Microsoft Kinda, Sorta Broke RDP: That CredSSP RDP Error

If you’re running into this, it probably started on May Patch Tuesday, which was last week (the 8th). You are getting this error when you try to RDP to a/some servers:

An authentication error has occurred.

The function requested is not supported.

This could be due to CredSSP encryption oracle remediation.

Here’s what happened

An authentication error has occurred. The function requested is not supported. … This could be due to CredSSP encryption oracle remediation.

Errors make me sad

In March, a vulnerability in CredSSP (Credential Security Support Provider) was patched, which would affect authentication via RDP (this is outlined in advisory CVE-2018-0886).  However, it was implemented in such a way that the behavior change didn’t have to be “honored” by either the server or the client involved in an RDP session.

 

The intent was that this would be controlled by GPO in enterprise environments, and a new GPO setting to activate or deactivate this behavior was released at the same time.

GPO settings have a default value, which they will use when nothing has been explicitly set for a particular setting. In this case, the GPO has three possible values: Force Updated Clients (for servers to only take connections from patched clients), Mitigated (for both, and on a workstation means that it won’t fall back to old/insecure behavior when attaching to unpatched servers), and Vulnerable (for both, and means what it sounds like–anything goes!).

In March, the default behavior was set to “Vulnerable”, which means everything kept working for everyone. But in the May security rollup, the default setting for that GPO was flipped to “Mitigated” if there was not an explicit setting for it… end result being the core problem some are running into: Clients that have received the May update are no longer able to connect to RPD servers that have not received the March vulnerability fix.

Welp.

(For a bit more background on all of this, see this Microsoft blog post: https://blogs.technet.microsoft.com/askpfeplat/2018/05/07/credssp-rdp-and-raven/)

Good News: Easy Workaround

Fortunately, there’s an easy workaround that can be applied to any Windows workstation facing this behavior, with a couple caveats.

If you are getting the above error trying to RDP to a server, all you have to do is set the corresponding GPO on your local workstation to Vulnerable.

To set this, run “gpedit.msc” on your machine. When the Local Group Policy Editor launches, navigate to Computer Configuration\Administrative Templates\System\Credentials Delegation on the left side, and then find Encryption Oracle Remediation on the right. Open that up, flip it to Enabled, and then choose “Vulnerable” for Protection Level. Hit OK, close GPEdit & you’re done; the change will take effect immediately.

There are a couple caveats: First is, this means you’re choosing to operate in an unpatched situation, which I don’t recommend. The second is that you can only apply this GPO setting on your local workstation if you’re not in an AD environment where it’s been set at the domain level and it’s getting applied to your machine. If that’s the case, the AD-level GPO will stomp on your local setting if it’s different.

Again: This should only be a temporary measure. The real fix is to get the March updates on your servers so you can set your workstation back to at least Mitigated (really should be Force Updated Clients). It’s not going to be my fault if you leave things unpatched and in Vulnerable and then something bad happens!

Commentary

Some have been referring to this as a “bug” and…This isn’t a bug; I mean, the “breaking RDP” part isn’t a bug (the original vuln obviously is). This is 100% “system functions as designed.” There’s a vulnerability in a widely-used feature of Windows, and MS pulled the “better to be on the ground wishing you were in the air, than being in the air wishing you were on the ground” card here. Being a patch hard-liner (I saw too much shit in the early 2000s), I think this is fine. If you don’t like it, there’s a workaround. But, my attitude on this is tempered by the fact that it’s only listed as an “Important” update, and the exploitability seems a little bit out there. Maybe give us all a few more months to notice?

Regardless, I DO think there was a communication failure here, though. Since few people read patch notes on a regular basis (I don’t even, anymore), relying on those to get the message to people isn’t going to work. Even that PFE blog post–which is great–is still a little bit of shouting into the void until someone runs into the problem and goes looking for a solution.

I don’t know what to do about this part, because there’s really just not a mechanism to deal with it. And really, do we need another thing to watch for alerts and stuff? Plus, breaking changes happen on a regular basis… where do you draw the line? And what, should they have made the RDP client throw a pop-up message about this? That seems like an awful big hammer.

I guess I’m going to have to go back to reviewing KB articles for patches again :-/

Let’s Talk About Group Managed Service Accounts

SQL Server service dialog, Log On tabWe all know the best practices for SQL Server service accounts–domain account (if you’re using Active Directory), non local admin, different one for each service (and server/instance), etc, etc. These are, of course, good best practices and they should be followed as closely as possible in Production and on servers/instances that house Production data.

A problem arises if you have more than just a couple-few servers or run some of the BI components, however. The number of service accounts involved in your SQL Server plant could be very large, necessitating an incredible amount of overhead when it comes to managing those accounts. This goes beyond simply creating and assigning them–chances are good that there are policies in place that require changing passwords. User accounts, service accounts, and other automation accounts likely all fall under this umbrella. If you’re lucky, maybe non-user accounts have a longer change interval, but it’s still something that is going to need to be done on a regular basis. In large environments, this could take an excruciatingly awful amount of time to do.

All of this is not to mention the human factor involved here. One of the recurring themes in a couple of my presentations is making an effort to automate as many things as possible to remove the human from the process. Not that we’re bad, but there are some things, especially tedious and repetitious tasks, where dumb things go wrong simply because of the nature of the work. Changing a bunch of service account passwords is definitely one of them. There used to be two types of sysadmins: those that have changed a service account’s password but forgot to update and restart the service itself, and those who will.

Enter Group Managed Service Accounts

Group Managed Service accounts (gMSAs) are a way to avoid most of the above work. They are special accounts that are created in Active Directory and can then be assigned as service accounts. They are completely managed by Active Directory, including their passwords. This means no more manual work to meet the password-changing policy–the machine takes care of that for you.

There are other security-related controls that can be gained with them, but this is the major feature.

I’ll also note that you–the DBA–are likely to need some help from your AD admin to get these set up. They’re going to need to actually create the accounts for you in the system, and there may be some changes needed to their AD configuration in order to support them. They’ll also need to have a Windows Server 2012 (or R2) domain controller in their domain, but I’d hope today that’s not going to be a hurdle to overcome.

Since I’m mostly here to talk about SQL Server, I’ll note a couple of different support situations. gMSAs are supported from SQL Server 2014 and on running on Windows Server 2012 R2 and on for everything you can do with SQL Server–standalone instances, Failover Clusters, Availability Groups. Just plain Managed Service Accounts (MSAs) can go back a little further, but they only support standalone instances of SQL Server.

From a non-SQL Server perspective, one of the major disadvantages of gMSAs is that one can’t just use them everywhere. Services have to be specifically designed to support the use of these accounts, and that’s not going to be the case everywhere.

Since this isn’t exactly a new feature, there’s plenty of documentation and blog posts out there to read about this feature and the various requirements to implement. There’s a great overview and setup blog post on MSDN here: https://blogs.msdn.microsoft.com/markweberblog/2016/05/25/group-managed-service-accounts-gmsa-and-sql-server-2016/

That post links to this old TechNet article, which still is a pretty good resource for understanding what these things are and a little more detail on what is going on in the back-end: https://technet.microsoft.com/en-us/library/hh831782.aspx

Finally, my coworker Joey has a slightly older writeup here, https://joeydantoni.com/2012/12/14/group-managed-service-accounts/, that walks through the process of setting this up. Note that some of the requirements have changed since that was written, but the general process remains the same.

gMSAs are a nice feature that aren’t too onerous to setup, but go a long way to make your life easier and your data far more secure.

Windows 8, For Real This Time

Before I get started, I feel the need for a little disclaimer. Thusly: This is just what I think, as someone who is not really a pro in user experience or being right about what other people will think about an OS anything. I’m just a network guy sysadmin DBA wanna-be BI guy, that genuinely uses Windows by choice, and that’s about the extent of my expertise on the matter.

Back in April, I wrote about my first few days with Windows 8. It was the Consumer Preview release, which in previous development cycles, would have been known as a/the Beta release. As I said in that post, for the most part, it went OK, but I hadn’t spent an insane amount of time with the machine.

Configured Windows 8 Start Screen

How I have the Start Screen configured on my desktop. Part Start Menu and part information portal. You don’t want to know what it looks like off-screen to the right.

Since then, both Tammy and I have put the Gold bits on our main machines (although I still technically use my laptop more). I took the time to think about what I wanted out of the Start Screen on a desktop, and spent some time configuring it to make it useful. I actually like it for getting some quick information hits off of it—news headlines the weather, mail notifications… basically, all of the same things I like about Live Tiles on my phone. They’re not the main reason I use that screen, though, and it’s not even remotely where I spend most of my time. I’ll get to that in a second, though.

Honestly, for the most part, this experience has reinforced most of what I felt while using CP. I’ve also had some time to reflect on what it’s like on a Desktop vs what it might be like on a tablet someday (Friday!), and read a chunk of what others have to say about it. I’ve come to a few distinct conclusions, a couple of which focus on the types of people who will theoretically use the OS and how they will get along with it.

Information Workers/“Power Users”/Such People

For this crowd, there is at least one main point about Windows 8 I see being overlooked by a lot of people writing and talking about it: the role of the Start Screen on a non-table device.

I see a lot of comments about how it’s a split-personality OS and people will be confused by the “modern” UI (or whatever we’re calling it now), and how applications behave differently there than they do on the desktop, etc, etc. I think that’s disingenuous, depending on what kind of user you are. If you’re someone like an information worker, who uses a PC to for both content creation and consumption, I would expect you to spend the vast majority of your time on the actual Desktop part of the OS. The Start Screen should be nothing more to you than exactly what it is—the Start Menu just in full-screen form. All of the applications you use today are intended to run there. If you install them on a Windows 8 box, that’s where they will run; not on the Start Screen.

I don’t think I can stress this point enough—I flat-out think that someone seriously using a PC to do what most of us would consider “work”, shouldn’t be using the Start Screen for anything that they wouldn’t use the Start Menu for in Windows 7 (Or Vista. Or XP. Or Windows 95). I truly think if approaching it with this attitude, there is much less room for confusion, because the user experience is much closer to 7 than it is anything else. For someone worrying about productivity losses from switching, I would tell them that they are few, and it depends on whether or not they rely on some specific features that are no longer there (such as the app-specific Recent list on the Start Menu that I mentioned in my other post).

Don’t get me wrong, though—There’s still a bit of a learning curve to get over. Is the Start Button gone? Yes. Can you still crash your cursor to the lower-left corner and click to get the Start Screen to come up, just like you can to open the Start Menu on 7? Yes. Is your mouse speed set so low that you have to move your mouse an extra two inches on the desk to move to the corner from where the middle of the Start Button used to be? Well that’s another problem if so. But that’s just one thing. There are some things that are a little harder to get to. The way the whole Charms Bar is set up seems a little weird. For example, I would rather just open the Control Panel and get straight to what I want instead of digging around in the Settings part of the Charms bar.

Keyboard shortcuts can help with that a lot, though. Flag-I opens the Charms Bar right at a place where you can then hit ENTER to open Control Panel. OK, that’s pretty easy. Flag-X opens a little menu that gives you quick access to a lot of things, including the Control Panel. It’s also the fastest way to get to the System Properties dialog this side of Flag-Pause. Flag-R still works, and I still think if you’re actually clicking on the Start Menu, and then the “Run…” option, you’re doing it wrong. Keyboard shortcuts aren’t the answer to everything, though, nor should they be.

And that brings us to how it’s not all rainbows and unicorns…

Everyone Else/Proverbial Joe-Sixpack/My Mom

This is going to be a disaster. All that stuff I talked about above, about crashing cursors, keyboard shortcuts, and knowing the difference between the Modern UI and Desktop parts of the OS? None of that matters. This crowd will be dumbfounded when they sit down in front of a Windows 8 machine. Before, I said that it wasn’t going to be that bad, because the desktop was still there and still accessible. I think I was wrong by saying that. I think that dumping the OS straight into the Start Screen when you boot up will make people who don’t know any better (of which there will be many, and it is not and will not be their fault) think that’s what the new OS is. It will be all fun and games until they pick an option that kicks them down to the desktop and then they don’t know how to get back, because there is no real visual representation on how to do so. At least not until you put your cursor in the right place (magic corners). And don’t even get me started about app-switching with a mouse between Desktop and Modern apps.

Before, I compared 8 to Windows 95 and OS X in terms of “disruption.” I have realized that it’s not going to be the same—it’s going to be worse. What’s different this time is that more people already have computers and already know how to use them, or at the very least, expect to be able to figure it out quickly without a lot of effort. 8 will take more effort than that if you are completely uninitiated. 95 at least had the big button at the bottom that said START. They had a catchy Rolling Stones song to go along with the ad campaign; one that fit right with that new button on the screen and basically told you what to do to get going. Now? We’ve got a little animation the very first time you start up the OS that tells you to put your cursor on one side of the screen or the other.

Of course, all of this was done in the name of…well, I don’t know why. I still think it’s going to be a better tablet than Desktop/Laptop OS over the long term. I might be simplifying too much, but I don’t think that feeling would be as strong if the Start Screen isn’t the first thing you saw. Surely it’d be possible to detect what kind of hardware you’re on and make it behave accordingly? Or let the user pick? …and if it’s not a tablet, go to the Desktop first. Hell, go ahead and put the Start button back, since that seems to be such a big deal. Minor things, but a potentially big impact to user experience/frustration.

Surface

I preordered one, because I’m a fanboi. OK, that’s only part of it. I genuinely want a Windows Tablet because I want to see how well 8 works as a Tablet OS. And I want to get rid of upgrade [edited for clarity of thought -KLT] our Touchpads and iPad. I want to see how that keyboard really works out, because this could be a device that really puts a dent on my laptop use.

There’s a problem here, though, too! Windows RT! It’s not really Windows 8! Sure, it looks like it, it sort of acts like it, but you’re not going to be putting the old TweetDeck on it! OK, this is for another post altogether. I’ll talk about Surface after ours gets here and we’ve spent some time with it. Might not be until after Summit, though, because I might shove it in peoples’ faces to get some feedback.

Attempt at Final, Coherent Thoughts

As someone with the desire to figure things out and work around shortcomings, I think the OS is fine. In fact, I think it has taught me how to use Windows 7 a little better—namely, by pinning apps that I use every day to the Taskbar, so they’re always there. The number one reason to this on 8 is for ease of access to the “Run as different user” options (hold Shift while right-clicking). On both OSes, it’s a way to get an app-specific Recent Files list (like there was on the 7 Start Menu).

It still goes back to what our parents are going to think of when they try to use this thing, though. That’s what has me worried. It’s obvious that large swaths of the PC industry are moving away from desktops and laptops in favor of phones and tables (mostly the consumer space). I think Microsoft finally work up to that, but the problem is they’ve gone too far. It’s still a waiting game to see how it’s going to turn out.

We’ll start to find out for sure on Friday.

Right, I Installed Windows 8 CP

I know, all of my friends have been busy playing with the Gold bits of SQL 2012, and that’s all well and good. I should be doing that, too, really really. Except…Well… I don’t exactly need to worry about that at this point, unfortunately. Different story. Instead, I’m playing with the Beta Consumer Preview release of Windows 8, because I like Windows (news flash).

Back in college, I would use my laptop as the test-bed for new stuff. I carried it to classes, so I got a lot of keyboard time with it (and a lot of show & tell, too). New Office & Windows versions were the most-used victims, as I took notes in Word—these were the days before OneNote. After my freshman year, I had a desktop, too, so I always had a more stable place to get work done if I had problems with anything. I would have used my current laptop for this, but it’s an old boat anchor (a Latitude 120L), and has too old/crappy of a video card to run the display at its full res in 8. Tried it with Dev Preview & the best I could get was 800×600. I fiddled with the disk subsystem in my ESXi server & installed 8 directly on that hardware to test a couple of applications that I wanted to make sure worked before I got to…

Blowing Up the Main Desktop

It was a perfectly healthy, couple year old install of 7, but it was on a semi-decent machine (Presler core P4) with a good video card, so it had to die (you know, for science).

Windows Experience Index for test machine. Overall Score 4.5

CPU bound... just the way I like it

The usual first step of this process is copying the ISO contents to a USB stick for install. Since I don’t do this very often, I always have to look up the steps to make sure I don’t forget something while fumbling around in diskpart. For whatever reason, this time I stumbled upon a link to the Windows 7 USB/DVD Download Tool. This is a neat little thing that automates the task of transferring an ISO of Windows Install media to a bootable USB disk (don’t let the “Windwos 7” in the name fool you). I doubt it’s faster than XCOPY, but it’s a little easier.

The install itself went pretty quickly after a couple false starts. Can’t really compare it to anything, but it did seem fast. On its first boot, it offers to let you attach a/your Live account to it, like Windows phones do (and Google accounts on Android and AppleID on the iPhone). On my first test machine I went ahead and tied it to my Live account just to see what it did. The answer: other than grabbing your account’s picture and making it fairly ticklish to figure out how to auth when RDPing to the machine, I’m not really sure what it did. It may not be fair to say that since I spent a total of about 20 minutes on that install, but that’s how not-obvious it was.

On my “real” test install, I put the machine in our test domain, did my usual early system settings changes, & worked through the high points of my application install list. No real hiccups there, so I was able to get on with…

Actually Using the Thing

This all happened a month or so ago now, but I’ve still only gotten a fistfull of good usage hours with it. In that time, I’ve gotten a few things to talk about and/or show. None of these are really earth-shattering; just the things that stick out for me. For a more general overview of it, check out some of PeterB’s DrPizza’s Peter Bright’s articles related to the topic.

Obviously the biggest change and the elephant in the room is the introduction of the Metro UI to Desktop Windows. One of the side-effects of this is the Start Menu goes away. This is a pretty big shock, and it still catches me off-guard when I hit the Windows Key and the main monitor (I’ve got two on this machine) flips over to the Start Screen. Gone is the ability to organize things via folders. Instead, if an app wants to put shortcuts on the Start Menu, they just wind up on the Start Screen. They get arranged into blocks of icons by default, and you can arrange/delete them further if you like. Near as I can tell, that is the extent of the organization options one has. The problem that I found is if you install something like Server Admin Tools (there’s already a pre-release version for Windows 8, which is fantastic) that adds a lot of shortcuts all at once: the default behavior is apparently for these icons to simply be barfed all over the Start Screen.

Start Screen showing icons all over the place

Organization is Overrated in 2012

I don’t think this is a good thing, but in this architecture, I’m not sure what else can be done. If one’s interested in keeping the Start Screen tidy, there’s going to be a lot of micromanagement to do. On the other hand, back in Vista, a search bar was added to the bottom of the Start Menu. Handily, that text box had focus when the Start Menu was raised, so one could mash Flag (“Flag” is how I usually refer to the “Windows Logo Key”, primarily because “Windows Logo Key” is way too damn many syllables) and start typing to bring up whatever shortcut they’re going for. Judging by commentary I’ve read about that particular feature (OK, it’s mostly Ars readers), it seems a decent chunk of people use that as their primary app starting/finding vector for things that aren’t pinned to the Taskbar. In Windows 8, even though there isn’t a visual cue for it, this functionality is still there. Hit Flag, and start typing. A search screen will come up showing results for Applications, Settings (Control Panel Applets), and Documents; these are all the same categories of things that the Search bar in the old Start Menu will return. Not being one who uses this search to find things very often, I’m going to need to get used to it if I don’t want to spend more time than I do now managing what the Start Screen looks like.

Start Menu screenshot showing the "Recent" list of files

This feature leads the list of ones I didn't get at first, but now will miss the most

One thing I can say for certain: I’m going to miss is the “recent” list that shows up for some applications in the old Start Menu. This is the list of docs that will cascade out from the app’s shortcut when an app is pinned or otherwise lands on the main part of the Start Menu. I admit that I don’t use this feature all that often, but there are a few things, Remote Desktop being one, where I use the recent list almost exclusively when calling the application. It does work the best when a small set of files are used all the time (like, say, shortcuts to the ETL servers), but it’s really useful for that sort of thing. I haven’t found a way to mirror this functionality in 8, and that’s a bummer.

Once over the initial hurdle of getting past the Start Screen (hint: click on the “Desktop” button), in what I would consider normal use, I don’t feel like I’m using anything other than Windows 7 (or Vista, for that matter). My normal usage pattern on this machine resembles what most people would consider “work”—Office apps, web browsing/research, Quicken, Twitter (old TweetDeck!), and Live Writer for blogging. I would say photo editing/management, but that barely gets done anymore. Non-“work” stuff involves Windows Media Center, and not much else; don’t have time for gaming anymore, either. All of these things are non-Metro (“classic”) Desktop apps, and as such, operate on the desktop. Using this kind of application and launching them either using pinned Taskbar icons or opening documents straight from the file system means that I hardly ever see any Metro UI elements.

That’s pretty much a good thing, until a bunch of time goes by and one forgets what they’re doing. Then, for example, a random app is needed from the Start Menu. Hit Flag, and get smacked in the face by the full-screen Metro Start Screen. This has happened to me more than a few times since I’ve been using 8. I also haven’t put Acrobat Reader on the machine yet, so when I open a PDF, the built-in reader app launches, which is a Metro app. Smacked in the face again. This one is of course my own fault, as I’ve delayed putting Acrobat on to at least try the built-in reader for a while to see what I think about it. It’s very jarring when this happens. It’s also disruptive at the moment, because it’s so different and still new.

Speaking of these full-screen Metro apps, they have two major drawbacks to me. One is the fact that they’re full-screen. On a machine with a nice high resolution, I hardly ever maximize windows/applications to use them, so this is a little annoying. There is the fixed two-app display thing available, but it’s still a little wonky when it involves one Metro app and the Desktop. Since the Desktop behaves as a single application in this situation, if it’s the app on the small side of the split-screen, then the windows running on the Desktop become the same little thumbnails that pop up when you mouseover window buttons on the Taskbar. As a result, it’s likely that you can’t read what’s going on and you definitely can’t interact with them. This arrangement isn’t overly useful.

The second major drawback is something that got in my way early on: The only arrangement choice with Metro apps is on the main monitor. What if I want to put that application on the smaller of the two monitors I have (which isn’t the main one)? Turns out, that can be done. Among the list of keyboard shortcuts outlined in this Windows Team Blog entry is Flag – PgUp/PgDn, which “Move[s] Start screen to Left/Right Monitor.” That command does exactly what it says it does, but also moves full-screen Metro apps with it (plus the “primary” Taskbar). It appears to be the same functionality as the “Use this monitor as my main monitor” checkbox on the Display Options dialog, just in handy keyboard shortcut form. The operation itself is smooth and fast, even on my less-than-optimal hardware, and technically it does address what I was trying to do. As part of moving the whole Metro…environment, for lack of a better term, it takes the built-in split-screen functionality with it. I guess that makes sense, but all of these “features” just continue to make the whole thing feel contrived.

While using this, a couple specific items stuck out at me, and I’ll go through those next.

File Copy Status

From the “it’s the details that count” category, we have the File Copy Status Dialog. (If this thing has an actual name, I obviously don’t know what it is.) Couple new things here which, as a completely crazy person who likes to watch numbers change, are welcome additions.

New File Copy Dialog showing the "More Details" view

Best thing to happen to the File Copy dialog since the File Copy Dialog

First, I almost always hit the “More Details” button to see what kind of throughput I’m getting on a copy/move/delete. Finally, in Windows 8, if you flip it to the More Details version of that little dialog, the setting sticks! Every time a file is copied, the status dialog opens with all of the details showing. Awesome.

Even better is a little throughput histogram which is now shown. This thing pulls triple duty, visually representing both percent complete and current/historical throughput, and also showing the current throughput in text form. Because at the moment I’m not overly enthused with this OS, this dialog is probably my favorite new feature.

New Task Manager

There’s a new Task Manager in 8. It brings some of the functionality of the full-blown Resource Monitor down into the smaller Task Manager package. I find this a bit of a mixed blessing, but in general it’s pretty nice. I usually leave Task Manager run all the time, so am a little worried about the performance impact with the new one—I’ve sometimes seen Resource Monitor peg out a CPU core while displaying disk activity.

That’s all well and good. BUT! With this machine, I got the old task manager! At first, I thought it was just because I decided to put it in the domain for this evaluation. Long story short, I had Task Manager pinned to the Taskbar on this profile, and I had used that shortcut to start it. Turns out, there are now two different Task Managers in Windows—the old one is still taskmgr.exe & the new one is TM.exe. The new one does eat a lot more RAM than the old, so there’s at least that going on between them. I’d guess that the old one will go away at some point, but for right now, we’ve got a choice on which one to run.

Minor Issues

I’ve had a couple non-UX/UI issues so far, both related to specific applications.

The first one is with the “new” TweetDeck (version 1+). I tried to install it, and it went on, but when I tried to sign in to my TweetDeck account on first launch, it couldn’t do it. The password I was using is right, but I couldn’t get anything other than an “unable to log in” error. Since Twitter has changed it so it can’t be used without using a/your TweetDeck account, I wasn’t getting anywhere with that. I put the most recent Air-based version on, and it is running fine.

The other application problem I am having is with Windows Live Writer. It is pretty unstable in general, but it will also crash pretty much all the time when trying to open an in-progress draft post. This makes it slightly ticklish to pick up again on a post if LW wasn’t left running. What I have found out that works is if the in-progress file is opened from the file system. That will start up LW & open the desired file. Better than nothing.

Overall Thoughts at the Moment

My feelings at the moment mirror what a lot of other people are saying: This OS is going to kick some serious ass on a tablet, and I can’t wait to get my hands on some of that. What it doesn’t do as well so far is be a desktop OS. IMO, this situation is most glaring with a multi-monitor setup. I don’t like how Metro apps are basically locked to full-screen and generally don’t feel very flexible. It also bugs me that the “classic” desktop sometimes behaves like a single application (like when it is involved in the Metro split-screen arrangement). I’m stopping short of outright calling the multi-monitor experience broken, but it’s sub-optimal, at least.

It will be interesting to see where all this goes. Since Metro apps are stuck in their box, and do a fairly good job of breaking what I consider the “normal” desktop computer workflow, I wonder if vendors will release multiple versions of applications so both desktop and tablet users will be able to use applications that function in their respective native environments. Not knowing much about software development, I don’t know how much easier (or cheaper) said than done that statement is. There’s been a lot of talk about browsers being released as native Metro apps. Obviously there will have to be some set of applications released as Metro apps, since that finger-friendly interface will definitely be the main one used on Tablets. My hope right now is that vendors (and Microsoft, for that matter) continue to support the Desktop work environment.

Bottom line: Other than minor-to-moderate problems with the UI & UX, it seems to be just as solid of an OS as Windows 7 is. I think it’s possible to use the OS mostly just like Windows 7, too. I want to emphasize that statement, because I feel like there’s a lot of frothing at the mouth about how terrible Metro is on the desktop. Although I don’t like everything about it either, there is plenty of “old” Windows still there. I truly, honestly, don’t believe Metro being in Windows 8 like it is right now is going to be as much of a failure as some on the Intarwebs are saying. Disruptive? Yes, definitely… But so were Windows 95 and Mac OS X.

Time will tell whether or not I change my mind.

Alright, So Maybe I Get the Cloud…

In general, I’m a cynical, Negative Poo-Poo Head. In the last few years, I’ve become more and more this way when it comes to technology trends. My first reflex as to why, is my increased time spent working with developers on a day-to-day basis, and my perception of how development  is susceptible to Flavor-of-the-Week-itis. I don’t think that’s really the cause; instead, I think I’m just getting more cynical as I get older in general. I know, this isn’t necessarily a good thing, but that’s a different blog post. The good news here is that I at least can still turn it off when I need to.

Anyway, the Cloud and my negative poo-pooness.

I’ve basically spent more time making fun of Cloud Computing than I have learning about it. “Oh, it’s the dumb terminal/mainframe paradigm all over again”, “There’s something wrong with this whole thing when you can buy a shipping container full of servers, put it out back, and call it a ‘private cloud’”, “It’s just the latest buzzword/flavor-of-the-week”, on and on. Honestly, even though Brent, Buck, and others have been saying it’s the Way of the Future™, I didn’t buy it.

Well…I think I’m on board now.

What changed my mind?

I don’t think I can nail it down to one thing, but I can point to a couple things that have been going on lately that played into this change of heart.

Last Friday was the Nashville SQL Users Group Meeting. Presenting was Brian Prince (Twitter | Blog (lookit dat Gamerscore) ) on SQL Azure. I was pretty interested in this topic due to wanting to actually learn something about this stuff that I make fun of. OK, that and I am a little interested to see what all the fuss is about.

Although I had to leave early due to an unfortunately-scheduled meeting, I did get to see most of Brian’s presentation. I was impressed with a lot of what I saw. I was impressed by the shipping containers full of servers that make up open-air datacenters. I was impressed by how they each can have their own genset backup power sitting next to them, how the servers in the containers live at 95o F, are cooled primarily by what basically amount to Swamp Coolers, and pretty much never get touched once they’re racked up. During this part of the presentation, the Sysadmin in me was clamoring to give up the DBA thing and figure out how to get a job building/supporting this stuff, because it looks just that awesome…

Brian then went into the components the Azure platform and where SQL Azure sits in it and how it is supported, replicated, and made available. We also got to see how you actually use the system along with some good arguments about DBs that we all have in our environments that would be good candidates to move to the cloud. The prices seem pretty good (I haven’t done any extensive calculations) when compared with running small but still mission-critical DBs in-house… It all actually sets up a pretty good argument.

All of this good info and eyes-on examples went a long way to getting me over whatever I was afraid of or didn’t buy about the system.

Buck has been going on about this whole thing for a while, and even put his money where his mouth is and is moving over to the Azure team. At first, I thought that was a loss for the SQL Community, but I think with my improving outlook, I don’t feel that way anymore. I believe it will be for the better, and I can’t wait to hear more from him in the future.

These are a couple of the things that have been going on lately that are beginning to change my mind about the cloud. I’m looking forward to learning more about it and considering it as an implementation option in the future.