[14317] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: Reliance on Microsoft called risk to U.S. security

daemon@ATHENA.MIT.EDU (lists@notatla.org.uk)
Sun Sep 28 12:18:15 2003

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: cryptography@metzdowd.com, jeroen@vangelderen.org
Date: Sun, 28 Sep 2003 00:57:43 +0100 (BST)
From: lists@notatla.org.uk

From: Jeroen C.van Gelderen <jeroen@vangelderen.org>

> >  This is really rather naive. Users don't
> > understand pop dialogues, they raise their stress level, always 
> > clicking
> > "yes" makes the problem go away.
> 
> True. But don't you think that this may be in part because the popup 
> dialogues are shown way too often in the course of normal use? And 
> because they ask questions that cannot be understood by Real Users? Is 
> it naive to assume that Real Users are intelligent but that an 
> ill-designed security architecture has *conditioned* them to always 

There was a user (c. 1996) given a yes-no popup with "Self-destruct now ?"
and chose yes.
 
> Because I'm an optimist I believe that Alice will read the dialog and 
> err on the side of caution. Maybe that isn't realistic. So we teach 
> Alice to always click "NO". We can do so because unlike today, Alice's 
> "NO" will not interfere with her ability to get work done.

As a long-confirmed pessimist I see this as the call for mandatory access
controls.  I've no hope of making major improvements at work until either
we get some simple MAC or people get sacked for violating security policy.
And I think their attitudes are largely attibutable to a certain single-user
monocuture.

BTW I think any popup that steals the keyboard focus is unfriendly and
should be used for nothing short of a condition about to wreck the whole
machine.  I think for most tasks I'm interested in a GUI is unfriendly -
I'm not so extreme as to think it's never useful.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post