Security by Lawyers – Vista’s Elevation Prompts

If you’ve tried Vista, you’ve no doubt been hit with the onslaught of “elevation prompts” for tasks that need to run with elevated privileges.  The messages are so frequent, they almost read like this:  “You’ve clicked on the Disk Defragmenter button.  Did you really mean to click the Disk Defragmenter button?”  Uh, hello?  Vista?  You mean someone else might have clicked on it?

I really appreciate that Microsoft is trying to solve the security issues they’ve had in the past.  That part is great.  The problem is that the solution doesn’t fix the problem.  As a user, Vista inundates you with “Do you want to do XYZ” so frequently that you become completely numb to the problem.  The message descriptions are obtuse, and your choices blur together.  In the end, you conclude, “damnit, just do what I say” and click yes.  If there was a real reason for the alert, the user doesn’t know and clicked through anyway.

I’m sure the lawyers at Microsoft are happy, though.  Vista provides a credible argument that Microsoft did warn you before something bad happened.  But it’s really like reading the End-User-License-Agreement (EULA) that comes with any website or software package these days – nobody reads them.  In the end, the lawyers are protected, and the users are left with unintelligible gobbledygook that just slows them down.

What we really wanted, Microsoft, was warnings about errors.  What you gave us, was a warning about anything we do normally that might be an error.   And unfortunately, 99.9% of the time, it is not an error!  So, the prompts you’ve just displayed are basically useless (except to the lawyers).

If you aren’t planning on suing Microsoft anyway, I stumbled upon this great tip by way of Omar for how to turn the damn things off.

Online Poker Opportunity!

With Congress and now the President signing into law (HR 4954, title VIII) that it will be illegal for US credit card companies to facilitate transactions for the purposes of gambling, business opportunity abounds!

Our well-intentioned lawmakers have found that we are freely choosing to do something they don’t want us to do. So what is a lawmaker to do about it? Create a new law, of course! But social engineering rarely works, and this will be no exception.

The fact is that many major US credit card agencies have already been denying payments to online gaming sites for years. Yet, customers have found their way to these sites anyway – often through fairly obtuse payment mechanisms.

The gambling sites are already hosted off shore, because facilitating the gambling is already illegal. Now that sending money to them is also illegal, what will happen is that a bank or some other “legitimate” business will spring up offshore too. It will be real and reputable, which is okay for US companies to do business with. But, it will create business relationships with the online gaming companies to make it incredibly easy for customers to get their money into the gambling sites. Of course, they will do this for a modest fee. Everyone will know that the offshore company is breaking the US law. But, it is offshore (just like the gambling site itself) and can do whatever it wishes. The US credit card companies will want the transactions to go through, because they want their own slice of the money. So they will claim to be bewildered and befuddled about how to distinguish “gambling” from “honest business”.

In the end, poker players will still play online. There is just too large of a market for this need to go un-served. Players will just have to pay someone else a cut through this weird, new type of money-laundering scheme. When does it stop? If we ban enough businesses, all business will eventually be done from Antigua.

I thought this was a good article:

.NET Market Penetration

I am interested in knowing what percentage of PCs out there have the various versions of .NET installed.  I spent a lot of time collecting a set of data and coming up with the following numbers.   Strictly speaking, the numbers are guaranteed to be skewed based on the sites I got data from and based on the types of users that visit those sites.  But at least it is real data.  For some reason it’s very hard to find information about which .NET runtimes are in use out there!

The numbers:

Unique Users – 631.1K (100%)
.NET 1.0 – 113.2K (18%)
.NET 1.1 – 356.4K (56%)
.NET 2.0 – 64.8K (10%)

This data was compiled from a set of websites that shared logs with me during the month of September, 2006. Your mileage may vary.