each other.

      • DrGunjah@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        8 months ago

        Yeah maybe, but if that exact same people would use linux they would sudo or 777 everything which wouldn’t be much better security wise

        • ulterno@lemmy.kde.social
          link
          fedilink
          English
          arrow-up
          2
          ·
          8 months ago

          Let me introduce you to a plethora of industry RedHat users who log into GUI as root for 8 whole hours, everyday.

          • letsgo@lemm.ee
            link
            fedilink
            arrow-up
            1
            arrow-down
            1
            ·
            8 months ago

            Sure but if you’re doing rooty stuff all day then sudo you’re sudo not sudo going sudo to sudo type sudo sudo sudo every sudo fucking sudo time sudo you sudo want sudo to sudo do sudo something. And yeah it sudo caches it for sudo a bit but sudo it’s still too sudo much.

            • ulterno@lemmy.kde.social
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              8 months ago

              #: I’m just going to write some memos in WPS Office and send it to the networked ftp server running on Binbos. Oh and while I’m at it, I’ll just ssh into a few other computers as root, using Nautilus (as root of course) and keep them all open until I shutdown, just because I want to copy their docx files.

  • magic_lobster_party@kbin.run
    link
    fedilink
    arrow-up
    13
    ·
    8 months ago

    One time I struggled debugging a program on a clean Windows machine. For some reason it seemed like it couldn’t find a JSON file that’s obviously in the system. I could even open the file on my own and view its contents.

    Turns out after much frustration that the file was actually a json.txt file. I didn’t notice because the extension was hidden, so I only saw .json and thought it was fine.

  • PerogiBoi@lemmy.ca
    link
    fedilink
    arrow-up
    11
    arrow-down
    1
    ·
    8 months ago

    The OS designed to prime the population into bad cyber security practices so they are more easily able to exploit and scam later on.

    takes off tinfoil hat

    • Sanctus@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      8 months ago

      You have a point though. Why hide file types by default unless you believe the users are too dumb to ever learn what a few letters mean.

        • ZILtoid1991@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          8 months ago

          I’ve seen people deleting those ugly *.exes and *.mp3s from their files. Hopefully they learned to not to, but I’ve heard cases who didn’t.

        • Sanctus@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          8 months ago

          If they’re that dumb leave the extensions on and let their eyes glaze over it like they would anyway. Hiding the extensions doesn’t seem beneficial in any way.

          • RidcullyTheBrown@lemmy.world
            link
            fedilink
            arrow-up
            3
            ·
            8 months ago

            if you designed the system so that the extension is part of the functionality, then you have to hide it away so that your users don’t accidentally delete or modify the extension thus rendering their files useless (within said system)

            it’s a fundamental shell design flaw: one should never allow users to modify data critical to functionality. And it’s not something that can be changed because almost all applications depend on this

  • abcd@feddit.de
    link
    fedilink
    arrow-up
    7
    ·
    8 months ago

    You can’t imagine how much I hate this setting. A couple of weeks ago I helped a guy install some specific software on a windows machine provided by the customer. It’s like one exe with a config file. Pretty basic. My instructions were:

    1. Copy the exe to a specific path
    2. Create a new text file in the same path and copy paste this provided text into the file
    3. Rename file to abc.xml

    The exe was throwing errors because of the missing config file. Of course the filename was abc.xml.txt 💩

    • GreyEyedGhost@lemmy.ca
      link
      fedilink
      arrow-up
      6
      ·
      8 months ago

      This is part of what helped the I love you virus to spread. Not too many idiots would open a file titled ILoveYou.txt.vbs, but even some smarter people will turn their brains off if they get a file titled ILoveYou.txt, possibly even me, except the first thing I do with a new computer is unhide file extensions.

    • Honytawk@lemmy.zip
      link
      fedilink
      arrow-up
      4
      ·
      8 months ago

      That setting is one of the first things I change on any Windows I get my hands on.

      It is all around dumb.

  • Evil_incarnate@lemm.ee
    link
    fedilink
    English
    arrow-up
    5
    ·
    8 months ago

    Just hijacking a discussion about security. I would think that Linux users would be more security conscious. But I found in my buildings trash a bunch of HDDs, some 1TB and a 5TB, so I took them to see if they were ok (and recycle properly if not).

    All ext4 formatted and with lots of personally identifiable information including emails and photos and stuff.

    The previous owner was an early Linux dev, wrote stuff that is still in the kernel. Yet unencrypted drives just thrown in the trash.

    I’ve cleared the drives and now use them for myself, after I searched for a wallet.dat file.

    • mac@infosec.pub
      link
      fedilink
      arrow-up
      1
      ·
      8 months ago

      Maybe he knew none of the information could harm him if someone got hold of it?

      • Evil_incarnate@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        ·
        8 months ago

        I could have brute forced his password, there were SSH keys to various servers, I probably could have done something to him.

        • Crozekiel@lemmy.zip
          link
          fedilink
          English
          arrow-up
          4
          ·
          8 months ago

          Possible they passed away suddenly and a tech-illiterate family member threw them out while cleaning out their place. Not great there was no encryption but people often overlook making plans for their eventual death, we mostly just don’t like to think about it.

  • ZILtoid1991@lemmy.world
    link
    fedilink
    arrow-up
    5
    ·
    8 months ago

    Noob question: Could someone make e.g. an executable linkin park - numb.mp3 file on Linux by giving it execute permissions? Probably not by downloading, but by replacing the file with a duped one.

    Also the .mp3.exe trick and the likes could be easily detected by any security software easily, like Windows Defender.

    • deaf_fish@lemm.ee
      link
      fedilink
      arrow-up
      8
      ·
      8 months ago

      Yes, any file that is marked as executable can be “run”. 9 times out of 10 the user has to do this explicitly.

  • Godnroc@lemmy.world
    link
    fedilink
    arrow-up
    2
    ·
    8 months ago

    I’m literally trying to get into Linux and one of the first things was installing software, which involves copying and running random bits of code from whatever website has the highest search result. I would say a lot of software is running code you have no idea what it does.

      • szczuroarturo@programming.dev
        link
        fedilink
        arrow-up
        3
        ·
        8 months ago

        He has a point tho. The amount of copy pasting random shit from the internet into the console is way too comon if you go down the rabbit hole on some issues with the system and find a solution on some abandoned by god itself linux forum. To be fair its usualy just a comand that does shit for you in 5 seconds so you dont have to use gui buuut it does happen and i can tell what this stuff does but the average user likley dosent . Alghtough it might be less common today. Its been quite a long time since i last broke my system.

        • Phrodo_00@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          8 months ago

          I mean, I never do that without downloading the script and reading it. I also read makepkg files. It doesn’t take that much to validate these things

          • gears@sh.itjust.works
            link
            fedilink
            arrow-up
            2
            ·
            8 months ago

            He wasn’t say you personally do it. He even said that he knows what the commands do, most of the time, but that the average person does not. Especially beginners to Linux, who are more prone to break their system and be on forum rabbit holes to try and fix it.

      • Godnroc@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        8 months ago

        In much the way I am aware of the Windows store: I avoid it and work to get the software directly from the source. I regularly run into the issue of software not being there or being of unknown version.

        Perhaps that is some bias from Windows following me over.

        • Zink@programming.dev
          link
          fedilink
          arrow-up
          3
          ·
          8 months ago

          Ok but imagine if Microsoft got altruistic and made the Windows store to be as helpful as possible and not as a marketing or user control scheme. That’s the package manager in Linux.

        • Transient Punk@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          3
          ·
          8 months ago

          That is definitely your Windows bias haunting you. Package managers are the way to get software on your Linux distro. Going straight to the source has it’s place, but for 95% of use cases, you should be using your package manager.

        • irmoz@reddthat.com
          link
          fedilink
          arrow-up
          2
          ·
          8 months ago

          In much the way I am aware of the Windows store: I avoid it and work to get the software directly from the source.

          That is not the way things work on Linux - the repos essentially are the source. It is intended for apps to be packaged and distributed through official repos precisely to avoid the issues you listed, which are more often issues of downloading from sites. Package managers take care of incompatible versions and conflicts. That’s definitely a Windows bias my friend :P

        • prunerye@slrpnk.net
          link
          fedilink
          arrow-up
          1
          ·
          8 months ago

          Wait, are you setting up PPAs? If you’re using a user-friendly distro, either flathub should be enabled by default or the AUR is easily accessible with pamac or the chaotic-AUR. If software availability is a problem, I don’t know what to tell you; I think you started with a more difficult distribution than you intended to. PPAs suck.

    • smileyhead@discuss.tchncs.deOP
      link
      fedilink
      arrow-up
      3
      ·
      8 months ago

      Those are just tutorials showing how to install something. Typing flatpak install firefox is one and the same as going into the app store, searching for Firefox and clicking “install”. Tutorial websites would just show terminal as it’s more universal.
      If they ask you to actually download some file there is something very wrong.

      I often see people overwhelmed by universality of some things. Instead of searching “How to install Firefox on Linux?” what should be learned is “How to install software on Linux?” and, unless met with something badly ported, never do the search again.

      But what my meme is about is Windows-only style of having some file and by default having no idea if that’s going to run in some program or be a program.

      • ego@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        1
        ·
        8 months ago

        While I totally agree with you about package managers, I still run into a lot of apps that the only install option is a .deb downloaded from a webpage. Which is comparable to running a .exe on windows.

        • dan@upvote.au
          link
          fedilink
          arrow-up
          1
          ·
          8 months ago

          is a .deb downloaded from a webpage

          deb-get is useful for these.

          I hate directly installing Debian packages because I forget to update them (since apt won’t update them). I usually either use deb-get or create my own repo for the app using Aptly.

    • TheRedSpade@lemmy.world
      link
      fedilink
      arrow-up
      2
      arrow-down
      2
      ·
      8 months ago

      Installing software on Linux almost never involves “copying and running random bits of code” unless you have a need for some really obscure program. Learn how to use your distribution’s package manager.

      • RidcullyTheBrown@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        8 months ago

        if we’re being fair, it did involve a lot of that historically. Package managers weren’t always around and even after they became established, there was still a lot of fiddling with bad drivers and various distributions had policies which didn’t allow certain software with certain licenses to be setup through their package repository and so on and so forth. Sure nowadays this is less of an issue, but then windows security is also much better than it used to be. People here seem to want to compare the latest Ubuntu to windows 98

      • Billiam@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        8 months ago

        Learn how to use your distribution’s package manager.

        Also

        sudo apt update

        sudo apt upgrade

        covers what, about 60% of Linux desktops?

        • dan@upvote.au
          link
          fedilink
          arrow-up
          2
          ·
          edit-2
          8 months ago

          And sudo apt full-upgrade when a new OS version is available.

          full-upgrade is the same as upgrade except it’ll remove old packages if required. (e.g. programs that don’t support the new version and hold back the upgrade due to old dependencies). When upgrading Debian to a new release, I usually first run upgrade, then run full-upgrade and read the output very carefully before continuing.