[resuna]

Originally Posted by Big Mac

Perhaps people who are incapable of reading dialog boxes should be using typewriters, resuna.

If you talk to anyone in tech support, they'll happily tell you that most users are too thick to safely use anything more advanced than a wheel, and they're not sure they're even up to that. It would be nice to build computers only for the super-competant, but in the real world people get tired, and annoyed, and react to things without reading them. Especially if almost all the time the dialog is a false alarm.

That's why it's illegal to set off a fire alarm as a joke, because people learn to ignore false alarms, and react reflexively to routine events. This is not normally a bad thing, because people couldn't function at all if they had to stop and reason their way through every step they take. It's only a problem when they're taught bad habits by a bad design. The Darwin Awards and the RISKS DIGEST are full of examples of what happens when someone forgets this basic design principle.

[stinch]

Originally Posted by Big Mac

Perhaps people who are incapable of reading dialog boxes should be using typewriters, resuna.

Users can get conditioned into clicking Ok without reading the dialog.
There are plenty of badly designed programs that over use dialog boxes. When using those programs the faster the user can hit the ok button the faster they can get on with their work.
It's not surprising that after 3hrs of hitting ok as fast as possible on every dialog box they see they do the same when web browsing during their break.
What do you expect the user to do when the program they use most is rewarding them for clicking through dialogs without reading them?

Look at what firefox has to do to stop extensions getting installed by accident. It has a white list for sites allowed to install software. It has a nonstandard dialog with the install button disabled for a few seconds.

[CharlesS]

Unfortunately, this is true. I still wonder what is so special about Dashboard widgets that necessitates their auto-installation, whereas other special types of bundles like preference panes and screen savers must be double-clicked to install them. Double-clicking a widget on the Desktop is not that hard to do...

[Love Calm Quiet]

"Look at what firefox has to do to stop extensions getting installed by accident. It has a white list for sites allowed to install software. It has a nonstandard dialog with the install button disabled for a few seconds."

Is not a widget in effect an app? Apps (& extensions to apps) should not have ATTENTION-GETTING alerts/ dialogue boxes requiring Admin pw approval, n'est-ce pas?

[loki74]

Originally Posted by Love Calm Quiet

"Look at what firefox has to do to stop extensions getting installed by accident. It has a white list for sites allowed to install software. It has a nonstandard dialog with the install button disabled for a few seconds."

Is not a widget in effect an app? Apps (& extensions to apps) should not have ATTENTION-GETTING alerts/ dialogue boxes requiring Admin pw approval, n'est-ce pas?

Yep. thats how it should be. You need to type in the admin pw. Thats what I love about my Mac. Nobody can do any major crap w/o my pw, even if they happen to stumble along my 'puter when im afk and still logged on. Widgets should fall into this category. Even if not as a matter of security (we get the point that 10.4.1 fixes this as well as unchecking some check box, piracy youve mentioned this a million times and everyone knows), as a matter of UI consistency. I like to know exactly wahts being put on my machine at all times.

[TETENAL]

Originally Posted by loki74

Yep. thats how it should be. You need to type in the admin pw.

I strongly disagree. You do not need an admin password to run applications. You do not need an admin password to install plug-ins in your home folder's Library. You shouldn't need an admin password to run or install widgets.

If they are just not auto-installed they are the same category as any other software too.

[resuna]

Installing an application from the Finder does not expose you to any more danger than running a program from the Finder. There is no reason to pop up a dialog box when opening a file in the Finder, because it's not expected to be a "sandboxed" operation.

This has nothing to do with admin passwords, it's simply that the browser is supposed to be a sandboxed environment.

If you think you need a fancy security dialog and double-layers of checks, that means you're doing something you shouldn't do: breaking out of the sandbox.

[Love Calm Quiet]

I didn't mean to say that *running* an app should require admin priv - just that *installing* an app should.

[TETENAL]

Originally Posted by Love Calm Quiet

I didn't mean to say that *running* an app should require admin priv - just that *installing* an app should.

Applications don't require "installing" on Mac OS X.

[loki74]

*sigh* Technicality. The point is: I dont want files being put on my machine unless I know about it. Simple as that. I dont know why this is so hard for you to understand. One of the things I hated most about windows is that Id go into My Computer, to my hard drive, and find sh!t there that I have no idea what its for or how the hell it got there. Or maybe you like NOT knowing or controlling whats on your HD.

I mean, you need to give the password to install updates from Apple itself. What would make a third party Widget more secure than System Updates from Apple, I don't know.

I have no idea where the hell you got the notion that I think that the pw should be needed for an app to run. Thats ridiculous, I never said it. Hell I mentioned UI consistency. That should cue you in to what my true point is: Widgets should be like apps, both in installation (or whatever you will term the putting and enabling to run of applications on a computer) and in running. So unless you mean to assert that the normal everyday app actually does need the password to run, it seems to me that you somehow pulled that notion out of the air. What a creative mind.

[TETENAL]

Originally Posted by loki74

*sigh* Technicality.

It's not a technicality. You say you want to be asked for an admin password "when an app is installed". But applications do not need to be installed, so your statement doesn't make any sense. You don't want to be asked when the app is run. Then when do you want to be asked? Do you want to be asked for the admin password whenever Safari downloads an application? Whenever you copy something that contains an application? When you mount a disk image that contains an application? When you unstuff an archive that contains an application? Whenever you insert a CD that contains an application? Whenever you connect to a server that contains an application?

Do you really want to be asked for an admin password for almost everything you do on your computer? That's ridiculous.

I don't see how forcing every user to be admin to be able to work and having to enter the admin password very five minutes is going to increase security.

[loki74]

um a couple of things. Yes it would be a technicality. By install I (and I think most people) mean making the app able to run on your computer. This would be: running an installer (yes there ARE apps that you install. I hope you dont need me to prove this to you) or dragging the package contents from the drive image mount to the applications folder. Basically, before it is first able to run. Simple as that. If you run installers or drag in apps from drive images every five minutes, then you my friend, are already hindered in your UI experience. Why youre finding the concept so challenging to grasp.... I dont know.

If you want to grant anything (including webpages) and anyone to have the unhindered right to put things on your machine automatically and remotely or otherwise, theres this OS called Windows. I highly reccomend it for you.

[TETENAL]

Originally Posted by loki74

By install I (and I think most people) mean making the app able to run on your computer.

You don't need to do anything to make an app able to run. They are just able to run. You don't have to drag them out of the disk image or do something other special to dem.

So you would require an admin password for: mounting disk images, mounting CDs, mounting Firewire drives, mounting USB key drives, connecting to servers, uncompressing ZIP or StuffIt or other archives...

First of all, I wouldn't want to to enter my admin for all of that.

Second, there are good reasons to allow regular non-admin users to run applications. It would actually weaken security if you forced every user to be admin.

[CharlesS]

Originally Posted by loki74

um a couple of things. Yes it would be a technicality. By install I (and I think most people) mean making the app able to run on your computer. This would be: running an installer (yes there ARE apps that you install. I hope you dont need me to prove this to you) or dragging the package contents from the drive image mount to the applications folder.

Easy solution: log in as a non-admin user. Then, you'll be prompted for the admin password whenever you try to drag anything into the Applications folder, since only admin users have write access to it. Problem solved.

[piracy]

Mac OS X 10.4.1 (8B15) has been released, which now prompts for all widget downloads with the standard executable download notification in Safari's default state (i.e., "Open 'safe' files after downloading" is enabled).

This "issue" is now over.

[chris v]

Originally Posted by piracy

Mac OS X 10.4.1 (8B15) has been released, which now prompts for all widget downloads with the standard executable download notification in Safari's default state (i.e., "Open 'safe' files after downloading" is enabled).

This "issue" is now over.

Yay. Goodnight, all, and thanks, Apple.

[Crusoe]

How do you stop dashboard from running at startup or at all? It's not a startup item under my user profile nor a task that force quit can kill. If I want it, I would like to manually launch the service.

[Simon]

Originally Posted by Crusoe

How do you stop dashboard from running at startup or at all? It's not a startup item under my user profile nor a task that force quit can kill. If I want it, I would like to manually launch the service.

This has been discussed so many times before.

What you're suggesting is what everybody's doing anyway. The first time you activate it is when it loads. Don't activate it and it will never run.

[bentoon]

Originally Posted by Crusoe

How do you stop dashboard from running at startup or at all? It's not a startup item under my user profile nor a task that force quit can kill. If I want it, I would like to manually launch the service.

http://www.puissancemac.ch/dashoff/index.html

[alphasubzero949]

[Simon]