image

Microsoft Build and the repositioning of Windows

Microsoft Build is under way in Seattle, with around 6000 attendees here to learn about the company’s latest developer technology. But what is the heart of Microsoft’s platform today? The answer used to be Windows – and this conference was originally the Build Windows event, distinct from the earlier Professional Developer Conference which was run by the Developer Division and had a wider scope.

image
Microsoft’s Satya Nadella introduces Build 2019 

  Today though it is not so clear. The draft Build 2019 press release hardly mentions Windows. Here is the summary of topics: 

In his opening keynote, Microsoft CEO Satya Nadella outlined the company vision and developer opportunity across Microsoft Azure, Microsoft Dynamics 365 and Power Platform, Microsoft 365, and Microsoft Gaming”

Windows is there of course. Azure uses Hyper-V, the Windows Server hypervisor. A Microsoft 365 license is a bundle of Office 365, InTune device management, and Windows Enterprise. Microsoft Gaming includes PC gaming, and Xbox gets its name from the Windows DirectX hardware accelerated graphics API. But no, this is no longer a conference about developing for Windows, and Microsoft seems happy for its operating system to be less visible. PCs remain the devices on which many of us get most of our work done, but it is not a growth market, and cannot really become one unless by some miracle Microsoft returned to mobile or wearables. That would be hard, especially since the Universal Windows Platform, originally conceived as an app platform for touch and mobile as well as desktop, has drifted away from that concept and become something of uncertain relevance unless you are targeting HoloLens or some other niche.

That said, Windows is still evolving and Build remains the best event to keep track of what is new. In the advance news on which this post is based, several key features were announced.

Windows Subsystem for Linux 2 (WSL) now supports Linux Docker containers as well as faster file I/O. This also integrates nicely with new Visual Studio Code Remote Development Extensions which let you edit and debug code in WSL, in Docker containers, or on any remove machine over SSH.

Windows Terminal is a new application for command lines including PowerShell, Cmd and WSL. It includes rich fonts (with hardware accelerated rendering), multiple tabs, and “theming and customization”.

React Native for Windows is an open source project on GitHub that will let you develop high performance Windows applications.

MSIX Core is the next step in Windows setup technology and lets you install MSIX packages on Windows 7 as well as Windows 10.

.NET 5 has been announced and seems to embrace both Windows Desktop and cross-platform – I will be unpacking the details of how this works shortly. .NET 5 will release in 2020.

Microsoft Edge (on Chromium) has new features announced included an IE mode tab (for running Internet Explorer applications/sites), three levels of privacy (Unrestricted, Balanced and Strict) which claim to control third-party tracking, and Collections which is a feature for collecting and sharing web information and integrates with Office.

Of course there is much more news on what Microsoft now sees as its top priority topics: Azure, AI, Microsoft Search, PowerApps, PowerBI, Cognitive Services, Bot Framework, Mixed reality, IoT and Edge computing, Cosmos DB, Azure Kubernetes Service, GitHub and more.

Windows? Still the best way to run Office, and excellent for developing applications. But this is Microsoft Build, not Build Windows.

image
Seattle, Washington the evening before Microsoft Build

Microsoft Office and privacy: happy to send what you type to the cloud for analysis?

I attempted to open a document from on-premises SharePoint recently and was greeted with an error asking me to check my privacy settings.

image

“The service required to use this feature is turned off” I was informed. Hmm, what service is that then? The solution turned out to be in the new Office privacy settings, just as the dialog suggested.

If you disable what Microsoft calls “Connected experiences” it appears to block access to SharePoint. Probably not what the user intended.

image 

This setting is not great for clarity. Privacy-conscious users like myself may disable it because it represents your agreement to “experiences that analyze your content”. Since this means uploading your content to the cloud for analysis it sounds as if it might weaken both privacy and security. If you look at all the options though, it may be possible to agree to access online file storage without agreeing to content analysis:

image

It looks as if by unchecking “Let Office analyze your content” you might be able to stop Office uploading your stuff.

Is there anything to worry about? We need to know more about what happens to our data. There is a Learn More link that takes us here. This lists lots of features but does not tell us what we want to know. Maybe here? This tell us that:

Three types of information make up required service data.

  • Customer content, which is content you create using Office, such as text typed in a Word document, and is used in conjunction with the connected experience.

It is still not clear though what happens to our data, other than that it is “sent to Microsoft”. Even the massive Microsoft Privacy Statement is no more illuminating on this point. In fact, it is arguably rather alarming since it contains this statement:

Microsoft uses the data we collect to provide you with rich, interactive experiences. In particular, we use data to:

  • Provide our products, which includes updating, securing, and troubleshooting, as well as providing support. It also includes sharing data, when it is required to provide the service or carry out the transactions you request.
  • Improve and develop our products.
  • Personalize our products and make recommendations.
  • Advertise and market to you, which includes sending promotional communications, targeting advertising, and presenting you with relevant offers.

We also use the data to operate our business, which includes analyzing our performance, meeting our legal obligations, developing our workforce, and doing research.

In carrying out these purposes, we combine data we collect from different contexts (for example, from your use of two Microsoft products) or obtain from third parties to give you a more seamless, consistent, and personalized experience, to make informed business decisions, and for other legitimate purposes.

This suggests that Microsoft will profile me and send me advertising based on the data it collects. What I need to know is not only the fact that this happens, but also the mechanism, in order to make an informed judgement about whether it is sensible to enable these options. Of course it is also possible that the Office content analysis service does not do this. I am guessing.

What can go wrong? These risks are hard to quantify. If you are typing something confidential, it makes sense not to share it more than is necessary, as further sharing can only increase the risk. There are some interesting scenarios too, such as what happens if Microsoft receives a legal demand to have sight of the content of your documents. Microsoft may not want to give access to your content, but in some circumstances it might not have the choice. Then again, I doubt it retains content sent for the purpose of personalisation, beyond whatever factors the service determines are significant. However this is not stated here.

Is this any different from storing documents on a cloud service such as SharePoint / OneDrive online? It is a bit different since in the Office case you are permitting Microsoft to analyze as well as to store your content.

All of this is up for debate. I accept that the risks are probably small as well as the fact that the wider world has little or no interest in most of the content I type but do not choose to publish.

Nevertheless, there are a few things which seem to me reasonable requests.

– A clear statement concerning what happens to my content if I choose to let it be analyzed by Microsoft’s cloud service, to enable better informed decisions about whether or not to enable this feature. Dumping the user into an all-encompassing privacy policy is not good enough.

– Improved settings (and possibly some fixed bugs) so that privacy-conscious users do not inadvertently disable access to on-premises SharePoint, as in my example, or other unexpected outcomes.

– A simple way to exclude a specific document from the service, conceptually similar to “in-private” mode in a web browser though with more chance of actually protecting your privacy (in-private mode is not really very private).

In general, I do not think the solution to a customer’s reasonable concerns about privacy and security of personal information is to obscure how this data is handled.

A post that can save you money: scheduling Azure Virtual Machines for start/stop

I have written recently about Windows Virtual Desktop, the ability to set up a virtual desktop environment on Azure at a relatively low cost, provided your users have Microsoft 365 accounts. My test setup is minimal but I have been watching the cost which is currently working out at £5.39 per day. This excludes the cost of Microsoft 365; it is purely for the infrastructure including VPN gateway, storage and VM. Bandwidth is a variable cost but almost negligible on my usage. Of that cost, the VM is around 75%. So if I could shut down the VM when not in use the savings are substantial.

It turns out this is pretty easy on Azure though it requires some plumbing. VMs do have a built-in option to shutdown on a schedule, but not to start up. To get start/stop, you need an Automation Account.

image

With the automation account created, select it, hit Start/Stop VM, then click “Learn more about and enable the solution”.  You get this dialog.

image

Here we learn that to save money, we have to spend it, on three new services: Automation, Log Analytics, and Monitor. It is not too bad though as there is a free tier for these services that may be all I need. Hit Create.

image

In this window you have to configure three sections. Nothing challenging, but note that in Configuration you set the Target Resource Group Names. No pick list here, you have to type in the names. Or use a wildcard, which is unlikely to be a good idea since by default it will start and stop ALL your VMs. The schedule is not very smart, just a daily on and off, but see below. Once done, click Create to add the solution.

All done, but what about weekends, for example. This is easily fixed if you create your own schedules. Just go into your automation account and click Schedules under Shared Resources. The wizard-created schedules are listed, and you can modify them or create new ones. It looks as if you might need 5 schedules, one per weekday, recur every week, to make your VMs not run at weekends. There is no Monday-Friday option.

More documentation here. Note that automation can also run PowerShell scripts which will be even more flexible.

Scheduling cloud resources to shut down when not in use must be one of the most effective ways to reduce IT spend.

Update: here is the outcome of my efforts:

image

The Management resource group has the runbook that performs the start/stop action. The cost of this is small. Overall cost has gone down by about £2.00 or about 40% in my case. I appreciate this is a very small test deployment, but it would support maybe 4 or 5 users without any problem and my experience shows that you can indeed make a large saving by scheduling VMs to stop when not in use.

Microsoft Financials: strategic purpose of Github, Teams and PowerApps revealed

Microsoft has announced its quarterly financial statements, reporting revenue of $30.6 billion, up 14% on the same period last year.

The story seems to be largely more of the same, which is good for the company in that all its numbers look good.

The most striking figure is 73% increase in Azure revenue. Azure is the smallest of its three self-defined segments though, though all three are similar in size. “More Personal Computing” (Windows, Surface and gaming) delivered the most revenue, followed by Productivity and Business Processes. That said, at this rate of growth Azure will soon be the biggest of the three segments.

Aside: has there ever been a dafter segment name than More Personal Computing? More than what?

Quarter ending March 31st 2019 vs quarter ending March 31st 2018, $millions

Segment Revenue Change Operating income Change
Productivity and Business Processes 10100 +1236 3979 +864
Intelligent Cloud 9649 +1780 3208 +554
More Personal Computing 10680 +763 3154 +631

The segments break down as:

Productivity and Business Processes: Office, Office 365, Dynamics 365 and on-premises Dynamics, LinkedIn

Intelligent Cloud: Server products, Azure cloud services

More Personal Computing: Consumer including Windows, Xbox; Bing search; Surface hardware

Some points to note. Microsoft reported a “material improvement” in Azure gross margin, something which does not surprise me. In my experience, the Azure Portal does a great job (from Microsoft’s perspective) in steering you towards premium services and extras, as I found when trying Windows Virtual Desktop – check my note on the VPN Gateway at $140 per month).

Office 365 is still growing, up 30% according to Microsoft’s slides. LinkedIn is also increasing revenue, up 27%.

Despite Chromebooks and mobile, Windows is still a cash cow with revenue from Windows OEM Pro up 15% year on year. Consumer revenue is down 1%.

In the earnings call CEO Satya Nadella called out Teams as “bringing together everything a team needs” (well, apart from a proper shared calendar).

CFO Amy Hood remarked on what she called “strategic areas” by which she means I think areas that drive adoption:

We will invest aggressively in strategic areas like Cloud through AI and Github, Business Applications through Power Platform and LinkedIn, Microsoft 365 through Teams, Security, and Surface as well as Gaming.

Note that Github is seen as a way of persuading developers to use Azure services, and note also the important attached to the Power Platform. Power platform? Here it is:

The Power Platform is today comprised of three services – Power BI, PowerApps and Flow … It is a system that enables users to do three key actions on data that help them drive business: Analyze, Act, and Automate. We do this with Power BI, PowerApps, and Flow, all working together atop your data to help EVERYONE, from the CEO to the front-line workers, drive the business with data.

says CVP James Phillips.

The piece that particularly interests me is PowerApps. Microsoft spent years looking for a modern successor to Visual Basic, app development within reach of non-specialists (kind-of). In PowerApps it believes it has the answer:

PowerApps is a “citizen application development platform” – allowing anyone to build web and mobile applications without writing code. The natural connection between Power BI and PowerApps makes it effortless to put insights in the hands of maintenance workers, teachers, miners and others on the frontline, in tailored and often task-specific applications

says Phillips.

So if VB was a driver for Windows adoption, then PowerApps will push you towards Microsoft’s cloud-hosted business applications.

Microsoft Planner: a good task management solution for small teams?

It is a common scenario for any team: you have projects which break down into various tasks, and you need to assign tasks to team members with deadlines. The low-tech solution is that you have a meeting, you assign the tasks, and each person organises their time in whatever way works for them. A calendar entry with a reminder, perhaps, or a task entry with a reminder, if you use Outlook and Exchange or Office 365.

But what if you want a project-level view of how the tasks are going? Again there are low-tech solutions like Excel spreadsheets or even a whiteboard on the wall. Of course there are software solutions as well. On Microsoft’s platform (which is the subject of this post) you could use Microsoft Project. A user license for Project Online Professional is currently £22.60 per month, though, more than double the cost of an Office 365 Business Premium account (£9.40). Even a team member license (Project Online Essentials) is £5.30. It seems a big leap in cost, and is more than many businesses need in terms of features.

There is an alternative, which is Microsoft Planner. This is one of those Office 365 apps that is not all that well known, and it comes for free with most Office 365 plans. It gives you basic project management, with the ability to assign tasks to team members.

You can find Planner by logging into Office 365 and choosing Planner from the All Apps view.

image

Once Planner opens you can create a plan.

image

I advise a careful look at this dialog before clicking Create plan. If you have one big project, such as perhaps a new product you are developing, a plan dedicated to that project makes sense. If you have multiple small projects though, it would be better to have a single plan to contain multiple projects. The reason is that plans have a relatively high overhead. Each plan by default creates an Office 365 group and an Office 365 Sharepoint site. This could easily become a maintenance nightmare. Within a plan though, you can have multiple buckets, and each bucket can contain multiple tasks.

Note also that you can use an existing Office 365 group. It might make sense to create the group first, if only to get a sensible name. By default, the group gets the game of the plan. Only one Sharepoint site is created per group, so this is more lightweight (phew!).

After thinking this through you hit Create plan. The plan is created and you can get on with adding tasks, the base unit of a plan.

A few things about tasks:

– they have due dates

– they are assigned to one or more team members

– they can have checklists of sub-tasks which you check off

– they can have attachments

– they have a status of “Not started”, “in progress”, or “complete”

image

Tasks can be grouped into buckets (a good idea). Once you have a few tasks you can view charts showing progress and a schedule showing when task completion is due.

image

When members are assigned a task, they get an email notification.

image

And as I mentioned there is Sharepoint site which can have all sorts of junk added to it.

image

Now a few observations. Planner looks useful but as so often with these Microsoft apps, there are things that make you want to bang your head against the nearest wall. The most obvious problem is that Planner tasks do not integrate with Outlook tasks. The best you can do is to export the plan schedule to an Outlook calendar. Guess what is the top user request for Planner?

image

From here we learn of an added complication, that Outlook tasks are being replaced by Microsoft To-Do. Inevitable perhaps but I like Outlook tasks and the fact that everything is in an Exchange mailbox, and therefore easy to manage.

Still, the good news is that it says In Development.

Other limitations? Well, Planner is very basic. You cannot even have dependent tasks. You cannot set status to show the degree to which a task is complete, which even Outlook tasks can do. No Gantt charts either. Or features like milestones, cost tracking, risk assessment, time management, templates, prioritisation, projections, or other such features.

In fact, you cannot even export to Excel, the second most requested feature (the team is working on this too).

image

You cannot help but wonder if Microsoft does not want to make Planner too good, lest it cut into lucrative Project sales.

If so, this is to my mind wrongheaded. For every Project sale lost, there would be three sales won for Office 365 if it came with an excellent project management tool built in. There is also the problem of duplicated effort. Why not get the Project team to develop Project Lite for Office 365, limited by lack of some of the more advanced features, but with a smooth upgrade path, rather than making an alternative product which is still not fully ready?

Still, Planner is free with Office 365, and worth being aware of if you can get it to do what you need.

Stack Overflow survey shows leap in popularity for Visual Studio Code

Stack Overflow has released the results of its annual developer survey. I took a quick look, comparing the figures to those for 2018.

The survey is based on results from 88,883 developers from 179 countries. 400 responses were excluded because they took less than 3 minutes to complete!

A few things caught my eye.

Visual Studio Code is the most popular development tool, with over 50% of developers saying they use it. This is up from 34.9% last year. Visual Studio (which I guess includes Visual Studio for Mac) is second but has gone down from 34.3% to 31.5%.

image

Visual Studio Code is an amazing success; it is only four years old. What is the benefit to Microsoft though? There must be some benefit via the branding and gentle steers towards Microsoft services such as Azure; but this is mainly about Microsoft delivering a great free and open source developer tool and getting kudos in return.

Few other technologies have moved by such a dramatic amount. JavaScript remains top in languages but slightly down, 69.8% to 67.8%. Python is gently up, 38.8% to 41.7%. C# slightly down, 34.4% to 31%. Swift is down a bit, 8.1% to 6.6%, which is a little surprising to me.

TypeScript is up from 17.4% to 21.2%. Another impressive open source project from Microsoft and the great Anders Hejlsberg (Object Pascal, Delphi, C#, TypeScript).

In frameworks, last year StackOverflow had a single category for .NET Core (27.2%) while ignoring .NET Framework. This year it has 23.7% for .NET Core and 37.4% for .NET – no trends are therefore visible but next year perhaps.

There is an overly broad platform category including everything from Raspberry Pi to WordPress to AWS. I do not have much confidence in these figures, but notice that AWS is up from 24.1% to 29.5%, Google Cloud Platform up from 8% to 12.8%, and Azure up from 11% to  11.9%. Not good figures for Azure, now third behind AWS and Google. But Microsoft can take comfort from Windows, supposedly up from 35.4% to 50.7%.

Both Android (29% to 27%) and iOS (15.5% to 13%) are down slightly. I do not think this is meaningful movement but it does suggest that mobile app development is not longer a big growth area; perhaps there is more attention being paid to server apps.

Hands on with Windows Virtual Desktop

Microsoft’s Windows Virtual Desktop (WVD) is now in preview. This is virtual Windows desktops on Azure, and the first time Microsoft has come forward with a fully integrated first-party offering. There are also a few notable features:

– You can use a multi-session edition of Windows 10 Enterprise. Normally Windows 10 does not support concurrent sessions: if another user logs on, any existing session is terminated. This is an artificial restriction which is more to do with licensing than technology, and there are hacks to get around it but they are pointless presuming you want to be correctly licensed.

– You can use Windows 7 with free extended security updates to 2023. As standard, Windows 7 end of support is coming in January 2020. Without Windows Virtual Desktop, extended security support is a paid for option.

– Running a VDI (Virtual Desktop Infrastructure) can be expensive but pricing for Windows Virtual Desktop is reasonable. You have to pay for the Azure resources, but licensing comes at no extra cost for Microsoft 365 users. Microsoft 365 is a bundle of Office 365, Windows InTune and Windows 10 licenses and starts at £15.10 or $20 per month. Office 365 Business Premium is £9.40 or $12.50 per month. These are small business plans limited to 300 users.

Windows Virtual Desktop supports both desktops and individual Windows applications. If you are familiar with Windows Server Remote Desktop Services, you will find many of the same features here, but packaged as an Azure service. You can publish both desktops and applications, and use either a client application or a web browser to access them.

What is the point of a virtual desktop when you can just use a laptop? It is great for manageability, security, and remote working with full access to internal resources without a VPN. There could even be a cost saving, since a cheap device like a Chromebook becomes a Windows desktop anywhere you have a decent internet connection.

Puzzling out the system requirements

I was determined to try out Windows Virtual Desktop before writing about it so I went over to the product page and hit Getting Started. I used a free trial of Azure. There is a complication though which is that Windows Virtual Desktop VMs must be domain joined. This means that simply having Azure Active Directory is not enough. You have a few options:

Azure Active Directory Domain Services (Azure ADDS) This is a paid-for azure service that provides domain-join and other services to VMs on an Azure virtual network. It costs from about £80.00 or $110.00 per month. If you use Azure ADDS you set up a separate domain from your on-premises domain, if you have one. However you can combine it with Azure AD Connect to enable sign-on with the same credentials.

There is a certain amount of confusion over whether you can use WVD with just Azure ADDS and not AD Connect. The docs say you cannot, stating that “A Windows Server Active Directory in sync with Azure Active Directory” is required. However a user reports success without this; of course there may be snags yet to be revealed.

Azure Active Directory with AD Connect and a site to site VPN. In this scenario you create an Azure virtual network that is linked to your on-premises network via a site to site VPN. I went this route for my trial. I already had AD Connect running but not the VPN. A VPN requires a VPN Gateway which is a paid-for option. There is a Basic version which is considered legacy, so I used a VPNGw1 which costs around £100 or $140 per month.

Update: I have replaced the VPN Gateway with once using the Basic sku (around £20.00 or $26.00 per month) and it still works fine. Microsoft does not recommend this for production but for a very small deployment like mine, or for testing, it is much more cost effective.

This solution is working well for me but note that in a production environment you would want to add some further infrastructure. The WVD VMs are domain-joined to the on-premises AD which means constant network traffic across the VPN. AD integrates with DNS so you should also configure the virtual network to use on-premises DNS. The solution would be to add an Azure-hosted VM on the virtual network running a domain controller and DNS. Of course this is a further cost. Running just Azure ADDS and AD Connect is cheaper and simpler if it is supported.

Incidentally, I use pfsense for my on-premises firewall so this is the endpoint for my site-to-site VPN. Initially it did not work. I am not sure what fixed it but it may have been the TCP MSS Clamping referred to here. I set this to 1350 as suggested. I was happy to see the connection come up in pfsense.

image 

Setup options

There are a few different ways to set up WVD. You start by setting some permissions and creating a WVD Tenant as described here. This requires PowerShell but it was pretty easy.

image

The next step is to create a WVD host pool and this was less straightforward. The tutorial offers the option of using the Azure Portal and finding Windows Virtual Desktop – Provision a host pool in the Azure Marketplace. Or you can use an Azure Resource Manager template, or PowerShell.

I used the Azure Marketplace, thinking this would be easier. When I ran into issues, I tried using PowerShell, but had difficulty finding the special Windows 10 Enterprise Virtual Desktop edition via this route. So I went back to the portal and the Azure marketplace.

Provisioning the host pool

Once your tenant is created, and you have the system requirements in place, it is just a matter of running through a wizard to provision the host pool. You start by naming it and selecting a desktop type: Pooled for multi-session Windows 10, or Personal for a VM per user. I went for the Pooled option.

image

Next comes VM configuration. I stumbled a bit here. Even if you specify just 10 (or 1) users, the wizard recommends a fairly powerful VM, a D8s v3. I thought this would be OK for the trial, but it would not let me continue using the trial subscription as it is too expensive. So I ended up with a D4s v3. Actually, I also tried using a D4 v3 but that failed to deploy because it does not support premium storage. So the “s” is important.

image

The next dialog has some potential snags.

image

This is where you choose an OS image, note the default is Windows 10 Enterprise multi-session, for a pooled WVD. You also specify a user which becomes the default for all the VMs and is also used to join the VMs to the domain. These credentials are also used to create a local admin account on the VM, in case the domain join fails and you need to connect (I did need this).

Note also that the OU path is specified in the form OU=wvd,DC=yourdomain,DC=com (for example). Not just the name of an OU. Otherwise you will get errors on domain join.

Finally take care with the virtual network selection. It is quite simple: if you are doing what I did and domain-joining to an on-premises domain, the virtual network and subnet needs to have connectivity to your on-premises DCs and DNS.

The next dialog is pretty easy. Just make sure that you type in the tenant name that you created earlier.

image

Next you get a summary screen which validates your selections.

image

I suggest you do not take this validation too seriously. I found it happily validated a non-working configuration.

Hit OK and you can deploy your WVD host pool. This takes a few minutes, in my case around 10-15 minutes when it works. If it does not work, it can fail quickly or slowly depending on where in the process it fails.

My problem, after fixing issues like using the wrong type of OS image, was failure to join the VM to the domain. I could not see why this did not work. The displayed error may or may not be useful.

image

If the deployment got as far as creating the VM (or VMS), I found it helpful to connect to a VM to look at its event viewer. I could connect from my on-premises network thanks to the site to site VPN.

I discovered several issues before I got it working. One was simple: I mistyped the name of the vmjoiner user when I created it so naturally it could not authenticate. I was glad when it finally worked.

image

Connection

Once I got the host pool up and running my trial WVD deployment was fine. I can connect via a special Remote Desktop Client or a browser. The WVD session is fast and responsive and the VPN to my office rather handy.

image

Observations

I think WVD is a good strategic move from Microsoft and will probably be popular. I have to note though that setup is not as straightforward as I had hoped. It would benefit Microsoft to make the trial easier to get up and running and to improve the validation of the host pool deployment.

It also seems to me that for small businesses an option to deploy with only Azure ADDS and no dependency on an on-premises AD is essential.

As ever, careful network planning is a requirement and improved guidance for this would also be appreciated.

Update:         

There seems to a problem with Office licensing. I have an E3 license. It installs but comes up with a licensing error. I presume this is a bug in the preview.    

image

This was my mistake as it turned out. You have to take some extra steps to install Office Pro Plus on a terminal server, as explained here. In my case, I just added the registry key SharedComputerLicensing with a setting of 1 under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Configuration. Now it runs fine. Thanks to https://twitter.com/getwired for the tip.

Progressive Delivery: the next step in DevOps?

I attended the always-excellent QCon developer conference in London earlier this week. James Governor from Redmonk what there, presenting what he calls Progressive Delivery, the idea being that rather than rolling out continuous and (mostly) small changes to everyone, you segment your deployments. Progressive deployment, see.

image

It is not really a new idea and might even be considered a rediscovery of what we already knew: that it makes sense to deploy new stuff to a small sample first. However it is true that tools are constantly evolving, and Progressive Delivery is perhaps best seen as a necessary refinement to the Continuous Delivery concept. In particular, LaunchDarkly exhibited at QCon; the product is a feature management platform which lets you create groups of users and toggle features on or off for particular groups. Needless to say, the LaunchDarkly folk love the Progressive Delivery concept.

Why Progressive Delivery? My first reaction is that this is about caution: if stuff breaks, let us make sure it only breaks for a few users. Then I saw that it can be equally about bold experimentation, trying new ideas with small groups so you can observe what works and what does not.

Of course you can do this anyway and in the end there is no magic in LaunchDarkly; it is still down to the developer to write the code:

image

This stuff can also easily become non-trivial; one attendee asked about managing database structure and it is obvious that not all features are equally amenable to being switched on or off for groups of users.

Still, I reckon “how do you manage features?” is a good question to add to the list when considering DevOps tools.

You can read most of what Governor talked about in his post from last year here.

Location Services: GPS-only no longer protects your privacy on Android 9 “Pie”, Huawei / Honor 10

I have an Honor 10 AI phone (among others) and this recently upgraded itself to Android 9 “Pie”. It is always good to be on the latest Android; but I noticed a change in something I care about (though acknowledging that for most people it is not top of mind).

Specifically, I am averse to sharing my location more than is necessary, especially with large organizations that want to track me for advertising and marketing purposes (hello Google!). Therefore I normally set Android Location Services to GPS-only. This means you do not have to agree to send your location data to Google in the dialog that appears when you turn on what Google calls “High Accuracy” location services. Here is what the setting looks like in Android 7:

image

I have found that Google Maps works badly on GPS-only, but other mapping apps like HERE WeGo work fine.

However, following the upgrade to Android 9 on the Honor 10 AI, my use of HERE WeGo was blocked.

image

This is coercive, in that mapping is a core function of a smartphone. And it is unnecessary, since I know for sure that this app works fine without the Wi-Fi scanning and Google data collection referenced in the dialog.

I agreed the setting but noticed another curious thing. When you switch on location services, you also make a new agreement with Huawei:

image

This is confusing. Is location services provided by Google, or Huawei?

Note also that I have little confidence in the promise that no “personal information” will be collected. The intention may be there, but history suggests that it is often pretty easy to identify the person from so-called non-personal information. It is better not to send the data at all if you care about privacy.

Huawei’s only suggestion if you do not agree is not to use location services. Or throw your device in the bin.

Having agreed all this data collection, note that you can still turn off wi-fi scanning and Bluetooth scanning in the advanced settings of Google location services. Is this respected though by Huawei? It is hard to tell.

Finally, note that Google now strongly encourages developers to use the Google Play location API rather than the Android location API.

image

This all seems like bad news if, like me, you want to minimize the location data that you share.

How Windows 10 Ransomware Protection interferes with application installs

Three times recently I have had install failures on Windows 10, and three times have fixed them by disabling one of its security features.

image

“Ransomware protection” does not know anything about ransomware as such, but simply blocks access to files and folders where you are likely to store documents and data. Ransomware works by encrypting your documents and demanding money (usually in the form of bitcoin) to unlock them. Therefore blocking access prevents it from working, or at least that is the idea.

I am all in favour of blocking ransomware, but unfortunately this feature may also break application installs. Worse, they tend to break in ways that do not make the problem obvious to the user.

I installed Docker for Windows, for example (actually just accepted a prompt to upgrade) and it hung on the Installing… dialog.

Another application complained about insufficient disk space.

The problem seems to be related to application shortcuts, which are created in protected folders such as the desktop. Even though the install is running with admin rights, it cannot write these files. What happens next depends on how well the installer handles unexpected outcomes. This is not really a fatal error, but may become so.

What is the solution?

The obvious answer is to turn off controlled folder access before running installers for desktop applications. You can turn it back on afterwards.

Microsoft may say that if we all use Store apps or the Desktop Bridge packager the problem will not occur. The issue is related to the Windows legacy of free-for-all installations and the way Microsoft has been trying for many years (with partial success) to bring it under control. Mobile operating systems tend to be better behaved because they were designed to be locked down and to isolate applications from one another and from the operating system.

Tech Writing