 |
|
|
|
|
|
| |
| |
|
|
From: Jim Henderson
Subject: Re: The really annoying thing about Vista's UAC...
Date: 5 Mar 2009 13:43:46
Message: <49b01d62$1@news.povray.org>
|
|
|
| |
| |
|
|
On Thu, 05 Mar 2009 08:51:47 -0800, Darren New wrote:
> Chambers wrote:
>> ...is that it tells me it's going to ask my permission for something
>> before it asks my permission.
>
> But this is part of the security bit. If it doesn't tell you it's going
> to ask permission first, then you can't tell someone "only say it's OK
> if it already asked you and you agree with what it's asking."
Perhaps, but I do agree with Chambers on this one - how many times have
we seen:
1. Click on "Exit"
2. "Are you sure?"
3. Yes
4. "You're going to be exiting. Are you sure that you really want to do
this?"
5. Yes
6. "We're going to ask you one more time. Really sure you want to do
this?"
7. YES!
8. "Sorry, your request can't be processed at this time."
Or some variant thereof. I can think of situations where asking multiple
times does make sense, like in our practical exams - there's an "End
Exam" button, but we verify that the user meant to end the exam because
once they end, they can't get back in.
Jim
Post a reply to this message
|
|
| |
| |
|
|
From: Darren New
Subject: Re: The really annoying thing about Vista's UAC...
Date: 5 Mar 2009 14:10:39
Message: <49b023af$1@news.povray.org>
|
|
|
| |
| |
|
|
Jim Henderson wrote:
> Perhaps, but I do agree with Chambers on this one - how many times have
> we seen:
Sure. That's a little different from "Hey, I'm about to ask you to enter the
root password now, because I need that to do what you asked, OK?" It's not
asking multiple times. It's telling you it got an error which it might be
able to work around if it asks for the password.
It's the same as saying
% rm xyz
Permission denied
% sudo rm xyz
Password:
Suddenly, you have to ask twice, once by typing sudo, once by entering the
password. Why wouldn't "rm xyz" just automatically prompt for the password?
Which is not to say it's perfect. But it's better than having something
randomly pop up a security prompt without telling you what it's for.
--
Darren New, San Diego CA, USA (PST)
My fortune cookie said, "You will soon be
unable to read this, even at arm's length."
Post a reply to this message
|
|
| |
| |
|
|
From: Mike Raiford
Subject: Re: The really annoying thing about Vista's UAC...
Date: 5 Mar 2009 14:18:25
Message: <49b02581$1@news.povray.org>
|
|
|
| |
| |
|
|
Jim Henderson wrote:
> 1. Click on "Exit"
> 2. "Are you sure?"
> 3. Yes
> 4. "You're going to be exiting. Are you sure that you really want to do
> this?"
> 5. Yes
> 6. "We're going to ask you one more time. Really sure you want to do
> this?"
> 7. YES!
> 8. "Sorry, your request can't be processed at this time."
I'm sorry, Dave. I can't let you do that.
--
~Mike
Post a reply to this message
|
|
| |
| |
|
|
From: Jim Henderson
Subject: Re: The really annoying thing about Vista's UAC...
Date: 5 Mar 2009 16:15:15
Message: <49b040e3$1@news.povray.org>
|
|
|
| |
| |
|
|
On Thu, 05 Mar 2009 13:15:59 -0600, Mike Raiford wrote:
> Jim Henderson wrote:
>
>> 1. Click on "Exit"
>> 2. "Are you sure?"
>> 3. Yes
>> 4. "You're going to be exiting. Are you sure that you really want to
>> do this?"
>> 5. Yes
>> 6. "We're going to ask you one more time. Really sure you want to do
>> this?"
>> 7. YES!
>> 8. "Sorry, your request can't be processed at this time."
>
> I'm sorry, Dave. I can't let you do that.
LOL
Post a reply to this message
|
|
| |
| |
|
|
From: Jim Henderson
Subject: Re: The really annoying thing about Vista's UAC...
Date: 5 Mar 2009 16:17:48
Message: <49b0417c$1@news.povray.org>
|
|
|
| |
| |
|
|
On Thu, 05 Mar 2009 11:10:38 -0800, Darren New wrote:
> Jim Henderson wrote:
>> Perhaps, but I do agree with Chambers on this one - how many times have
>> we seen:
>
> Sure. That's a little different from "Hey, I'm about to ask you to enter
> the root password now, because I need that to do what you asked, OK?"
> It's not asking multiple times. It's telling you it got an error which
> it might be able to work around if it asks for the password.
>
> It's the same as saying
> % rm xyz
> Permission denied
> % sudo rm xyz
> Password:
I think that's a little different than the scenario that was discussed,
though - "I'm going to ask you for permission, OK?", followed by "I'm
asking you for permission" is a little confusing.
It would be better for the second prompt to just explain about it rather
than have an additional prompt.
> Suddenly, you have to ask twice, once by typing sudo, once by entering
> the password. Why wouldn't "rm xyz" just automatically prompt for the
> password?
>
> Which is not to say it's perfect. But it's better than having something
> randomly pop up a security prompt without telling you what it's for.
The better design would be for the prompt to tell you at the time it
comes up, not to warn you "I'm going to prompt you in a second for
permission for this". If it does that, it might as well also say "Oh, by
the way, I just asked you for permission for this. Did you see that
prompt?" after it's asked for permission. And then confirm that next
dialog. And so on. ;-)
Jim
Post a reply to this message
|
|
| |
| |
|
|
From: Darren New
Subject: Re: The really annoying thing about Vista's UAC...
Date: 5 Mar 2009 18:36:15
Message: <49b061ef@news.povray.org>
|
|
|
| |
| |
|
|
Jim Henderson wrote:
> On Thu, 05 Mar 2009 11:10:38 -0800, Darren New wrote:
>
>> Jim Henderson wrote:
>>> Perhaps, but I do agree with Chambers on this one - how many times have
>>> we seen:
>> Sure. That's a little different from "Hey, I'm about to ask you to enter
>> the root password now, because I need that to do what you asked, OK?"
>> It's not asking multiple times. It's telling you it got an error which
>> it might be able to work around if it asks for the password.
>>
>> It's the same as saying
>> % rm xyz
>> Permission denied
>> % sudo rm xyz
>> Password:
>
> I think that's a little different than the scenario that was discussed,
> though - "I'm going to ask you for permission, OK?", followed by "I'm
> asking you for permission" is a little confusing.
I suppose. It's the same sequence of events as the Unix mechanism, except
the Unix mechanism doesn't give you the same kind of prompt. It makes you
start over, instead.
> It would be better for the second prompt to just explain about it rather
> than have an additional prompt.
Maybe. On the other hand, this way they can make the code small and clean,
without having (perhaps) a problem with getting to the help file and so on.
I.e., if you made it so the prompt could tell you everything you needed to
know, it might wind up needing things that only the unprivileged session can
get to anyway.
I'm not saying it's the best way to do it. I'm just saying it's not as bad
as people make it out to be, because such a warning is actually more
consistent than randomly popping up a box asking for the admin password.
> The better design would be for the prompt to tell you at the time it
> comes up, not to warn you "I'm going to prompt you in a second for
> permission for this".
Why would that be better? I think I've already explained why the two-prompt
is better. I think your mechanism is only better if you're a nerd and you
already know when you're doing something that's going to trigger the prompt.
Explain to someone who doesn't understand computers how to tell when it's OK
to answer yes to the prompt.
--
Darren New, San Diego CA, USA (PST)
My fortune cookie said, "You will soon be
unable to read this, even at arm's length."
Post a reply to this message
|
|
| |
| |
|
|
From: Chris Cason
Subject: Re: The really annoying thing about Vista's UAC...
Date: 6 Mar 2009 00:02:28
Message: <49b0ae64$1@news.povray.org>
|
|
|
| |
| |
|
|
Chambers wrote:
> ...is that it tells me it's going to ask my permission for something
> before it asks my permission.
>
> A smart program would figure out that if I say "yes" to the first, I'm
> probably going to say "yes" to the second as well.
And here's a perfect example: try to create a new folder in "Program Files"
using windows explorer. You will get a UAC prompt to create the folder. Fair
enough. But the folder is called "New Folder" ... and very few people will leave
it named that. Yet renaming it immediately invokes another UAC prompt.
The *smart* thing for Microsoft to do would be to not actually create the folder
until you've specified what name you want for it (and allowing 'New Folder' as
default if you don't care), or at a minimum allow the account that created the
folder the right to rename it also ... yet they don't.
The reason? I don't think it's because they're dumb, I think it's because they
just don't care. After all, it's not their time being wasted.
-- Chris
NB I hear this is fixed in Windows 7, though in what way I don't know.
Post a reply to this message
|
|
| |
| |
|
|
From: Jim Henderson
Subject: Re: The really annoying thing about Vista's UAC...
Date: 6 Mar 2009 01:36:33
Message: <49b0c471$1@news.povray.org>
|
|
|
| |
| |
|
|
On Thu, 05 Mar 2009 15:36:13 -0800, Darren New wrote:
>> I think that's a little different than the scenario that was discussed,
>> though - "I'm going to ask you for permission, OK?", followed by "I'm
>> asking you for permission" is a little confusing.
>
> I suppose. It's the same sequence of events as the Unix mechanism,
> except the Unix mechanism doesn't give you the same kind of prompt. It
> makes you start over, instead.
Well, not really. The Unix mechanism is saying "you tried to do
something that you don't have permission to do". Then the user tries
with elevated privs.
The Unix mechanism isn't saying "I'm going to ask for permission to do
this".
For example, if I run yast2 -i on my openSUSE box, it's going to prompt
me using gnomesu or kdesu for the root password (and the dialog explicity
says "root privileges are needed to perform this action"). It doesn't
try with lower privs (unless I type too quickly, I need to file a bug on
that) and then say "hey, I need to ask you for permission to do this,
back in a second" and then a dialog prompts me.
>> It would be better for the second prompt to just explain about it
>> rather than have an additional prompt.
>
> Maybe. On the other hand, this way they can make the code small and
> clean, without having (perhaps) a problem with getting to the help file
> and so on. I.e., if you made it so the prompt could tell you everything
> you needed to know, it might wind up needing things that only the
> unprivileged session can get to anyway.
>
> I'm not saying it's the best way to do it. I'm just saying it's not as
> bad as people make it out to be, because such a warning is actually more
> consistent than randomly popping up a box asking for the admin password.
Well, heaven forbid we train users on how to do things and what things
mean. ;-)
Seriously, sometimes it's a wonder that they ever figure out how to use a
word processor or spreadsheet. The apps don't need to treat them like
idiots, there's no reason for the OS to do so either.
My mom - who has been kinda the "poster child" for this type of thing for
me - was easily trained on how to know when it was appropriate to accept
an outbound connection when her firewall app (the name of which escapes
me at the moment) asks if the app should be allowed to do this or not.
She's in her 70's and not the most computer literate person on the planet
- prior to getting a PC, the most she did with a computer was play Pac
Man on it. Seriously.
>> The better design would be for the prompt to tell you at the time it
>> comes up, not to warn you "I'm going to prompt you in a second for
>> permission for this".
>
> Why would that be better? I think I've already explained why the
> two-prompt is better. I think your mechanism is only better if you're a
> nerd and you already know when you're doing something that's going to
> trigger the prompt.
Well, I disagree.
> Explain to someone who doesn't understand computers how to tell when
> it's OK to answer yes to the prompt.
As noted above, have done so. It's not rocket science.
Jim
Post a reply to this message
|
|
| |
| |
|
|
From: Darren New
Subject: Re: The really annoying thing about Vista's UAC...
Date: 6 Mar 2009 12:10:32
Message: <49b15908@news.povray.org>
|
|
|
| |
| |
|
|
Jim Henderson wrote:
> Well, not really. The Unix mechanism is saying "you tried to do
> something that you don't have permission to do". Then the user tries
> with elevated privs.
>
> The Unix mechanism isn't saying "I'm going to ask for permission to do
> this".
Sure. Now write a version of the UNIX "rm" command that asks you for the
admin prompt if it fails.
> For example, if I run yast2 -i on my openSUSE box, it's going to prompt
> me using gnomesu or kdesu for the root password (and the dialog explicity
> says "root privileges are needed to perform this action").
Right. That's like clicking on a link with a shield icon, under Vista.
> It doesn't try with lower privs (unless I type too quickly, I need to file a bug on
> that) and then say "hey, I need to ask you for permission to do this,
> back in a second" and then a dialog prompts me.
The things that UAC prompts twice for are the things it tries to do that may
or may not work without elevation. Like, say, creating a file in a
write-protected directory - you can't tell if that's going to work before
you try it, so you try it without privilege, and if it fails, it says "Say,
do you want to try that with privilege?" And if you say yes, it prompts for
the password.
If you're just (say) trying to modify firewall settings, there's no prompt
beforehand saying "I'm going to prompt you for this." If it knows it needs
escalation before it tries, it doesn't tell you it's going to ask first.
> Well, heaven forbid we train users on how to do things and what things
> mean. ;-)
Clearly it doesn't work, tho. Otherwise, Windows would be as free of viri as
Linux is. Users use admin accounts for everyday work, run random executables
mailed to them by people they don't know, and so on. That's just the reality
of it.
> Seriously, sometimes it's a wonder that they ever figure out how to use a
> word processor or spreadsheet. The apps don't need to treat them like
> idiots, there's no reason for the OS to do so either.
They aren't idiots. They just don't know enough about computers to know why
some random application would be asking them for permission to do something.
>> Explain to someone who doesn't understand computers how to tell when
>> it's OK to answer yes to the prompt.
>
> As noted above, have done so. It's not rocket science.
No, you claimed you taught your mom how to know when it's OK to let a
program communicate outbound. I'm not sure how that relates to anything, nor
did you tell me what you told her.
--
Darren New, San Diego CA, USA (PST)
My fortune cookie said, "You will soon be
unable to read this, even at arm's length."
Post a reply to this message
|
|
| |
| |
|
|
From: Darren New
Subject: Re: The really annoying thing about Vista's UAC...
Date: 6 Mar 2009 12:23:23
Message: <49b15c0b$1@news.povray.org>
|
|
|
| |
| |
|
|
Chris Cason wrote:
> And here's a perfect example: try to create a new folder in "Program Files"
> using windows explorer. You will get a UAC prompt to create the folder. Fair
> enough. But the folder is called "New Folder" ... and very few people will leave
> it named that. Yet renaming it immediately invokes another UAC prompt.
Explorer is dumb here. That's not the UAC's fault.
> The *smart* thing for Microsoft to do would be to not actually create the folder
> until you've specified what name you want for it (and allowing 'New Folder' as
> default if you don't care), or at a minimum allow the account that created the
> folder the right to rename it also ... yet they don't.
Yes. They could just hold onto the privilege token for five minutes (just
like sudo does) and reuse it if they have another operation involving the
same folder, for example.
> The reason? I don't think it's because they're dumb, I think it's because they
> just don't care. After all, it's not their time being wasted.
Could be that. Could be that they're rushed.
> NB I hear this is fixed in Windows 7, though in what way I don't know.
In a worse way, unfortunately. In a broken-security kind of way. MS
apparently doesn't want to take the time to code it up right, which is a
shame, because you'd think that's exactly the sort of thing where they could
make a library that says "here's how you do it right" and everyone would be
happy.
--
Darren New, San Diego CA, USA (PST)
My fortune cookie said, "You will soon be
unable to read this, even at arm's length."
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
|
|
