Tag Archives: Mac OS X

Why the Outlook for Mac folder pane changes colors

I mentioned in my review of the new Outlook for Mac client that the background of the folder list seemed to randomly change colors:

It may also be a feature that there is a color gradient fill in the folder list. At first I thought the color was the same as the color of the category of my current calendar appointment, but after changing all the category colors, waiting for sync, and quitting and relaunching Outlook, the color didn’t change, so I’m not sure what Microsoft had in mind here, and there doesn’t seem to be a way to turn it off.

Thanks to the most excellent Bill Smith, long-time Mac Office MVP, now I know the answer:

You’re seeing translucency in the navigation pane. So long as you have a window or other white object behind Outlook you’ll see a whitish background, but arrange Outlook over your Desktop picture and you’ll see those colors peeking through it. Choose Outlook menu > Hide Others to quickly show Outlook over your Desktop.

Sure enough, that explains it. I use SatelliteEyes to update my desktop background, and as I move around (and thus get new satellite maps), or as change the Z order of other open windows, voilà color changes. I normally don’t mind window translucency, but I don’t care for the combination of OS X Yosemite and this effect. Looks like I’m stuck with it, though.


Filed under OS X, UC&C

CrashPlan “Cannot connect to backup engine” errors on Mac OS X

I recently updated to Java 1.7 for work, and after doing so I noticed that CrashPlan was no longer performing backups. (I’m a bit ashamed to admit how long it took for me to notice though!) The company’s support forum suggests uninstalling and reinstalling the client, which didn’t fix the problem. A bit more searching identified the problem: CrashPlan expects Java 1.6, the official Apple version, and it gets unhappy if you replace that with 1.7. The instructions here outline a workaround: you have to stop the CrashPlan background service, modify its configuration file to point to the official-Apple version of Java, and then restart the service. Happy backups!

Leave a comment

Filed under General Tech Stuff

On re-kerberizing services on Mac OS X Server

Wow, this week has been a productive one for finding new and interesting blog topics, mostly based on things that broke!

As much as I rely on Apple hardware and software for my work and personal life, that doesn’t mean I’m ready to give them a free pass on issues like cost (note to self: update the laptop price comparison with the latest models) or capability. I’ve mentioned before how much I dislike Apple’s sloppy approach to system administration on OS X Server. The logging is poor, with log entries scattered all over the place; the documentation is hit-or-miss (both in terms of coverage and quality), and there can be a wide range of behavior between different tools– some give you lots of detail (or at least more verbose messages on demand), while others don’t.

Our primary OS X server is bound to our Active Directory domain, and the services on it are “kerberized” so that users can use their AD accounts, via Kerberos, to ssh into the machine, log in to the wiki, and so on. After a bit of initial flailing around, this has worked steadily for a year or so.

We have recently been working to set up single sign-on (SSO) for Subversion on Mac OS X. This has proved challenging for lots of reasons that are too tedious to go into here (and speaking of tedious: please don’t bother telling me we should be using Git instead, kthxbai). As part of that process, someone accidentally deleted the machine account that the OS X server had been using and replaced it with a user account, with the same name, for use with a manually-kerberized service.

In the Windows world, deleting a computer’s account causes all sorts of fairly immediate breakage. To OS X’s credit, it didn’t seem to be bothered that the computer account was gone.. I mean, it didn’t log any errors or anything, so it must have been happy, right? (That’s sarcasm, in case you were wondering.) The server kept right on working, except that the previously-kerberized services would no longer accept AD credentials.

The fix for this seemed straightforward: first, remove the OS X server from the domain, then add it back. This would re-establish its machine account. That step went swimmingly, although we first had to rename the user account that was created for SSO.

The only problem was that after doing this, single sign-on still didn’t work.

It turns out that when you remove an OS X server from AD, the services are essentially un-kerberized. This seems like it would be easy to fix with the “Kerberize” button in Server Manager... except that it’s apparently broken, or something, given that no combination of inputs would be accepted. So, my next attempt was to use sso_util from the command line, which also didn’t work; I got a nondescript message telling me that there was a communications error, and that was it.

The correct answer, at least on Snow Leopard: use dsconfigad -enablesso. You can be excused for not knowing that, because if you go to Apple’s own documentation, it says to run a command called “disconfigad,” whatever the hell that is. Once I ran that command, Kerberos logons for the wiki, ssh, and console logon immediately started working, yay. Now with any luck I won’t have to fool with this stupid server for another year or so.

Comments Off on On re-kerberizing services on Mac OS X Server

Filed under General Tech Stuff

Syncing Outlook for Mac calendars, and when “Outlook” isn’t Outlook

Although I’ve been working with Outlook for Mac for quite some time, there are lots of its features that I don’t use. Because all my mailboxes are hosted on Exchange, for example, I don’t ever use any of the IMAP functionality. In the same vein, because all my calendar and contact data live on an Exchange server, I haven’t had to fiddle with calendar sync for some time. I used to sync my calendar with various Palm devices back in the day using Entourage, Outlook’s predecessor, but it was always a painful and error-fraught process, and I was happy to move to an all-Exchange, all-Exchange ActiveSync environment.

A friend and fellow MVP mailed me with a Mac Outlook calendar sync question, and I didn’t have the faintest idea of what the right answer was. Accordingly, I dragged a third MVP into the fray: Mac/Windows interop expert William Smith. He came up with a workable solution, and as a bonus he wrote a detailed tutorial on how to set up calendar sync.

That got me to thinking about the differences in the Outlook brand between Mac and Windows. The functional differences have been discussed at length elsewhere (like on Steve Goodman’s excellent feature comparison table.) As Steve points out, the Mac version of Outlook feels much like Entourage. Although the user interface has been revamped, and is much more pleasant as a result, many of the same issues that plagued Entourage are still around. For example, I’m running Outlook with 3 Exchange accounts on a MacBook Pro with a 2GHz quad-core i7 and 8GB of RAM. This is a snappy machine… and yet Outlook still frequently takes leisurely breaks to show me the spinning rainbow when I click on messages, and it often gets confused about exactly which messages are, or are not, part of a given conversation.

That’s not to say it’s more or less buggy than Windows Outlook, which of course has its own set of issues. I use both on a daily basis. There are some things that Mac Outlook does better; for example, I love having a single unified inbox for all my accounts, and the integration of Outlook with other apps (like iPhoto) is better than it is, in general, with Windows counterparts. On the other hand, I find it much easier to work with the schedule and calendar views in Windows Outlook; I really like the Outlook Social Connector, and the “Ignore Conversation” and QuickSteps features are both super valuable for plowing through large volumes of mail.

I find Apple’s Mail.app weird and unsatisfying: it doesn’t include all the data I want (like calendar and contact info), and it doesn’t do many of the familiar things that I expect from the Outlook family. That would be OK if Mail provided a better experience than Outlook but in my judgement it doesn’t– I’d rather use Windows Outlook in a VM than the native mail app. In that light, rebranding the Mac client as Outlook has been a success: Outlook users on either platform will find familiar things to like (and perhaps to gripe about) on the other platform. Throw OWA into the mix and overall I’d say that Microsoft has done a good job of building consistency between the platforms.

There are still some major differences between platforms. For example, Outlook 2011 has little to no SharePoint integration; it lacks proper conversation threading (plus the aforementioned QuickSteps and “Ignore Conversation”); it doesn’t integrate properly with Exchange UM, there’s no Personal Archive access, and it doesn’t support VBA (although its AppleScript support is quite extensive, and much improved from Entourage).

Most users, of course, will use whatever version of Outlook happens to run on their preferred platform. That’s natural enough. Overall I’m quite satisfied with Outlook 2010 (well, except that for some reason 64-bit Office Communicator hates it). I’m hoping that the Mac Office team can address some of the performance and behavior issues in Outlook 2011 in the forthcoming Service Pack 2. I’m not as concerned about missing features, as those will come in time, and the Mac team has the benefit of seeing what features in Outlook 2010 are actually worth porting and which ones are not.


Filed under UC&C

Henge Dock mini-review

As part of my ongoing downsizing, I sent both my 2008 MacBook Pro and my 2006 Mac Pro to the great used computer yard in the sky and consolidated to a single 2011 MBP. After years of using ThinkPads with docking stations (and being well pleased therewith), I went looking for a Mac equivalent. When I’m home, most of the time I’ll be working at my desk, but when I’m not home the MBP needs to go with me, and I didn’t want to mess with endless plugging and unplugging of cables.

A friend at Microsoft mentioned the Henge line of docks, so I ordered one to try it out. I liked their look, and I liked the fact that there are no mechanical parts (like the old NewerTech claw-style dock I had back in the day.)

When the dock arrived (promptly, I might add), I immediately got to setting it up. Here’s what it looks like with the cables installed:

cables through slots

Each cable is installed in a slot cut into the dock. You fasten the cable connector into the slot with a setscrew. Henge includes extension cables that fit into the slots; the idea is that you put in the extension cables you want connected, fasten their setscrews, and dock your laptop. I quickly assembled everything and docked my laptop. Although it fit, it wouldn’t wake up from sleep. The MacBook Pro requires 3 things to wake with the lid closed: the power adapter, a keyboard or mouse, and a video display must all be connected. I quickly determined that this wasn’t happening, but I couldn’t tell which because the shape of the dock prevents you from seeing the plugs. I put it aside for another day, then last night, I decided to experiment some more to try to get the dock working.

I pulled the cables through the dock openings so there was enough slack to plug everything in without fully docking the laptop. This let me verify that everything was plugged in. I have the MagSafe, 2 USB, DisplayPort, and audio out cables in place. This took me a while because I accidentally pushed the head of the video cable all the way through the dock opening and then couldn’t get it back through! After a bunch of fiddling, I finally got the connector back where it belonged.

Flushed with success, once that was done, I was able to ease the plugs back into the dock openings and screw them into place. I docked the laptop, woke it up, and enjoyed working with it for a couple of hours.

Unfortunately, the video adapter (I’m using Apple’s DisplayPort-to-VGA) wouldn’t seat until I manually jiggled it. The plug fits in the opening in the dock, but in its default position it’s ever-so-slightly misaligned with the opening in the MBP case, so it won’t seat unless I rock the MBP back and forth.

After some jiggling and rocking (boy, that sounds wrong), I got it to seat and worked with my machine docked all last night. This morning, I undocked it and tried to redock it, and the same problem– the USB plugs engaged (so the external keyboard was active) but the video plug didn’t seat properly.

When I e-mailed them, Henge told me that some Apple VGA adapters are sized funny and that I could either try another adapter or trim the one I had to remove some of the excess plastic. They kindly offered me a discount coupon for their brand of adapter, which is basically an extension cable that simplifies the routing quite a bit. I have a Monoprice DVI adapter that I’m going to test tonight. I like the industrial design of the dock, but if I can’t make it work reliably, back it goes.

1 Comment

Filed under General Tech Stuff, Reviews

Apple and customer service

Apple gets a lot of flak from the technology press and a certain segment of users. Their complaints range from the fact that Steve Jobs comes across as an arrogant jerk to Apple’s refusal to support Flash on its mobile devices to its walled-garden model for apps on the iTunes App Store.

I’m perfectly prepared to cede many of these points. Yes, Jobs seems arrogant, which is why I haven’t invited him over for dinner. Yes, Apple hardware isn’t always as expandable as competing products; no, you can’t run Flash on iOS devices. (Of course, running Flash means you’d be much more likely to need that expandable battery that Apple won’t provide.)

Having said that, I am a huge Apple fan. Let me share a few stories, and you might see why that is. I’ll note the fan reasons, or FRs, in line.

Story #1: I have an iPhone 4 that I bought last year. Its home button was only working intermittently, so I took it to the Apple Store in Huntsville. I made an appointment using the Apple Store app (FR 1: you can schedule service appointments online at any time, and the service hours are generous, not just 8-5) (FR 2: every Apple store has access to all your purchase and maintenance records, so you can take any product to any store for service.) They looked up the phone and determined that I was out of warranty by one day. FR 3: they replaced the phone anyway.

Story #2: the week after I got my phone fixed, it fell from my pocket onto the kitchen floor, cracking the screen. Thankfully I’d purchased an extended warranty from SquareTrade, but to activate the warranty I needed a copy of my purchase receipt and the replacement work order for the warranty replacement. I went to the Apple Store at Oakridge to get the work order. When I explained why I needed it… they replaced my phone! Broken screens are not, of course, Apple’s problem, and they were under no obligation to do this, but I was certainly delighted by their doing so. Call that FR 4, with a big fat asterisk next to it.

Story #3: my MacBook Pro’s optical drive had been failing to ingest disks properly, so I took it to the Apple Store at Valley Fair to have it checked out. The Genius Bar folks determined that the drive needed replacement. I dropped it off about 4:30pm on Saturday and was given a 1-3 business day repair window. At 10:45am Sunday, they called: the laptop was ready for pickup. FR 5: under promising and over delivering.

These anecdotes don’t mean that Apple’s perfect; they’re not. They don’t speak to the design or implementation of Apple products, which often have flaws (yes, Mac OS X Server, I’m looking at you.) They ignore all the hullabaloo about Apple’s policies, corporate behavior, and so on. But they point out why I am a satisfied Apple customer: Apple provides a degree and level of customer service that very few other companies match. Notice I didn’t say “can match”; Apple-style service is well within the reach of Microsoft, Samsung, Sony and other consumer electronics companies that have similar retail models.


Filed under General Tech Stuff

The Conversation Action Settings folder

I recently got a query from a Mac-using coworker:

When looking at my email account, I see an extra folder called Conversation Action Settings. Is this something I can safely dispose of?

If you’re used to using Outlook on Windows, you may never have seen this folder. In fact, you might not have seen it if you are a WIn Outlook user, because it’s only present on Exchange 2010 mailboxes. Outlook 2007 doesn’t display it, but Outlook 2011 for Mac OS X does, as does Apple’s Mail.app. This has engendered a lot of discussion about what the folder is and whether it’s safe to get rid of it.

So let me answer those points in reverse order. Yes, it’s safe to remove the folder… but if you do so, it’s just going to come back again. I expect that Apple will update Mail.app in Mac OS X “Lion” to hide the folder; they’ve done similar work to hide other Exchange/Outlook-specific folders in the past.

It’s arguably more interesting to talk about what’s in the folder in the first place. The Conversation Actions folder holds (drum roll)… conversation actions. These actions tell Exchange 2010 (and compatible clients, which for now means “OWA 2010” and “Outlook 2010”) what to do with message items under specific circumstances.

One action is the now-famous “ignore” button (see Clint Boessen’s description if you’re not hip to this very useful feature.) When you hit the mute button, Outlook creates a conversation action that automatically moves messages in the target thread to your Deleted Items folder. It can do this because Exchange 2010 automatically tags incoming messages with a conversation ID. Related messages (like replies or forwards of an existing message) get the same conversation ID. It uses a variety of heuristics to do this, and in general they work well to keep related messages together even when people do things like change the subject line mid-thread.

The other data items stored in this folder are Outlook 2010 Quick Steps. I love this feature and use it heavily; in fact, it’s one of the things I miss most when I’m using OWA 2010 and Outlook 2011.

If you’re not using a client that supports these features, then there won’t be anything in the Conversation Action Settings folder. However, just as nature abhors a vacuum, so does Exchange, so if you delete the folder expect to see it come back.

There’s more on conversation actions, and some other interesting Exchange 2010 and Outlook 2010 features, in this article.

1 Comment

Filed under UC&C

An interesting week with Mac OS X Server

For a project at work, we decided to use Mac minis as clients. They’re small, cheap, and quiet, and they have enough horsepower to run the applications we wanted to test.
In order to build a stand-alone classroom, we decided to drive them with a Mac mini server running the server version of OS X. This has caused me no end of amusement, frustration, and bemusement, so naturally I thought I’d write about it from the perspective of an experienced Windows admin.
Summary: OS X Server gives you a lot of functionality out of the box, but much of it is feature-poor compared to Windows, or buggy enough to make it useless. Documentation is scanty, and Apple’s support resources are poor compared to Microsoft’s.
Installation is simple, with no worries about drivers or any of the other niggling little hassles attendant on installing Windows Server. OS X asks for an install key code, but it doesn’t validate it with a central server or phone home for activation.
The default installation ships with a large number of services, including DNS, DHCP, netboot, mail, iChat, calendaring, SMB and AFP file sharing, and web publishing. You have to enable and configure each of these services separately through the Server Admin application. I’ll go out on a limb and say that this is roughly the equivalent of the ubiquitous Microsoft Management Console, except that the MMC has an open plug-in architecture that means any vendor can write snap-ins for it. The Server Manager interface is straightforward: servers and services appear in a tree on the left, and details of the selected services appear in a tabbed view on the right. Service status is shown with a small icon next to the service name, and there are controls at the bottom of the window for adding, starting, and stopping services.
Setting up the server with the services I wanted (AFP, netboot, Open Directory, WWW, and Software Update) was a breeze… until I wanted to change the DNS name of the machine. I tried without success to do this; the changeip -checkhostname command reported that my hostname was correct, but it remained stubbornly wrong according to the clients, which could no longer find the original server and refused to try finding the new name. I eventually decided to demote the server from an Open Directory master to standalone and back again– the equivalent of decomissioning a Windows DC and then re-running dcpromo.
Good idea in theory. In practice, the conversion process threw tons of errors, none of which were documented anywhere. (Does “-14893” mean anything to you? Me neither.) The solution: pave the box and start over.
Normally I would have been throwing fits about this, but the installation process was fast and smooth enough that I didn’t mind; I had plenty of other work to occupy me in the meantime. After the reinstall, I gave the server the correct new name, converted it to an Open Directory master, and was off to the races.
In the meantime, some other people had been unpacking and setting up the clients. Now it was time to join them to the Open Directory server. This is like joining a domain in Windows, except that it isn’t much like that at all. Joining a client to OpenDir is more like telling it “hey, look here for account data.” There’s no machine account or object in the sense we think of them in Windows unless you manually create one. When you first boot a virgin Mac OS X client, if it sees an OpenDir server it will offer you the opportunity to connect to it. Once that’s done you can use OpenDir accounts for logon. If not, you can manually join it at any time from the Login Items pane in the Accounts preferences item.
One of the big reasons we wanted to use OS X Server is so we could push policies to the client machines. Apple calls these preferences, and they can be applied to individual user accounts, user groups, computers, or computer groups. There are all sorts of policies; the ones we were interested in were for controlling logon, access to removable media, and a few other related things. Setting up policies is trivial: find the scope you want the policy to apply to, click the appropriate icon (helpfully, these match the icons used in the System Preferences app), and choose which settings to enforce.
In our case, we wanted policies to be applied to computers. Registering a computer requires you to look up the computer’s unique ID and its MAC address, then enter both of these when you create the computer object. At that point you can assign policies to individual computers or computer groups. It was never clear to me when policies were actually applied: some seemed to take effect immediately, others only after a reboot of the client. (No doubt it’s documented somewhere and I just haven’t found it yet.)
The policies themselves are a mix of the obvious (“don’t allow users to mount USB devices”) and the Apple-only (disable Front Row, for example, or force the use of Mac OS X parental controls.) However, there are only a few settings compared to the huge number available in Windows. However, there’s an escape hatch: you can modify the contents of any preference plist file, so even options that can’t normally be changed through the GUI on a local machine can be managed. This is a handy feature.
Unlike Windows group policy there’s no way to push or publish applications to the clients. For this, you need Apple Remote Desktop, for which no precise equivalent exists in the Windows world. It is a combination of a management and inventory tool, a remote shell, and a desktop support application. You can use it to push files, remotely install applications, run arbitrary shell commands, and watch or control a user’s desktop. In our application, we use it to push a bootstrap installer, run it, and take care of some assorted housekeeping. It also has a neat-o mode that lets you observe multiple clients at once in a grid display. This is extremely useful for our environment, because it lets us see a classroom full of client desktops at once.
It’s easy to use ARD for a building-block approach: test a command on one machine, save it for later, run it on multiple machines when needed, and then string it together with other actions into a single set of actions. This made bootstrap setup of our clients much, much easier.
Next: time sync. OS X Server has an NTP service, and it’s easy to turn on and run. You cannot, however, easily instruct clients to use it. You have to push an update to /etc/ntp.conf onto every machine. That’s a pain. Apple Remote Desktop to the rescue, again.
Now, for the complaints, in no particular order.
The Software Update service is balky and buggy. Essentially it’s a custom CGI that runs on the built-in Apache installation. You can pull updates from Apple, choose which ones you want clients to get, and then allow clients to pull them. Great idea in theory, but it just doesn’t work well. Some clients see the right updates, and some don’t. The interface for choosing which updates you want to pull in the first place doesn’t let you select or deselect updates until after you’ve downloaded them, which means you have to wait for your server to sync before you can choose which updates you’d like. I spent about an hour trying to figure out why none of the clients could pull updates, only to learn that the path suggested in the setup dialog is wrong.
Logging is a mess. There are about two bajillion log files, each in a different location, each with different formats. The system console log can be searched, as can the individual component logs shown in Server Manager. However, the event management tools in Windows are easier to use and more complete. The bigger issue is that Windows event log messages are usually quite detailed. Microsoft’s gotten pretty good at writing meaningful event log entries over the years. Apple, not so much.
Bugs! I mentioned the problem I had with OpenDir master-ism earlier. I didn’t run across any show-stopping bugs, but there are still a fair number of rough edges. In fairness, some of these were probably due to me bumbling around.
Documentation: it’s a set of PDF files. I much prefer Microsoft-style layouts that have an easily accessible table of contents in one pane and the content in another. My preferences aside, the docs are nowhere near as detailed as Microsoft’s. You would be hard pressed to deploy Mac OS X Server in an enterprise without an awful lot of around-the-campfire knowledge passed down from greybeards, because the docs don’t include many of the things you’d want to know before basing your business networks on OS X.
Having said that, I found the Mac Enterprise mailing list to be extremely helpful, though I wasn’t always sure what they were talking about. They were able to efficiently answer the few questions I asked, not at all unlike the golden days of mailing lists for Exchange. From reading the list I learned about two very cool system management technologies I plan to make use of: Puppet (a cross-platform scripting language for system management) and Sikuli, which is hard to describe except to say that it’s a screenshot-based scripting environment.
Thus far everyone is happy: the client Macs work, they’re being managed the way we want them, and life is good. As I learn more about how to make OS X Server do cool tricks, I’ll try to post them here.

Comments Off on An interesting week with Mac OS X Server

Filed under General Tech Stuff

SecureDoc full-volume encryption for Mac OS X

Windows users have more security options, and that’s just the way it is. Or is it?

Let’s start with the obvious: I love BitLocker and I cannot lie. Despite its faults, it remains a great example of a real-world security feature that delivers immediate value. It’s fully supported by the OS manufacturer, meets government security standards, and doesn’t have to rely on skanky hacks to work its magic.

Windows laptop users can also take advantage of Seagate’s Momentus FDE line of disk drives. These disks, sometimes called self-encrypting disks or just SEDs, perform hardware encryption, and they are qualified by the US National Security Agency as meeting NSTISSP #11. Unfortunately, these drives require support in the BIOS. Since Apple’s laptops all use EFI instead of the standard x86/x64 BIOS, you can’t just plop a Momentus FDE into your Mac and expect it to work.

The only solution I’ve found to get an SED to work in a modern Mac laptop is from WinMagic. Their SecureDoc product is essentially a full-volume encryption tool that competes directly with BitLocker, as well as with other FVE products from PGP, PointSec, and so on. The big difference: the Mac version of SecureDoc supports Momentus FDE disks. Naturally I had to try it.

Installation is simple: you run an installer, which adds a couple of kernel drivers and modifies the boot loader. If (and only if) it detects an unlocked Momentus FDE as the boot volume, it will ask whether you want to use hardware or software encryption. (The installer also tells you that it will change the system’s hibernation mode, but let’s not get ahead of ourselves yet…)

When you’re done, you must reboot, at which point you see the new (and quite ugly) SecureDoc login screen. When you log in here, the SecureDoc bootloader unlocks the FDE disk and the normal Mac OS X boot cycle proceeds.

The docs ask that you turn off pagefile encryption by unchecking the "Use secure virtual memory" option in the General pane of the Security preferences tool. This makes sense: there’s no reason to ask the OS to encrypt the page file if the disk on which it lives is already encrypted. You must also turn off the "Put hard drive to sleep whenever possible" checkbox, as the OS doesn’t deal well with having the disk go to sleep (and thus get locked) while you’re using it.

In my test install, I ran into an odd problem: the machine would freeze when waking from sleep. The cursor and keyboard would work normally, but I’d get the spinning rainbow pizza of death. After doing some digging, and with the help of WinMagic’s tech support folks, I determined that the system’s hibernation mode wasn’t properly set by the installer. (Page 4 of this document is the only place I’ve found the different hibernation mode codes explained.) Uninstalling the SecureDoc software, manually setting the hibernation mode with the pmset tool, and reinstalling it fixed the problem and it has worked flawlessly since.

The standalone version of SecureDoc doesn’t have the same set of management or control features that BitLocker does. Of course, that’s because WinMagic wants you to buy their server-based toolset, which uses a group policy-like mechanism to enforce whatever encryption policies you choose. Without having tested either the server tool or the Windows version, I’m not ready to pick a winner between BitLocker and SecureDoc, but for the Mac it’s a low-impact solution that does what it says, and I’m happy with it so far.

Comments Off on SecureDoc full-volume encryption for Mac OS X

Filed under General Tech Stuff, Security

First look: Snow Leopard and Exchange

Given that I’m in Palo Alto, and that probably half of my coworkers use Macs, it’s no surprise that I installed Snow Leopard today. I’m not going to review the OS, or even the Exchange capability, but here are a few notes based on my long-time Entourage use (and not a little time spent with Outlook 2010 over the past few months). Herewith my thoughts:

  • The first thing I noticed: Mail.app is smokin’ fast compared to Entourage EWS. I mean, we’re talking lightning. EWS has much improved sync performance compared to DAV sync, but Mail.app leaves it in the dust when it comes to scrolling, searching, and message rendering. I haven’t tried to compare the two programs’ sync speed (and probably won’t, since it’s mostly relevant when you set up a new account).
  • Speaking of setup: I was able to set up 4 Exchange accounts in about 10 seconds each: enter e-mail address and password, then let Autodiscover do the rest. EWS Autodiscover works well most of the time, but occasionally it will fail to detect an account.
  • By default, Mail creates a single unified Inbox view– exactly what I use in Entourage (and what I wish for in Outlook 2010). However, nowhere can I find where Mail tells me how many messages are in a folder, something I like to keep track of.
  • I like it that Mail.app uses the same sounds for sent and received mail that the iPhone does. On the other hand, I dislike the fact that you can’t change these sounds (on either platform). C’mon, Apple.
  • Ironically, older versions of Mail would hide some Exchange folders when you connected because Mail couldn’t handle them. Guess what? This version fails to hide some folders, such as “Conversation Action Settings” and “Quick Step Settings”, that Outlook 2010 creates as ostensibly hidden folders in your mailbox root. Oops.
  • Entourage seems to do a better job of masking temporary connectivity problems. When Mail.app decides that one of my servers is unreachable, it grays out that server’s entire folder tree and puts the little tilde-looking icon next to the account name. By contrast, Entourage will discreetly add “(Not Connected)” to the account name and leave it at that.
  • iCal… well, what can I say? I still don’t like it after all these years. Yes, it syncs with my Exchange calendars now, but its visual display is ugly compared to Entourage (especially for overlapping events), it’s lacking in features, and the task support appears to have been hastily bolted on.
  • I’ve never been a user of the Address Book app. Given the way this version works, I’m not about to start. Too much wasted white space and too many missing features. For example, want to see someone’s management chain? Too bad, Address Book doesn’t show that. Feel like searching the GAL? Sorry, no can do (at least not that I can find.)

There are other problems, too– no support for setting your out-of-office status, for example. In terms of fit and finish, there are lots of little grace notes that Entourage gets right but that Apple stumbled with. To show just one example, take a look at these two screen shots, one for each program.

Microsoft EntourageScreenSnapz001.png   iCalScreenSnapz001.png

IMHO, Entourage does a better job all around. It tells me that my machine and my appointment are in different time zones. It clearly shows the important data about when my test meeting’s invitees are available. Once you type in an invitee’s name, there’s no way to delete the event in iCal unless you remove all invitees first. Attempting to close the window gives you a chance to edit or send the invite, but not get rid of it altogether. (Bonus: thought it was interesting that Entourage could get and display Atalla’s status (OOF, in this case) but that iCal couldn’t, even though I took the screen shots on the same machine and more or less at the same time.)

More broadly I don’t like going back to the world of having three separate apps for PIM functions. It reminds me of Sidekick for DOS. I much prefer the Outlook/Entourage model of having several different (but related) data types in one place. What makes this worse is that there’s relatively little integration among the Snow Leopard apps. For example, if you’re looking at a contact in Address Book and want to send that person a mail message– too bad. There’s no way to do so. You can, however, right-click an e-mail address in Mail to open that address’ contact card.

Still more broadly, these applications are not very flexible or customizable compared to Entourage. For example, let’s say you want your message reading pane on the right. Too bad! There’s no way in Mail.app to customize it; you need WideMail or something like it, of which there is no Snow Leopard version (yet).

So, Snow Leopard delivers what Apple promised: basic Exchange integration. There are so many things that they’ve left out, though, that I remain disappointed, and I’m thinking that the Microsoft Mac Business Unit has a huge lead already as they move into full-scale development of Outlook for Mac


Filed under General Tech Stuff, Reviews

MS releases Entourage EWS, changes name to Outlook

Big news on the Mac e-mail front.

First, Microsoft has released the Exchange Web Services (EWS) edition of Entourage, which you may remember from back in January. If you’ve been using the beta version, you will almost certainly be pleased with the vast improvements in sync speed since the beta. MS has also fixed a number of annoying sync bugs. Remember, the EWS version requires that you have Exchange 2007 SP1 with update rollup (UR) UR4 or later.

Next, MS announced today that the next version of Mac Office will contain… not Entourage but Outlook for the Mac. They have not yet announced the exact details of what “Outlook” means in the Mac context (except to say that it includes support for AD RMS), but the Entourage Outlook for Mac team is well aware of the major features that Outlook for WIndows has, and based on my discussions with them I am pretty optimistic about what we’ll see in the next version.

Comments Off on MS releases Entourage EWS, changes name to Outlook

Filed under General Tech Stuff, UC&C

Microsoft releases public beta of Entourage EWS

A couple of weeks ago, I mentioned that Microsoft had announced their plans to release an Exchange Web Services-based version of Entourage 2008. Well, they’ve gone and done it: this Mactopia page has the link you need to sign in to Microsoft Connect and get the beta bits. Just to reiterate: you won’t see any major changes in the user interface, because there aren’t any. Consider this release to be the UI of Entourage 2008 with a completely different (and much improved!) mechanism for talking to Exchange under the hood.

Comments Off on Microsoft releases public beta of Entourage EWS

Filed under UC&C

Entourage to get Exchange Web Services support

Great news from Microsoft’s Mac Business Unit: they’ll be releasing a version of Entourage that uses Exchange Web Services. This is great news because WebDAV, the protocol that previous versions of Entourage have used, doesn’t provide full support for every type of Exchange data item. The Exchange Web Services (EWS) version of Entourage will support full synchronization of tasks, notes, and categories with servers running Exchange Server 2007 SP1 or later. This should please some of the folks who have been lamenting the lack of Exchange sync functionality in Entourage. The best part: they’ll release this as a free update to Entourage later this year.

Comments Off on Entourage to get Exchange Web Services support

Filed under General Tech Stuff, UC&C

First impressions of the new MacBook Pro

I was recently in Seattle for meetings with my partners (protip: the Bell Harbor Convention Center is an awesome meeting venue). During that time, my team landed a project that requires use of a Mac, so I made the (easy) decision to hand my first-generation MacBook Pro (2.16GHz, 2GB of RAM, plus a 250GB drive I added earlier this year) to Tim and replace it with a new machine. I used it all day yesterday and quite a bit last night, and now I’m using it on my flight home. Here are my first impressions:

  • Despite its odd “chiclet” look, the keyboard has a great tactile feel– it’s much less mushy than my old MBP, and it compares favorably with Lenovo’s keyboards (still the best IMHO). Apple has changed around the function key behavior, meaning that I finally have keyboard shortcuts for iTunes control. Interestingly, the cursor arrows still work as paging keys when you hold down “Fn” but they don’t have the labels on them. I sort of miss the small “Enter” button to the right of the space bar, but I’m getting used to it.
  • I love the new trackpad, except that it’s a bit noisy. I already used tap-to-click on my prior machine, so the noise isn’t a huge deal. I didn’t have any trouble adapting to the click-and-drag behavior of clicking with my thumb on the pad’s bottom edge and then dragging with a finger. The multitouch behavior is handy, when I actually remember that it exists and use it.
  • Screen brightness and quality is outstanding. In my limited testing so far, I haven’t had any problem with the glossy screen finish.
  • Battery life is a HUGE improvement over my old machine. I will easily get 4 hours out of this battery on my default workload (mostly Word, some Ecto, and an occasional TV show in iTunes).
  • The body structure is a major improvement over the old machine. The screen hinge isn’t floppy, so the screen stays put even with my hardcore typing style, and the perimeter of the case on the bottom half has no flex or give.
  • The Migration Assistant did a flawless job of moving about 85GB of data to the new machine over an Ethernet connection. John was quite envious of this feature.
  • It’s easier for me to open the lid since there is no longer a release button. (I still prefer Lenovo’s slide-to-unlock mechanism, though)

1 Comment

Filed under General Tech Stuff, Reviews

Live from INTERACT: It’s Mac Messenger 7.0

Eileen Brown of Microsoft was kind enough to organize a bloggers’ lunch at INTERACT 2008 today. There was a good crowd, including some folks I knew and many that I hadn’t previously met. I got there late and had to leave early, but in between, we got a great presentation on the inner workings of the Exchange team blog, plus a panel discussion with several senior Microsoft folks from the Unified Communications Group. As a closing surprise, we got permission to talk about a previously unannounced product that has heretofore been under deep NDA: the Mac business unit at Microsoft is close to releasing a new version of Mac Messenger, version 7.0, that adds some impressive new functionality.

Like earlier versions, the new Messenger release can simultaneously connect to the Windows Live Messenger service and corporate IM networks. In this case, Messenger adds support for OCS 2007 using the same enhanced presence model that Office Communicator uses. Better yet, it supports voice and video with other OCS users! I’ve been using this feature for a while and it rocks. Combine it with OCS’ ability to federate contacts across multiple organizations, and it rocks even more. Voice and video quality in my tests has been excellent, and the OCS support carries on Messenger’s tradition of providing a very Mac-ish user experience. I hope to get permission to post some screenshots in the next day or two; more news when there is news.

Comments Off on Live from INTERACT: It’s Mac Messenger 7.0

Filed under General Tech Stuff, UC&C