Dec 30

Government Shutdown’s Impact on Contractors and Employees

Contractors Face Considerable Financial Risk

With Congress and President Trump at a budget impasse, funding for significant portions of the US Federal government ended midnight Friday, December 18, 2018. Historically, government employees are not paid on time but are retroactively paid after the new budget is implemented. The same is not true for government contractors.

Government contractors compete against each other to provide a wide range of services such as computer programming, construction, security guards, cafeterias, janitorial services, technical experts, maintenance workers, and much more. When the government shuts down, contractor staff are not needed or can’t do their work. But they are real companies and people who suffer. Long-term, it’s bad for US taxpayers.

Our Contract with Amtrak is Suspended

We have a government contract with Amtrak which was suspended by this letter:

This contract provides help for Microsoft Access database programming and is relatively small. We do not have dedicated staff for the contract, so we are not really affected as our people will work on other projects.

Unfortunately, we have colleagues who are government contractors or in businesses more dependent on the government who are significantly impacted by the shutdown. This is especially true for companies who provide staff to work at government facilities that are now closed. Most are hesitant to speak publicly about their experiences in fear their government clients would be offended, so we’d like to share our experiences and theirs.

Very Tough Situation and Decisions for Government Contractors and Their Employees

Since government contractors are unlikely to be repaid when the budget is finally resolved, government contractors with dedicated staff for those contracts need to decide whether to pay their employees for time they never expected to not charge to the government. The impact is somewhat offset by the Christmas and New Year’s holidays, and maybe they can force employees to take vacation days. But as the shutdown lasts longer, contractors will have to pay their employees from their own funds. Not paying them runs the risk that the employees leave and won’t be available once the budget is resolved. One cannot expect employees to remain loyal if they aren’t paid. Meanwhile, employees are dusting off their resumes and seeking alternative employers.

Small businesses are especially vulnerable since many contracts have small profit margins, so without significant cash and lines of credit, a cash flow problem can quickly bankrupt a company. Even generous owners who try to do the “right thing”, may not be able to if their cash is depleted. That would lead to fewer government contractors in the future and higher costs to taxpayers.

A friend of mind who owns a firm completely focused on servicing the federal government shared:

“As contractors, our employees still get paid and yet we are unable to bill. Cash is king and small companies like mine live and die by cash. This is the worst.”

Media Coverage

On December 26th, we sent a Twitter message with the letter we received from Amtrak and the sympathy we feel for government contractors and their employees.

That led to our inclusion in a Washington DC News article on WUSA Channel 9 (CBS) by John Henry that evening. A video of the coverage with our Amtrak letter and insight are in this article: #ShutdownStories: Government contractors tackle life without pay during partial shutdown

On December 27th, I was interviewed in the Huffington Post article by Sarah Ruiz-Grossman about the challenges facing contractors entitled
Shutdown Leaves Government Contractors Without Work And Likely No Back Pay.

“Business owners who have [dedicated] staff are making the decision: Do we pay people or not, even though we won’t get paid by the government? Either you force people to take vacation, or you pay them, to be a good company ― but depending how long it drags on, one may not have a choice.”

On December 27th, Bridget Johnson included us in her Homeland Security Today article:
Federal Employees, Contractors Tweet Worries with #ShutdownStories

Self-Inflicted Wound that Should be Resolved Promptly

Eventually the budget will be resolved. We hope the parties come to their senses and do it sooner rather than later because innocent people who’ve dedicated their firms and lives to providing a professional service to US taxpayers are at risk and feeling real pain. That’s terrible for them now and our country long-term.

May 18

Converting Microsoft Azure SQL Server Databases to SQL Elastic Pools to Share Server Resources

Microsoft SQL Server Databases on the Azure Cloud

Microsoft Azure lets you economically and quickly host enterprise quality SQL Server databases in the cloud. The cost of each database is relatively modest.

Managing Resources and Costs for Individual Databases

However, as you add more databases, larger databases, and/or databases that require more resources, costs increase. Providing more resources to a database is helpful when it demands it, but when users aren’t on it or during non-business hours, it may be wasted capacity. Even during business hours, one can have some databases being utilized more than others at unpredictable levels.

Pooled Resources Across Multiple Databases

Fortunately, Azure offers an Elastic Pool option to share resources across multiple databases. If the demand on your databases is inconsistent (spiky), you can provide a high level of capacity that’s available to the most demanding database while allowing other databases to share those abundant resources when needed.

  • You no longer need to set the limits of each database,
  • You are not charged a per database monthly fee which is great for supporting lightly used databases.

Migrating Existing SQL Server Databases to Elastic Pool

Microsoft provides information on SQL Elastic Pools but does not explain how to convert existing databases to an Elastic Pool.

FMS President Luke Chung wrote a new paper with step-by-step instructions on how to convert existing SQL Server databases on Azure to an Elastic Pool without the need to change the database connection strings:

Converting Microsoft Azure SQL Server Databases to SQL Elastic Pools to Share Server Resources

Here’s more information on Designing and Deploying Microsoft Azure Solutions

May 10

Remote Desktop Authentication Error Has Occurred. The function requested is not supported. CredSSP Workaround

Remote Desktop Connections Fail

Starting May 9, we received many reports of Remote Desktop connections failing globally. Users received error messages like this when they tried to remote to machines they connected to successfully for a long time:

Remote Desktop Connection Error

An authentication error has occurred.
The function requested is not supported

Remote computer: <computer name>
This could be due to CredSSP encryption oracle remediation.
For more information, see https:/go.microsoft.com/fwlink/?linkid=866660

The link goes to this page, https://support.microsoft.com/en-us/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018, and explains the Credential Security Support Provider protocol (CredSSP). It offers extensive information on a series of updates since March 2018. It recommends some steps but isn’t very clear what those changes are nor whether those changes are needed to be made by network administrators globally via group policies, or group policies on every PC and VM.

Caused by a Microsoft Security Patch

The Microsoft Security patch issued on Tuesday, May 8th triggered the problem by setting and requiring remote connections at the highest level (CredSSP Updates for CVE-2018-0886)::

Security update deployment information: May 08, 2018

It changed the default setting from Vulnerable to Mitigated which means that any PC using CredSSP is not be able to use insecure versions. If your PC received the May update but the target PC hasn’t implemented the CredSSP update, the PC receives the error message when it tries to connect to that PC.

The automatic Windows patch to raise the security level is not implemented if the PC doesn’t allow automatic updates. This mismatch between the implementation of a security requirement (which is not optional) without the corresponding automatic update may be the source of this problem.

However, there are many situations such as development, testing, build, staging, and deployment environments which require a stable environment that would be destroyed by automatic Windows updates.

We continue to research this.

Symptoms

The symptoms are rather strange because we found that some machines successfully connected while others didn’t.

For instance, we had a Windows 7 machine that hosted Remote Desktop. A Windows 7 PC had no problem connecting to it, but the same user connecting from a Windows 10 machine failed when that was never an issue before and the host machine allowed remote connection for years.

There are also reports of problems with Windows 10 machines connecting to Windows 10 machines, and people locked out of their Azure VMs.

Workaround Solution

One could rollback the security update, but rather than risking other security problems, there’s a quick fix.

Simply adjust the Remote Desktop settings on the host machine to a lower security level. From File Explorer, choose Computer, right-click and select Properties, then click Change Settings, and go to the Remote tab.

From Windows 10, uncheck the option to “Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)”:

From Windows 7, it’s setting the option to the Less Secure option rather than More Secure:

Once these are set, users can remote to the machine again.

Microsoft Comment

Based on this blog post, a Microsoft colleague told us this:

“I double checked the Windows bug database and they are aware of the problem. No ETA on a fix yet unfortunately. Your workaround is what’s suggested to temporarily get around the error, although it is not suggested as a long-term fix.”

Alternative Solutions

This section was added after our initial workaround and is based on the experience of many users struggling with this problem.

The problem is often caused because the local machine is patched with the Windows Update and the machine it’s connecting to is not patched for the CredSSP issue. If both systems were patched then this error would not occur.

There are two options:

Update the Target Machine

Update the target machine with the patch for the CredSSP issue (preferable).

Update the Local Machine

In many cases, you don’t have the option to modify anything on the target machine. You may even be prevented from modifying your own machine, but assuming you have administrator rights, you can change the Group Policy on your local machine to use the Vulnerable setting.

Big picture, it’s ridiculous to lower one’s security settings to connect to a machine that wasn’t updated. It would be much better if it prompted or automatically connected to lower level machines without turning off the higher security level for everything else. All it takes is one target machine that you can’t modify to force this change on your machine. But at least you can get your work done.

  1. Enter run “gpedit.msc” to edit group policy, or from Windows start, enter “Group Policy” and select “Edit group Policy”:
    1. Windows 10
    2. Windows 7
  2. From the treeview, choose Computer Configuration -> Administrative Templates -> System -> Credentials Delegation
  3. Select “Encryption Oracle Remediation” from the right pane (if it’s not there, it probably means your machine wasn’t patched):
  4. Enable and set the Protection Level to Vulnerable:

Hope this helps.


Additional Problem: Cannot Connect via VPN

We’ve discovered problems with VPN connection if the PC has Remote set to the higher security level.

The network connection fails with error: Cannot load the Remote Access Connection Manager service. Error 711:

Lower Your Remote Desktop Security to have the Security to Make the VPN Connection

Apparently, the Remote Desktop setting on the client side impacts its ability to connect via VPN to the host side.

By lowering the setting to less secure for others to connect to the PC, the PC can now successfully connect to the VPN. What a mess.

Additional Discussions

I’ve also been involved in other online discussions:

Summary

It’s late August, and it’s shocking that this problem remains after so many months. I am extremely frustrated by the Windows update policies and Microsoft’s inadequate testing before these security patches are deployed. This is very disruptive and dangerous to many organizations trying to fulfill their missions expecting their PCs to be reliable.

Microsoft security “purists” claim the current approach is necessary to address the serious threats facing users. I guess it wouldn’t be an issue if the updates worked without disruption. However, the downside of this medicine may exceed the illnesses they are trying to prevent.

Hope you are able to resolve this and move on.


Additional Remote Desktop Connection Resources

Apr 12

What Happened When We Created a Facebook App for Social Network Analysis

facebook-medFacebook and Mark Zuckerberg are getting blamed for a large number of issues from promoting fake news, election fraud, mishandling user data, and profiting from selling user data.

While some of that may be true, the Facebook security breach is actually a violation of Facebook API licensing rules by the people who used it. Facebook provided the data and encouraged developers like us to create innovative solutions for the Facebook ecosystem. They weren’t selling the data.They weren’t even charging us to use it.

Our Facebook App with Social Network Analysis and Maps

In 2010, we created a Facebook application using our Sentinel Visualizer technology to perform Social Network Analysis (SNA) based on a user’s friends’ friends. It would automatically cluster friends so you could quickly see their groups (high school, college, work, family, in-laws, clubs, etc.).

Facebook Social Network Analysis App of Clustered Friends

Each box (picture) was one of your friends, and you could move them around the network, hover over them to get their info, or click on them to go to their page.

We also plotted friends on a Microsoft Bing Map making it easy to see who were near you or where you were visiting.

Plotting Your Friends' Locations on a Map

 

We launched our free Sentinel Visualizer Facebook App to a limited number of users and it started to gain followers. People were amazed to see which of their friends knew each other. The application started to go viral. We were having trouble supporting the traffic.

Not Allowed to Save Facebook Data

One of the things developers couldn’t do was to save Facebook’s data. All we collected were the user names and email addresses people provided when they registered our program. Unfortunately, other developers didn’t abide by Facebook’s terms and the data improperly got to Cambridge Analytica and others.

Facebook Stopped Making the Data Available

Our app ceased to work when Facebook limited their APIs and prevented our ability to get to the list of your friends’ friends among your network.

It’s not entirely Facebook’s fault for trying to spur innovation by sharing their data for free. Some developers violated the trust Facebook gave them.

The Full Story

Here’s our new web page describing our experience in detail:

Mar 20

Microsoft Access/Office Resources

There are many online Microsoft Access resources available from the Access and Office teams.

New Microsoft Access Tech Community Site

access-community

This is the Microsoft Access development team’s community site that’s integrated with the Access program. Expect to see more and more information and discussions here:

Microsoft Access Tech Community Site

Online Microsoft Access/Office Training

office-training

Online training videos from Microsoft are available for most Office products.

Online Microsoft Office Training

Click on the Access icon to see the Microsoft Access training videos, or go directly to:

Microsoft Access Training Videos

Microsoft Access Help Center

access-helpcenter

The documentation team manages this site for MS Access documents and online help.

Microsoft Access Help Center

Old Microsoft Access Support Team Blog

access-blog

This Microsoft Access blog site is being retired but still has relevant information.

Become an Office Insider

office-insider

If you have an Office 365 subscription, and want to get the latest builds of Office/Access, become an Office Insider.

Sign up from the PC that will host the insider version. Of course the insider version is not ready for prime-time, so don’t use it for your development or production environment.

Office Insider Sign-up

Apr 28

Microsoft Access Video on VBA Programming with Luke Chung at Access DevCon 2017

FMS President Luke Chung was a presenter at the Microsoft Access DevCon 2017 in Vienna, Austria in early April.

Before giving two conference presentations, he was sat down and spoke with Philipp Stiefel of codekabinett.com of Germany. Philipp is creating a series of videos discussing VBA development.

Luke shares the history of how FMS Inc. began working with MS Access and how we now offer 12 products for the Access community, including Total Access Analyzer, Total Access Emailer, Total Visual CodeTools, and Total Visual SourceBook.

They talked about:

  • VBA Best Practices
  • How end-users migrate from Excel to Access, then learn how to code
  • Why people are hesitant to purchase third party products and how FMS overcomes that by showcasing the value we offer
  • Using tools like Total Access Analyzer to catch errors before shipping and learning best practices
  • Using the module code in Total Visual SourceBook to address problems we’ve already solved so you can focus on the unique issues in your applications
  • The value of creating consistent, quality code
  • How to improve code for developers of all backgrounds
  • Being in constant “growth” mode to look for ways to become a better developer

FMS Inc. is proud of the quality of products we have produced for the past 30 years. We are honored to continuously be regarded as a leading expert in the Access community. Thank you for supporting us and we hope you enjoy the 20 minute interview!

 

Jan 05

Sean Hannity Radio Show Interview on Julian Assange, WikiLeaks, Russian Hacking, and Cyber Warfare

sean-hannity-radioBackground

The day after an amazing personal interview of Julian Assange by Sean Hannity aired on his TV show, FMS President Luke Chung was invited to discuss the related technology on his radio show.

Hannity traveled to London to interview Julian Assange at the Ecuadorian Embassy where he’s seeking asylum. They discussed an overview of Assange’s role as founder of WikiLeaks, and their obtaining and publishing the emails from the Democratic National Committee the weeks before the US Presidential election. Some people attribute Hillary Clinton’s loss to the revelations in those emails especially from John Podesta, the former White House Chief of Staff and Chairman of the Clinton campaign. They are also accusing the Russians for hacking (stealing) and providing the data to Assange so Donald Trump could win the election.

Radio Show

On January 4, 2017, I was on the radio show with Sean Hannity and Brigadier General Eli Ben Meir, former Israeli Military Intelligence chief. The three of us discussed the WikiLeaks disclosures. I commented specifically on:

  • Cyber attacks and the security breach at OPM disclosed non-classified government employees and by omission who were covert at American Embassies globally.
  • Noting Julian Assange’s careful word choices to exclude Russia as source without excluding them as the ultimate source of his sources.
  • The need for WikiLeaks’ to keep their sources confidential and how they amplified the data from Bradley Manning and Edward Snowden.
  • Different approaches to preventing cyber attacks depending on the cause.
    “It’s one thing when someone steals your car because they broke into it. It’s another thing when someone steals your car because you left your keys in the ignition.”

Here’s the audio of the show:

My segment starts at the 6:50 mark. Sean and General Meir speak first, then I start around 9:25. Final comments at 14:15 and it wraps up by 14:50.

Additional Issues

Only a limited amount of information can be discussed in such a short interview. Some additional issues to consider are:

Data Security

Securing data over the internet and inside organizations is very challenging. Threats may come from:

  • External hacks that need to be monitored and defeated
  • Internal people who unintentionally leave the front door unlocked
  • Internal people who intentionally leak information

Different solutions are required for each type of threat. Some are at the software vendor, design, and developer level, while others involve end-user training, background checks, and monitoring.

Applications can be built so that simply disclosing a user name and password doesn’t compromise the whole system by require two-factor authentication and registering devices that can use those credentials.

Unfortunately, many systems were built well before today’s cyber threats existed. The cost of making those systems more secure without breaking their existing functionality will be daunting and expensive. In many cases, the original source code, development environment and/or vendor are long gone, so the only option is to replace them which is also very expensive and time consuming.

Julian Assange and WikiLeaks are Not Heroes

We need to keep in mind that the WikiLeaks exposed top secret US information by publishing the disclosures from Manning and Snowden. Lives were put at risk and lives may have been lost because of those publications. The Arab Spring was inflamed in part by the disclosure of diplomatic communications and one could argue the human tragedy in Syria is tied to this as well. While Republicans are celebrating and defending Assange and WikiLeaks now for the DNC emails, the tables may turn very quickly.

Data That’s Not Exposed May be More Dangerous

While many are focused on the DNC emails, it’s not unreasonable to assume the people who hacked that also got the RNC emails. Data can be power, and in the wrong hands, data can be used for nefarious purposes such as blackmail.

If the RNC data were compromised, we should be extremely worried if the hackers discovered it was more valuable to keep private than public. Whether they use it directly or sell it to another party or country, the information can make victims puppets by threatening the exposure of their personal data. It’s not uncommon during E-discovery of an email server to discover all sorts of inappropriate language, behavior and activity conducted by individuals in an organization. Disclosures of affairs, homosexual activity, underage sex, bribery, unethical business dealings, breeches of confidentiality, collusion, and actual crimes are often found in email threads and can be used for blackmail.

Additional Resources

Aug 24

Total Visual Agent Available for Microsoft Access 2016

topbannertotal-visual-agent-60scheduler

Total Visual Agent, the world’s most popular maintenance scheduling tool for Microsoft Access/Office and Visual Basic 6 (VB6) is now available for Microsoft Access 2016 (and earlier). This is the ninth major release of Total Visual Agent and introduces many enhancements to automate maintenance chores easier than ever.

To keep your Microsoft Access databases healthy, you need to regularly compact them. For disaster recovery, you should also be making backup copies of your database regularly. You may also have regular tasks such as printing reports that are performed regularly. Total Visual Agent does this and much more on a schedule you specify. Run tasks hourly, daily, weekly, monthly or just one time. Perform database chores, run Access macros or Windows command lines. A complete audit trail is maintained, and you can even be notified by email if something goes wrong. Total Visual Agent can also be run as a Windows service to restart if the machine reboots and for added security since a user doesn’t need to be logged in.

Total Visual Agent 2016 leverages our vast expertise, and offers the best database management solution with many new features:

Total Visual Agent

  • Supports Microsoft Access 2016
  • Supports Windows 8 and 10
  • Does Not Require Access to be Installed on your PC
  • Database Lock Error Identifies Offending Machines
  • Activity Log is Separated from Settings Database
  • Activity Log Shows Duration of Each Activity
  • Email Notifications Support TLS and Office365 SMTP
  • Tasks are Not Run at the End of an Event Interval
  • Enabled/Disabled Status Shown on the Event Form
  • More Robust Windows Service Feature
  • Improved Monitor Settings Tab
  • Default Location of Archive and Extract Folders Moved
  • Improved Setup Program
  • New user manual and help file
  • download-trial-blueand More…

Download the free trial version today!

Easily Define and Manage Events, Tasks, Databases and Folders

manager_2016

Aug 17

Total Access Emailer Version X.7 for Microsoft Access 2013, 2010, and 2007

Microsoft Access Email BlasterTotal Access EmailerMicrosoft Access Email

With the recent release of Total Access EmailerTotal Access Emailer for Microsoft Access 2016, we are pleased to release updates of earlier versions to include the many new features:

  • Total Access Emailer 2013, Version 15.7
  • Total Access Emailer 2010, Version 14.7
  • Total Access Emailer 2007, Version 12.7

Total Access Emailer is the most popular email blaster for Microsoft Access. Easily send personalized emails directly from your Access database. Quickly communicate with every email address in your table or query. Use fields from your data source to customize each subject and message. Attach files from disk and also attach reports as PDF files filtered for each recipient.

The new X.7 version includes many new features since their previous version:

  • email-validationEmail Validation to check the syntax of the values in your email field so you can flag invalid emails in your table before you send your blast
  • Save Attached Files to Disk. This lets you document the attached files sent to all your contacts without using blind cc (Bcc).
    • This can also be used independent of sending emails as a way to distribute files and PDF reports to disk. You can even create folder names based on field values.
  • Preview Saving Files to Disk
  • New VBA Function to Preview Email Blasts with Save Files
  • Code Generator Supports Preview Email with Save Folder
  • Support for Office365 and other SMTP Services using TLS
  • Enhanced setup for Windows 10 and 64-bit installations
  • Updated user manual and help file
  • Complete list and additional details of new features in Total Access Emailer X.7.

download-trial-blueDownload the free trial version and send your own personalized emails from Microsoft Access.

Create multiple email blasts in your database and run them at any time through the Total Access Emailer add-in Wizard:

Main Screen of Total Access Emailer 2016

Jun 13

Total Access Emailer Ships for Microsoft Access 2016

Microsoft Access Email BlasterTotal Access EmailerMicrosoft Access Email

Total Access EmailerTotal Access Emailer is the most popular email blaster for Microsoft Access. Easily send personalized emails directly from your Access database. Quickly communicate with every email address in your table or query. Use fields from your data source to customize each subject and message. Attach files from disk and also attach reports as PDF files filtered for each recipient.

Total Access Emailer is now available for Microsoft Access 2016. Total Access Emailer 2016 includes many enhancements since the prior release for Access 2013:

  • Supports Access 2016
    • 32 and 64-bit versions
    • Add-in and VBA Runtime libraries in the Professional Version
  • email-validationEmail Validation to check the syntax of the values in your email field so you can flag invalid emails in your table before you send your blast
  • Save Attached Files to Disk. This lets you document the attached files sent to all your contacts without using blind cc (Bcc).
    • This can also be used independent of sending emails as a way to distribute files and PDF reports to disk. You can even create folder names based on field values.
  • Preview Saving Files to Disk
  • New VBA Function to Preview Email Blasts with Save Files
  • Code Generator Supports Preview Email with Save Folder
  • Enhanced setup for Windows 10 and 64-bit installations
  • Updated user manual and help file
  • Complete list and additional details of new features.

download-trial-blueDownload the free trial version and send your own personalized emails from Microsoft Access.

Easily Run and Manage the Email Blasts You’ve Created in Your Database

Main Screen of Total Access Emailer 2016