[svlug] eWeek article on MS Outlook

J C Lawrence claw at kanga.nu
Mon May 15 19:07:18 PDT 2000


On Mon, 15 May 2000 20:02:12 -0700 (PDT) 
Deirdre Saoirse <deirdre at deirdre.net> wrote:

> On Mon, 15 May 2000, J C Lawrence wrote:
>> While this is not original to MS, the desktop data centric model
>> espoused my MS, OS/2, MacOS, OSX etc, which is NOT original to
>> MS, deliberately blurs the line between data files and their
>> parent/relevent applications, with one of the ideas being that
>> one may "execute" a data file to have it automagically invoke its
>> relevent application to process it.  In this context, "double
>> clicking" is analagous to "executing", with the finer
>> distinctions being lost in the more general loss of the
>> difference between content (data) and generation (application).

> You know, I disagree vehemently. I have NEVER had a word processor
> file spontaneously execute. Never.

Which was not the subject of discussion.  Rick had wandered off a
small tad into the more general area.  I quote from his message:

--<cut>--
Microsoft OSes have a concept called "opening" or "launching" 
a file, an action usually performed by double-clicking on something.  
This characterisation conceals the vital question, which the user
_should_ be concerned about, of whether one is merely viewing the 
file, or executing (running) it.
--<cut>--

The rest of his message then derived from that base point.

>> Assign the blame at the right place: the desktop data-dentric
>> model and its (bad) implementation, not specifically to MS other
>> than in its bad implementation of a Bad Idea.

> No, the problem is inadequate usage of permissions models that
> distinguish between read, write and execute. It has nothing, nada,
> zip to do with desktops.

Nope.  Given a "desktop" or whatever else you want to call it, that
allows a non-executable data file to masquerade as being an
executable via "double-clicking on it opens the relevant application
on that data file", then no, this is not directly a thing of
permissions.  At least not of file-system permissions, and arguably
not of permissions in general, tho I'll accept contention on that
point.

Once you start blurring the line, its really tough to say that data
files, _under_that_environment_ are no longer effectively
executables.

>>> And blaming MS Outlook and/or Visual BASIC Scripting ignores
>>> the real problem.
>> 
>> I silently note that KDE's and Gnome's own motions toward the
>> same data-centric model (in this case implemented via MIME types
>> IIRC) will expose the same problem under a slightly different
>> face.

> KDE and Gnome both took this idea from BeOS, which uses MIME types
> to identify files. 

Yep, I was part of that discussion when the design decision to base
of MIME types was made.

> However, like KDE/Gnome run on any Unix, only those files that
> have execute bits set CAN be executed.

> The real issue is that email attachments should be readable but
> not executable (by default).

You are missing the import of unforseen side-effects.  Consider the
following sequence:

  -- XYZ desktop environment implements the following semantic: double
click on data file in internal GUI file lister invokes application
on data file via <whatever> machanism

  -- In the pursuit of orthogonality this semantic is exposed as an
API for applications to leverage.

  -- Arbitrary MUA uses that API to allow easy launching/reading of
file attachments, leveraging the intelligence built into the desktop 
environment for MIME types, file types, etc etc whatever.

Once you're at that point, its a short route from there to a Bad
Place.  Arguably, and this is one of my contentions, once you are at
that point you are already at a Bad Place.

-- 
J C Lawrence                                 Home: claw at kanga.nu
----------(*)                              Other: coder at kanga.nu
--=| A man is as sane as he is dangerous to his environment |=--





More information about the svlug mailing list