Slashdot Mirror

← Back to Stories (view on slashdot.org)

MRIs Show Our Brains Shutting Down When We See Security Prompts

Posted by timothy on from the all-persons-in-this-area-subject-to-palpatio-per-anum dept.

antdude writes with this excerpt from Ars Technica: Magnetic Resonance Imaging (MRIs) show our brains shutting down when we see security prompts. The MRI images show a "precipitous drop" in visual processing after even one repeated exposure to a standard security warning and a "large overall drop" after 13 of them. Previously, such warning fatigue has been observed only indirectly, such as one study finding that only 14 percent of participants recognized content changes to confirmation dialog boxes or another that recorded users clicking through one-half of all SSL warnings in less than two seconds.

79 comments

  1. What kind of person did they study? by ArcadeMan · · Score: 5, Insightful

    Did they test with dumb regular users who don't understand or don't know better, or did they test people who actually know what those security warnings mean and the real consequences of ignoring them?

    --
    Get free satoshi (Bitcoin) and Dogecoins
    1. Re:What kind of person did they study? by war4peace · · Score: 1

      Average Joes, as most researches focus on.

      --
      ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
    2. Re:What kind of person did they study? by Austerity+Empowers · · Score: 4, Insightful

      What is the purpose of security alerts if not to warn people who don't know any better? For the crowd that gets it, you could flash a brief icon featuring a guy fawkes mask and that'd be sufficient. I also wonder how many of them would click "proceed anyway" if the pr0ns were there...

    3. Re:What kind of person did they study? by Anonymous Coward · · Score: 0

      LOL the entire OS market is driven by how many security popups people are willing to click versus how secure they actually are.

      AFAIK that is the key, and only, motivating factor.

    4. Re:What kind of person did they study? by duck_rifted · · Score: 4, Insightful

      People in general tend to tune out what they don't understand because they don't have thoughts available to process. We have ALL experienced that -- every last one of us. Doesn't it kind of feel like your brain is busy searching for the right file? Haven't you had instances where you get the same feeling, and then, "Oh yeah!" it clears up? It happens to me any time I'm already preoccupied with something, enter a room for a task, and then get distracted. "Wait... What was I doing?" And it will happen to you with increasingly frequency as you age.

      Let's not call people dumb for this. They need to be taught, or security warnings need to engage them better. I mean, come on, can't we do better than a little dialogue box that spews stuff people don't understand? Give people switches and buttons that have an effect they can SEE and they'll get it. A little graphic depicting what they're giving permission to that changes as the mark or clear a checkbox, with a chance to apply after the selection, would work perfectly. Give their brains the file they can't find.

    5. Re:What kind of person did they study? by khasim · · Score: 5, Insightful

      What is the purpose of security alerts if not to warn people who don't know any better?

      To shift the blame to the end-user when something goes wrong.

      Which is why the alerts are so useless. They, essentially, become a "click here to continue" button.

    6. Re:What kind of person did they study? by frinsore · · Score: 3, Insightful

      While I find the study surprising it is disturbingly logical. And I expect the article's solution would only be temporary (making random drastic changes to the prompts). Personally when I receive a windows escalation prompt I've already made the decision to run the program and the prompt just gets in the way of that, I already trust the program or I wouldn't have run it in the first place. Showing the prompt after the user has decided to run the program is already too late. The warning should be shown on the icon, if in a gui, and preferably the application should have a list of privileges that it needs, like android, instead of a generic "everything".

    7. Re:What kind of person did they study? by Anonymous Coward · · Score: 0

      People who don't agree with this obviously are disconnected from the average person.

    8. Re:What kind of person did they study? by AmiMoJo · · Score: 1

      Often the purpose is to cover the developer's arse. If the user was warned any dire consequences are their fault. Hence, warning overload.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    9. Re:What kind of person did they study? by sjames · · Score: 2

      Short of tasering the user when they try to click past it, what would you have them do?

      There actually are legitimate reasons to bypass the warnings in most cases.

    10. Re:What kind of person did they study? by Anonymous Coward · · Score: 0

      So where do you draw the line on the continuous downhill race to cater to the lowest common denominator? How much hand-holding is too much?

      Personally, I'm of the opinion that if you want to use the new shiny, you should be willing to make at least a cursory effort to pay enough attention to learn the basics of how to operate it. If your parent keeps asking you how to do the same task on their smartphone, it's more likely that they can't be bothered to remember it, rather than not actually being capable of remembering it.

      Intellectual laziness, not necessarily lack of intelligence.

    11. Re: What kind of person did they study? by Anonymous Coward · · Score: 0

      What would the point be of testing security warnings on people that dont even need them?

    12. Re:What kind of person did they study? by dcollins117 · · Score: 5, Interesting

      Did they test with dumb regular users who don't understand or don't know better, or did they test people who actually know what those security warnings mean and the real consequences of ignoring them?

      Hold on, TFA says they note a decrease in visual processing. Perhaps the decrease in visual processing is because the user is using another part of their brain to process the new information, and to appropriately decide what the best response is.

      They also note an "overall" decrease after repeated exposures to the same message, but that's what we do; we learn from experience. That's a feature, not a bug.

    13. Re:What kind of person did they study? by suutar · · Score: 5, Insightful

      Android apps request everything anyway. What I want is a way to say "yeah, I know you want this, but you ain't getting it. Install anyway, and the OS will just pretend that function returns nothing."

    14. Re:What kind of person did they study? by K.+S.+Kyosuke · · Score: 1

      The study was confounded by the porn pages in the background that weren't decorrelated from the security warnings. It's the former that made the brains shut down.

      --
      Ezekiel 23:20
    15. Re:What kind of person did they study? by youn · · Score: 1

      Somebody mod parent insightful... I fully agree

      --
      Never antropomorphize computers, they do not like that :p
    16. Re:What kind of person did they study? by tlhIngan · · Score: 2

      What is the purpose of security alerts if not to warn people who don't know any better? For the crowd that gets it, you could flash a brief icon featuring a guy fawkes mask and that'd be sufficient. I also wonder how many of them would click "proceed anyway" if the pr0ns were there...

      The purpose is because the developer doesn't know how to do it properly.

      The problem is developers don't want to acknowledge the security problem and are just passing it off - it's called Dancing Pigs (or rabbits, whatever) and the basic concept is given a choice, a user will choose one that compromises security every time. If you ask them to click through a warning dialog to get to the pr0n, guess what? They will!

      Plus, there's also an over saturation of warnings. They're like EULAs - the vast majority of people just do not read them.They become just another obstacle in the way to accomplishing what they want.

      The reality is, Dancing Pigs is real, and it's really a tough choice in handling it. Walled gardens is one way, and it can be quite successful, but there's always the edge cases and the "but I wanna do this!" crowd - you can choose to ignore them, or handle them. But even handling them may not be a good choice - see Android's "Allow Non-Play Store Apps" checkbox that's all or nothing. With it checked, you can sideload, but what if you just want to use apps from another store, like say, Amazon? You can't just allow Amazon and block everyone else.

      It's even harder if you want to cater to the average user (who really wants to just get their work done) and those of developers (who want to play with the computer) - you can lock it down, let users get their work done, but the developers will complain of inflexibility. Or you can make it cater to developers, but then users will complain of complexity and "why do I have to learn all this just to do X? Why are you wasting my time making me learn all this extra crap just so I can produce this one report?"

      (Or, for a more cynical take - thank you Mr. Developer, because making me take an extra hour to learn it means I can bill you an extra hour! Yeah, not what you want to see from your lawyer, accountant, mechanic or other person - having that hour billed to YOU...)

    17. Re: What kind of person did they study? by Anonymous Coward · · Score: 1

      That would be "App Ops". You'll need a custom rom on most Android versions though

    18. Re:What kind of person did they study? by Anonymous Coward · · Score: 0

      They also note an "overall" decrease after repeated exposures to the same message, but that's what we do; we learn from experience.

      In other words, we already know what the message is saying because our brain has built the "code" it needs to process such messages faster. I bet we can find similar differences between adult readers and first graders reading the same first-grade appropriate text.

    19. Re:What kind of person did they study? by BESTouff · · Score: 2

      There's one answer: CyanogenMod.

    20. Re: What kind of person did they study? by Anonymous Coward · · Score: 0

      Grant this app all permissions? Y

    21. Re:What kind of person did they study? by gl4ss · · Score: 1

      well even knowing users might have had to deal with them enough that their brain shuts down.

      I mean, if daily launch a program that brings up a security prompt yes/no and you press yes every day and you know it's ok, it teaches you that there's nothing to think in that prompt and that it's mainly annoying.

      windows uac pops to mind. yes, yes, I want to update the graphics driver.....

      --
      world was created 5 seconds before this post as it is.
    22. Re:What kind of person did they study? by dinfinity · · Score: 1

      There are more answers: https://github.com/M66B/XPriva...

      I've also used PDroid and LBE Privacy Guard: https://play.google.com/store/...
      The latter seems to have gone to shit, though. It always was ran at a layer too high to allow it to catch everything reliably anyway.

      PDroid was great if your ROM supported it. The original version isn't maintained anymore, but replacements seem to have popped up:
      https://play.google.com/store/...

      In general though, using a CyanogenMod ROM with privacy features is definitely the easiest route. Which is what I do.

    23. Re:What kind of person did they study? by thunderclap · · Score: 1

      Which is why the UAC was useless to begin with and a primary contributor of the problem mentioned. Once we decide to do something, a innocuous box warning of nebulousness isn't effective. Its annoying and intrusive. I don;t have UAC enabled for that reason. I have tools enabled that simply do the job windows claimed UAC does without being inconvenient and pointless. That is the solution. Knowledge of whether the program is bad too begin with. Blocking of known bad actors beforehand. Prevention of said installation. Most people will NEVER know enough about computing to prevent 50% of all bad actors. Thats why things happen.

    24. Re:What kind of person did they study? by IamTheRealMike · · Score: 1

      Then the app will check for the fake data on first run and pop up another prompt that says, "Guess what - I really need this".

      That isn't the fix you're looking for. A way to delay acquisition of a priviledge until the point it's needed is a better fix. These apps aren't actually maliciously asking for useless permissions. Almost always they ask for lots of permissions because they have lots of features.

    25. Re:What kind of person did they study? by sudon't · · Score: 1

      On today's web sites you're faced with a multitude of useless things popping up that you have to click away. Of course you begin to ignore them. Then, when some actually useful information comes along, you pay it no attention. I do wish web sites would stop spamming us with their various pop ups, or whatever they call that junk sliding in and out and over the page.

      --
      -- sudon't

      Air-ride Equipped

    26. Re: What kind of person did they study? by phocion · · Score: 1

      If your phone is rooted, then install the Xposed framework and Xprivacy. Does exactly what you're describing.

      --
      Smile, it makes people wonder what you're up to.
    27. Re:What kind of person did they study? by suutar · · Score: 1

      I'm really curious what feature causes my Kindle app to need phone access. I was curious why FitBit needed camera access until I realized it had a barcode scanner. But I don't use its barcode scanner, so I'd be perfectly fine with denying it camera access permanently, and if that means having the OS lie to it about the existence or state of the hardware, so be it. Is fitbit going to refuse to install on anything that doesn't have a camera (there's gotta be something out there without a camera...)?

    28. Re:What kind of person did they study? by ewibble · · Score: 1

      Write systems allow you to bypass them safely, like automatically spawn a VM to run the code in.

      If you think about it, the question is a stupid one. Do you wish look at naked women? Warning there is a chance that something bad may happen to your computer.

      The answer is clearly yes, they probably knew that before they started looking. People will risk a real virus that can kill them to have sex they not going to say no the risk of a computer virus.

      Porn aside, every piece of software I install, is dangerous. Large companies can, and have installed thing that I would consider viruses on computers. Just because the software is signed doesn't mean anything apart from maker of the software was willing to pay the fee to get it signed. If only ran actually trusted, I would have to write every piece of software myself, effectively making my computer useless.

      What we need is a virtual condom, (Ok back to the porn) effectively allowing us to run the software, and be safe doing it.

    29. Re:What kind of person did they study? by sjames · · Score: 1

      Did you really just suggest that the safetys should have a safety in case they get bypassed? What if someone bypasses the safety safety? Another safety? Admittedly, that will eventually work when the many layers of safeties keep the machine from doing anything and the user loses interest, but it's not that practical.

      No amount of sandboxing will help you if you click past the warning that 'your bank' appears to be protected by a self-signed cert. At the same time, there are plenty of sites where a self-signed cert is just fine.

      It also won't help for things that require the sandbox to be permitted access to data outside the sandbox. The default, naturally is let it fail, but what if the user clicks allow? At the same time, there are legitimate cases where allow is the correct (or at least acceptable) response.

      Beyond that, the browser already is a sandbox, it's just that there are usually ways past a sandbox because sandboxing isn't actually all that easy.

      At some point, a human decision is required and that human needs to act responsibly.

    30. Re:What kind of person did they study? by allo · · Score: 1

      Maybe let the user pay 50 cent to bypass the security warning.

    31. Re: What kind of person did they study? by Anonymous Coward · · Score: 0

      Your ideas are intriguing to me and I wish to subscribe to your newsletter.

  2. Of course by heldal · · Score: 5, Funny

    I want titties, but these stupid alerts keep popping up

  3. Drives IT people nuts by TheReaperD · · Score: 3, Insightful

    I've witnessed this so many times as an IT tech that it's sickening. Even if we're standing there and try explaining it, our words just end up in "don't care" brain bin and they'll click on anything that makes the message go away the fastest. I've even had them click on "yes" then "Ok" on the install even when I was standing there and told them not to. It's like they're "listening" to their mother in law. Irritating as hell.

    --
    "Be particularly skeptical when presented with evidence confirming what you already believe." -
    1. Re:Drives IT people nuts by war4peace · · Score: 5, Insightful

      This behavior doesn't have IT roots. It has "the boy who cried wolf" roots.
      We're surrounded by warnings, all the time. Warning! Wet floor. Warning! 0.5 inches of snow tomorrow. Warning! This beverage might be hot. Warning! This battery might explode if you put it in a microwave.

      No wonder people have their responses to warnings (of all kinds) dulled to non-existence.

      --
      ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
    2. Re:Drives IT people nuts by Anonymous Coward · · Score: 0

      Bullshit. The fact that people are oblivious is because they can't be bothered to pay enough attention, not due to 'warning fatigue'.

    3. Re:Drives IT people nuts by Anonymous Coward · · Score: 1

      they can't be bothered to pay attention because they suffer warning fatigue.

    4. Re:Drives IT people nuts by Anonymous Coward · · Score: 1

      Warning! Stupid AC detected!

    5. Re:Drives IT people nuts by martin-boundary · · Score: 1

      [Ok]

    6. Re:Drives IT people nuts by Anonymous Coward · · Score: 0

      No, because they are lazy uninterested idiots more akin to an ape than a sentient intelligent human being. We're talking about people who watch 'The Kardashians' (or whatever is the newest ridiculous popular pulp TV-show).

    7. Re:Drives IT people nuts by Anonymous Coward · · Score: 0

      >even when I was standing there and told them not to

      Oh, a thousand times this. It's strange, the frequency by which someone will do just precisely what you've told them not to do when they're being guided. The default state is just to shut down and flail away like a pig in a war. When you then tell them to back up and *not* click that button...ohfuckingjesusthey'veclickeditagain...fuckit I need a smoke.

  4. new medical research read it cancel or allow? by Joe_Dragon · · Score: 2

    new medical research read it cancel or allow?

  5. Doesn't the screen black out? by The+New+Guy+2.0 · · Score: 0

    For those using other platforms, just a reminder that Windows turns the monitor black for a few seconds before showing a security warning or request...

    1. Re:Doesn't the screen black out? by Billly+Gates · · Score: 1

      Under 8 yes. 7 no as it is more classical skuemorphic design supports gradients and 3d and back shadows

      --
      http://saveie6.com/
  6. Worker Bees vs Problem Solvers by BoRegardless · · Score: 1

    Many just want to get through the day w/o serious thought, which is also why they pick 1111 for passwords.

  7. Wonder same with Metro on 8 by Billly+Gates · · Score: 1

    One thing that infuriates me is everything HAS to go full screen and hide all in the name of anti skuemorphic design

    --
    http://saveie6.com/
    1. Re:Wonder same with Metro on 8 by duck_rifted · · Score: 1

      Windows 10 changes that. I look forward to that change. An option during installation, to get rid of Metro completely and just use the old interface, would be even better. But when we use a new version of Windows, they want us to feel like it's new and shiny. Marketing.

  8. In defense of users... by Anonymous Coward · · Score: 2, Interesting

    There have been too many times where I have gone to a website I frequent and find their certificate has expired. A couple days later, there may be a sheepish apology from them.

    Then there are warnings about reloading pages because whoever designed the website didn't handle the back button correctly.

    Then there are the redirection warnings because of yet another shitty web design.

    They start to get insensitive about those things. And some of the warnings come in such rapid succession -really? I've had to click away several warnings on top of one another until I just said, "Fuck it! These people are morons. Find someone else."

    Oh, and if a web developer is going to use an advertising company that does crazy shit that kicks off warnings (you know who they are), please, please, go to business school and stop developing.

  9. If I'm on an untrusted system... by Anonymous Coward · · Score: 0

    If I'm on an untrusted system I don't care if its warning me. Often a second warning provides no more information, and no more danger: you already trusted it, or you already are not trusting it. There is little benefit to changing this decision when getting yet another warning about the same thing.

    I don't have a problem using untrusted systems or sites with broken certificates (or no certificate). I simply don't trust their authenticity: that doesn't mean I can't use them. The second warning in such a situation generally just tells you that the trust you already don't have would be a bad idea to have.

    I think most people don't realize that a forged or expired certificate on a web site is still better than none (you still get https encryption, even if you don't get any authenticity checks). The over the top warnings about bad certs is just silly: I got no warning for my totally unauthenticated and unencrypted connection to /.

  10. Information content by Livius · · Score: 4, Interesting

    Obviously their brains will shut down since 99% of 'security' prompts are mere nuisances with no value whatsoever. The brain notices patterns like that pretty quick.

    1. Re:Information content by Anonymous Coward · · Score: 1

      Completely agree.

      Adobe Flash Player updater craps out always at 25% on Mac OS, their support is shit, and when you can find the actual update buried in some asinine place on their servers, it creates a the warning about running something off of the internet. Flash should just die ad any web developer using should be shot to death with a beanbag gun.

      It's incompetence and stupidity like that has users not taking security warnings seriously.

    2. Re:Information content by Pentium100 · · Score: 5, Informative

      Also, the warnings all are very similar even though the problems they warn about are different. Let's take a look at SSL warnings. When a browser puts up the huge warning that there is a problem with SSL, it could mean one of a few things:
      1) The certificate is self-signed. A big problem except for internal sites.
      2) The certificate expired 10 minutes ago or you computer's clock is wrong (not that big a problem).
      3) The certificate is for a different domain. This could be a problem or not, depending on the domain (could be the certificate is issued for www.example.com and I am going to example.com or 127.0.0.1).
      4) The mobile browser does not understand wildcard certificates.

      The problem is that the warnings all look the same and to find out which problem it is, you have to click on the "Technical details" button.

    3. Re:Information content by Anonymous Coward · · Score: 0

      Why is a self signed ssl certificate https connection less secure than an unencrytped http connection? Answer: it is not.

    4. Re: Information content by Anonymous Coward · · Score: 0

      Because it could be a MITM attack.

  11. Watch as I change the stimuli again. by Anonymous Coward · · Score: 0

    He is becoming accustomed to the horrors he is witnessing. So, we change horrors.

  12. ...DUMMY MODE by TigerPlish · · Score: 1

    in BOFH speak, from a couple of decades ago.

    What is old is new again?

    --
    The "Civilized World" jumped the shark ca. 1973.
  13. This explains all my speeding tickets... by Anonymous Coward · · Score: 1

    Serisously though, most people tune out warnings because once read, its the same info. There is no point for the brain to waste time trying to correlate a message that is already understood and unchanging.

    It takes one time to recognize the skull and crossbones on say bleach, so you just tune it out the next time. Your mind already got the message its deadly. Unfortunetly this is also what happens when people become careless and through cosh into the wind. (like the giant munition explosion a few years back in russia because someone lit up a smoke, or swiming in water known to have shark attacks. You mind knows the risk, its just a calculated gamble at that point).

    1. Re:This explains all my speeding tickets... by Anonymous Coward · · Score: 0

      > through cosh into the wind

      This made my day. The intended phrase is "throw caution to the wind". Dictating to Cortana maybe?

  14. Reflex by Tablizer · · Score: 5, Informative

    Married men learn to ignore nagging.

    --
    Table-ized A.I.
    1. Re:Reflex by Anonymous Coward · · Score: 0

      Till a flying pan hits!

    2. Re:Reflex by Anonymous Coward · · Score: 0

      You got that right.

    3. Re:Reflex by Anonymous Coward · · Score: 0

      They should also learn how to say 'no'...and leave if she won't quit.

    4. Re:Reflex by Tablizer · · Score: 1

      That's where they use their spells on you.

      --
      Table-ized A.I.
  15. Yes Because Unencrypted by Anonymous Coward · · Score: 0

    Yes, because an unencrypted http connection is by definition so much more secure than a self signed https connection. /sarcasm

    The browsers have to get with it.

  16. I expect even less brain activity when by burtosis · · Score: 3, Funny

    Slashdotters see a new summary. Gonna fess up here i made it about half way through, got bored and posted.

  17. Alternative Approach by Anonymous Coward · · Score: 0

    Perhaps the security prompts should be flashing at 20 to 30 Hz and contain numerous, bright colors, rapidly moving shapes and loud noises. Shutdown on that, brains!

  18. Anecdotal evidence by jrumney · · Score: 4, Funny

    I was going to post something insightful, but I got a warning from my browser about sending data over an insecure channel to http://slashdot.org and my brain shut down.

  19. License click-throughs by Bing+Tsher+E · · Score: 2

    The more important thing to research is License click-throughs. If it can be determined that the normal human reaction to a License agreement click-through is to punch right through without reading, it won't be hard in a court of law to declare them void. I make it a practice to NEVER read them. Most other people do too. So I can testify to that in court if ever necessary.

  20. I have read and agree by Anonymous Coward · · Score: 0

    I like reading contracts, but even I got bored after a while and at best skim over them before signing or ticking acceptance boxes.

  21. Popup messages are completely ineffective by Tony+Isaac · · Score: 4, Informative

    My company had a customer whose nightly backups were failing. Every time every user in the company (hundreds of them) logged in to the system, they were presented with a message pop-up warning that the backups had been failing. This went on for WEEKS before anyone bothered to notify the software vendor (who managed the backup system).

    There seem to be a couple of principles at work here:
    1. Not my job. Everybody at the company knew it wasn't their job to keep the backups working, so they ignored the warning.
    2. In the way. Everybody had something they needed to do, so they simply clicked whatever they had to (the OK button) to get past the prompt and do their work.

    It's like the license agreements on software installers. Everybody just clicks "I Agree" because they know they have to do so to get to the next screen, not necessarily because they actually agree.

    1. Re:Popup messages are completely ineffective by Anonymous Coward · · Score: 0

      My company had a customer whose nightly backups were failing. Every time every user in the company (hundreds of them) logged in to the system, they were presented with a message pop-up warning that the backups had been failing. This went on for WEEKS before anyone bothered to notify the software vendor (who managed the backup system).

      Kick that sofware vendor out, as it does not (want to) know its job.

      #2: You do not send messages ("failure" or otherwise) to people who cannot do anything with/about them*.

      #1: De managing company should have made sure that the "failure" messages would reach them without the intervention of a human. Maybe by just emailing them.

      *my environment has similar problems, users getting "updates for product X available, click here to continue" popup messages at login, which than, when OK-ed, fail because admin privilege is needed.

    2. Re:Popup messages are completely ineffective by RuffMasterD · · Score: 2

      Doesn't help when software overuses such an annoying feature. A teacher at university actually insisted we respond to every user action with a popup acknowledging the action. User saves a file. Popup: "File saved". Well thank fuck you told me, because there is no way I would have noticed pressing the save button if you hadn't blocked me from doing my thing to show a popup! Or even worse: "Are you sure you want to action X?" where X is benign and completely reversable. Of course I fucking want to do X, I just told you I want to do X, why won't you do X already! I tried to explain to my teacher how I stop reading popups after the second one and how other people probably do the same, so it's better to use context based feedback. Disable the save button or something until there are changes to save again. Use popups only when it's absolutely critical to do so. But no, popups for everything. I see commercial software use this same braindead design. Needless to say, I ignore everything the software tells me, even the critical stuff.

      In the backup scenario you present the users don't care. They pay someone else to care. But if shit hits the fan and they need a recovery, they will demand blood if they don't get what they paid for. Best to send warnings somewhere else instead.

      --
      Human Rights, Article 12: Freedom from Interference with Privacy, Family, Home and Correspondence
    3. Re:Popup messages are completely ineffective by dinfinity · · Score: 1

      #1: De managing company should have made sure that the "failure" messages would reach them without the intervention of a human. Maybe by just emailing them.

      Exactly, if you need to rely on end users for receiving failure messages for an absolutely essential service, you have failed horribly.

    4. Re:Popup messages are completely ineffective by Anonymous Coward · · Score: 0

      So where do you send messages for "the notification system is down"?

    5. Re:Popup messages are completely ineffective by ebvwfbw · · Score: 1

      I remember a chick sending out notices on what was being backed up. For years. A guy lost around 6 TB of data. HUH? Not backed up? Turned out she had just sent it a week before. He didn't even bother to look at it. She said - TS. Read your e-mail next time. It took him about 6 months to get that data back.

      Years ago me and a bunch of other guys were thinking of offering an idiots class. Where they can ignore things and deal with the consequences of their stupidity. Never went anywhere. We'd have to do the whole population. Starting with politicians. You know, the dumbest of the dumb. First lesson - you should have all your government e-mail on a private server. If you answer yes, you have to donate $10,000 to your political foe. Answer yes a second time and you have to vow to resign in 30 days, never to return to politics. I had a lot better suggestions here... though not for a possible young audience.

    6. Re:Popup messages are completely ineffective by RyoShin · · Score: 1

      We had a similar thing at my workplace. We have a number of network drives assigned by GP, to all accounts, but over time most have become obsolete. Two years ago we migrated to from WinServer2003 to 2008. In 2008 or an update installed shortly thereafter, you couldn't assign a username/password when making a network connection through GP due to it being a big security hole, and without that one of the network drives always failed to connect. However, that drive was not used anymore, so it wasn't a problem

      What was a problem was the "Could not connect all network drives" message that every user got every time they logged in. Some people actually did ask me about that (I'm not really IT, but I do a lot of IT-ish stuff) and, while I reported it to the boss/owner who does oversee all of that stuff, nothing happened. Now it's white noise to the end-users. I finally convinced her recently to disable the GP, just to have less white noise, and hopefully in time the other employees will become unused to that and report when they actually have a problem with network drives. (It also put entries into the Event Log when the connection fails, making it more annoying to track down problems.)

      We have other problems like this, but one at a time. Of course, it won't stop people from just hitting OK: I had a guy who was trying to remove a password from a PDF in Adobe Acrobat. He would clear the password and it would show him an error message. He asked me what to do and I had him to repeat his steps; the second paragraph of that message explained exactly what he had to do, he just never read it and hit Cancel instead. Too often non-experienced computer users assume that if there's an unexpected message of any kind that they are completely incapable of dealing with it, and so will ignore it or send a non-helpful report to the support desk.

  22. It's normal by tgv · · Score: 1

    This repetition suppression (as it's called) is normal in BOLD responses (the thing fMRI measures). It happens for every stimulus. It also happens when someone reads a word for the second time, and guess what: when reading it for the second time, processing is faster and less error prone. This is called the priming effect. It's hypothesized that it actually shows an accumulation of neural activity. So a "precipitous drop" is nothing to worry about: it's a symptom of the underlying processes, and moreover: it's the wrong thing to look at when you're concerned with traffic safety.

  23. A Warning should be connected with actual ... by allo · · Score: 1

    consequences.

    This means, if i get a TLS-Warning, it's mostly safe to click it away. Usually its a browser to stupid to ship the CACert Certificate.
    This is no problem, because the warning is not neccessary, as the site is secured and the access does not need to be encrypted anyway, because i just want to read something. Nevertheless, the browser panics.
    Now i come across some confidential page, which wants me to enter my credit card number. Now i need to awake my brain "hey, maybe i do not want to ignore the warning this time".

    We need no bigger warnings. Imagine a TLS-Warning with pictures showing somebody robbing your bank account. Okay, you will get used to it and click away the warning anyway. You know the consequences. But you know the ACTUAL consequences, too. And they are "last 1000 times nothing bad happened".

    So the answer is: We need less warnings. Do not warn me, that my connection is insecure with CACert. Have a decent notice, that the CA is not trusted, but the connection is encrypted. Warn me, when it's on a bank. Maybe a bank could indicate in DNS, "hey, strong check please", while my homepage which should be encrypted without much authentication can indicate "hey, maybe you do not know my CA, encrypt anyway if somebody reads the request nothing bad will happen".

  24. Don't give them the option by ebvwfbw · · Score: 2

    Really tired of us in the computer biz enabling people to do stupid things that we can prevent. SSL 3.0 is vulnerable, really sucks. Update it to disable/remove it. If it's disabled, make them swear to God that they really know what they are doing to get it back. Don't let them click through.

    We went through this with the Format command. At first you would type in format a:. Unfortunately format defaulted to your current drive so if you typed in format, it clobbered C:. So they added a "are you sure". C: got clobbered. Then they had us type in the volume name, c: still got clobbered. Fool proof, only idiot resistant.