All posts by onlyconnect

How to change a network from public to private in Windows 8.1

October 1, 2013 onlyconnect 9 Comments

So I arrive at a hotel and turn on wi-fi and connect. That little dialog comes up, Do you want to find PCs devices and content on this network? The correct answer in a hotel is No, but in my jet-lagged stupor I click Yes. Oops.

No problem, just change it, right? Hmm. Go to the Network and Sharing center and it is not obvious how to change the profile of a network. It tells me that the network is Private, but the setting seems to be read-only:

Not much of a Network and Sharing Center if you cannot change this setting; but never mind. How about just “forgetting” the network so that the dialog reappears?

I took a look here. Press and hold a network in the list to forget it. Unfortunately this does not work in Windows 8.1, and apparently that is by design.

OK, so try the command line:

netsh wlan delete profile name="ProfileName"

The profile name in this context is the wi-fi SSID. Seems to work; but when I reconnect the profile dialog does not appear. Apparently the network is not fully “forgotten”.

There is a way. Regedit, and go to:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles

and find the GUID that matches your network, in my case Network 11.

Delete this profile. Do the command line thing as well to delete the profile. Now the network really is forgotten. Reconnect, the profile dialog comes up again, and now you can choose Public.

There must be an easier way though. Anyone know the user-friendly way to fix things when you accidentally select the wrong profile for a connection?

Update

It seems that this is meant to be set in Charms – PC Settings – Network. In fact, you can do it for wired connections. Here is what I get if I tap a wired connection, which I presume changes the profile:

However, if I tap a wireless connection I get this:

This looks like a bug to me, either with my 8.1 install or more generally.

social media

That easyJet tweet–questions arising about how businesses protect their reputation

September 25, 2013 onlyconnect

This morning I noticed (because others were retweeting) a tweet from Mark Leiser who claimed that he was threatened with denied boarding by easyJet after making a negative tweet about the company at the gate.

It was a remarkable claim and hard to believe. There are two things to ponder here. One was why a company would be so foolish as to try to prevent a ticketed passenger from boarding a flight merely because of a tweet it disliked. The other was the mechanism by which easyJet saw the tweet, connected it to the passenger, and took immediate action. Is easyJet really monitoring all our tweets and cross-referencing against passenger lists? Further, if such a mechanism existed, it would presumably be for the sake of improved customer service.

I asked easyJet for comment and received this statement:

easyJet has never denied boarding due to comments on social media. On the rare occasion that we consider denying boarding it is on the basis of disruptive behaviour.

Now, you need to read this statement carefully; it is not quite as bland as it first appears. Note that the company will not comment publicly on any individual passenger. However, my understanding is that the tweets were part of a wider altercation. The passenger’s original complaint, incidentally, related to easyJet’s alleged refusal to compensate another passenger who would miss his connection (train?) because of a 90 minute flight delay.

No doubt easyJet has strict policies on what it will and will not do to compensate passengers after delays and regulations also apply. I have no idea of the rights and wrongs here, but it would not be unreasonable to assume that a vocal discussion ensued and that easyJet’s knowledge of what was being tweeted arose out of it.

In the era of social media companies have nowhere to hide, we are often told. For example, Scott Monty, social media manager at Ford, says:

The reality is that the brand is what your customers say it is, not what you say it is

Does that mean that businesses are at the mercy of customers who are on social media? In the balance of power between customers and big business, a shift towards the customer is in my view an excellent thing; but it is still important to hear both sides of the story. It is unfortunate, perhaps, that in this case a policy of “no comment” on individual cases means (at the time of writing) silence from which readers may well assume the worst.

How then do businesses ensure that at least a balanced view of incidents like this are heard on social media? I am not sure that I have the answer, except to give some credit to the wider audience to use common sense and their existing knowledge of a company (easyJet actually has a good reputation among the no-frills budget airlines) to conclude that 140 characters is unlikely to tell the whole story.

Update: for a fuller account from Mark Leiser see here.

Another update: Leiser has told me that he told easyJet he was tweeting, in order to further the cause of the potentially stranded passenger:

exchange, microsoft

Preventing auto-archive of Tasks in Office 365 with Retention Tags

September 21, 2013 onlyconnect 1 Comment

I helped a contact set up Office 365 and encountered a curious problem.

He is a financial adviser and as part of his workflow, he uses tasks with a due date set far into the future. For example, “Call this client in two years time”.

He has an Office 365 E3 plan, which gives him enterprise-quality retention and archiving features.

We enabled archiving which by default means that messages over two years old are moved to an online archive mailbox.

He then noticed that tasks were disappearing. Then he found them in the archive mailbox. Some of the tasks that were being archived were the ones for action right now.

Why does Exchange archive tasks that are just on or even before their due date? It seems odd; but read this post carefully:

A non-recurring task expires (or moves to the archive) according to its message-received date, if one exists.

If a non-recurring task does not have a message-received date, it expires (or moves to the archive) according to its message-creation date.

You might not think that tasks are messages; but in Exchange everything is a message, kind-of. Nowhere does this post by Ross Smith at Microsoft refer to the task’s due date. That seems curious; but the evidence from both this post and our experience is that Exchange will indeed archive a task, regardless of its due date, if it is older than the archive period.

No problem, I thought, we’ll just set the Tasks folder not to auto-archive. Forget the folder properties though; this is Enterprise stuff set by policy and there is no auto-archive tab:

OK, so we have to look at the policies. This gets a little complex. If you right-click a folder in Outlook Web App, after enabling online archiving, you will notice an Assign Policy option which refers to both Archive Policy and Retention Policy:

However, you cannot right-click Tasks and choose “Personal never move to archive”. Nor can you use Policy tab that appears in Outlook (provided you have the right version) for most folders:

The Tasks folder is special. It inherits the default archiving policy for the mailbox, which cannot be overridden.

Here is how we have (I hope) fixed this. What you have to do is to set a default archiving policy of “Never archive” and then override this for the folders that you do want to archive. A bit backwards, but there it is.

You can do this either through the Office 365 Exchange admin screens, or with PowerShell. First, go to Compliance Management and select Retention tags.

Why are we looking at Retention tags and not Archive tags? The reason, as far as I can make out, is that what Microsoft calls in some places the Archive policy is implemented as a Retention policy with Action “Move to Archive”. Therefore, we have to create a new Default Retention Tag which specifies Never archive:

Now go to the Retention Policies tab. By default there is a single Default MRM policy. You can either amend this, or create a new policy. A policy is defined by a collection of Retention tags. The key tag in this instance is “Default 2 year move to archive”. You can either remove this and replace it with “Default never archive”, or create a new policy including “Default never archive”. It seems that Retention policies work better if they have a Default tag of some sort, so I suggest not omitting a Default tag altogether.

An Archive policy that never archives anything is not much use, so you should also include some Personal Retention tags. These let you override the default policy for specific folders, such as Inbox. You can also add Retention tags that apply automatically to specific folders (the Default MRM policy has examples for Junk Email and Deleted Items) but note that these cannot affect the Archive policy, as they cannot contain the action “Move to Archive”. Only Default and Personal tags can include Archive policy.

Finally, if you created a new policy rather than amending Default MRM Policy, you have to apply it to the mailbox. Go to Recipients, select the mailbox and click Edit, select Mailbox features, and change the Retention Policy.

Note that the archive policy doesn’t seem to be applied until the archiving process next runs, which by default is every seven days. You can kick it off in PowerShell like this:

Start-ManagedFolderAssistant -Identity <name of the mailbox>

My opinion: that is a lot of work simply to have Tasks not auto-archive. But on the plus side, it gives you a good understanding of how archiving and retention policies work in Office 365.

If you know an easier way, please let me know!

ComponentOne’s TouchToolkit for Windows Forms: another approach to the Windows tablet problem

September 20, 2013 onlyconnect 1 Comment

Software component vendor ComponentOne has released Studio Enterprise 2013 v2.5, the latest in its suite of components, with support for Windows 8.1 and Visual Studio 2013.

The piece that caught my eye is the TouchToolkit for Windows Forms.

Here’s the problem. The Windows desktop is poor with touch control, which is why Microsoft created Windows 8 with its alternate, touch-friendly Windows Runtime platform. However users are resistant to the changed user interface, and it does not help with existing desktop apps.

Developers are also faced with a question of simple mathematics. Develop a Windows 8 Store app, get a market of x. Develop a Windows desktop app, get a market of many times x, since Windows 8 can run desktop apps, but Windows 7 cannot run Store apps.

Embarcadero approached this problem with a framework called Metropolis, for Delphi and RAD Studio. It builds apps that mimic the Windows Runtime look and feel, but which are actually desktop apps. Of course they do not run on Windows RT, the ARM version. It is a confusing solution in my opinion, leading users into what Martin Fowler calls the Uncanny Valley, where stuff works almost but not quite how you expect.

I prefer the thinking behind the TouchToolkit. Take your existing Windows Forms apps, or write a new one, using these controls to make them more touch-friendly. They will never be as well suited to touch control as a Store app, but they might be good enough, and of course will run on Windows 7 and earlier versions.

The controls include a magnifier, support for zoom gestures, and a touch event provider that adds gesture support to any control.

Windows Forms, we all know, is not as good as WPF if you want an application that scales nicely and supports modern design. On the other hand, Windows Forms is pragmatic and easy to use framework that remains popular for line of business apps.

delphi, development, embarcadero, mobile

Embarcadero RAD Studio XE5 (Delphi) for Android now available

September 11, 2013 onlyconnect 3 Comments

Today Embarcadero released RAD Studio XE5 which lets you build apps for Windows, Mac, iOS and Android. You can also buy Delphi XE5 separately if you prefer.

Embarcadero’s release cycle is relatively rapid. It was only six months ago that RAD Studio XE4 with iOS support appeared.

The big deal in this release is Android support. If you use the FireMonkey framework, you can build apps for all supported platforms.

There is also a new REST client library and some other enhancements – see here for a list of what’s new.

Embarcadero’s approach to Android development is distinctive. In keeping with Delphi’s tradition of native code compilation, Android apps are compiled using the NDK (Native Development Kit). Embarcadero’s developer evangelist John Thomas told me that this delivers excellent performance. I can believe it, though note what Google says:

Before downloading the NDK, you should understand that the NDK will not benefit most apps. As a developer, you need to balance its benefits against its drawbacks. Notably, using native code on Android generally does not result in a noticable performance improvement, but it always increases your app complexity. In general, you should only use the NDK if it is essential to your app—never because you simply prefer to program in C/C++.

Delphi developers are largely shielded from the complexity of the NDK, since you code using the high level abstraction provided by the runtime library (RTL) and the FireMonkey framework. If that is all you need I should think everything will be fine. If you have a Java library you need to call from your Delphi Android application, you need to use JNI (Java Native Interface) which is not so much fun.

Another point to note is that FireMonkey emulates most visual controls like buttons and lists, by drawing them itself. Users might not notice, if they look and behave exactly like the native controls, but this is hard to do perfectly. Embarcadero’s approach is native in respect of the code it generates, but not in respect of the controls it uses.

I installed RAD Studio XE5 on a Windows 8 machine and set about building an Android app. I already had the Android SDK installed so I asked the RAD Studio installer to skip the SDK but to install the NDK. As it turned out, I am not sure whether it did or did not (I could not find it quickly), but it was easier to download the NDK manually.

I have previously tried Delphi for iOS, for which the usual approach is to run Delphi (or RAD Studio) in a Windows emulator on a Mac, since the Delphi IDE is Windows only. This approach is not so good for Android development because its hard to attach Android devices to an emulator for debugging. Therefore, a real Windows PC is a better platform for Android development. If you want to target iOS as well, you can still do so, by using the remote agent running on a Mac.

Setting up for Android development is a little harder than setting up iOS development. The Android device I used for my test is a Sony Xperia T, and I installed the Sony PC Companion to be sure of having the correct USB drivers for debugging. With Java, the SDK, the NDK, RAD Studio itself, and getting the device connected, that is a fair number of moving parts.

It worked though. I created an Android app, connected my Xperia, and it showed up as a target in Delphi (it is also called the LT30p).

I threw a label, a listbox and a button onto my app’s main screen.

As it turned out, I should have taken a little more trouble. Here is my app running on the phone:

Something has gone wrong with the list, but it looks easy to fix.

According to Embarcadero, a recent survey of over 1300 Windows developers showed that 85% get requests for mobile apps. But what mobile platform is most requested? Android is apparently at the top of the list:

83% Android
67% iOS
33% Windows Phone
17% Windows RT
14% Blackberry

Is that really Windows RT (ARM) or could it include WinRT (Windows 8 Store app) I wonder? Neither are supported by Delphi yet; but at least with Android it now supports the most highly requested platform.

Cross-platform mobile development is critical today, and the new capabilities in Delphi and RAD Studio will be welcome. Is it the best approach? The trade-off is this. On the plus side, you get a cross-platform GUI framework that lets you share the maximum amount of code across all the targets you support. On the minus side, that might not be a good idea; see this post for some thoughts on that. You also get a native executable that should perform well, certainly better than an HTML/JavaScript approach, though I’m not convinced that using the NDK on Android is ideal.

How big is your Delphi Android app? Using the Hello World example above, this is what I got in debug configuration:

24.52MB storage. I changed to release configuration and got this:

That saved nearly 3MB, to 21.62MB.

Here is the RAM usage:

I would be interested in hearing from developers using Delphi or C++ Builder for Android development. How is the quality of this first release? Is the fact that you are not developing in Java a problem in practice?

mobile, security

Does anti-virus work? Does Android need it? Reflections on AVG’s security suite

September 6, 2013 onlyconnect

I’m just back from AVG’s press event in New York, where new CEO Gary Kovacs (ex Mozilla) presented the latest product suite from the company.

Security is a huge topic but I confess to being something of a sceptic when it comes to PC security products. Problems include performance impact, unnecessary tinkering with the operating system (replacing the perfectly good Windows Firewall, for example), feature creep into non-security areas (AVG now does a performance tune-up product), and the fact that security software is imperfect. Put bluntly, it doesn’t always work; and ironically there was an example at a small business I work with while I was out there.

This business has AVG on its server and Microsoft Security Essentials on the clients, and somehow one of the clients got infected with a variant of a worm known as My little pronny which infects network shares. It may not be the exact one described in the link as these things mutate. Not too difficult to fix in this instance but a nuisance, and not picked up by the security software.

IT pros know that security software is imperfect, but uses do not; the security vendors are happy to give the impression that their products offer complete protection.

Still, there is no doubt that anti-malware software prevents some infections and helps with fixing others, so I do not mean to suggest that it is no use.

AVG is also a likeable company, not least because it offers free versions of its products that are more than just trialware. The freemium model has worked for AVG, with users impressed by the free stuff and upgrading to a paid-for version, or ordering the commercial version for work after a good experience with the free one.

Another key topic though is how security companies like AVG will survive the declining PC market. Diversification into mobile is part of their answer; but as I put it to several executives this week, Windows is particularly vulnerable thanks to its history and design, whereas operating systems like Android, iOS and Windows RT are designed for the internet and locked down so that software is only installed from curated app stores. Do we still need security software on such devices?

My further observation is that I know lots of people who have experienced Windows malware, but none so far who have complained about a virus on their Android or iOS device.

What then did I learn? Here is a quick summary.

AVG is taking a broad view of security, and Kovacs talked to me more about privacy issues than about malware. Mozilla is a non-profit that fights for the open web, and the continuity for Kovacs now with AVG is that he is working to achieve greater transparency and control for users over how their data is collected and shared.

The most striking product we saw is a free browser add-in called PrivacyFix. This has an array of features, including analysis of social media settings, analysis and blocking of ad trackers, and reports on issues with sites you visit ranging from privacy policy analysis to relevant information such as whether the site has suffered a data breach. It even attempts to rate your value to the site with the current settings; information which is not directly useful to you but which does reinforce the point that vendors and advertisers collect our data for a reason.

I can imagine PrivacyFix being unpopular in the ad tracking industry, and upsetting sites like Facebook and Google which gather large amounts of personal data. Facebook gets 4 out of 6 for privacy, and the tool reports issues such as the June 2013 Facebook data breach when you visit the site and activate the tool. Its data is limited though. When I tried it on my own site, it reported “This site has not yet been rated”.

AVG’s other announcements include a secure file shredder and an encrypted virtual drive called Data Safe which looks similar to the open source TrueCrypt but a little more user-friendly, as you would expect from a commercial utility.

AVG PC TuneUp includes features to clean the Windows registry, full uninstall, duplicate file finder, and “Flight mode” to extend battery life by switching off unneeded services as well as wireless networking. While I am in favour of making Windows leaner and more efficient, I am wary of a tool that interferes so much with the operating system. However AVG make bold claims for the efficacy of Flight Mode in extending battery life and perhaps I am unduly hesitant.

On the small business side, I was impressed with CloudCare, which provides remote management tools for AVG resellers to support their customers, apparently at no extra cost.

All of the above is Windows-centric, a market which AVG says is still strong for them. The company points out that even if users are keeping PCs longer, preferring to buy new tablets and smartphones than to upgrade their laptop, those older PCs sill need tools such as AVG’s suite.

Nevertheless, AVG seems to be hedging its bets with a strong focus on mobile, especially Android. We were assured that Android is just as vulnerable to Windows when it comes to malware, and that even Apple’s iOS needs its security supplementing. Even if you do not accept that the malware risk is as great as AVG makes out, if you extend what you mean by security to include privacy then there is no doubting the significance of the issue on mobile.

microsoft, mobile, nokia

Microsoft acquires Nokia’s device business: a risky move for Windows Phone

September 3, 2013 onlyconnect 1 Comment

Microsoft is to acquire Nokia’s device business:

Microsoft Corporation and Nokia Corporation today announced that the Boards of Directors for both companies have decided to enter into a transaction whereby Microsoft will purchase substantially all of Nokia’s Devices & Services business, license Nokia’s patents, and license and use Nokia’s mapping services.

Nokia’s Stephen Elop is no longer CEO:

Stephen Elop, who following today’s announcement is stepping aside as Nokia President and CEO to become Nokia Executive Vice President of Devices & Services

The plan is that Elop, together with other executives from his team, will move to Microsoft. This is a circle completed for Elop, who was formerly in charge of Microsoft Office.

Nokia is retaining its patent portfolio, but licensing its patents to Microsoft for a 10 year term.

Microsoft is acquiring approximately half of Nokia’s business overall, but all of its phones including the low end Asha range.

What are the implications for Windows Phone? One the face of it, the deal makes some sense. Nokia was the only Windows Phone OEM making real efforts to support and establish the platform, and has a large market share within the Windows Phone market. Although Windows Phone is struggling versus the iOS and Android giants, to Nokia’s credit it has established itself as a firm number three, ahead of Blackberry, and done some impressive work especially with the camera element.

Nokia has also managed to push out low-end but still capable Windows Phones at keen prices, and it is this more than anything else that has won it increasing market share. Recently, Kantar published a report showing solid gains for the platform:

Windows Phone, driven largely by lower priced Nokia smartphones such as the Lumia 520, now represents around one in 10 smartphone sales in Britain, France, Germany and Mexico. For the first time the platform has claimed the number two spot in a major world market, taking 11.6% of sales in Mexico.

What will be the effect of the acquisition on the Windows Phone platform and ecosystem? On the plus side, it gives Elop’s team access to more funds and removes any uncertainty surrounding Nokia’s future. If Microsoft keeps the proven team and its design and manufacturing expertise together, this could work.

There are obvious risks though. Without Nokia, Microsoft did a poor job of marketing Windows Phone, and while some of that is down to half-hearted hardware partners, Microsoft was also to blame for poor execution. Now that Nokia is Microsoft, there is a danger that its effectiveness will slip back.

Another question is how this will impact the other Windows Phone vendors, such at HTC and Samsung. Nokia already seemed to be a favoured partner, so perhaps little will change, but it seems unlikely that this will energise the other partners and it may have the opposite effect. The Windows OEMs hate Microsoft’s efforts with Surface (even though it was their own failings that forced Microsoft into the venture) and the phone vendors may well feel the same about Micro-Nok.

There is now no non-Microsoft smartphone vendor for whom Windows Phone is anything but a small sideshow. That could change, but it is not a sign of health.

Whether Nokia was right to embrace Windows Phone rather than Android is an open question; and perhaps it should not have abandoned its Meego (Linux) efforts, but given that it did both, it seems to me that Elop has performed well and was successfully growing the platform, albeit from a small base. Will he be allowed to continue that work at Microsoft, as well as gaining greater control over the software side of Windows Phone whose slow pace of development, it is rumoured, was a source of frustration to Nokia?

Alternatively, history tells that Microsoft can suffocate its acquisitions (remember Danger?).

Personally I like Windows Phone. When I looked at a Samsung Android recently, I was struck by how disorganised and confusing an Android smartphone can be, though impressed by its capability. Windows Phone is decent and I hope it carves out a reasonable market share.

The risks, though, are obvious.

microsoft, security

Hands on with Microsoft’s Azure Cloud Rights Management: not ready yet

September 2, 2013 onlyconnect 1 Comment

If you could describe the perfect document security system, it might go something like this. “I’d like to share this document with X, Y, and Z, but I’d like control over whether they can modify it, I’d like to forbid them to share it with anyone else, and I’d like to be able to destroy their copy at a time I specify”.

This is pretty much what Microsoft’s new Azure Rights Management system promises, kind-of:

ITPros have the flexibility in their choice of storage locale for their data and Security Officers have the flexibility of maintaining policies across these various storage classes. It can be kept on premise, placed in an business cloud data store such as SharePoint, or it can placed pretty much anywhere and remain safe (e.g. thumb drive, personal consumer-grade cloud drives).

says the blog post.

There is a crucial distinction to be made though. Does Rights Management truly enforce document security, so that it cannot be bypassed without deep hacking; or is it more of an aide-memoire, helping users to do the right thing but not really enforcing it?

I tried the preview of Azure Rights Management, available here. Currently it seems more the latter, rather than any sort of deep protection, but see what you think. It is in preview, and a number of features are missing, so expect improvements.

I signed up and installed the software into my Windows 8 PC.

The way this works is that “enlightened” applications (currently Microsoft Office and Foxit PDF, though even they are not fully enlightened as far as I can tell) get enhancements to their user interface so you can protect documents. You can also protect *any* document by right-click in Explorer:

I typed a document in Word and hit Share Protected in the ribbon. Unfortunately I immediately got an error, that the network location cannot be reached:

I contacted the team about this, who asked for the log file and then gave me a quick response. The reason for the error was that Rights Management was looking for a server on my network that I sent to the skip long ago.

Many years ago I must have tried Microsoft IRM (Information Rights Management) though I barely remember. The new software was finding the old information in my Active Directory, and not trying to contact Azure at all.

This is unlikely to be a common problem, but illustrates that Microsoft is extending its existing rights management system, not creating a new one.

With that fixed, I was able to protect and share a document. This is the dialog:

It is not a Word dialog, but rather part of the Rights Management application that you install. You get the same dialog if you right-click any file in Explorer and choose Share Protected.

I entered a Gmail email address and sent the protected document, which was now wrapped in a file with a .pfile (Protected File) extension.

Next, I got my Gmail on another machine.

First, I tried to open the file on Android. Unfortunately only x86 Windows is supported at the moment:

There is an SDK for Android, but that is all.

I tried again on a Windows machine. Here is the email:

There is also note in the email:

[Note: This Preview build has some limitations at this time. For example, sharing protected files with users external to your organization will result in access control without additional usage restrictions. Learn More about the Preview]

I was about to discover some more of these limitations. I attempted to sign up using the Gmail address. Registration involves solving a vile CAPTCHA

but got this message:

In other words, you cannot yet use the service with Gmail addresses. I tried it with a Hotmail address; but Microsoft is being even-handed; that did not work either.

Next, I tried another email address at a different, private email domain (yes, I have lots of email addresses). No go:

The message said that the address I used was from an organisation that has Office 365 (this is correct). It then remarked, bewilderingly:

If you have an account you can view protected files. If you don’t have an Office 365 account yet, we’ll soon add support…

This email address does have an Office 365 account. I am not sure what the message means; whether it means the Office 365 account needs to sign up for rights management at £2 per user per month, or what, but it was clearly not suitable for my test.

I tried yet another email address that is not in any way linked to Office 365 and I was up and running. Of course I had to resend the protected file, otherwise this message appears:

Incidentally, I think the UI for this dialog is wrong. It is not an error, it is working as designed, so it should not be titled “error”. I see little mistakes like this frequently and they do contribute to user frustration.

Finally, I received a document to an enabled email address and was able to open it:

For some reason, the packaging results in a document called “Azure IRM docx.docx” which is odd, but never mind.

My question though: to what extent is this document protected? I took the screen grab using the Snipping Tool and pasted it into my blog for all to read, for example. The clipboard also works:

That said, the plan is for tighter protection to be offered in due course, at lease in “enlightened” applications. The problem with the preview is that if you share to someone in a different email domain, you are forced to give full access. Note the warning in the dialog:

Inherently though, the client application has to have decrypted access to the file in order to open it. All the rights management service does, really, is to decrypt the file for users logged into the Azure system and identified by their email address. What happens after that is a matter of implementation.

The consequences of documents getting into the wrong hands are a hot topic today, after Wikileaks et al. Is Microsoft’s IRM a solution?

Making this Azure-based and open to any recipient (once the limitation on “public” email addresses is lifted”) makes sense to me. However I note the following:

As currently implemented, this provides limited security. It does encrypt the document, so an intercepted email cannot easily be read, but once opened by the recipient, anything could happen.
The usability of the preview is horrid. Do you really want your trusted recipient to struggle with a CAPTCHA?
Support beyond Windows is essential, and I am surprised that this even went into preview without it.

I should add that I am sceptical whether this can ever work. Would it not be easier, and just as effective (or ineffective), simply to have data on a web site with secure log-in? The idea of securely emailing documents to external recipients is great, but it seems to add immense complexity for little added value. I may be missing something here and would welcome comments.

had to sign in twice since I didn’t check “Remember password!"

If you try recursion, it will package the already packaged file.

microsoft

Microsoft completes Windows 8.1, it says, but developers are unable to test their apps

August 27, 2013 onlyconnect

Microsoft has released Windows 8.1 to its hardware partners according to VP Antoine Leblond; but developers will be unable to test whether or not their apps work on the updated operating system until it is also in the hands of users:

While our partners are preparing these exciting new devices we will continue to work closely with them as we put the finishing touches on Windows 8.1 to ensure a quality experience at general availability on October 18th. This is the date when Windows 8.1 will be broadly available for commercial customers with or without volume licensing agreements, our broad partner ecosystem, subscribers to MSDN and TechNet, as well as consumers.

One reason for subscribing to MSDN is to get early access to new versions of Windows for test and development, so this is a surprising and disappointing move.

We pay thousands for MSDN access so we can test our software/apps properly, early testing, before GA, is an important part of that process! We don’t care about a couple of bugs in your OS, we about bug in our software. Most of us actually want to support Windows 8.1, a lot of us want to get apps ready for the awesome 8.1 features, but we can’t properly do that unless we get the RTM bits before the public gets the Windows 8.1 update!

says one comment to Leblond’s post.

It is hard to make sense of Microsoft’s reasoning here, though Microsoft’s Brandon LeBlanc comments that despite the RTM (Release to Manufacturing), Windows 8.1 is not altogether finished:

We are continuing to put the finishing touches on Windows 8.1 to ensure a quality experience at general availability

he says.

Windows 8 needs more high quality apps in order to win users over to its new tablet-friendly user interface, so it is unfortunate that Microsoft is not doing more to help developers support it.

microsoft

On Steve Ballmer and Microsoft’s future

August 27, 2013 onlyconnect 1 Comment

The announcement that Microsoft CEO Steve Ballmer will retire “within the next 12 months” prompts some quick reflections on Ballmer and the state of his company.

Ballmer suffers from lack of charisma on stage, and this combined with missteps like failing to compete effectively in mobile devices, nearly buying Yahoo at a ludicrous price, the Kin debacle, making far too many Surface RT devices, and the poor reception overall for Windows 8, means that Ballmer’s time as CEO may be judged harshly.

Many commentators seemingly forget that Microsoft’s financial results under Ballmer have been generally excellent. Further, if we blame Ballmer for the various blunders that occurred during his time as CEO, we should also credit him for the successes, like Windows 7, the steady improvements in Windows server, and the market success of Xbox versus Sony PlayStation (though not forgetting the red ring of death nor the numerous loss-making quarters for entertainment and devices).

Nor would it be correct to portray the Ballmer years as conservative turn-the-handle profit making from Windows and Office. Under Ballmer, Microsoft is transitioning towards the cloud with Office 365 and Windows Azure (with considerable success), and he was willing to take bold steps with both Windows (“reimagined” in Windows 8) and Office (moving towards a subscription model).

It is worth noting too that by all accounts Microsoft is not an easy company to direct. From my perception, its overly bureaucratic and somewhat dysfunctional management style was allowed to develop under former CEO Bill Gates, and while you can blame Ballmer for failing to fix it, the last reshuffle shows his effort to pull the company towards a more collaborative and efficient way of working:

We are rallying behind a single strategy as one company — not a collection of divisional strategies. Although we will deliver multiple devices and services to execute and monetize the strategy, the single core strategy will drive us to set shared goals for everything we do. We will see our product line holistically, not as a set of islands. We will allocate resources and build devices and services that provide compelling, integrated experiences across the many screens in our lives, with maximum return to shareholders. All parts of the company will share and contribute to the success of core offerings, like Windows, Windows Phone, Xbox, Surface, Office 365 and our EA offer, Bing, Skype, Dynamics, Azure and our servers.

What should the new CEO, and Ballmer in his final months, do now? I will refer to you to this interview with Scott Guthrie about what happened when he was reshuffled, along with several other Microsoft execs, to take on Windows Azure. Just to remind you, Azure was not a success when first launched, being both difficult to use and poorly presented by Microsoft.

We did an app building exercise about a year ago, my second or third week in the job, where we took all the 65 top leaders in the organisation and we went to a hotel and spent all day building on Azure," said Guthrie. "We split up everyone into teams, bought a credit card for each team, and we said: ‘You need to sign up for a new account on Azure and build an app today. It was an eye-opening experience. About a third of the people weren’t able to actually sign up successfully, which was kind of embarrassing. We had billing problems, the SMS channel didn’t always work, the documentation was hard, it was hard to install stuff.

“We used that [experience] to catalyze and said: ‘OK, how do we turn this into an awesome experience?’ We came up with a plan in about four to five weeks and then executed.”

Azure was based on decent technology, but prior to the changes Guthrie describes, it was a relatively hostile platform for developers. Put another way, it was not so much the strategy that was wrong, as the way it was executed.

I recall similar comments from the former Windows chief Steven Sinofsky about how Windows 7 was designed, based on what users found annoying in Windows Vista.

Something I see frequently at Microsoft is good ideas poorly executed or spoilt by errors of detail, and Ballmer could have done more to insist on higher standards. Recently I have been working with Office 365, and while the underlying platform is strong, working with it can be infuriating. It needs Guthrie’s approach: get people to try the product, watch what goes wrong, and fix it.

Microsoft’s devices and services strategy makes a lot of sense but the company needs more attention to detail to make it work.

Tim Anderson's IT Writing