Where's the OneDrive Pro Sync Client for Mac?

When Microsoft upgraded my OneDrive Pro (part of Office 365) to 1TB of storage, I went looking for the Mac sync client. Here's what I found.

featured-image

Microsoft's OneDrive client download page

"Later this year."

There's a part of me that screams "I want it now!"

I may have issues with instant gratification.

Browsing Microsoft's community/forum sites for some more info, I ran across this:

So what does "later this year" mean, exactly? I have no idea. We're in Q3 and in another month and change, we'll be in Q4. Microsoft has been pushing OneDrive pretty hard, and on the consumer side, they've got a sync client up and running already. But on the business/enterprise side? Nope, not so much.

I get that sync clients are actually one of the most frustrating things to get right, but what bothers me about the lack of one for the Mac platform isn't that they don't have one yet; it's the reason why they don't have one yet.

I think that reason is Sharepoint.

See, OneDrive Pro is running on what looks like Sharepoint. It's got "sharepoint" in the URL. The web front-end looks like Sharepoint (albeit a more 2013 version of the service). It's got all the typical Sharepoint tools - views, libraries, workflows, check-in, check-out, the whole 9 years.

It's Sharepoint.

If it looks like Sharepoint and it walks like Sharepoint...

Now, I'm not a Sharepoint expert. There are people who make their living being Sharepoint experts. I'm not them.

What I do know is that Sharepoint is a bit like the red-headed stepchild of the I.T. world. No one I've talked to seems to like it. I've seen more eye-rolls about Sharepoint than anything else (well, except maybe Windows Vista) in the IT world.

So - here's Microsoft, which has a pretty nice and successful (if somewhat slow on the web interface) cloud storage service with OneDrive for consumers, and instead of taking the tech behind that and implementing it for the OneDrive Pro product, they're saddling us with Sharepoint.

Which doesn't have a Mac client yet. Which means I can't use it for my primary cloud service.

I do use it - thanks to CloudHQ.net, I can use it as a backup service for all my various cloud platform stuff, but that's about it. Until there's a Mac client and I've used it and made sure it doesn't suck — and perhaps even after, if it doesn't look and work like crap — I might still stick with the consumer flavor of OneDrive.

Like so many other companies and technologies, MS continues to confound and delight me.

When Microsoft upgraded my OneDrive Pro (part of Office 365) to 1TB of storage, I went looking for the Mac sync client. Here's what I found. Microsoft's OneDrive client download page "Later this year." There's a part of me that screams "I want it now!" I may have issues with…

Read More

Casper 9.4 Dropped Last Night

Lots of stuff to look into. New Self Service options, native app for iOS if you're into the whole MDM thing, a new pricing tier for BYOD, and more.

Release notes are here.

New version of the Admin Guide is here.

Lots of stuff to look into. New Self Service options, native app for iOS if you're into the whole MDM thing, a new pricing tier for BYOD, and more. Release notes are here. New version of the Admin Guide is here.…

Read More

CloudHQ FTW

Since ditching Dropbox earlier this year, I've been looking for an alternative system that gave me back most, if not all, of the functionality of Dropbox. Thing is, the guys at Dropbox do an absolutely tremendous job of creating a service with an ecosystem so rich, moving away from it is painful enough to warrant at least a momentary reconsideration.

Some decisions have to be made, so I took a deep breath and switched to OneDrive for the moment. Microsoft's fledgling cloud service is plenty powerful, with Mac and iOS sync clients that do an adequate job making sure my data is ubiquitous.

Still, the one thing that's missing from OneDrive is that most iOS apps don't tie into it the way they do with Dropbox. OneDrive does offer the API, sure, but I guess they don't have the critical mass for developers to make the effort to tie their apps into it.

The next best thing for this kind of API tie-in is probably Box.com. I've used Box at two companies that I've worked for now, and it's a pretty comprehensive service I may even move my files over to them permanently, but I'm waiting for iCloud Drive to make its appearance before I make any final decisions.

So for now, I have all my cloud files in OneDrive, but need to use Box on occassion for some iOS apps that do make the effort to tie into it.

Enter CloudHQ.

featured-image

The CloudHQ main page.

Think of this thing as IFTTT for cloud services. Yes, I know IFTTT does tie into Box and OneDrive too, but this thing actually goes several steps beyond and will sync existing data, not just the stuff you add after the trigger has been created.

You set up your synchronization pairs with a drag-and-drop interface, and with a $16.90/month Premier account, there's no limit to the pairs you can set up, nor to the amount or number of files you can sync. A $29.90/month Business plan includes the ability to sync Sharepoint, integrate with Google Apps Admin, and manage multiple users. Yearly discounts are also available.

CloudHQ Pricing

CloudHQ Pricing

In practice, setting thngs up was ridiculously easy. You drag and drop the services you want to the two boxes, decide which folder you want to sync, and go from there.

Setting up sync in CloudHQ

Setting up sync in CloudHQ

If you're syncing the full contents of one service to the other, just select the root folders for each service and have at it. If you're not, watch how you set up the folders; once you do, you can't go back and change them. You have to destroy the sync pair and recreate it.

You can create up to 10 sync pairs under the Premium or Business accounts; a free account limits you to just one.

With CloudHQ set up to syncing my "writing" folder, I can now fire up an editor like Daedalus Touch for iPad and get to typing. Once I'm done, a few minutes later, the changes are synced to my OneDrive.

The question in my mind wasn't just about how well the system worked, but also how secure it was. I went digging in the company's privacy policy, and found a lot to like, and a few things to quibble about.

What I liked

From the Privacy section of CloudHQ.net

All 256-bit AES keys for encryption and decryption of user's credentials are encrypted and stored in a special "wallet". This wallet is encrypted using a password which is not stored on any of our servers. The password to open this wallet is known only to the cloudHQ administrator who manages our production server.

...

Communication between cloudHQ servers and Google Docs, SugarSync, Basecamp, and Dropbox is always done over a secure SSL channel.

...

Communication between cloudHQ servers and your browser is always done over a secure SSL channel.

...

cloudHQ does not permanently store your files. When cloudHQ access your data via API, it might temporary cache part of the content, but cloudHQ never stores any of your files permanently on its servers.

What I quibbled about.

All 256-bit AES keys for encryption and decryption of user's credentials are encrypted and stored in a special "wallet". This wallet is encrypted using a password which is not stored on any of our servers. The password to open this wallet is known only to the cloudHQ administrator who manages our production server.

I put this in the "like" and "quibble" section because of that last sentence. Hopefully, this "administrator" has an identity more secret than Batman's Bruce Wayne persona.

What's missing

Where's the info about the channel between Box and OneDrive? I assume it's over SSL, but it's not explicitly stated. Can we get a ruling, guys?

Final word

I haven't experienced any glitches so far that have led me to contact tech support, so how good their customer service is, I have no idea. So far, the service just works, and as long as that continues, I'm fine with it.

Eventually, I hope they add syncing for iCloud Drive (when that comes out). I see this service as being essential despite the iCloud Drive feature that lets you tie into third-party cloud services if those services support it. CloudHQ's ability to selectively sync folders is worth it, and not some apps may still tie in better with the native APIs of services like Box, which makes CloudHQ a pretty valuable service for me.

Since ditching Dropbox earlier this year, I've been looking for an alternative system that gave me back most, if not all, of the functionality of Dropbox. Thing is, the guys at Dropbox do an absolutely tremendous job of creating a service with an ecosystem so rich, moving away from it…

Read More

Ghost Goes 0.5

Shiny! Easy upgrade! New things!

And that Casper theme is nice enough for me to strongly consider a switch. Just dunno about that full-bleed cover though. A half-bleed cover option would be nice.

Also: Ember.js for the front end. My friend Dana would be happy.

Shiny! Easy upgrade! New things! And that Casper theme is nice enough for me to strongly consider a switch. Just dunno about that full-bleed cover though. A half-bleed cover option would be nice. Also: Ember.js for the front end. My friend Dana would be happy.…

Read More

Casper (and Config Profiles) Tribulations

Oh Casper. You are so wonderful and so frustrating all at once.

I created a new Gatekeeper config profile yesterday. Uploaded it to the JSS, expected it to play nice.

Note - these UUIDs aren't effective anymore so I'm not posting the IDs for live profiles. In case you even considered that.


<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>PayloadIdentifier</key>
        <string>com.yourcompany.jss.local.34b43030-f9d0-0131-f983-3c15c2c51dc8.alacarte</string>
        <key>PayloadRemovalDisallowed</key>
        <false/>
        <key>PayloadScope</key>
        <string>System</string>
        <key>PayloadType</key>
        <string>Configuration</string>
        <key>PayloadUUID</key>
        <string>34b43030-f9d0-0131-f983-3c15c2c51dc8</string>
        <key>PayloadOrganization</key>
        <string>yourcompany</string>
        <key>PayloadVersion</key>
        <integer>1</integer>
        <key>PayloadDisplayName</key>
        <string>Gatekeeper-Test-Settings</string>
        <key>PayloadContent</key>
        <array>
            <dict>
                <key>PayloadType</key>
                <string>com.apple.SubmitDiagInfo</string>
                <key>PayloadVersion</key>
                <integer>1</integer>
                <key>PayloadIdentifier</key>
                <string>com.yourcompany.jss.local.34b43030-f9d0-0131-f983-3c15c2c51dc8.alacarte.privacy.49984500-f9d0-0131-f985-3c15c2c51dc8.SubmitDiagInfo</string>
                <key>PayloadEnabled</key>
                <true/>
                <key>PayloadUUID</key>
                <string>c0213355-e43e-7f5b-a549-73572bb25997</string>
                <key>PayloadDisplayName</key>
                <string>Security & Privacy</string>
                <key>AutoSubmit</key>
                <false/>
            </dict>
            <dict>
                <key>PayloadType</key>
                <string>com.apple.systempolicy.control</string>
                <key>PayloadVersion</key>
                <integer>1</integer>
                <key>PayloadIdentifier</key>
                <string>com.yourcompany.jss.local.34b43030-f9d0-0131-f983-3c15c2c51dc8.alacarte.privacy.49984500-f9d0-0131-f985-3c15c2c51dc8.control</string>
                <key>PayloadEnabled</key>
                <true/>
                <key>PayloadUUID</key>
                <string>6562c372-bc56-8776-a385-077e005a8c41</string>
                <key>PayloadDisplayName</key>
                <string>Security & Privacy</string>
                <key>EnableAssessment</key>
                <false/>
                <key>AllowIdentifiedDevelopers</key>
                <true/>
            </dict>
            <dict>
                <key>PayloadType</key>
                <string>com.apple.systempolicy.managed</string>
                <key>PayloadVersion</key>
                <integer>1</integer>
                <key>PayloadIdentifier</key>
                <string>com.yourcompany.jss.local.34b43030-f9d0-0131-f983-3c15c2c51dc8.alacarte.privacy.49984500-f9d0-0131-f985-3c15c2c51dc8.managed</string>
                <key>PayloadEnabled</key>
                <true/>
                <key>PayloadUUID</key>
                <string>18ed3e30-28c6-182a-6733-649aa9691cfd</string>
                <key>PayloadDisplayName</key>
                <string>Security & Privacy</string>
                <key>DisableOverride</key>
                <true/>
            </dict>
        </array>
    </dict>
</plist>

Did it play nice?

No.

This is what it looked like when I downloaded it back from the JSS and removed the signing bits that make it unreadable.


<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1">
    <dict>
        <key>PayloadUUID</key>
        <string>02A5018F-D7FB-42DB-8EEE-0E7BA6E92ABB</string>
        <key>PayloadType</key>
        <string>Configuration</string>
        <key>PayloadOrganization</key>
        <string>yourcompany</string>
        <key>PayloadIdentifier</key>
        <string>02A5018F-D7FB-42DB-8EEE-0E7BA6E92ABB</string>
        <key>PayloadDisplayName</key>
        <string>Gatekeeper-Test-Settings</string>
        <key>PayloadDescription</key>
        <string/>
        <key>PayloadVersion</key>
        <integer>1</integer>
        <key>PayloadEnabled</key>
        <true/>
        <key>PayloadRemovalDisallowed</key>
        <false/>
        <key>PayloadScope</key>
        <string>System</string>
        <key>PayloadContent</key>
        <array>
            <dict>
                <key>PayloadUUID</key>
                <string>c0213355-e43e-7f5b-a549-73572bb25997</string>
                <key>PayloadType</key>
                <string>com.apple.SubmitDiagInfo</string>
                <key>PayloadOrganization</key>
                <string>yourcompany</string>
                <key>PayloadIdentifier</key>
                <string>com.yourcompany.jss.local.34b43030-f9d0-0131-f983-3c15c2c51dc8.alacarte.privacy.49984500-f9d0-0131-f985-3c15c2c51dc8.SubmitDiagInfo</string>
                <key>PayloadDisplayName</key>
                <string>Security & Privacy</string>
                <key>PayloadDescription</key>
                <string/>
                <key>PayloadVersion</key>
                <integer>1</integer>
                <key>PayloadEnabled</key>
                <true/>
                <key>AutoSubmit</key>
                <false/>
            </dict>
            <dict>
                <key>PayloadUUID</key>
                <string>6562c372-bc56-8776-a385-077e005a8c41</string>
                <key>PayloadType</key>
                <string>com.apple.systempolicy.control</string>
                <key>PayloadOrganization</key>
                <string>yourcompany</string>
                <key>PayloadIdentifier</key>
                <string>com.yourcompany.jss.local.34b43030-f9d0-0131-f983-3c15c2c51dc8.alacarte.privacy.49984500-f9d0-0131-f985-3c15c2c51dc8.control</string>
                <key>PayloadDisplayName</key>
                <string>Security & Privacy</string>
                <key>PayloadDescription</key>
                <string/>
                <key>PayloadVersion</key>
                <integer>1</integer>
                <key>PayloadEnabled</key>
                <true/>
                <key>AllowIdentifiedDevelopers</key>
                <true/>
                <key>EnableAssessment</key>
                <false/>
            </dict>
            <dict>
                <key>PayloadUUID</key>
                <string>18ed3e30-28c6-182a-6733-649aa9691cfd</string>
                <key>PayloadType</key>
                <string>com.apple.systempolicy.managed</string>
                <key>PayloadOrganization</key>
                <string>yourcompany</string>
                <key>PayloadIdentifier</key>
                <string>com.yourcompany.jss.local.34b43030-f9d0-0131-f983-3c15c2c51dc8.alacarte.privacy.49984500-f9d0-0131-f985-3c15c2c51dc8.managed</string>
                <key>PayloadDisplayName</key>
                <string>Security & Privacy</string>
                <key>PayloadDescription</key>
                <string/>
                <key>PayloadVersion</key>
                <integer>1</integer>
                <key>PayloadEnabled</key>
                <true/>
                <key>DisableOverride</key>
                <true/>
            </dict>
            <dict>
                <key>PayloadUUID</key>
                <string>424E28D9-FF69-4F7C-89E5-A3286671F7A1</string>
                <key>PayloadType</key>
                <string>com.apple.MCX</string>
                <key>PayloadOrganization</key>
                <string>yourcompany</string>
                <key>PayloadIdentifier</key>
                <string>424E28D9-FF69-4F7C-89E5-A3286671F7A1</string>
                <key>PayloadDisplayName</key>
                <string>MCX</string>
                <key>PayloadDescription</key>
                <string/>
                <key>PayloadVersion</key>
                <integer>1</integer>
                <key>PayloadEnabled</key>
                <true/>
                <key>DestroyFVKeyOnStandby</key>
                <false/>
                <key>dontAllowFDEDisable</key>
                <false/>
            </dict>
            <dict>
                <key>PayloadUUID</key>
                <string>B05BBB81-B7AE-42B9-AAC7-3C94E8AF89C6</string>
                <key>PayloadType</key>
                <string>com.apple.preference.security</string>
                <key>PayloadOrganization</key>
                <string>yourcompany</string>
                <key>PayloadIdentifier</key>
                <string>B05BBB81-B7AE-42B9-AAC7-3C94E8AF89C6</string>
                <key>PayloadDisplayName</key>
                <string>PreferenceSecurity</string>
                <key>PayloadDescription</key>
                <string/>
                <key>PayloadVersion</key>
                <integer>1</integer>
                <key>PayloadEnabled</key>
                <true/>
                <key>dontAllowPasswordResetUI</key>
                <true/>
                <key>dontAllowLockMessageUI</key>
                <false/>
            </dict>
            <dict>
                <key>PayloadUUID</key>
                <string>09F7BFA9-77C4-47DB-9B36-5AB8EB8A26A7</string>
                <key>PayloadType</key>
                <string>com.apple.screensaver</string>
                <key>PayloadOrganization</key>
                <string>yourcompany</string>
                <key>PayloadIdentifier</key>
                <string>09F7BFA9-77C4-47DB-9B36-5AB8EB8A26A7</string>
                <key>PayloadDisplayName</key>
                <string>Login Window:  Screen Saver Preferences</string>
                <key>PayloadDescription</key>
                <string/>
                <key>PayloadVersion</key>
                <integer>1</integer>
                <key>PayloadEnabled</key>
                <true/>
            </dict>
            <dict>
                <key>PayloadUUID</key>
                <string>7B9F3440-70D2-4FA4-9758-426962C5C137</string>
                <key>PayloadType</key>
                <string>com.apple.loginwindow</string>
                <key>PayloadOrganization</key>
                <string>yourcompany</string>
                <key>PayloadIdentifier</key>
                <string>7B9F3440-70D2-4FA4-9758-426962C5C137</string>
                <key>PayloadDisplayName</key>
                <string>Login Window</string>
                <key>PayloadDescription</key>
                <string/>
                <key>PayloadVersion</key>
                <integer>1</integer>
                <key>PayloadEnabled</key>
                <true/>
                <key>ChangePasswordDisabled</key>
                <false/>
                <key>SHOWFULLNAME</key>
                <false/>
                <key>HideLocalUsers</key>
                <false/>
                <key>HideMobileAccounts</key>
                <false/>
                <key>IncludeNetworkUser</key>
                <false/>
                <key>HideAdminUsers</key>
                <false/>
                <key>SHOWOTHERUSERS_MANAGED</key>
                <true/>
                <key>ShutDownDisabled</key>
                <true/>
                <key>UseComputerNameForComputerRecordName</key>
                <false/>
                <key>EnableExternalAccounts</key>
                <true/>
                <key>DisableConsoleAccess</key>
                <false/>
                <key>AdminMayDisableMCX</key>
                <false/>
                <key>LocalUserLoginEnabled</key>
                <true/>
                <key>LocalUsersHaveWorkgroups</key>
                <false/>
                <key>FlattenUserWorkgroups</key>
                <false/>
                <key>CombineUserWorkgroups</key>
                <true/>
                <key>AlwaysShowWorkgroupDialog</key>
                <false/>
                <key>RetriesUntilHint</key>
                <integer>3</integer>
                <key>AllowList</key>
                <array/>
                <key>DenyList</key>
                <array/>
            </dict>
            <dict>
                <key>PayloadUUID</key>
                <string>538E9C0A-8EF4-48BB-B024-7C27E17BB140</string>
                <key>PayloadType</key>
                <string>com.apple.applicationaccess</string>
                <key>PayloadOrganization</key>
                <string>yourcompany</string>
                <key>PayloadIdentifier</key>
                <string>538E9C0A-8EF4-48BB-B024-7C27E17BB140</string>
                <key>PayloadDisplayName</key>
                <string>Restrictions</string>
                <key>PayloadDescription</key>
                <string/>
                <key>PayloadVersion</key>
                <integer>1</integer>
                <key>PayloadEnabled</key>
                <true/>
                <key>allowDiagnosticSubmission</key>
                <true/>
            </dict>
        </array>
    </dict>
</plist>

So - not only did it freaking add a bunch of payloads, it also change the UUID for the profile itself. Which means if I wanted to script anything based on my original UUID, like scoping Macs to a config profile based on an extension attribute looking for a specific UUID, I'd have to download the profile from the JSS, unsign it, then grab the UUIDs there. NOT the end of the world, I know, but I'd really like for Casper to not molest my poor XML.

The really annoying part is this addition:


<key>SHOWFULLNAME</key>
<false/>

This basically forces my loginwindow to show a list of users instead of username and password fields. Even if I create another profile to explicitly force the fields view, it won't override what this profile enforces.

Interestingly, Macmule (which may or may not be his real name) of the excellent Macmule.com blog, ran my sample XML through his JSS and it doesn't add that specific loginwindow setting. He's using 9.3, so maybe it's a 9.31 thing. I'm putting up a new version of the JSS on a fresh server, first with 9.3, then with 9.32 instead of 9.31 to see if that helps at all. The 9.32 release notes don't mention anything about it.

Either way, the UUIDs do still change, and that's a pain. I'd really like those XMLs to remain intact as much as possible AND I want the JSS to push them, instead of deploying them via packages, as that helps a lot with revoking, rescoping, etc.

For now, my workaround is to create a single profile with both Gatekeeper and Login Window settings, which offends my sense of order and granularity. Maybe an update to 9.32 will fix it; fingers crossed...

Oh Casper. You are so wonderful and so frustrating all at once. I created a new Gatekeeper config profile yesterday. Uploaded it to the JSS, expected it to play nice. Note - these UUIDs aren't effective anymore so I'm not posting the IDs for live profiles. In case you even…

Read More

No Jumpstart For You!

featured-image

Hello JAMF.

Here's what I'd like you to do, please. Let me buy a few OS X licenses for my own personal use. I'd use them to manage my parent's computers, my brother's MacBook Pro, and a few other machines. I'd also use the install to keep my skills fresh, to try stuff I can't at work, maybe even to extend the JSS in some weird and crazy ways.

See, I don't need to do a Jumpstart. I mean, I guess I could. You could send your rep out to my spare bedroom that I use as an office sometimes. My sister-in-law is staying with us right now so there might be some women's clothing around the room. But I can squeeze another chair in there.

Maybe.

More importantly, though, I've been through two Jumpstarts already. How many more does it take before you're convinced I can install the JSS and get it running?

Hey, here's another thought. What if I wanna start a small business doing Mac management as a SaaS? Not a lot a jumpstart can do for me there, is there?

One of your guys told me you insist on a Jumpstart to minimize the impact to your support teams. I guess the reasoning is that if a client goes through Jumpstart, they are more likely to be armed with the knowledge to help themselves.

Okay, cool. How's this, then: Give us the option to buy an unsupported version of the license. We can still get our self-help from the Jamfnation forums. We can also pay-per-incident for when we really need help.

C'mon, JAMF. Help the little guy out, willya?

Hello JAMF. Here's what I'd like you to do, please. Let me buy a few OS X licenses for my own personal use. I'd use them to manage my parent's computers, my brother's MacBook Pro, and a few other machines. I'd also use the install to keep my skills fresh…

Read More