| Date: | May 8, 2007 / year-entry #162 |
| Tags: | other |
| Orig Link: | https://blogs.msdn.microsoft.com/oldnewthing/20070508-00/?p=26943 |
| Comments: | 104 |
| Summary: | Nearly all computer administrators are idiots. That's not because the personnel department is incompetent or because it's impossible to train competent administrators. It's because, for a consumer operating system, the computer administrator didn't ask to be one. In nearly all cases, the computer administrator is dad or grandma.† They didn't ask to be to be... |
Nearly all computer administrators are idiots. That's not because the personnel department is incompetent or because it's impossible to train competent administrators. It's because, for a consumer operating system, the computer administrator didn't ask to be one. In nearly all cases, the computer administrator is dad or grandma.† They didn't ask to be to be the computer administrator. They just want to surf the web and read email from Jimmy.‡ All this means is that you can't say, "Well, if the user is an administrator, as opposed to a normal user, then it's okay to show them all these dangerous things (such as critical operating system files) because they know what they're doing." Grandma doesn't know what she's doing. For a consumer operating system, a friendly user interface means protecting the administrators from themselves. Nitpicker's corner Sigh. One article without a nitpicker's corner and look what happens. †The words "dad" and "grandma" refer to archetypes for non-technical home users and are not intended to be interpreted as literally dad and grandma. ‡Not all grandchildren are named Jimmy. |
Comments (104)
Comments are closed. |
Ok, who snuck in Raymond’s office and posted this? I can’t believe Raymond would be foolish enough to invite the comments today’s post will bring.
Let’s just get this one out of the way early, shall we?
No! You can’t have a super-administrator mode that gets rid of the stupid things in normal administrator mode that are there to protect "lusers" from themselves.
Yeah, there’s a nit in that article: There’s no nitpickers corner ;*)))
You could just implement different behaviour.
If the machine is not in a Domain, it’s a Home user machine.
If the machine is in a Domain, it’s a machine in a more or less professionally administrated environment.
"In nearly all cases, the computer administrator is dad or grandma.", WTF??
Seriously, there are more family members than that. I’m pretty sure that there is a fair proportion of families where the "computer expert" (not really an expert at all) is the teenage offspring.
Plus the amount of single adults (who would not be "dad" or "grandma") who own computers, I seriously doubt the truth of your statement.
Back to the real point of the article, why do any of these people need to be administrators? Why can’t the default user type (inc. users created during setup) be "Normal User", with an "Administrator" only there for when it is absolutely necessary (eg. Safe Mode).
UAC could be used to elevate these "Normal User"s to run apps that require admin rights.
Actually this is exactly how most modern *nix systems work, using sudo. (Yes, Mac OS X calls a sudo-capable user an Administrator, but that is just a UI, root is the only user with real power).
Sigh, I wish applied only the "administrators" of consumer OSes…
I’m with Stu, even despite Steve’s comments. I have a Linux box, on which I qualify as a power use, and Mac laptop for which I am effectively a luser. I know squat abut the Mac’s internal workings and I’m not interested in finding out (if I were trying to hack, I’d be on the Linux console). I only have to give my password once every few weeks, usually to install system updates. I can even install and uninstall programs without having to give the password, so long as those programs don’t need to do anything dangerous.
I don’t know how this applies to Vista since I’ve never used it, but my impression based on Internet gripes is that the UAC dialog just comes up way too frequently.
Raymond, are you implying that Windows Home Server will use domains? That’s interesting.
I like the nitpickers’ corner because it’s usually funny. But maybe you should just make fun of nitpickers for getting their kicks pointing out irrelevant technicalities just to prove they’re smarter than somebody else.
<a href="http://forums.microsoft.com/WindowsHomeServer/ShowPost.aspx?PostID=1214388&SiteID=50">Actually unlikely</a>.
I seriously could not have imagined somebody nit-picking the phrase "dad or grandma", that’s a new low. But OTOH it resulted in
"Not all grandchildren are named Jimmy.", which IMHO is comedy gold. :-)
I suggest placing a known grand-child named Jimmy at the bottom of the page to ensure that the blog comments will eventually terminate.
Simon:
WinRAR attempts some less-than-kosher operations when it starts up to try to detect whether it’s in "trial mode" or "retail mode". It’s unlikely there will be an update soon to change this. Though I haven’t tested it, the impression I get from the buzz on the ‘net is that the full retail version doesn’t trigger UAC.
If that’s true, it’s an amusing situation: UAC is an issue only for those who haven’t paid for WinRAR.
Seriously, there are more family members than that. I’m pretty sure that there is a fair proportion of families where the "computer expert" (not really an expert at all) is the teenage offspring.
Plus the amount of single adults (who would not be "dad" or "grandma") who own computers, I seriously doubt the truth of your statement.
<<
WTF? Is Stu short for Stupid? I’ve read lots of examples where methods are named Foo and Bar but I have never (to my knowledge) created a class or a method with that name. Somehow I still understood the example. If you have that much of a problem with reading comprehension; I suggest that you turn off your computer, never read a book or a newspaper and try to limit your contact with other living beings.
I disagree; every grandchild is named Jimmy.
Funniest. Line. Ever!
Raymond can be pretty funny, but this takes top honors.
@Simon, it is entirely possible that I’m wrong about the frequency of UAC dialogs in Vista.
OTOH, I do believe at least some things found on the intarweb. I’ve read serious complaints from smart people about the way UAC works in Vista. I’ve read serious complaints from smart people about all kinds of things in OSX, but giving your password to elevate permissions isn’t one of them. Thus, I have drawn the reasonable conclusion that the Windows implementation is defective in ways that the Mac implementation is not. Notice that I’m implicitly agreeing that UAC is the right answer to the problem, but that it isn’t yet flawless. Obviously this makes me an anti-Microsoft griefer.
"For a consumer operating system, a friendly user interface means protecting the administrators from themselves."
Ah yes. That is how I learned the hard way that XP Home disables the file permissions tab unless you are running in safe mode. I then learned the lesson to always buy "Professional" editions of anything, even if they are for home use. :)
Actually, I thing both Vista and Mac OS X can use some fine-tuning in prompting for privilege elevation.
Is UAC in Vista too much? Try this: go to Programs and try creating a folder. You will get 4 prompts. Four!!! I agree that it deserves a prompt, I am not supposed to write there. And they come from different layers. But as a user I don’t care! You ask once, I say yes, then let me be!
Now the Mac OS one: why the heck do I have to type a password in the privilege elevation box? I have logged-in using it! I know it! Looks like the only reason is "making sure you know what you are doing."
But it does not work. Asking the user the same thing 4 times, or asking for passwords, or having a timer (installing Firefox extensions), none of these helps, unfortunately.
Because when the user tries something, he is sure he wants to do it. So he will answer "yes" to all your questions, input passwords, jump in one leg, if this is what you ask.
@JS Bangs,
I think Simon was a little harsh, but I think he’s as frustrated as many others of us who are Windows users and like to know a thing or two about how it works. We see people who have no idea how Windows works and have no interest in learning why it is the way it is making unreasonable complaints. They usually assume that Microsoft is being incompetent or malicious when they run into a problem rather than going through some relatively basic critical-thinking exercises to understand what they are seeing.
There are a lot of "smart" people on the web who are simply not fully informed. Many of these people have an agenda, or are unduly influenced by the echo chamber of Vista complaints that have become so popular on the web. Even someone as "smart" as the creator of PGP, Peter Gutmann, wrote a stupid and irrational article about Vista’s DRM technologies that simply loses grasp of reality. These days you really cannot trust anyone on the Internet for unbiased facts unless they are something you could test out yourself. Well, you can trust some, but it is worth taking an effort to verify. This is true for Microsoft, Apple, Open Source, or anything else.
The great thing about Raymond’s blog is that so many of his posts encourage readers to break out their compiler or debugger and actually verify his claims. This is the kind of resource one can learn much more from than "Ten things I like/hate about Windows Vista."
Mihai: the reason for the password is that not all scenarios are based on you being alone. In corporate environment, I’m happy that it asks me for my password to be able to change important things.
(Nitpickers corner’: yes, if you have access to keyboard, you have access to HW and can own me. I’m talking about casual corp. stuff, not evil people / spies.)
[I don’t know whether it will or not, but it’s certainly a possibility, isn’t it? All I know about Windows Home Server is its name. I haven’t even read their press release. -Raymond]
It won’t use a domain. What it will do is sync all of your user accounts and their passwords across all of your machines.
Start extracting a large file with WinRar on XP and then try to do ANYTHING with explorer. You can’t, because WinRar is blocking something (window updates, something else?).
Of course WinRar blocks on things other than extracting large files, it’s just that this is easy to reproduce. I suspect WinRar has, or should be, the focus of one of Raymond’s what not to do articles.
"…it is entirely possible that I’m wrong about the frequency of UAC dialogs…"
You’re not. As Mihai mentions, you get multiple prompts when doing things in protected folders. My favorite is that I get prompts for the operation to create a new folder and more prompts to rename it from "New Folder" to something meaningful.
My biggest issue with UAC is the flicker that occurs because of the switching to and from the secure desktop.
If UAC didn’t cause eye strain induced headaches, I probably wouldn’t mind it as much.
Wow, and I thought everyone would be pointing out that Microsoft was the one responsible for making Dad and Grandma and everyone else administrator by default… and then point fingers about this article and all the security problems this has caused in the past.
Who woulda figured the nitpicks would have been about Grandma and lil Jimmy.
Jimmy sent me an email that he has a new XBox game – can I not not not not not not go to Jimmy’s house? (http://blogs.msdn.com/oldnewthing/archive/2007/03/14/1878777.aspx)
I thought I’d jump in with another vote of WinRAR being one of the worst windows programs ever written. (yes, even worse than spyware, because at least you know those are evil).
nksingh: Phil Zimmermann, not Peter Gutmann, created PGP – while the latter is involved in computer security issues, I don’t believe he’s directly involved with PGP in any way.
Do you have a link to a non-Microsoft article that rebuts Gutmann’s statements on Vista DRM?
I’m going to do some psychic debugging here with respect to WinRAR:
There are claims only the Trial version of WinRAR likes UACs a lot.
I then propose that Vista is not misidentifying anything to do with WinRAR but instead that when WinRAR realizes it’s a Trial version it tries to do something (some hacky registry access maybe?) that triggers a UAC. Therefore, I have proven that Vista weighs the same as a duck and UACs are therefore little demons determining the speed of a gas molecule to see whether he should open or close the trap door. Or something like that.
"I don’t know how this applies to Vista since I’ve never used it, but my impression based on Internet gripes is that the UAC dialog just comes up way too frequently."
I’ve never used MacOSX. I’ve heard that it will cause sterility (on the Internet, no less). Therefore, it must be true and I will never actually do legitimate research into the issue. Nobody should use MacOSX, because it will make you sterile.
Sudo is not to check if you have permission, but rather to execute something as root (Super User), so you don’t need to have access to the actual root account to do something that requires root.
It also doesn’t keep the password in memory. After all, when the password has been entered the program you wanted is executed (in the same pid). That also means the exit code is passed back to the shell that executed sudo like how you would expect it:
cmov@ubuntu:~$ sudo true && echo yes
Password:
yes
It remembers you by a timestamp in /var/run/sudo/$USER. If you delete your timestamp, it’ll forget and ask the password again:
cmov@ubuntu:~$ tty
/dev/pts/0
cmov@ubuntu:~$ sudo rm /var/run/sudo/cmov/0
Password:
cmov@ubuntu:~$ sudo rm /var/run/sudo/cmov/0
Password:
The problem is that MS did not think things through properly.
It correctly hides system files and file extensions by default, because of the damage an clumsy user can do, but then has the system run as administrator by default with all the problems that entails.
It ignores everybody’s advice about the security dangers of its macro model, and then spends years catching up and annoying its users.
And it still equates nagging with security. I wrote an Access 2000 database for keeping track of the thousands of job applications to the EFL department of my college. Come Access 2003 and people who try to use it find five layers of warnings because it doesn’t have a security certificate (absolutely none of which tell me how the heck I am supposed to go around getting one). Of course what I told people to do was to allow all macros to run in order to get rid of the nags. Presumably this is sufficient to keep MS’s lawyers happy, as they seem to be the ones behind the design of the security model.
It completely stops sending self-extracting zip files by email and thus fouls up the work I had done setting up a web manual as a self-extracting zip that would unzip to a temp folder so the recipient could just keep it on floppy and click on it on every machine it used. And Outlook also stops me sending .mdb’s by email, forcing me to zip them and explain how to unzip them to the guy at the other end, the purpose of which exercise entirely defeats me.
UAC should have come years ago. Most of the grief is caused by playing catchup.
"Well, if the user is an administrator, as opposed to a normal user, then it’s okay to show them all these dangerous things (such as critical operating system files) because they know what they’re doing."
Fine, as long as people who /do/ know what they’re doing can check the "I know what I’m doing" box.
@Maurits:
http://blogs.msdn.com/oldnewthing/archive/2003/07/28/54583.aspx
To quote Raymond:
It doesn’t work because somebody who is a whiz at Excel will rate themselves as Advanced even though they can’t tell a CPU from a box of Cracker Jacks.
Maurits has a good point. It would be nice to get the computer to recognize me as an expert and automatically show me the "expert" options. Unfortunately it is not as simple as just asking the user if they are an expert, because people who are unqualified often fail to recognize that fact — and end up breaking their computers as a result.
Those who do not believe me are invited to search the web for "But I wore the juice".
@Stu – [Ignoring the first part of your post]
You’ve just described Vista and everyone hates it. Vista/UAC is a horrible solution to an unsolvable problem.
The *nix model works great for people who are computer savvy, unfortunately that is not the majority of computer users, hence the lack of adoption for *nix.
@Steve: The problem with UAC in Vista is that it pops up too often and a seemingly random times based on bad heuristics (Why does *every* WinRAR self-extractor need admin rights? They didn’t on XP) and often gives useless information in the boxes ("Unknown Application" – at least give me the file name!).
*nix systems are better because the sudo prompt only appears when specifically asked for or when starting an application that has an easily understandable good reason for needing root rights.
@Maurits:
Much of the time, checking the "I know what I’m doing" box is starting up regedit. See Gabe’s comment above: it has been proven (again, google ‘I wore the juice’) that everyone thinks that they are above average – by definition, not possible. The registry provides a way for the people who truly know what they are doing and know the effect of what they might change to change those advanced settings.
I’m with JS Bangs. Despite freely admitting that I’ve never used Vista in my life, I’m willing to spend not inconsiderable amounts of time posting comments about how much worse UAC is than Mac’s Authenticate or Linux’s sudo. I am basing this assessment partly on comments to random blogs from people who themseles have not used Vista either, and partly on that Mac/PC commercial. You know, the one with the security guard guy. After all, we all know adverts never distort the truth, and anonymous blog comments are always right.
</sarcasm>
More seriously — I *do* actually have Vista, and have also used Ubuntu; and have seen no more prompts on the latter than the former (actually, less *graphical* prompts on Ubuntu, but more times typing ‘sudo’ into the terminal). They prompt for mostly the exact same reasons, even though the mechanism is slightly different (your password vs an admin password). There’s an excellent list of what tasks require elevation at http://www.edbott.com/weblog/?p=1602 (though he’s wrong on one point: installing Windows updates does *not* require elevation, though changing autoinstall settings does). The list is fairly similar to Mac and Linux.
Stu: Pre-3.7 versions of WinRAR weren’t Vista compatible; upgrade. Vista-compatible programs will tell the OS if and when the really need admin privs, and extraction files should not be among these times (exception: if it’s extracting to Program Files or a system folder, then yes, it will need admin privs, for obvious reasons. If you’re extracting to a non-system partition that you formatted on an older versions of Windows whilst logged in as adminstrator, you’ll obviously only have admin access to it — go to the drive properties, security, advanced, owner, and click on your username to set yourself as creator/owner (admittedly this is one of the things MS could have made a mite easier for newbies…)). Anyway, if it still prompts you to elevate every time you extract something, dump it and get a good unzip/rar-er (I recommend the free 7zip).
"Why does *every* WinRAR self-extractor need admin rights? They didn’t on XP"
Wait, are you actually trying to say this is somehow Vista’s fault? An application (for reasons known only to its author) attempts to perform actions which require escalation, and when Vista asks for confirmation, this is a bad thing? In the case of WinRAR, there are no heuristics involved, it’s simply attempting to perform a privileged operation.
Raymond, I know you deal with these posts everyday, and you have my deepest sympathy. I would have given up on blogging long ago (and probably foresworn all human contact, as well) under similar circumstances.
if you tell someone to google for a phrase, it helps if you make sure that googling for that phrase actually produces an answer. Preferably within the top 3 results. In this case, googling for that phrase returns many pages where the phrase is used, but not many that actually define it. "unskilled and unaware of it" is a much better google search phrase.
>
Actually, Windows Homer Server CAN’T be a domain controller because the "Home" editions of Windows don’t support being part of a domain. It’s quite a shame, really. It would have been nice if it were a domain controller.
And getting back on topic, I WISH operating systems were simple enough that dad or grandma could be the administrator. It always seems to end up being me for some reason…
"More seriously — I *do* actually have Vista, and have also used Ubuntu; and have seen no more prompts on the latter than the former (actually, less *graphical* prompts on Ubuntu, but more times typing ‘sudo’ into the terminal)."
Hmm, I use both Vista and Ubuntu pretty much in equal proportions and oddly enough I notice the prompts on Vista way more, but I agree that they’re probably the same in frequency. That’s probably because on Vista both I and my applications are not used to this elevated privileges thing. Where I used to double click an installer and let it run, now I double click the installer and then click the elevation dialog. Where I used to extract files into a program’s directory to update it, now I start the extraction and then click through the elevation dialog.
On the other hand, when I do these things in Ubuntu, I’ve pretty much been trained to use sudo, so I do it almost without thinking. Not to mention that if you forget to type sudo, it’s as intrusive I guess. I’d imagine that eventually UAC will become second nature like this but I really do find it more annoying right now.
(And my WinRAR only requires elevated privileges for extracting to a protected directory–must be a registration thing like someone else mentioned).
UAC prompts for two days… none since.
Great work, Raymond.
<raymond writes all code you know>
<i>Note that at the time this review was posted, Zelda WAS NOT AVAILABLE IN STORES, and therefore everybody calling Gamespot "morons" for rating it so "unbelievably low" hasn’t played it.</i>
I’d actually played a demo of Zelda by that point, and I found the review contradicted my experiences with the demo at several points. (Particularly the complaint that the sword-swinging wasn’t particularly immersive.) Gamespot’s defense of the review was fairly shoddy – it seemed to boil down to "it’s just Zelda" – and there’s been much talk about Gamespot’s scoring system being, if not broken, at least heavily biased, as it doesn’t appear to take into account how much a game costs or its budget. (For instance, you can’t fault a $10 game for not having voice acting. Gamespot are obligated to mark them down.)
<i>This is what the Internet has reduced people to.</i>
This, however, is entirely true. I don’t know why Raymond tolerates these comments sometimes with all sorts of anonymous idiots complaining about irrelevant topics.
<i>Obviously this makes me an anti-Microsoft griefer.</i>
What makes you a griefer is talking out of your ass. If you’ve never used something, why would you offer an opinion on it?
I could sit here all day and say "wow, Windows Vista is the most terrible product ever made, and it burned down an orphanage,) but I don’t. You know why? Because I haven’t used it, and I’m not as much a jerk as you are.
The lesson here is to never, ever, trust some random person on the Internet’s opinion, because there’s something about being on the Internet and instantly makes everybody qualified to offer an opinion on any *thing*, regardless of whether they’ve used it or not.
(Look what happened when Gamespot gave the newest Zelda game an 8.8: http://www.planetgamecube.com/forums/messageview.cfm?catid=28&threadid=18442 Note that at the time this review was posted, Zelda WAS NOT AVAILABLE IN STORES, and therefore everybody calling Gamespot "morons" for rating it so "unbelievably low" hasn’t played it. This is what the Internet has reduced people to.)
The user (administrator) only ‘needs protecting from themselves’ when the UX is poorly planned.
The user needs UI that helps them achieve realistic desirable goals, that is not protection. Once you have shifted from viewing the problem space as effectively support achievement of goals to protect them from taking a stupid action you have shifted the whole focus of the plan, you have admitted that the UI you put in place to achieve one goal could be misinterpretted by the ‘stupid’ user as the route to achieving another (which is obviously not well signposted in the UI if the stupid user didn’t get there).
To design based on the assumption that the user is unnecessary and perhaps a tad arrogant.
missing phrase from the above comment: "an idiot is"
guess where it goes (no prizes)
;-)
There are many reviews of games not in stores yet. I have done such reviews myself too. The idea behind it is to drive sales. Because when people hear about it, they get more interested. It doesn’t always work though, like with the disaster called "Daikatana". But then they came with "Deus Ex" and I *still* love that game :)
Ok, I apologise for the dad/grandma comment. Im English and to me it sounded literal, maybe it’s a common expression in American.
On WinRAR, it seems that Vista runs some heuristics when starting programs to detect instalation programs and give them admin rights. It seems that Vista thinks *all* WinRAR self extractors are instalation programs and there appears to be no way to override it.
Updating WinRAR won’t help, I did not create the self extractors in question.
On UAC, I use both Vista and Ubuntu. The main difference I see between UAC and Ubuntu’s sudo prompts is that UAC is programs asking for permission, whereas sudo is to check that the user performing the action has permission to do so (by asking for his/her password).
Still, I prefer sudo, it never pops up unexpectedly and it keeps the password in memory for a few minutes after each use (because its authenticating the user) to allow me to do admistrative tasks without multiple prompts.
[quote]<a href="http://forums.microsoft.com/WindowsHomeServer/ShowPost.aspx?PostID=1214388&SiteID=50">Actually unlikely</a>.[/quote]
Indeed. And WinXP Home edition happens to be unable to join domains. So there’d be problem if the home server requires other PCs on network to join it’s domain.
I have to say the nitpicker’s corner is my favorite section of this particular post. Thanks for clearing up the naming scheme, Raymond!
"[I clearly haven’t learned that any discussion of security and user interface design always degenerates into complaining about UAC, even if UAC has nothing to do with the topic of the day. -Raymond]"
Maybe you could add this to your nitpickers corner: "I have nothing to do with UAC. If you don’t like it, don’t rant about it here!"
BTW, the current corner is the most hilarious corner, *ever* X-D
Whose silly idea was a "consumer operating system"? Do you know the damage that you’ve caused to the world by making computers accessible to "consumers"?
Don’t tell Larry Osterman [http://blogs.msdn.com/larryosterman]. He is the administrator for the four computers at his home.
Whoever said that using a computer should be easy and could be left to unexperienced people? Oh, that’s right…
Mihai, the Firefox timer is there as mitigation for a class of attacks in which the user is tricked into assenting to something without their full knowledge. The timer isn’t there to try to make you read the whole dialog box, although you probably should anyway.
Suppose you’re playing a frantic clicking game (there are lots of these on the web and they’re very popular). Unfortunately this particular game has been altered by Black Hats. Suddenly, as you’re about to click on the Golden Ultimate Chicken a dialog appears in front of it, you click on that instead, and it immediately disappears. What did it say? What did you just agree to? You may not even know. The timer defeats this by giving the user time to see the dialog before they can agree to anything.
It’s basically the same idea as a Cooling off Period in consumer protection law. Salesmen try to rush people into making unwise decisions. To discourage this, we have laws that say the customer can change his mind later and receive a full refund. If you’re an honest salesman (or a genuine Firefox extension site) you don’t mind taking the extra time to be sure that the customer knows what he’s getting and won’t change his mind, rather than trying to trick him.
[Of course unscrupulous salesmen will try to dodge the Cooling off Period too, as we see in the brilliant Glengarry Glen Ross when Lingk tries to get his money back]
> Nitpicker’s corner
> Sigh. One article without a nitpicker’s
> corner and look what happens.
> The […]
Where’s that? The only article I see[*] missing from the Nitpicker’s corner is "an".
[* Metanitpicker’s corner: Actually I _don’t_ see "an" in the original Nitpicker’s corner.]
P.S.
> For a consumer operating system, a friendly
> user interface means protecting the
> administrators from themselves.
Then you need to invent "power users" and "administrators". A power user will be an administrator who hasn’t made themselves an administrator yet, because they don’t know how, and they need protection from themselves, they just need enough power to run installers.
“All this means is that you can’t say, “Well, if the user is an administrator, as opposed to a normal user, then it’s okay to show them all these dangerous things (such as critical operating system files) because they know what they’re doing.” Grandma doesn’t know what she’s doing.”
Yes you can.
The problem, IHMO, is that normal users are running as administrator while they shouldn’t be. Are you at the moment administering the computer ? No ? Then you should be running under a normal, limited, user account.
Now we all know people don’t do this because always using the admin account is just easier. Therefor, Windows should actively discourage the use of the admin account for anything other than doing admin tasks.
This could e.g. be done by having a big red border around the display with a warning text. limiting the admin account to 4-bit color. i.e. make it completely useless for day-to-day work.
computers should not be so complex that they require an administrator. The role is an artificial creation that requires the ‘idiot’ to learn the original designers (assuming design) classification of an administrative task verses a ‘normal’ idiot task. This distintion Adminsitrator-idiot vs normal-idiot is not clearly accessible through use of the UI, this mean highly intelligend idiots can encounter difficulties
UAC is a step towards solving this ridicualous classification built into windows (Administrator-idiot vs normal-idiot use), that unfortunately has a high annoyance quota. But. If you are putting a band-aid (UAC) on a big wound there are bound to be a few leaks.
Nit pickers should seriosuly consider getting treatment, nits are contagious.
Aaargh!:
If you’re running a proper least privledge setup (administrator account has a password, and you’re not logged in as administrator), then it does ask you to authenticate yourself. You have to type in your admin password.
>
Just after the first-person singular pronoun goes it.
The solution is to have a full-featured CLI shell (CMD with some tweaks, the resource kit and Cygwin/SFU installed) that exposes all files and functionality an administrator needs. Then, remove these from the GUI. This way, grandma can’t do any harm, but Jimmy can still administer her PC through a low-bandwidth SSH connection.
>(1) That doesn’t help dad when he logs on as an
> administrator to perform some administrative
> task. Now he sees all the dangerous things and
> does something stupid by mistake.
A computer should do what an authorized user instructs it to do. Nobody complains that a car accelerates in a straight line whether there’s open highway or a brick wall ahead.
“Well, yeah, because you disabled the anti-lock braking system. See? You pushed the CBS/0 button on the control console.”
“Why does a car let me turn off the anti-lock braking system? Isn’t that dangerous?”
“Well, stunt drivers need to do that.” -Raymond]
[A computer should do what an authorized user instructs it to do. Nobody complains that a car accelerates in a straight line whether there’s open highway or a brick wall ahead.]
Oddly enough, people complain when your computer does.
"I freed up some files I wasn’t using and now I get all kinds of errors when I turn it on."
Maybe I read too much BOFH, but my response to this is "It’s supposed to do that."
We find ourselves back at the issue of authentication and authorization. Authentication gets you logged in, authorization specifies what you can do once logged in. The problem is that there is no easy way to specify a set of authorizations. Mom shouldn’t have access to anything that will cause her to loose data or damage the system. But Junior, (a knowledgable computer user and admin), needs access to everything. How do you resolve this issue when you don’t know what kind of user is sitting at the keyboard.
Perhaps the way is to monitor how the system is being used and automatically grant access to more dangerous tools to the user as he proves himself capable of not destroying the machine. (But then how do you deal with Junior using Mom’s computer?)
@cmov: The second MS implements that form of control like *nix everyone will cry out: "Wow, way to go, MS, making your OS less accessible to new users."
I don’t know anything about Mac so I’ll stay silent on that point except that I know MS detractors would find something to complain about there.
"UAC is a step towards solving this ridicualous classification built into windows"
UAC is completely broken, by design.
The problem with UAC is that it asks for *permission*, not authentication.
Asking for permission is completely redundant, if I choose a file and select the ‘delete’ command, ofcourse the computer is allowed to delete it, I just told it to do that! Instead the computer should be asking *me* to proof I have the right to delete that file.
If I check the “I know what I’m doing” box, and I break my computer, it’s not the computer’s fault.
If I check the “I know what I’m doing” box, and three days later I break my computer, it’s not the computer’s fault.
If I check the “I know what I’m doing” box, and I give the computer to someone else, and they break the computer, and they call support and yell and scream about how the computer is broken, it’s not the computer’s fault.
It’s mine.
I’m willing to accept responsibility for all of these breaks. That’s what I mean by “I know what I’m doing.” I may not actually know what I’m doing, I may just be fooling around. But I do promise to accept responsibility when my hard drive crashes and my wife’s un-backed-up novel bites the dust.
I would, however, like to request that the “I know what I’m doing” checkbox not be labeled CBS/0, not be in a high-traffic UI area, and not be on by default.
This applies to geek tools just as much as it applies to more common-or-garden UI.
http://www.sendmail.org/tips/DontBlameSendmail.php
You can set ACLs on the, for example, hosts file so that no one can modify it and only the admin can change that. This will prevent most viruses from modifying this file. Also, though there is no way to prevent viruses from killing security processes, you can use ACLs to protect security software from being deleted by viruses. See how powerful ACLs are? Thankfully modifing them is supported on all Vista editions, unlike XP, where it’s Home Edition does not support modifing ACLs But you can’t stop a virus from sending the WM_TIMER message to any window inside the desktop the virus is running in, causing the process to execute code.
NITPICK:
cmd.exe doesn’t show hidden and system files by default :-)
Why is it that more and more people these days simply do not want to take any responsibility for any of their actions?
For God sake it is a computer, IT DOES WHAT YOU TELL HIM TO DO — GET OVER IT ALREADY PLEASE!!!
Please do not further cripple our ability to actually do something usefull on a computer.
Windows Home Server does not support domains because it would be too complicated. That bought up another point. People are not willing to learn that much just to use computers.
>> “Well, stunt drivers need to do that.”
Ok, I’m a stunt driver. Which Microsoft products are available for me? Server OS’s don’t count, as the primary reason I’m using Windows is application compatibility.
I’m saying that there should be a model that does. If it’s too expensive to produce, you can put it in the standard model, at the informed expense of losing tech support if it’s used.
My biggest complain is that doing "advanced stuff" is getting harder and more tiresome, and I really don’t see how it’s helping the clueless user. You can’t make simple what is not simple. It’ll only generate wrong expectations.
"My biggest complain is that doing "advanced stuff" is getting harder and more tiresome"
Computers should be designed for the advanced user and no-one should be allowed to use them before they’ve passed a computer drivers test! Darn, let me put my dunce cap on, I’m not worthy of using a computer, I feel so humbled ;-)
"You can’t make simple what is not simple"
I know you can do better than that, and I hope you want to do better than that. From my perspective, that is you job – to take the technical and conceptual challenges that stand in the way of a user achieving a fun thing (e.g. little Sammy play a computer game that play a game that requires writing to the registry) and turn it into understandable UI.
How can you resist that, its such goodness to those poor idiot-administrators
@cody, SR: Try to do that on a Mac, or on a *nix box with a regular user account. On a mac, you can delete an awful lot, but it’ll still work (even when you are using an admin/owner account). There’s just 1 folder that you can’t delete. On *nix, all your files are in $HOME, the rest is either read-only or off-limits.
If you aren’t root on *nix, you should not be an administrator on Windows either. But the sad thing is, Administrator accounts are used much more often on Windows than the root account on *nix.
"I like the nitpickers’ corner because it’s usually funny. But maybe you should just make fun of nitpickers for getting their kicks pointing out irrelevant technicalities just to prove they’re smarter than somebody else."
I don’t find it funny at all. I find it incredibly sad that people would bother wasting everyone’s time posting inane, irate comments that warrant such pre-responses (I’m looking at you, Stu!)
To keep with the stunt driver analogy…
Stunt drivers drive Stunt cars.
Grandma drives a Grandma car.
Grandma should not drive the stunt driver’s car.
Keep in mind that people want to just turn on their computer and focus on their work, not the computer. In other words, people don’t want to dedicate time to administrate their computers. They want to get on with their lives.
Keep in mind that people want to just turn on their computer and get on with their work instead of worrying about the computer. People don’t want to dedicate time and energy to administrate their computers. They want to get on with their lives. They are not interested in the insides of a computr or computer jargon.
This is, IMHO, an important point. Automatic Updates is designed for people that don’t want to dedicate time and energy to administrate their own computers. They rather have someone do it for them and that is why software like OneCare and Norton 360 have been successful.
In other words, computers should "just work" without any of the users having to administrate it.
Ideally you should be able to purchase, install, and maintain a computer just like any other appliance.
Yuhong, we get it :-)
The only difference between an average user and an administrator is that the administrator:
* installs software
* creates user accounts
Even then, computers should be able to operate without an administrator, where the computers work just like appliances in a home.
Particularly, automatic updates are recommended.
The only difference between an average user and an administrator is that the administrator:
* installs software
* creates user accounts
Even then, computers should be able to operate without an administrator, where the computers work just like appliances in a home.
Particularly, automatic updates are recommended.
"Ideally you should be able to purchase, install, and maintain a computer just like any other appliance."
But a computer is not like any other appliance. A Microwave or a television only has a few functions to perform. You can exhaustively test those and make sure they always function. Also, the software is running only 1 platform.
A computer is several orders of magnitude more complicated.
Alternative reply:
"Ideally you should be able to purchase, install, and maintain a computer just like any other appliance."
You can, it’s called an Apple Macintosh.
There’s a simple problem (all to do with the computer-is-an-appliance problem) There’s actually three classes of users on a home machine:
1) Users (children "little Jimmy", friends who pop round)
2) The owner.
3) The geek next door round to find out why it’s going so slowly, etc.
Users of type (1) shouldn’t be able to do anything dangerous at all.
Users of type (2) should be able to do stuff like installing things and changing home-level settings. With appropriate UAC nags, presumably.
(3)? Well (3) is normally me. I’m called in when the nice cotton wool provided for users (1) and (2) is either broken, or makes assumptions about the usage model that doesn’t suit users (1) and (2).
So yes, I want a super-duper user mode, plastered with "for experts only" warnings, and only acccessable by pressing Ctrl-Alt-F6 on the login screen or something.
But still, computers should "just work" without any of the users having to administrate it.
In other words, you should be able to install and maintain a computer just like any other appliance.
Of course, computers are more complex than an appliance.
The owner of the computer can be an average user who do all of the above tasks.
In other words, computers are just a tool fot people to do work on.
Unfortunately this is not always possible because someone have to:
* installs software
* creates user accounts
When no one is doing any of the above, computers should "just work" without any of the users having to administrate it.
Also, why not just call the administrator the owner of the computer.
He’s making 3 and 4 posts all the same (and separated by large amounts of time), then making separate posts for each sentence or paragraph. I’m suspicious. I find it difficult to believe someone could be THAT bad unintentionally.
Old joke:
Q. Why do system administrators make good lovers?
A. They know when not to pick up the phone.
Yesterday’s twist:
The system administrator picked up the phone.
Every time I tried to contact my system administrator as directed, my system administrator picked up the phone, and it was always busy because my system administrator was trying to phone me. What an idiot.
Indeed my system administrator was an idiot. Here were the directions (384KB):
http://www.geocities.jp/hitotsubishi/xp_setup.png
(P.S., I already found a workaround by disobeying directions.)
How about the zero administration PCs that was much hyped back in the late 1990s.
<<
I wanted to believe the same thing, but sadly, it seems like this is actually his preferred response technique:
http://blogs.msdn.com/vcblog/archive/2006/06/30/651553.aspx
http://www.mcse.ms/showthread.php?t=2203760
http://blogs.msdn.com/murrays/archive/2006/12/07/saving-windows-from-the-os-2-bulldozer.aspx
For your entertainment, check out Frank Gottfried’s response in the bottom link, which is significantly less diplomatic than Mr. Chen’s.
I should not have to administer my computer, I paid enough money for it to be self-administeating. I don’t want to have to learn how to and remember to run a bakc-up. The only reason I have to is because the system isn’t ‘self-backing-up’ in some way. I can list lots of maintainance things the are ‘good’ for my computer, practices I’ve picked-up over the years, that I simply should not have learned about and have to do. Defragment! Hah, what a stupid thing for an end user to have to lear to do. The system may be complex, but that doesn’t mean that the developers give the decisions for managing the complex features to end-users.
That is why Diskeeper’s Set and Forget feature is great.
Yuhong Bao pointed me to his blog post (about Raymond’s post " The admin is an idiot ") which referenced