Vista provokes user synaptic collapse Those of you with memories like elephants may recall the case of the Microsoft Knowledge Base Article which contained the following classic: A Connection Manager Connection Does Not Connect After Being Disconnected There was a rumour going around back then in 2003 that Microsoft had planted such error messages to subjugate …
...you can change the permission settings so that you have permission to view the permissions so that you don't get an error telling you that you don't have permission to view the permissions because you do have permission to change the permissions...
See - it makes perfect sense ;)
The user doesn't have access to view the permissions but does have access to write new permissions (possibly via taking ownership of the file).
So they cannot see what the current ones are but they can replace them with new ones.
If the user clicks a button in the Properties dialog then the shell should automatically write new permissions which give them access to see and do whatever they want with the file.
I guess this error message is only confusing to people with no concept of "write-only".
Does that mean you can't few the permissions but you can blindly change them?
And after you've blindly changed them do have you then have the permissions to view the permissiosn that you already changed or does it still deny you permission to seee the permissions you changed but have permission to change :-) still...... i think
head implossion
You can´t see the permission settings, but you can change them?
Oh, It is like the IQ of the programmers that came up with that message: you can´t know their IQ for certain, but that IQ can be changed.
Or you can compare that message to blindfolded brain surgeon: you can´t see what is going on, but you can certainly perform a lobotomy in that fashion. I guess the programmer experienced the last example.
You can´t view the permissions, you have to change them blindfolded. It reminds me of reaching a back-panel USB port to connect a chunky flash drive for some reason...
Seems to me that Microsoft has quantum fields in Vista. It would be interesting to check if the permissions are actually in all states at the same time or not. But then they wouldn't be if you checked so it would seem that Microsoft really does have a Quantum Computer. The proof is/isn't in the error message :-)
Windows NT is one of those funny OS where even Administrator must appear on the ACL (Access Control List) for a file and folder permission. If administrator doesn't appear old version of windows would give you an "Access Denied"... This error message is replacement for that message.
You'd then sit back in your chair and say "What the **** but I'm THE ADMINISTRATOR"... The admin account has always had the user rights to modify ACL. So if you accidentally removed yourself you could add yourself back again.
Its not uncommon for OSes to have this wierdness. Novell people will remember how various version of the Netware OS allowed to delete the "supervisor" account and thus lock yourself out of your system. Nice.
Of course these sorts of issues completely confuse end-users of client operating systems.... Perhaps Donald Rumsfield has been given a executive position on the Vista programme - his role is plain-english....
Regards
Mike Laverick
RTFM Education
www.rtfm-ed.co.uk
It's MS are we surprised.
the ability to write permissions or overwrite permissions when you can't see the permissions can only mean there is an added layer of security to do this, beyond reading and writing as Leo said to "Write only". So what if that person who doesn't know vista or is malicious rewrites the permissions of someone superior, say an admin to rewrite the permissions to a lower setting, or worse, rewriting their permission to give them more rights than they had previously. where are the limits to this, what if the situatoin were applied to files and not users. So some people have the permision for individual file access but can view their permissions so can't tell if they have read / write access, so attempt to assign permissions which simply screws that all important sales spreadsheet.
Joy!!
Fortunately I only had second-hand exposure to the error, I maintain a Vista-free house with Linux and OS X (BSD in disguise...) for the most part. However, the hysterical laughter probably reached dangerous levels at work when we saw this one.
As for write-only permissions, not a lot of use if you want to maintain what's there and can't merely modify it, only overwrite it. Blind change could make things worse (if that's possible with Vista)
I remember using OS X.
I'd end up performing all sorts of tasks without ANY ERROR MESSAGES AT ALL.
As you can imagine this lead to chaos at the output stage when I couldn't figure out why the stupid shiny thing was refusing to print out something.
At least you know where you are with Vista.
Something to do with not having the security priviledge to view names of other accounts on the PC no guessing passwords if you dont know the usernames, interesting idea just wonder if you are presented with greyed out permissions boxes, or just a list of permissions that apply to you?
My current favourite weirdness in Microsoft error messages comes from their Driver Test Manager - a whole bunch of weirdness in itself used to certify drivers.
For a failed test it cites under 'Root Cause' - "INFORMATION : Marking RunJob Task "RunJob - Copy of CHKINF and INFTest Library Job" As Failed as the LibraryJob "CHKINF and INFTest Library Job" has Failed"
And just to be helpful, under 'Resolution' it adds - "The Library job that was called by this RunJob task has failed. Hence this RunJob task will also be marked failed."
It's all so obvious !!!
Although, it's poorly worded. It more or less means that your USER does not have the rights to read properties for the directory, but your role (member of administrator) has the rights to override this by changing the rights (adding your user to the directory, or taking ownership). Getting this message usually means that you've moved the disk from one machine to another, and the new machine doesn't match your old one.
For instance, S-1-5-21-876458292-3775830415-4227086151-1005 might resolve to your username on the old computer, but the new computer doesn't even have a name for it. If that user is the only one with access privileges to the directory, your only chance is to override the rights structure by applying your god-like administrative rights. Since these rights are on the other side of an UAC acknowledge dialog, you get an error.
Elementary, my dear DRWATSON.EXE
//Svein
It's always annoying when something comes up and says you haven't got permission, especially when you're the administrator. As a workaround to Microsoft's annoying boxes I recon they ought to support a new peice of hardware that's bundled and linked to every motherboard - the "It's my f**king computer - p**s off!" button. One press and the message box goes away and shows you what you want.
For obtuse error messages in a multitude of different hybrids of English, Local languages and techno babble where even people knowing the application will struggle to workout the message (usually just means something went wrong ;) )
Of course the theory of people learning English as a second language are better at speaking and writing it so should improve things – however most of these will be earning more money in call centres, not writing code.
The Permission message in the article, though rather poorly thought out, does at least make sense to those of us understanding the Windows Security Model
That kind of logic puts me in mind of this classic quote from Yes Prime Minister...
Sir Humphrey: "Now go in there and inform me of their conversation."
Bernard Woolley: "I'm not sure I can do that, Sir Humphrey. It might be confidential."
Sir Humphrey: "Bernard, the matter at issue is the defence of the realm and the stability of the government."
Bernard Woolley: "But you only need to know things on a need to know basis."
Sir Humphrey: "I need to know everything! How else can I judge whether or not I need to know it?"
Bernard Woolley: "So that means you need to know things even when you don't need to know. You need to know them not because you need to know them, but because you need to know whether or not you need to know. And if you don't need to know you still need to know, so that you know there is no need to know."
Oh come on people. I know we all are MS bashers around here but it makes sense. Plus XP used to to the same (and I'd imagine 2000 too).
It simply means that you don't have access to view the security permissions. You can give yourself access by taking ownership of the file\folder and then you can mess to your hearts content.
Granted using the word permissions three times in a sentence to explain a permissions issue is a OTT but what you going to do? It was written in US English (if there is such a thing- Grrrr).
Anybody else here remember the old classic PC POST message... "Keyboard errror: press F1 to continue."?
If you stop and think about that error it actually makes perfect sense: The error is there because there is no keyboard attached. In order to press F1 you have to attach a keyboard thus negating the error condition. It's zen like in it's beauty.
The second post to this article mentioned "write only", and I'd have thought the readership of El Reg would have no trouble with that concept even if end-users might be surprised.
Nevertheless, this post is followed by a torrent of confused replies. Clearly, none of you bothered to read the second post before adding your own, so why up you getting narked that Windows might not let you view permissions before changing them?
> Anybody else here remember the old classic PC POST message...
> "Keyboard error: press F1 to continue."?
I had that just this week, and had a moment of nostalgia when I recalled the days when all PCs required a keyboard to boot! (Was booting up an ancient P2 from pre-2000 to see what was on it before it gets consigned to the bin)
Am I the only one who remembers Administrators could completely deny themselves access to folders in the first Win2000? I think it took a hotfix or service pack before Admins could regain access to their denied folders.
Maybe I'm making it up? Look! He's got an iPhone over there! Get 'im!
Exeunt.
"The Permission message in the article, though rather poorly thought out, does at least make sense to those of us understanding the Windows Security Model" ... which is Anonymous Coward?
"Has Microsoft been overrun by civil servants? " .... Simon, Would it be more likely the Reverse/Converse? Now that would be Spooky and a Real and Present Convenience for Core Disciplines/Bods and Boffins.
"Only public user defined types defined in public object modules can be used as parameters or return types for public procedures of class modules or as fields of public user defined types." - from Micro$oft VB6
When an early version of Micro$oft C++ complained about an "illegal global destructor" I had a good look round, but I could not see any unlicensed nuclear weapon in the vicinity.
Programmers shouldn't be the ones inventing the text of an error message.
If it was, it'd just say "erorr 0x40372" (Complete with spelling mistake).
Of course, the message is in itself a security breach, since it is telling you some of the permissions that you aren't allowed to see.
"When an early version of Micro$oft C++ complained about an "illegal global destructor" I had a good look round, but I could not see any unlicensed nuclear weapon in the vicinity."
Yeah.... Transparency can do that. Hide a whole arsenal...... although to be sure, to be sure, all that Micro$oft C++ would destroy is Code? Anything else would be man's folly built with such earlier destructive code.
maybe you shouldn't be using Windows. Go play with loonix ... then you can knock your brains out on the keyboard when it comes whining that some script bombs out on something and that you need to install patch so and so , recompile the kernel , change the filesystem, install another patch and then recompile again. And after that youll find out that you have the wrong distro and should be running Ubutu instead of Redhat and that all your other stuff stopped working because the patches broke the system, and that you can do more patching and messing with the system.
The user message is simple no ?
You tried changing permissions. EY your current privilige level is not high enough to do that. So, you need to first change your own permissions so you get the privilege to do whatever you wanted to do.
I don't think you've tried Linux...that's certainly not my experience. It rarely matters what distribution you're using, I've not had to recompile the kernel since the mid nineties and I've never heard of anyone having to change a filesystem to get something to work!
Your explanation doesn't make sense either. "You tried changing permsisions. EY your current privilige [sic] level is not high enough to do that..." - actually, according to the message itself it is. You tried viewing the permissions; that's what you're not allowed to do.
There is a sensible case of a thing you are allowed to set but not see - your password, when you're changing it. For such a situation to arise with respect to file access is bizarre and pointless. If you are able to change the permissions in such a way that you are allowed to view them, then this is just obstructive red tape and hoop-jumping.
You've tried to view the ACL of an object, yet you do not have permission to do so. However (as an administrator), you do have rights to take ownership of the file which will then add you onto the ACL with full access.
You'd only get this if your poking around files you don't have rights too but also have local/domain admin rights too.
alas... i do.And every friggin time there is an update to some software i need to tinker with the system to get it (the software) to work. For this revision you need kernel so and so with patch so and so applied. Except if you install that kernel version or some other patch that some other program stops working. And these are -very- expensive programs. (silicon design) It's now at the point that we simply install a box with the right OS and all the modules needed and the software that needs to run on it.. And then open a remote terminal from another machine into it (PC's running XP) ... So far we have 3 different 'linux installations' to run the various programs we need ... all because none is compatible with another.
And Steven interprets the message correctly.
What the message says is : You tried seeing the permissions for item A. Unfortunately your permissions ( permissions 'B') don't allow that. You can change your permissions (B) to allow seeing the permissions on item 'A'.
Some Warped (pun intended) minds may interpret the message as : you can't read permissions for 'A' but you can 'write' them...
Reminds me of the WOM that fairchild made in 1972 .. write only memory. Specifically made for safekeeping of sensitive data .. there is a pdf still out there of the actual datasheet...
Yes, we *know* what it means, but it's the most ridiculous way of putting it. If they're using so many words in their errors, what's so hard about saying "You do not have permissions to this file/folder. You may take ownership and reassign permissions."
it's not just OSes that give confusing error messages - my last laptop had a graphics utility (NVidia, if I remember correctly) that gave the following message when changing screen resolution :-
"The chosen resolution may not be compatible with your monitor hardware. If you are unable to view this message, press F1 to return to your old settings".
> The Permission message in the article, though rather poorly thought out, does at least make sense to those of us understanding the Windows Security Model
And those of us who understand the Windows Security Model would write a book about it for others, but the nice men here won't let us have anything sharper than a blunt wax crayon to write with... (wibble... wibble...)
[and the Microsoft Security Model comes complete with tissue paper, string, full step-by-step instructions, and a tube of polystyrene cement to glue it all together...]
The refuge of the incompetent is to mock what they have no knowledge of
Just because you can't lock down a Windows installation, doesn't mean it can't be done (without third party tools)
and while the biggest flaw in Windows security is the fact it was left open with user running with full privilege, it wasn't that long ago the default install on most Linux distribution was the same
If you think about it: you are logged in as root and you "cd" to /home/usernameX, whose . perms are rwx------, where they are the owner, let's say. You, as root cannot see that location to list it etc but you could change its permissions such that you could see it. See? :)
It does make sense. We once had a domain admin that was slightly challenged about permissions and fairly regularly recursively re-wrote permissions with adverse consequences. To avoid that, we deliberately set up the very situation that produces this error message. (give away ownership and remove domain admins permissions). If you are a smart and good domain administrator you can easily walk around this barrier.
We take advantage of the somewhat illogical, seemingly not-quite-finished nature of the model.
Linux "root" has full access everywhere without needing to alter permissions in the slightest (FC7, SELinux in warn mode, might be different in full enforcing mode). This means that, in Linux as root, you cannot protect yourself from yourself by setting up trivial barriers to get your attention before you do what you are about to do. Microsoft understands that many "administrators" are seeing a computer for the first time in their lives and make modest barriers for this kind.
You actually have a point here.
For personal use Linux is great, for embedded use Linux is great, I would not touch a EDA tool under windows or the life of mine.... but there seems to be some deep problem for EDA tools. Bit of a nightmare for sysadmins it seems. Good I am not one :)
Solaris seems to offer a good compromise I have heard. Dunno if it would be a good thing in your case, depends on what you are using.
You sound like the poor guy that "has to get 5 license servers to run on a Linux machines" to me and I deeply understand your frustration :)
Though I never had to recompile a kernel for purposes other than "kernel hacking"/"can i get a couple percent perf more out of it".
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
