Windows 9 (And Pandora) appreciation thread



  • @blakeyrat said:

    UAC doesn't tell you what it's blocking because it doesn't know.

    @blakeyrat said:

    And hell, UAC works a shitload better than sudo does. At least it doesn't just let things fucking fail, then make the failing program try and message the user as to what went wrong.

    The failing program does, by definition, know what it was trying to do, so the *nix behavior (sudo isn't really relevant here) seems like the right thing to do IMNSHO.



  • @boomzilla said:

    My wife goes nuts every time someone talking about "honing in on" something.

    I bet that really gets on her goat.


  • FoxDev

    @boomzilla said:

    It's true. Sometimes changing usage improves communication, and that's a good thing. As long as we don't do something really stupid like adding a bunch of 'u's to words.

    QFT



  • @jaloopa said:

    It's probably past the point where grammar prescriptivists can reclaim it from the more intuitive "requires the follow up question".

    I tried to prevent it from being redefined, but someone disabled the UAC on the English language. I think it was those bloody Yankees.



  • I mean, I know we only have like a quarter of a continent, but at least we can afford more than a couple islands.



  • @jello said:

    The failing program does, by definition, know what it was trying to do, so the *nix behavior (sudo isn't really relevant here) seems like the right thing to do IMNSHO.

    I think each is probably best on their own platforms. *nix programmers have been used to having to think about programs not running with full rights, and making the programs work correctly in those cases, since the beginning, and as a result are designed around it. It works well there.

    Windows programmers for a long time were not; even though they should have been for a while, with almost everyone running as admin before Vista lots of them didn't care. Even at MS. If you port the Unix model of "just fail the operation and let the user say 'oh yeah, I need to run this elevated'", you get really awful situations like the user working with a program for half an hour, then it tries to save something, fails, and now the user has to start over from the beginning. And that even assumes the user would even know what to do, when the program probably wouldn't give a particularly informative error message (and may give an utterly unhelpful one).



  • @blakeyrat said:

    UAC works a shitload better than sudo does.

    Wrong.

    It arguably works better than the way Canonical set sudo up for Ubuntu, but that's actually a pretty fucking stupid way to configure sudo. Using sudo as it was originally designed involves adding sudoers entries for the specific command lines you want to be able to use without needing the root password. Those entries control exactly which users are allowed to use those commands, and there are options for requiring them to supply a password, or not.

    Sudo done the Canonical way is just dopey, because it duplicates functionality already provided by the much simpler su tool (which works much more like UAC). All it's done is train a generation of Linux users to treat "sudo" as a synonym for "please" and avoid learning anything else about what it's capable of.

    Sudo done properly means you can write scripts to do whatever you need to do and never be bothered by anything akin to an elevation auth request.

    But for me, the killer feature that sudo has and UAC doesn't is the way it can be set up to remember how long it's been since a particular process invoked it, and not pester for more auth on subsequent invocations from that same process within a preset time limit. So even for stuff that is set up to be password protected, one sudo near the beginning of a session is often enough to let you do whatever dangerous things you need to for the rest of that session, without being asked for your password every single time.



  • @blakeyrat said:

    UAC doesn't tell you what it's blocking because it doesn't know. All it knows is that a permission denied was thrown somewhere. It doesn't even know whether it's in a file or code object.

    This does seem like an odd oversight. (Does that count as a double pun?) It certainly begs the question of what MS intended UAC to prevent.



  • @VaelynPhi said:

    what MS intended UAC to prevent.

    Invisible admin-level activity, mostly.

    With an admin account in Windows XP, it takes at least two clicks to install malware. Since Vista, UAC means the same thing now takes three clicks. That's 50% better security right there.



  • @jello said:

    The failing program does, by definition, know what it was trying to do, so the *nix behavior (sudo isn't really relevant here) seems like the right thing to do IMNSHO.

    Right but its messaging is always "E: fhe assd sdohr prm dend asdy"


  • kills Dumbledore

    your trying to troll us grammar nazi's but I could care less what you're going for



  • @EvanED said:

    Windows programmers for a long time were not; even though they should have been for a while,

    If "for awhile" means "since 1993", then yes.

    @EvanED said:

    If you port the Unix model of "just fail the operation and let the user say 'oh yeah, I need to run this elevated'", you get really awful situations like the user working with a program for half an hour, then it tries to save something, fails, and now the user has to start over from the beginning.

    Right; but that's exactly as possible to happen in Linux. So I don't know what the hell you're talking about here. And in Linux, you can't hit "allow" and have it work, you're just fucked.

    @EvanED said:

    And that even assumes the user would even know what to do, when the program probably wouldn't give a particularly informative error message (and may give an utterly unhelpful one).

    As opposed to the Linux error message, which would be crystal clear.


  • ♿ (Parody)

    @EvanED said:

    "Literally" as an intensifier for a deliberately non-literal expression isn't more recent. I don't have access to the OED any more unfortunately, but my memory is that has citations of that use going back to the late 1800s

    Eh, OK, I guess it just seems like it's become a lot more common lately, then.



  • Literally overnight.


  • ♿ (Parody)

    @flabdablet said:

    I bet that really gets on her goat.

    No, I'm the only one allowed...wait, what?



  • @blakeyrat said:

    Knowing what specific operation was blocked gives no clues as to what the application was doing

    I'm pretty sure that is basically the definition of a clue. It might not be a complete explanation, but if I know it's trying to access /this/file, that gives me some idea of what's going wrong. Hell, even having this information logged somewhere would be useful.

    @blakeyrat said:

    And hell, UAC works a shitload better than sudo does. At least it doesn't just let things fucking fail, then make the failing program try and message the user as to what went wrong.

    [citation needed]

    If I could have UAC function like sudo, I might not hate it so much. (I still think disabling it is silly.)

    Maybe you mean "script"? A badly written script might fail because it erroneously invokes sudo when, say, it's intended to be run automatically (ie, when the person who wrote it didn't understand what they were doing). Perhaps you can give an example of what you mean?


  • ♿ (Parody)

    @VaelynPhi said:

    I think it was those bloody Yankees.

    Need some context here. I can think of at least 4 meanings.


  • kills Dumbledore

    This is exactly the kind of topic Jeff would have split out into 2. I'm enjoying watching the UAC argument interleaved with grammar pendantry though. What does that say about me, @CodingHorrorBot?



  • @EvanED said:

    when the program probably wouldn't give a particularly informative error message (and may give an utterly unhelpful one).


    Filed under: using an error code in the past 3 decades


  • 🔀

    @jaloopa Is Doing It Wrongâ„¢<t3833p68>



  • At this point, I can either write emails to the developers of the program and/or the applet and ask them to fix their shit, or I can downgrade Java to 7.25 and disable updating. Since only one of these two courses of action will likely solve anything, I choose the obvious.

    Or you could just sign the applet yourself. Yes, it would be a bit of a hassle, but still faster (and less retarded) than all the hoops you went through...



  • @blakeyrat said:

    If "for awhile" means "since 1993", then yes.

    Wasn't really until Vista came out (when was that? 2007ish?) that it got really serious, though. Because far and away the most common setup for mass-market Winboxen has been with a single user account with full admin rights, and it wasn't until UAC got invented that such an account had any barrier to doing anything anytime.

    The cultural baggage argument is completely valid. Unix-family systems have had conceptual separation between admin and user activities from day one. Forty-four years > seven.


  • ♿ (Parody)

    @VaelynPhi said:

    I'm pretty sure that is basically the definition of a clue. It might not be a complete explanation, but if I know it's trying to access /this/file, that gives me some idea of what's going wrong. Hell, even having this information logged somewhere would be useful.

    Yeah, knowing it's modifying foo.ini as opposed to, say, trying to write to user32.dll is useful as a clue that something is really wrong as opposed to just doing it wrong.



  • @blakeyrat said:

    If "for awhile" means "since 1993", then yes.

    I don't think it's entirely fair to count back to the genesis of NT for a lot of Windows programmers. Game programmers in particular (and games seem to be one of the main violators of UAC stuff) I'd forgive nearly completely until the 2000/XP era, and partially for a while after that. Sure, in an ideal world they'd have done a better job honoring the user separation, but when doing so will improve the lives of approximately 0% of your users it's probably hard to convince the people in charge it's worth it.

    And at that point you're only talking about, say, 5-year-old games at the release of Vista... I definitely play games older than that now on a regular basis.

    @blakeyrat said:

    Right; but that's exactly as possible to happen in Linux. So I don't know what the hell you're talking about here. And in Linux, you can't hit "allow" and have it work, you're just fucked.
    I agree, but that never happens because no one writes *nix programs that behave that way. It's... a bit like your argument that the cooperative multitasking in early MacOSs may have led to better software (except in the case of the multitasking it'd probably be a lot harder for the user to figure out who screwed up).

    @blakeyrat said:

    As opposed to the Linux error message, which would be crystal clear.
    It'd say less likely to be translated to something like "error: success" because of some crap handling.



  • @EvanED said:

    situations like the user working with a program for half an hour, then it tries to save something, fails, and now the user has to start over from the beginning.

    Crap error handling in the app isn't the fault of the OS. Fall over and die without so much as a checkpoint is crap.



  • @boomzilla said:

    useful as a clue

    Quite. And the argument that users don't understand this stuff so there's no point telling them anything is bullshit. Because when users don't understand something, they call somebody like me who does - and having to work in complete darkness pisses me off.



  • @EvanED said:

    really awful situations like the user working with a program for half an hour, then it tries to save something, fails, and now the user has to start over from the beginning. re-try the save into a folder they have access rights for.

    Intolerawful.



  • @jello said:

    Crap error handling in the app isn't the fault of the OS. Fall over and die without so much as a checkpoint is a crap.

    "Fault" doesn't matter much. I can very clearly recognize that Contoso Fancy Program is the thing that is broken and yet still decide that I won't upgrade Windows because I "need" Contoso Fancy Program to work.

    @flabdablet said:

    Intolerawful.
    I'm not talking about what properly-written programs could do, I'm talking about what poorly-written but very real programs will do.


  • :belt_onion:

    @blakeyrat said:

    UAC doesn't tell you what it's blocking because it doesn't know. All it knows is that a permission denied was thrown somewhere. It doesn't even know whether it's in a file or code object.

    It's even simpler than that...
    UAC doesn't even block anything, it just lets stuff in.
    For example, attempting to do this:
    C:\Users\[redacted]>mkdir C:\Windows\System32\foo
    results in this:
    Access is denied.

    To fix that, you run it as administrator, but throwing up an "access denied" doesn't trigger UAC...

    So there's really no way it could feasibly "guess" what your application is trying to do, because it's only told that [application name] wants admin access.

    @darkmatter: I'm pretty sure that in the case of Diablo III, it's not even UAC-ing because it got an access denied, it's UAC-ing because that's how the game is programmed. It's trying to get admin access (which really is doing it wrong...) and to do that, it needs UAC...



  • @blakeyrat said:

    in Linux, you can't hit "allow" and have it work, you're just fucked.

    I have seen exactly this behavior from Windows applications that don't anticipate needing to elevate. This is an app deficiency, not an underlying system mechanism deficiency.



  • @flabdablet said:

    It arguably works better than the way Canonical set sudo up for Ubuntu, but that's actually a pretty fucking stupid way to configure sudo. Using sudo as it was originally designed involves adding sudoers entries for the specific command lines you want to be able to use without needing the root password.

    Well, ok, but how does that translate to the GUI environment?

    @VaelynPhi said:

    This does seem like an odd oversight.

    It's not "an oversight", it's "a technical impossibility, given how the NT kernel works".

    @VaelynPhi said:

    It certainly begs the question of what MS intended UAC to prevent.

    Like a billion different things. A simple example would be a hostile program trying to replace or patch a .dll in another program's directory.

    At the point where UAC is triggered, all it knows is that a program tried to create a file in a directory it doesn't own. It doesn't know the file contains code, or anything else. It doesn't know if the file is a .gif, a .dll, or a .exe. So there's really no extra information it can give.

    @VaelynPhi said:

    If I could have UAC function like sudo, I might not hate it so much. (I still think disabling it is silly.)

    Well, I think if you hate it now, you're an idiot. Wanting to make it worse makes you, I dunno, double-idiot? Whatever.

    @flabdablet said:

    Wasn't really until Vista came out (when was that? 2007ish?) that it got really serious, though.

    It was always "serious". If you ignored the permissions system before, your application would only work for administrative users. That is a bug. That is a bug in Windows 8, it was a bug in Windows 7, Vista, XP, 2000, NT4. It's always been a bug.

    The problem is shitty application developers who don't know anything about how the OS they've chosen to develop in works, and also don't give a shit about shipping software with huge bugs.

    @flabdablet said:

    The cultural baggage argument is completely valid. Unix-family systems have had conceptual separation between admin and user activities from day one. Forty-four years > seven.

    Well then why does Microsoft have a better elevation implementation? If you Unix-people are such experts, why the fuck are you shitting around with sudo?

    @EvanED said:

    I don't think it's entirely fair to count back to the genesis of NT for a lot of Windows programmers.

    Bullshit. Bugs are bugs. Shitty software is shitty software. The only difference between now and then is the OS will say "hey, this software's doing something shitty" and back then it just silently did it.

    You people remind me of that Bridget99 troll where she said that XP "broke her app" by showing "not responding" in the title bar.

    @EvanED said:

    Game programmers in particular (and games seem to be one of the main violators of UAC stuff) I'd forgive nearly completely until the 2000/XP era, and partially for a while after that.

    Well

    1. I'm pretty sure Diablo III doesn't throw up UAC prompts in the first place, and
    2. Why? Buggy software is buggy software. There's nothing in particular about games that requires them to have admin access.

    @EvanED said:

    Sure, in an ideal world they'd have done a better job honoring the user separation, but when doing so will improve the lives of approximately 0% of your users it's probably hard to convince the people in charge it's worth it.

    Why do you have to convince the people in charge that asking the OS for the user data path is better than hard-coding "My Documents"? It's fucking 1 line of code to do it correct.

    @EvanED said:

    And at that point you're only talking about, say, 5-year-old games at the release of Vista... I definitely play games older than that now on a regular basis.

    Games have always been buggy pieces of shit. Probably because people like you give them a complete pass.

    @EvanED said:

    I agree, but that never happens because no one writes *nix programs that behave that way. It's... a bit like your argument that the cooperative multitasking in early MacOSs may have led to better software (except in the case of the multitasking it'd probably be a lot harder for the user to figure out who screwed up).

    So the Linux system is better because invisible magical fairies ensure it works.

    @sloosecannon said:

    It's even simpler than that...UAC doesn't even block anything, it just lets stuff in.For example, attempting to do this:C:\Users[redacted]>mkdir C:\Windows\System32\fooresults in this:Access is denied.

    To fix that, you run it as administrator, but throwing up an "access denied" doesn't trigger UAC...

    I have no idea what you're trying to communicate to me here.

    @sloosecannon said:

    So there's really no way it could feasibly "guess" what your application is trying to do, because it's only told that [application name] wants admin access.

    Oh I get it now.

    That's what the UAC user account/desktop knows. Right. Which is why it can't be "whitelisted" from the UAC dialog or (for that matter) even displayed on the screen. (And even if it were displayed on the screen, it couldn't be copied or pasted or cut or anything because it's in a different desktop. Get out your pencils...)

    To be fair, there's probably no reason Windows couldn't put that information in the Event Log somewhere. It probably does if you're running a Checked Build of Windows.

    @sloosecannon said:

    @darkmatter: I'm pretty sure that in the case of Diablo III, it's not even UAC-ing because it got an access denied, it's UAC-ing because that's how the game is programmed. It's trying to get admin access (which really is doing it wrong...) and to do that, it needs UAC...

    There is a app manifest option that's basically "request UAC every time I run".



  • @flabdablet said:

    I have seen exactly this behavior from Windows applications that don't anticipate needing to elevate. This is an app deficiency, not an underlying system mechanism deficiency.

    Well obviously any app that requires elevation to save user data is broken and wrong.

    I was just replying to the assertion that sudo handles this situation better than UAC.


  • kills Dumbledore

    As far as I can tell, UAC basically gets told "this application wants to do something" and passes back yes or no to allow it?

    I see two major problems if whitelisting were allowed for this model:

    1. an application that I think is safe gets whitelisted. It includes a self updater, which can now be run without a UAC prompt since it's all part of the whitelist, (or I update it manually) and the new version has a bug or exploit that I never get a chance to protect against because it's whitelisted
    2. whatever UI there is to whitelist software instantly becomes a massive attack vector, since if any malware becomes able to set an application as whitelisted it then has complete administrative access to your system, or can effectively turn UAC off by whitelisting everything.


  • @blakeyrat said:

    why does Microsoft have a better elevation implementation?

    It's not better. It's different. And it works the way it does largely because MS had a need, never experienced in the Unix family, to force a shift in application developer behavior.

    As you correctly point out, MS has had adequate underlying security mechanisms in place since the first version of NT. What I and others are saying, though, is that MS has always had to fight an uphill battle against application developers with much the same attitude as our OP here ("it's my damn computer") because of Windows's cultural, though since 1993 not technical, single-user CP/M roots.



  • @flabdablet said:

    It's not better. It's different. And it works the way it does largely because MS had a need, never experienced in the Unix family, to force a shift in application developer behavior.

    *nix has never experienced a need to force a shift in application developer behavior? Because lemme tell you, buddy, there's a HUGE FUCKING NEED RIGHT NOW for them to write applications that aren't unusable shit.

    Oh you must have meant "this particular need".

    @flabdablet said:

    As you correctly point out, MS has had adequate underlying security mechanisms in place since the first version of NT. What I and others are saying, though, is that MS has always had to fight an uphill battle against application developers with much the same attitude as our OP here ("it's my damn computer") because of Windows's cultural, though since 1993 not technical, single-user CP/M roots.

    Right; but it also doesn't help that people were just bending over and taking it. "Your product doesn't work when run as a normal user account." "We don't support that." Correct response: "then we won't buy your products ever again you shitty hacks". Incorrect response: "oh then let's have our IT guy make everybody admin."

    Sure, maybe you can't change the world on your own. But there's one thing you can do: when served shit, don't eat it.



  • @jaloopa said:

    two major problems

    Those problems exist anyway. Once you've given anything a UAC green light even once, it can arrange to have anything it wants done silently thereafter, by installing a system service. This is how silent updaters work.



  • @blakeyrat said:

    you must have meant "this particular need".

    Yes.



  • @blakeyrat said:

    *nix has never experienced a need to force a shift in application developer behavior?

    No.

    Whether it's because Unix developers are sane, or because nobody really cares enough to change, is up for debate, though.

    @blakeyrat said:

    Right; but it also doesn't help that people were just bending over and taking it. "Your product doesn't work when run as a normal user account." "We don't support that." Correct response: "then we won't buy your products ever again you shitty hacks". Incorrect response: "oh then let's have our IT guy make everybody admin."

    Well, surprise. People just want their grumpy cats - be it a meme website, or a $2k piece of software. Using your operating system The Right Way goes pretty low on the list of priorities.


  • :belt_onion:

    @blakeyrat said:

    I'm 99% sure Diablo III doesn't trigger UAC warnings. If it does-- if-- I'd suspect some anti-cheat code in the product. Or she's installed some kind of mod or graphical enhancement (like ENB) or overlay tool (Raptr, some chat programs have them) or Fraps or something that does require admin because it peeks into another process's memory.

    My wife hasn't installed squat, nor did I.

    @blakeyrat said:

    Maybe it internally launches another EXE that isn't marked as XP Compat?

    See I thought that might be the reason for diablo's problem at one point, but I've changed every possible exe in that directory to run as Administrator by default with wide open permission to everything, yet that annoying popup persists.

    @sloosecannon said:

    @darkmatter: I'm pretty sure that in the case of Diablo III, it's not even UAC-ing because it got an access denied, it's UAC-ing because that's how the game is programmed. It's trying to get admin access (which really is doing it wrong...) and to do that, it needs UAC...

    When all else is ruled out, whatever remains.. blah blah. Yeah, I'm positive after this discussion that it has something to do with requesting access for reading active processes or something. I do not believe it has anything to do with userdata because it is all written to the proper userdata/programdata locations in the user directories.

    @blakeyrat said:

    Well1) I'm pretty sure Diablo III doesn't throw up UAC prompts in the first place, and

    You are positive? Then what is windows prompting us about when we run diablo3? Whether it's cool for me to be scratching my testicles while powering the mouse? I think she has Vista not W7, but tbh I'm not certain because I'm not home to check.



  • @blakeyrat said:

    it also doesn't help that people were just bending over and taking it.

    Civilians will always (oh fuck OFF atwood toasters!) will always just bend over and take it, because to civilians, computers work by magic.

    Quality in computer software design has never been demand driven. Not even once in the whole history of ever. The best stuff has always been the result of some developer somewhere (a) having a clue and (b) giving a shit and (c) successfully hiding the hat.



  • @darkmatter said:

    I've changed every possible exe in that directory to run as Administrator by default

    You know all that does is force a UAC popup on launch, right?



  • @darkmatter said:

    I think she has Vista not W7

    UAC in Vista is a fustercluck. Quite tolerable from 7 onward.


  • :belt_onion:

    @flabdablet said:

    You know all that does is force a UAC popup on launch, right?

    Hey there we go! Maybe that will solve it, although I don't know if turning off the thing I turned on to fix the problem will fix the problem.



  • @darkmatter said:

    I don't know if turning off the thing I turned on to fix the problem will fix the problem.

    This is Windows. Of course it will.



  • @blakeyrat said:

    Correct response: "then we won't buy your products ever again you shitty hacks". Incorrect response: "oh then let's have our IT guy make everybody admin."

    HAHAHAHAHA!!!!!1!!l!!one!!!

    Clearly you've never been a sysadmin. This happens all the time. Salesweasels sell to management, not techs, and management doesn't give a fsck when the admin tells them that the application is utter garbage.



  • @darkmatter said:

    You are positive?

    I played it for a depressingly long time, considering how shitty a game it is, and I usually remember things like, "ugh this program is throwing up UACs for no reason, shitty programmers."

    Also I just recently played Hearthstone, and neither it nor its launcher throw up UACs unless there are actual updates. So that's one Blizzard product that certainly is correct.

    That all said, I'm not going to download Diablo III again (because, you know, shitty game), so I don't know for sure.


  • :belt_onion:

    @blakeyrat said:

    That all said, I'm not going to download Diablo III again (because, you know, shitty game), so I don't know for sure.

    It's ok, @flabdablet has solved it - it is because we had to enable it to run in Admin mode in order for the self-updater to not shit itself on Vista


  • :belt_onion:

    It is entirely possible at this point that I can disable admin mode altogether and it will work fine, since they probably fixed whatever the issue was at some point.



  • @flabdablet said:

    (c) successfully hiding the hat.

    Wow, is it possible to use a tinier, more unreadable font? Scientists labor to answer this question! (No.)

    @jello said:

    HAHAHAHAHA!!!!!1!!l!!one!!!

    Clearly you've never been a sysadmin. This happens all the time.

    Duh? Where did I say otherwise?

    @jello said:

    Salesweasels sell to management, not techs, and management doesn't give a fsck when the admin tells them that the application is utter garbage.

    Again duh? I worked at a place that used Lotus Notes, remember?

    @darkmatter said:

    It's ok, @flabdablet has solved it - it is because we had to enable it to run in Admin mode in order for the self-updater to not shit itself on Vista

    So Diablo III was annoying you with UAC prompts because you went out of your way to ensure it would prompt. Good to know.

    Also: Blakeyrat was right once again.


  • :belt_onion:

    Also, moral of this topic, yelling in big all caps bold fonts gets people to respond with good ideas :trollface:

    Must be why blakeyrat does it.


Log in to reply