Windows 9 (And Pandora) appreciation thread
-
About this - there really needs to be a way to tell UAC to allow/whitelist certain things - <s>like updating an INI in the diablo folder.</s>
As a regular user at home, UAC is annoying but tolerable. As a programmer who's lazy and doesn't stick to well-documented guidelines, it makes work almost impossible because every other time I blink I am having to confirm that I wanted to blink.FTFY
-
FTFY
Sorry, you fail. I don't do Windows Application code, so nothing I write has to deal with UAC from an application standpoint at all.
It is ME, the user, dealing with UAC popups when trying to do my work, like needing to edit the HOSTS file on my machine. Open the file to make a quick edit, hit save - OOPS FORGOT TO START YOUR EDITOR IN ADMIN MODE AND YOUR CHANGE CAN'T BE SAVED NOW, SUCKER. It's just a pisser. Alternative is to pin the editor shortcut with admin mode enabled, which causes the UAC popup by default. Which is exactly the thing that gets annoying after a while.
-
I keep reading that as Jonny Moronic.
<hr><small>Filed under: <a>blamekeanuIt's so appropriate, too.
-
It is ME, the user, dealing with UAC popups when trying to do my work, like needing to edit the HOSTS file on my machine. Open the file to make a quick edit, hit save - OOPS FORGOT TO START YOUR EDITOR IN ADMIN MODE AND YOUR CHANGE CAN'T BE SAVED NOW, SUCKER. It's just a pisser. Alternative is to pin the editor shortcut with admin mode enabled, which causes the UAC popup by default. Which is exactly the thing that gets annoying after a while.
So use DNS.
-
It is ME, the user, dealing with UAC popups when trying to do my work, like needing to edit the HOSTS file on my machine. Open the file to make a quick edit, hit save - OOPS FORGOT TO START YOUR EDITOR IN ADMIN MODE AND YOUR CHANGE CAN'T BE SAVED NOW, SUCKER. It's just a pisser. Alternative is to pin the editor shortcut with admin mode enabled, which causes the UAC popup by default. Which is exactly the thing that gets annoying after a while.
Maybe I'm just dense, but exactly how is that different than having to use sudo on unix? (other than the obvious typing a password vs clicking a dialog)
-
The real problem that I see is that they can't connect the skills they have with a problem on their own. They need to be told what tools to apply. Which is an indication that they aren't engaged or that they don't really understand what they're doing when they do it.
At our house, young ms. flabdablet (16yo) has at last started showing signs of wanting maths to stop being this impenetrably difficult mystery that leaves her feeling stupid and incompetent on contact, which has at last given me the opportunity I've been waiting for to help her learn to learn it.
So I started by explaining that learning mathematics requires just four things of the student:
- Genuine commitment to getting better at it.
- Genuine willingness to take the process as slowly as necessary, learning layer by layer, so that each new layer builds on solid foundations.
- Genuine insight and understanding, as opposed to mere ability to regurgitate canned examples. This is the part - in fact the only part - that can make the whole process pleasurable enough to make the other parts feel worthwhile.
- Practice at working with properly-understood material in order to build speed and fluency, both of which will feed back into (3) on the next layer.
The teacher can and should help a great deal with (3), but (1), (2) and (4) can only ever come from the student.
We went on to have quite a productive discussion about primes, composites and 1, odds and evens, and eggs (which come in dozen cartons here, two rows of six). I'm pretty sure we've now got (1) and (2) happening, and as long as I can avoid nagging too much about (4) I expect progress to be quite rapid.
-
So use DNS.
Red tape means changing the actual DNS entries takes days, and in some cases I'm testing alternatives to things and the whole point is to NOT change the DNS so I don't affect everyone else. Terrible solution.
-
Maybe I'm just dense, but exactly how is that different than having to use sudo on unix? (other than the obvious typing a password vs clicking a dialog)
Because you can SU once in a terminal and STAY as root to accomplish whatever need be accomplished? AFAIK there's no equivalent in windows, though if someone knows a similar method that isn't simply turning off UAC, I'll gladly listen.
-
Red tape means changing the actual DNS entries takes days, and in some cases I'm testing alternatives to things and the whole point is to NOT change the DNS so I don't affect everyone else. Terrible solution.
The problem, and this isn't quite getting through to you, is that you choose convenience over security. Just like the 'su' versus 'sudo'. Yes, it's much more convenient to become root and do everything from there, but it's also less secure.
What I would be afraid of is that this preference for convenience extends to your coding style, and in that case, if I were in some way or other accountable for the quality of your code, I'd have a problem with that.
That may just be my irrational concern, but you're consistently arguing against a pretty well designed security system because it doesn't work the way you want it to work, or how things worked 10 or 15 years ago.
In some way our jobs can be moderately exciting, in the sense that you create something from nothing, and (hopefully) make your customers happy. On the other hand, some parts of being a developer consist of sticking religiously to guidelines and best practices. You need to do both.
-
I was too busy and let a bunch of UAC security snobs to spread their shitty gospel with little opposition.
I'll step out on the side of turning off UAC on my personal computer. I don't need constant reminder that this or that is dangerous. I know it is. I'm still doing it. Your stupid popup is just wasting my time.
I keep hearing all the bullshit about security and blah blah blah. I'm doing all sorts of dubious shit, probably much more than the lot of UAC advocates here and had zero issues. ZERO.
And what's the worst thing that could happen? Really? What, someone's gonna jump out of the computer and stab you to death? Terrorists are gonna take over? No, maybe you'd have to run Antimalware a bit more often than usual. The worst, EXTREMELY remote case scenario is reinstalling the PC. Big deal.
Stop being pussies and turn off those UAC training wheels! Join the adults.
-
Because you can SU once in a terminal and STAY as root to accomplish whatever need be accomplished? AFAIK there's no equivalent in windows, though if someone knows a similar method that isn't simply turning off UAC, I'll gladly listen.
Click Start. Type cmd and hold down Shift and Ctrl while you hit Enter. Click Allow at the ensuing UAC prompt. You now have an elevated cmd window, anything you launch from inside which will run elevated without further ado.
-
needing to edit the HOSTS
Sorry but just the idea that you need to change that invalidates the idea that you are acting as a normal user.
-
Just like the 'su' versus 'sudo'. Yes, it's much more convenient to become root and do everything from there, but it's also less secure.
What I would be afraid of is that this preference for convenience extends to your coding style, and in that case, if I were in some way or other accountable for the quality of your code, I'd have a problem with that.
Wow you are daft. I'll be sure to let all the sysadmins know that they need to issue every single command in its own separate sudo and never group them in one go, because it's WAY more secure to run the exact same commands when you type your password every time instead of once at the beginning.
I'll try not to let my coding suffer from usage of su and annoyance about certain uac lacks of features. :eye_roll:
-
that is the point, it's annoying when I am NOT acting as a normal user
-
because it's WAY more secure to run the exact same commands when you type your password every time instead of once at the beginning.
That's often how sudo works, too. Technically, the authorization is good until it times out or something. Or maybe you have your system set up so you never type in a password for sudo.
-
Really? Nice... never considered trying that in windows, though i wouldnt want to leave a terminal open as root constantly, but if i have a group of rooty things to do in windows, i'll have to keep that trick in mind.
-
I don't change anything. I also dont recall ever seeing sudo skip the pw just because you typed it before... but again, that would be another argument FOR my point that having the security pop up between every single step after the first one is just pointless annoyance.
-
I'm not taking sides. I just wanted to point out how wrong and ignorant your comment was.
-
Ignorant of....what exactly? The last sytem i used sudo on, i had to type the pw every time. Maybe i just didnt do enough fast enough. As far as I'm concerned, that makes you the ignorant one....
Especially considering the sudo thing wasnt even brought up by me and that the entire point is about batching multiple commands.
-
The last sytem i used sudo on, i had to type the pw every time.
that's configurable. most distros have a 5 minute timeout before you need to enter your password again. but some enterprisey systems (i'm looking at you redhat) require the password every time.
-
that's configurable. most distros have a 5 minute timeout before you need to enter your password again. but some enterprisey systems (i'm looking at you redhat) require the password every time.
Cool. So what you're saying is that the entire "onoes if you cry about UAC, why don't you cry about linux sudo" thing is a non-point since linux by default actually requires the password less? I guess Severity_One must hate those distros and their shoddy programmers with their lax security standards,
Edit - Also, most of our linux servers are running RedHat Enterprise. Hence my experience that sudo requires a password every time. EditEdit - I don't have root passwords anyway, so if there's something that absolutely needs me to do it rather than a sysadmin, the sysadmin has to come do the su/sudo command part.
-
well strictly speaking linux requires the password all the time, and it's not your password but root's.
sudo isn't a POSIX standard utility. it's just so damned useful that most distributions include it by default because if they didn't the first thing any competent sysadmin would do is install it.
but yes, once installed the default behavior is once you authorize use of sudo any further use of sudo within 5 minutes of the last invocation (unless that authorization is revoked with
sudo -k) does not require another password entry.
-
Ignorant of....what exactly?
There are known knowns. You aren't ignorant of that stuff.
There are known unknowns. This is like quantum ignorance. You don't know, but you know that.
But there are also unknown unknowns. This was you and sudo.
-
The last sytem i used sudo on, i had to type the pw every time
Search for
passwd_timeoutandtimestamp_timeoutbeneath it`.
-
Oh right, the same @darkmatter said:
Sorry, you fail. I don't do Windows Application code, so nothing I write has to deal with UAC from an application standpoint at all.
It is ME, the user, dealing with UAC popups when trying to do my work, like needing to edit the HOSTS file on my machine. Open the file to make a quick edit, hit save - OOPS FORGOT TO START YOUR EDITOR IN ADMIN MODE AND YOUR CHANGE CAN'T BE SAVED NOW, SUCKER. It's just a pisser. Alternative is to pin the editor shortcut with admin mode enabled, which causes the UAC popup by default. Which is exactly the thing that gets annoying after a while.What happens when I try doing that in Linux?
Oh right, the same exact thing because oddly enough, I don't have permissions to write to that file without being an admin.
-
except you were presumably already in a shell to start. how much harder is it to exit, hit the up arrow, and add sudo? not very much trouble at all.
now how much of a pain in the ass is it to restart your editor in admin mode in windows and then re-navigate/copy paste a file path in to re-open it? kind of annoying. WHICH IS MY FUCKING POINT. Not that its goddamn impossible to work or anything, jist that the linux equivalent is a smoother experience, even if it is due to the usage of a terminal vs a gui.
-
except you were presumably already in a shell to start. how much harder is it to exit, hit the up arrow, and add sudo? not very much trouble at all.
now how much of a pain in the ass is it to restart your editor in admin mode in windows and then re-navigate/copy paste a file path in to re-open it? kind of annoying. WHICH IS MY FUCKING POINT. Not that its goddamn impossible to work or anything, jist that the linux equivalent is a smoother experience, even if it is due to the usage of a terminal vs a gui.Well, I can't bring up a GUI example because I don't run any Linux GUIs... the machine in the picture is a gameserver box and I'm connecting to it from Windows via SSH.
-
seriously though, I really do love arguing about my OPINION of what i find annoying, but guess what... since it is my OPINION, i can't be wrong about it. So trying to say i'm wrong about being annoyed by one thing and not the other is just stupid. You're not going to make me be less annoyed. Except maybe flabdablet, who had an actual solution for something and not just their own personal opinion to argue back with.
-
Oh right, the same exact thing because oddly enough, I don't have permissions to write to that file without being an admin.
Esc:!bash sudo chmod go+w /etc/hosts Ctrl-d <Esc>:wq sudo chmod go-w /etc/hostshow much harder is it to exit, hit the up arrow, and add sudo?
And lose the changes you presumably wanted to save? Nah. See above. (Or save to/tmpandsudomove afterwards.)
-
<code>
<kbd>Esc</kbd>:!bash
sudo chmod go+w /etc/hosts
<kbd>Ctrl</kbd>-<kbd>d</kbd>
<Esc>:wq
sudo chmod go-w /etc/hosts
</code>
That's assuming my user has access to sudo. The user I was logged into does*, but the other user on the system doesn't.*Actually, that's what said user is for. I don't want the gameserver user to have sudo access and sshd is configured to not allow remote root access.
-
Click Start. Type cmd and hold down Shift and Ctrl while you hit Enter. Click Allow at the ensuing UAC prompt. You now have an elevated cmd window, anything you launch from inside which will run elevated without further ado.
Under Windows 8, you can just right-click on the Windows button and you get the option of a regular or elevated command prompt right from the menu.
-
Under Windows 8, you can just right-click on the Windows button and you get the option of a regular or elevated command prompt right from the menu.
or tap and hold to get the context menu if running in touch only mode because your external keyboard's batteries died.
-
...With all the help a console is with no keyboard.
(No, I do get that Win8's touch keyboard is great, but I think you may have meant 'mouse')
-
Oh right, the same exact thing
That's because you're a horrible apostate who has strayed from the path of the One True Editor.
There's a [readonly] warning as soon as the file gets opened. But I'll ignore that because I haven't had my coffee:
At this point, if I were blakeyrat I'd add the ! to override, and then crack the sads because my editor was not able to overcome a filesystem permissions issue by magic. But I'm not, so instead I do this:
Or if you insist on being the kind of person would would even contemplate using an "editor" that can't pipe its current buffer contents through a shell command, just write your stuff out to /tmp/hosts and sudo cp /tmp/hosts /etc afterwards.
-
And what's the worst thing that could happen? Really? What, someone's gonna jump out of the computer and stab you to death? Terrorists are gonna take over? No, maybe you'd have to run Antimalware a bit more often than usual. The worst, EXTREMELY remote case scenario is reinstalling the PC. Big deal.
For some of us the worst thing is a lot worse than that and there's a lot of malware that gives no indication of its presence unless you search very hard for it and why would you? A key logger or similar could give root passwords for lots of servers and other important accounts (email, domain registration, thedailywtf, etc) to very unscrupulous and clever people. A criminal type getting hold of them can produce problems that could bring your business to its knees, do massive damage to its (and your) reputation and take months to put right: can you ever be sure they didn't, with the root access they got, put a backdoor in somewhere so your password changes don't stop them?
So it depends what happens on the computer but I dare say that very few computers never get used for logging in to online accounts that are of some importance to somebody. And I also dare say that most who would say "I would never let a worm in, I know how to spot them" are fooling themselves.
That UAC blocks saving the hosts file is quite annoying. It should give the option of elevating permissions at the point of save and it discovers it might need them not only when the program runs. That's true of installers as well. It does seem to me a very crude bodge of a device with little thought to making it user-friendly or smart in any way.
But installing that safe looking freeware m4a to mp3 converter that you need to do in a hurry and finding it's asking for elevated permissions is a good warning to maybe try another one and not have to run process monitor to be absolutely sure it isn't doing something you might deeply regret (if you ever you find out it was this program and this computer that was the root cause of all the pain).
So when you say you've had zero issues, how do you know? Serious question - not facetious or rhetorical. Do you check periodically and if so how? If not then do you expect issues to make themselves known to you in some way and if so what way?
-
PS: And another worst case scenario is it just takes the hacker to put one criminal file on a website or your computer (child pornography, how to make a pipe bomb, etc.) and that's the police involved, very seriously involved and suspecting you and everyone you know questioning whether you would actually do such a thing and doubting their trust in you.
Personally, I'd rather just be stabbed, maybe not to death, but at least it's over quickly and, if you survive, you get nothing but sympathy from those around you. Being arrested on suspicion of being a paedophile could ruin your life. That shit would leave a smell you'd never completely shake off.
-
That UAC blocks saving the hosts file is quite annoying.
That's actually not the case: the hosts file is read-only to users and full perms for administrators. UAC allows you to edit the file. Or rather, elevating does.
-
I'll step out on the side of turning off UAC on my personal computer. I don't need constant reminder that this or that is dangerous. I know it is. I'm still doing it. Your stupid popup is just wasting my time.
It's not a reminder. It's asking whether this process/program should get admin rights.
Which, if you turn UAC off, it gets by default. Congrats. You just wasted your time by having to run Malwarebytes on a regular basis.
-
But it's not a matter of permissions of the user it's a matter of the permissions of the program the user is running.
That's my issue with UAC: there's no granular control - no option to opt specific things out of it: it's all or nothing. If I'm wrong about that and there is a way to tell UAC not to worry about hosts and certain registry keys but keep doing its thing with every other file and registry setting I'd love to hear it.
I think that's how it should work: a tick box on every file, folder and registry key, for setting UAC on/off for that particular object with sensible defaults.
-
Maybe when I start a program I should get a tickbox of every kernel system call it wants to do for me to tick off and on at my leisure.
-
@created_just_to_disl said:
Maybe when I start a program I should get a tickbox of every kernel system call it wants to do for me to tick off and on at my leisure.
And then randomly toggle them for the sheer hell of it.
-
That's my issue with UAC: there's no granular control - no option to opt specific things out of it: it's all or nothing. If I'm wrong about that and there is a way to tell UAC not to worry about hosts and certain registry keys but keep doing its thing with every other file and registry setting I'd love to hear it.
Wat.
No, go look at the permissions on the hosts file. It has NOTHING to do with UAC per se. Don't take my word for it, give yourself full control over the file:
icaclc hosts /grant LurkerAbove:f
Then try to edit it No elevation request! It's just a normal read-only file. But here's the thing--you wouldn't have gotten a UAC prompt anyway, just a Save As dialog to change the name, with the default permission.
-
For some of us the worst thing is a lot worse than that and there's a lot of malware that gives no indication of its presence unless you search very hard for it and why would you? A key logger or similar could give root passwords for lots of servers and other important accounts (email, domain registration, thedailywtf, etc) to very unscrupulous and clever people. A criminal type getting hold of them can produce problems that could bring your business to its knees, do massive damage to its (and your) reputation and take months to put right: can you ever be sure they didn't, with the root access they got, put a backdoor in somewhere so your password changes don't stop them?
So it depends what happens on the computer but I dare say that very few computers never get used for logging in to online accounts that are of some importance to somebody. And I also dare say that most who would say "I would never let a worm in, I know how to spot them" are fooling themselves.
This is all true in theory. It is also true that, as you're walking down the street, any random person can just pull out a knife and stab you AND THERE'S NOTHING YOU CAN DO OMG WHAT IF YOU DON'T WEAR AN ARMOR EVERY SINGLE DAY OF YOUR LIFE!!??
If there was an epidemic of this going on, you'd have a point. But even then, there'd be some attack vector you could shut down and problem solved.
That UAC blocks saving the hosts file is quite annoying. It should give the option of elevating permissions at the point of save and it discovers it might need them not only when the program runs. That's true of installers as well. It does seem to me a very crude bodge of a device with little thought to making it user-friendly or smart in any way.
Actually, disabling UAC does diddly squat to help you with the hosts file editing. You still need to start editor as Administrator if you want to be able to save. Which makes me think you UAC people just like the security theater of the UAC warning screens and never actually tried using PC without it.
But installing that safe looking freeware m4a to mp3 converter that you need to do in a hurry and finding it's asking for elevated permissions is a good warning to maybe try another one and not have to run process monitor to be absolutely sure it isn't doing something you might deeply regret (if you ever you find out it was this program and this computer that was the root cause of all the pain).
OK, a point, I'd probably want to know if a program is trying to mess with strange files.
But see, the problem is UAC doesn't tell you that. It just says this or that requires admin access. You don't know is it for its silly config file, or to open up a port or format C drive or what. So, if I really just want to convert some m4a-s and this stupid screen is standing in my way, I (along with 99% of people) would just click "Allow" and move on with my life. Warning screen = useless.
Now if they had granular permissions and I could set a warning level separately for each directory/system resource like on mobile devices, that would be a security feature I could learn to tolerate.
So when you say you've had zero issues, how do you know? Serious question - not facetious or rhetorical. Do you check periodically and if so how? If not then do you expect issues to make themselves known to you in some way and if so what way?
No slowdowns. No suspicious running processes. No popups jumping up. No one stole my identity or credit card numbers. The usual.
The same way you know there's no obsessed stalker following you and watching your every move. Not by building a moat around your property and hiring armed guards, but by just not noticing apparent problems and presuming everything's OK, so you can move with your life. Like a normal person.
Serious questions: how do you know that one of the installers that you gave admin privileges didn't install any of the things you specified? Or that no one has figured out an exploit through one of many holes that NSA had apparently forced Microsoft to leave open?
I'll answer for you. You don't. But boy, those UAC screens sure are comforting.
It's not a reminder. It's asking whether this process/program should get admin rights.
Which, if you turn UAC off, it gets by default. Congrats. You just wasted your time by having to run Malwarebytes on a regular basis.
Oh noes! I haven't seen a giant OK button I can click and feel safe! The world is falling apart!
Coincidentally, I haven't run Malwarebytes in months.
-
Actually, disabling UAC does diddly squat to help you with the hosts file editing. You still need to start editor as Administrator if you want to be able to save. Which makes me think you UAC people just like the security theater of the UAC warning screens and never actually tried using PC without it.
The most common result of turning UAC off, for most people, is that everything they launch does then start with full admin privileges by default. This is because the default user account arrangement for Windows is still a single user account that's a member of the Administrators group.
If you set it up sanely, with a dedicated Admin account you never explicitly log onto and a separate standard user account for everyday use, the UAC UI arrangements actually work very smoothly to help you run administrative stuff as administrator when you need to. So smoothly, in fact, that I'm pretty sure the only reason that this isn't the normal way Windows operates out of the box is because of the UAC team's inability to talk some fuckwit marketroid around.
I loathed UAC on its first appearance in Windows Vista. They calmed it down to quite tolerable levels in Windows 7.
Obviously it would be better, from a system administration point of view, to have available the kind of fine-grained and flexible delegation ability you can get with sudo. But sudo is not a natural fit within the Windows ecosystem, which relies so much less on command-line invocation of stuff.
-
The most common result of turning UAC off, for most people, is that everything they launch does start with full admin privileges by default. This is because the default user account arrangement for Windows is still a single user account that's a member of the Administrators group.
I have single user admin account and UAC off, and things don't run as Administrator by default.
Which brings us to an important question: HOW DO I MAKE THEM!?
Seriously, I'm not sure I'd go that far. Running as regular user prevents you from accidental damage, which IMO is much more common case than malicious attack.
-
I have single user admin account and UAC off, and things don't run as Administrator by default.
Which brings us to an important question: HOW DO I MAKE THEM!?
Turn the UAC notification level all the way down to "never notify", then reboot.
-
Running as regular user prevents you from accidental damage
Quite so. But Windows PC owners are not accustomed to setting Windows up that way, which is exactly why MS had to add this whole "one user, two security tokens" UAC hack to achieve the same end.
-
Turn the UAC notification level all the way down to "never notify", then reboot.
Nope.
Maybe on Windows 7.
-
7 is what I tested that procedure on. Did they break that in 8 as well? Color me unsurprised.
I had the same kind of NOPE NOPE NOPE reaction on first exposure to 8 that I had to Vista, so I've been avoiding it. I jumped all the school workstations from XP to 7 as soon as SP1 came out, and expect to leave that in place until 10 SP1 becomes available (assuming MS doesn't get into an OS version numbering arms race with Apple, in which case both of them will probably hit version 57 on a twice-weekly release cycle before I feel the need to switch).
-
7 is what I tested that procedure on. Did they break that in 8 as well? Color me unsurprised.
Yeah that was a big surprise for anti-UAC people when moving to 8. On 7 you could turn off UAC and use the computer pretty much the same as on XP, happily running everything as Administrator. On 8, it's more like there's no warning screen, but you still need to elevate programs manually when you run them.
Which is why the hosts editing is completely separate issue from UAC on Win 8 and onwards.
