51

By Definition, the lambda user cannot use the terminal. So, he has some trouble to install .bin file.

For example, a user want to install Google earth.
-1 : he downloads the file : GoogleEarthLinux.bin
-2 : he try to run it by double clicking on icon..
-3: he cry Ms windows is better than linux!! Because he cannot install google earth...



So, someone will answer me to use marble instead...
Another example, if the lamda user want to install Big 3d games, like quake War. This is a *.run file. He must before clicking, set the file to executable mode....

So, this problem can be resolve very easily, by set by defaut to open it in a terminal and set it on executable mode.

(Added after: Someone don't understand my message. I didn't say to set rwx executable by default. I m saying launch an executable by clicking... means with window Root password asking )

I m waiting for your suggestion.

No, this is a BAD, BAD idea - making binaries executable by default completely defeats the purpose of the executable bit. This allows for all sorts of bad things to happen. For example, you download a some file which gets interpreted as an executable and it deletes all your files in your home directory - just because you (maybe even accidentally) click it. (Haven't we ever seen that before?)

So no, foreign executable files should never ever be executed without a user specifically wanting to execute them.

So, then a window can appear with the message :
" Would you like to execute this binary file ? " , the press OK, and install.

I know this is a security problem, but it's very important to create a feature for do that... A lot of new linux user want it.

I can easily create a window like that :

https://gbs.brainhoney.com/resource/59288/web/Images/GoCoursePlayerDownload.jpg

this is a mokup!

The problem is that user get used to clicking through such windows without thinking.

I would say that what is needed is pop-up telling the user what to do: set the file property to executable.

dridk wrote:I know this is a security problem, but it's very important to create a feature for do that... A lot of new linux user want it.

I'm sure many a new Linux user would want it,but I don't think sacrificing security for ease-of-use is the best way of accomplishing that. I'm not sure what the best approach would be, but I'm quite sure this isn't it.

Actually, I wouldn't be surprised if Microsoft in some ways regrets how easy it is to create stand-alone installers. Does it make it easier for the end-user? Yes, in the short-term. In the long-term, it's not as clear-cut. Stand-alone installers are far too easy to exploit, and unless you're very experienced it's near impossible to tell what the .run or .bin file will attempt to do to your system. What if it installs a trojan? Or overwrites files other programs rely on?

drldk: This mockup is quite bad, because it contains irrelevant data that confuse many users, but zero information about why the user is asked for confirmation at all. Look at the dialog that comes up when you try to execute a .desktop file without executable flag.

James Tyrer wrote:The problem is that user get used to clicking through such windows without thinking.

I would say that what is needed is pop-up telling the user what to do: set the file property to executable.

This defeats the original purpose: having an easy way to execute downloaded binaries. A possible solution would to disable the "Run" button for some seconds, forcing the user to read the message. (This is how Firefox implements its "Install addon" dialog.)

Another way is to include some question that can only be answered if the user has read the message or at least knows what the message was. Like:

This file has been downloaded from the internet. Bla bla bla security issue yada yada yada. Continue?

-> Yes
-> No

When the user clicks "Yes", another dialog comes up:

What did the last dialog ask for?

-> Permission to starting a downloaded application.
-> Update the system before starting an application.
-> Confirmation to delete this file.
-> I'm not sure, let me view the dialog again.

Admittedly, I prefer the first way (disabling the "Run" button temporarily) because the second way feels like patronizing.

I will implement it like that.

The *proper* way to do it is to make the appropriate binary for as many distro's as possible, even if it means re-formatting the binary format so that it is possible to make it run an embedded .run or .bin file. This way, the file format is consistent (.deb, .rpm etc.) and is handled in a consistent way, depending on your distribution (E.G. Aptitude installer on Kubuntu).

The *proper* way to do it is to make the appropriate binary for as many distro's as possible, even if it means re-formatting the binary format so that it is possible to make it run an embedded .run or .bin file. This way, the file format is consistent (.deb, .rpm etc.) and is handled in a consistent way, depending on your distribution (E.G. Aptitude installer on Kubuntu).

Alec wrote:No, this is a BAD, BAD idea - making binaries executable by default completely defeats the purpose of the executable bit. This allows for all sorts of bad things to happen. For example, you download a some file which gets interpreted as an executable and it deletes all your files in your home directory - just because you (maybe even accidentally) click it. (Haven't we ever seen that before?)

So no, foreign executable files should never ever be executed without a user specifically wanting to execute them.

Yeah, let's look at the issue and decide to do nothing so we never get a more usable desktop again !

There is no NEED to make executable files executable by default so to make they're usage easy.
You mean when a lambda user download a bin or a run and can't use it (because it's not executable), he just has to get back to whatever is the OS he used to use ?

There IS a problem, but the solution is just a little more complicate than making executable every file by default.
When you are face to a binary file, you click and what should happen ? If the file is executable, it just run. If it doesn't, you get a dialog asking you if you want to make it executable (warning you that a binary file may be some kind of malware).

James Tyrer wrote:The problem is that user get used to clicking through such windows without thinking.

I would say that what is needed is pop-up telling the user what to do: set the file property to executable.

Then you make the "Run" button unavailable for some seconds, so the user has to read the dialog.

__
The run files should also be opened with a terminal by default, don't you think ?

So I m agree with you, I know this is stupid to set as default the execution.
So, I made a small programm : kexec. It's a dialog widget.
Here the video : http://thecorpo.fr/sacha/out-21.ogv
I will add a comboBox with select user.

What do you suggest as title ? Message ? File Information ?
I will post it a soon as possible in kde-apps and playground.

Nice! I have also thought about a different thing - installing plasmoids. Right now I use a script to build and install them, what do you guys think about a script that clicked once with a mouse would display a window showing the progress of cmake building, and then asks for password when it comes to "sudo make install" ?

In most cases user wants to click-n-run situations, is on testing habits. Linux has a very good multi-user system, so i think it would the best, if such "runner" would do:

*a give user a link about security issues
*b let the user run this file AS a *SandBox* user

SandBox user - has no access to any data except in its own home dir. A ~/SandBox dir would be created as alias for SandBox home dir (to pass data to that app)

This way is harmless, since it can't access any user data, unless manually put on ~/SandBox, easy to remove, and perfect for testing and basic usage.