Re: Suggestion for file type detection approach

[Geoffrey <esoteric 3times25 net>]

Olaf Fra;czyk wrote:
> On Wed, 2003-12-31 at 00:07, Geoffrey wrote:
>
> > Olaf Fra;czyk wrote:
> >
> >
> > > File sniffing does not guarantee it either. Users expect, that the
> > > action (which application is to be run) is determined by file
> > > extension.
> >
> > If you're born in a windows world, yes.  I've never expected a file 
> > extension to define a file type.  I refer again to your typical system 
> > directories: /bin /usr/bin /sbin ...
>
> This is another story (at least partially). We have executable
> permission "x" to distinguish if we have an application or data.

You're not addressing the issue.  Historically, UNIX based OS's have not 
relied on extensions for file type indicators.  You can not deny this. 
You can have the executable flag set on any file, that's not an 
indicator of file type either.

> And... most desktop users are Windows users.

So you want to proliferate a lousy solution because that's what the user 
is used to?  Is that the way we want to operate?  Should all Open Source 
and free software now emulate Microsoft solutions?

> > > The mime-type idea is a terrible thing for a normal user.
> > > They simply don't understand it.
> >
> > Stupid users does not make a solution incorrect.  That's based on your 
> > definition of a normal user, which apparently excludes most knowledgable 
> > users.
>
> If 99% users are stupid, then normal user is a stupid user. And this is
> the reality.

Who said 99% users are stupid?  That's a pretty brash statement, but 
also very wrong.  There's a huge difference between stupid and ignorant.

> And if a solution is not understood by 99% people who need to use it,
> then the solution is incorrect.

You educate people, you don't continue to reinforce ignorance.  Why 
bother doing anything if you want to reinforce the wrong solutions 
because "that's all they know?"  If you want to continue using the same 
solutions everyone is used to, regardless of whether they are a better 
solution, your job is complete, it's called Windows XP.

> > I don't believe one solution or the other will please a majority of 
> > users.  Relying on file extension has gotten windows into a lot of 
> > trouble. I prefer both solutions be offered and then let the user 
> > choose, speed and insecurity or accuracy and security..
>
> Here I agree with you. (about the ability to choose). 
> But I don't see any security problem here. The only thing that I could
> suspect is hiding of extension in Windows. But it doesn't mean that
> using extensions is dangerous. Only hiding them is dangerous.

Assuming a file is a particular type based on it's extension is a 
security issue.

--
Until later, Geoffrey	esoteric 3times25 net

Building secure systems inspite of Microsoft