 |
|
|
|
|
|
| |
| |
|
|
From: Jim Henderson
Subject: Re: The really annoying thing about Vista's UAC...
Date: 6 Mar 2009 01:36:33
Message: <49b0c471$1@news.povray.org>
|
|
|
| |
| |
|
|
On Thu, 05 Mar 2009 15:36:13 -0800, Darren New wrote:
>> I think that's a little different than the scenario that was discussed,
>> though - "I'm going to ask you for permission, OK?", followed by "I'm
>> asking you for permission" is a little confusing.
>
> I suppose. It's the same sequence of events as the Unix mechanism,
> except the Unix mechanism doesn't give you the same kind of prompt. It
> makes you start over, instead.
Well, not really. The Unix mechanism is saying "you tried to do
something that you don't have permission to do". Then the user tries
with elevated privs.
The Unix mechanism isn't saying "I'm going to ask for permission to do
this".
For example, if I run yast2 -i on my openSUSE box, it's going to prompt
me using gnomesu or kdesu for the root password (and the dialog explicity
says "root privileges are needed to perform this action"). It doesn't
try with lower privs (unless I type too quickly, I need to file a bug on
that) and then say "hey, I need to ask you for permission to do this,
back in a second" and then a dialog prompts me.
>> It would be better for the second prompt to just explain about it
>> rather than have an additional prompt.
>
> Maybe. On the other hand, this way they can make the code small and
> clean, without having (perhaps) a problem with getting to the help file
> and so on. I.e., if you made it so the prompt could tell you everything
> you needed to know, it might wind up needing things that only the
> unprivileged session can get to anyway.
>
> I'm not saying it's the best way to do it. I'm just saying it's not as
> bad as people make it out to be, because such a warning is actually more
> consistent than randomly popping up a box asking for the admin password.
Well, heaven forbid we train users on how to do things and what things
mean. ;-)
Seriously, sometimes it's a wonder that they ever figure out how to use a
word processor or spreadsheet. The apps don't need to treat them like
idiots, there's no reason for the OS to do so either.
My mom - who has been kinda the "poster child" for this type of thing for
me - was easily trained on how to know when it was appropriate to accept
an outbound connection when her firewall app (the name of which escapes
me at the moment) asks if the app should be allowed to do this or not.
She's in her 70's and not the most computer literate person on the planet
- prior to getting a PC, the most she did with a computer was play Pac
Man on it. Seriously.
>> The better design would be for the prompt to tell you at the time it
>> comes up, not to warn you "I'm going to prompt you in a second for
>> permission for this".
>
> Why would that be better? I think I've already explained why the
> two-prompt is better. I think your mechanism is only better if you're a
> nerd and you already know when you're doing something that's going to
> trigger the prompt.
Well, I disagree.
> Explain to someone who doesn't understand computers how to tell when
> it's OK to answer yes to the prompt.
As noted above, have done so. It's not rocket science.
Jim
Post a reply to this message
|
|
| |
| |
|
|
From: Darren New
Subject: Re: The really annoying thing about Vista's UAC...
Date: 6 Mar 2009 12:10:32
Message: <49b15908@news.povray.org>
|
|
|
| |
| |
|
|
Jim Henderson wrote:
> Well, not really. The Unix mechanism is saying "you tried to do
> something that you don't have permission to do". Then the user tries
> with elevated privs.
>
> The Unix mechanism isn't saying "I'm going to ask for permission to do
> this".
Sure. Now write a version of the UNIX "rm" command that asks you for the
admin prompt if it fails.
> For example, if I run yast2 -i on my openSUSE box, it's going to prompt
> me using gnomesu or kdesu for the root password (and the dialog explicity
> says "root privileges are needed to perform this action").
Right. That's like clicking on a link with a shield icon, under Vista.
> It doesn't try with lower privs (unless I type too quickly, I need to file a bug on
> that) and then say "hey, I need to ask you for permission to do this,
> back in a second" and then a dialog prompts me.
The things that UAC prompts twice for are the things it tries to do that may
or may not work without elevation. Like, say, creating a file in a
write-protected directory - you can't tell if that's going to work before
you try it, so you try it without privilege, and if it fails, it says "Say,
do you want to try that with privilege?" And if you say yes, it prompts for
the password.
If you're just (say) trying to modify firewall settings, there's no prompt
beforehand saying "I'm going to prompt you for this." If it knows it needs
escalation before it tries, it doesn't tell you it's going to ask first.
> Well, heaven forbid we train users on how to do things and what things
> mean. ;-)
Clearly it doesn't work, tho. Otherwise, Windows would be as free of viri as
Linux is. Users use admin accounts for everyday work, run random executables
mailed to them by people they don't know, and so on. That's just the reality
of it.
> Seriously, sometimes it's a wonder that they ever figure out how to use a
> word processor or spreadsheet. The apps don't need to treat them like
> idiots, there's no reason for the OS to do so either.
They aren't idiots. They just don't know enough about computers to know why
some random application would be asking them for permission to do something.
>> Explain to someone who doesn't understand computers how to tell when
>> it's OK to answer yes to the prompt.
>
> As noted above, have done so. It's not rocket science.
No, you claimed you taught your mom how to know when it's OK to let a
program communicate outbound. I'm not sure how that relates to anything, nor
did you tell me what you told her.
--
Darren New, San Diego CA, USA (PST)
My fortune cookie said, "You will soon be
unable to read this, even at arm's length."
Post a reply to this message
|
|
| |
| |
|
|
From: Darren New
Subject: Re: The really annoying thing about Vista's UAC...
Date: 6 Mar 2009 12:23:23
Message: <49b15c0b$1@news.povray.org>
|
|
|
| |
| |
|
|
Chris Cason wrote:
> And here's a perfect example: try to create a new folder in "Program Files"
> using windows explorer. You will get a UAC prompt to create the folder. Fair
> enough. But the folder is called "New Folder" ... and very few people will leave
> it named that. Yet renaming it immediately invokes another UAC prompt.
Explorer is dumb here. That's not the UAC's fault.
> The *smart* thing for Microsoft to do would be to not actually create the folder
> until you've specified what name you want for it (and allowing 'New Folder' as
> default if you don't care), or at a minimum allow the account that created the
> folder the right to rename it also ... yet they don't.
Yes. They could just hold onto the privilege token for five minutes (just
like sudo does) and reuse it if they have another operation involving the
same folder, for example.
> The reason? I don't think it's because they're dumb, I think it's because they
> just don't care. After all, it's not their time being wasted.
Could be that. Could be that they're rushed.
> NB I hear this is fixed in Windows 7, though in what way I don't know.
In a worse way, unfortunately. In a broken-security kind of way. MS
apparently doesn't want to take the time to code it up right, which is a
shame, because you'd think that's exactly the sort of thing where they could
make a library that says "here's how you do it right" and everyone would be
happy.
--
Darren New, San Diego CA, USA (PST)
My fortune cookie said, "You will soon be
unable to read this, even at arm's length."
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 5 Mar 2009 16:15:15 -0500, Jim Henderson <nos### [at] nospam com> wrote:
>On Thu, 05 Mar 2009 13:15:59 -0600, Mike Raiford wrote:
>
>> Jim Henderson wrote:
>>
>>> 1. Click on "Exit"
>>> 2. "Are you sure?"
>>> 3. Yes
>>> 4. "You're going to be exiting. Are you sure that you really want to
>>> do this?"
>>> 5. Yes
>>> 6. "We're going to ask you one more time. Really sure you want to do
>>> this?"
>>> 7. YES!
>>> 8. "Sorry, your request can't be processed at this time."
>>
>> I'm sorry, Dave. I can't let you do that.
>
>LOL
Daisy Daisy, Give me your answer do!
--
Regards
Stephen
Post a reply to this message
|
|
| |
| |
|
|
From: Jim Henderson
Subject: Re: The really annoying thing about Vista's UAC...
Date: 6 Mar 2009 16:40:48
Message: <49b19860$1@news.povray.org>
|
|
|
| |
| |
|
|
On Fri, 06 Mar 2009 17:25:42 +0000, Stephen wrote:
>>LOL
>
> Daisy Daisy, Give me your answer do!
Are you saying you're half crazy? ;-)
Jim
Post a reply to this message
|
|
| |
| |
|
|
From: Jim Henderson
Subject: Re: The really annoying thing about Vista's UAC...
Date: 6 Mar 2009 16:48:00
Message: <49b19a10$1@news.povray.org>
|
|
|
| |
| |
|
|
On Fri, 06 Mar 2009 09:23:21 -0800, Darren New wrote:
> Chris Cason wrote:
>> And here's a perfect example: try to create a new folder in "Program
>> Files" using windows explorer. You will get a UAC prompt to create the
>> folder. Fair enough. But the folder is called "New Folder" ... and very
>> few people will leave it named that. Yet renaming it immediately
>> invokes another UAC prompt.
>
> Explorer is dumb here. That's not the UAC's fault.
Microsoft wrote Explorer. Microsoft wrote UAC.
I leave the rest of my comment as an exercise for the reader. ;-)
Jim
Post a reply to this message
|
|
| |
| |
|
|
From: Darren New
Subject: Re: The really annoying thing about Vista's UAC...
Date: 6 Mar 2009 19:12:46
Message: <49b1bbfe@news.povray.org>
|
|
|
| |
| |
|
|
Jim Henderson wrote:
> Microsoft wrote Explorer. Microsoft wrote UAC.
> I leave the rest of my comment as an exercise for the reader. ;-)
Sure. I was just pointing out that *you* could do better in *your* programs.
--
Darren New, San Diego CA, USA (PST)
My fortune cookie said, "You will soon be
unable to read this, even at arm's length."
Post a reply to this message
|
|
| |
| |
|
|
From: Jim Henderson
Subject: Re: The really annoying thing about Vista's UAC...
Date: 6 Mar 2009 22:37:55
Message: <49b1ec13$1@news.povray.org>
|
|
|
| |
| |
|
|
On Fri, 06 Mar 2009 16:12:42 -0800, Darren New wrote:
> Jim Henderson wrote:
>> Microsoft wrote Explorer. Microsoft wrote UAC. I leave the rest of my
>> comment as an exercise for the reader. ;-)
>
> Sure. I was just pointing out that *you* could do better in *your*
> programs.
Just because others don't do a good job is no excuse for MS doing a poor
job. Like it or not, they are the market leader, they should be setting
a good example. (I learn said "setting an example", but they do that
already - they set a poor example)
Jim
Post a reply to this message
|
|
| |
| |
|
|
From: Darren New
Subject: Re: The really annoying thing about Vista's UAC...
Date: 7 Mar 2009 00:03:57
Message: <49b2003d$1@news.povray.org>
|
|
|
| |
| |
|
|
Jim Henderson wrote:
> On Fri, 06 Mar 2009 16:12:42 -0800, Darren New wrote:
>
>> Jim Henderson wrote:
>>> Microsoft wrote Explorer. Microsoft wrote UAC. I leave the rest of my
>>> comment as an exercise for the reader. ;-)
>> Sure. I was just pointing out that *you* could do better in *your*
>> programs.
>
> Just because others don't do a good job is no excuse for MS doing a poor
> job.
I quote myself: "Explorer is dumb here."
In what way is that saying MS didn't do a poor job?
--
Darren New, San Diego CA, USA (PST)
My fortune cookie said, "You will soon be
unable to read this, even at arm's length."
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 6 Mar 2009 16:40:48 -0500, Jim Henderson <nos### [at] nospamcom> wrote:
>On Fri, 06 Mar 2009 17:25:42 +0000, Stephen wrote:
>
>
>>>LOL
>>
>> Daisy Daisy, Give me your answer do!
>
>Are you saying you're half crazy? ;-)
>
If only ;)
--
Regards
Stephen
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
|
|
