08 July 2016

How to (not) handle OneDrive/Sharepoint "Sync Now" on Mac OSX

This bugged me for a bit and finally got around (almost) fixing it yesterday, so I thought I'd record it for posterity.

Microsoft Office365 will usually include a Sharepoint implementation of some sort. Sharepoint now integrates with OneDrive (aka "Microsoft Dropbox")... on Windows. On Mac, the current state of play is as follows:
  • You should get the free OneDrive app from Mac App Store. If you have previous beta versions or anything like that (which never worked particularly well), uninstall them before installing this.
  • Once you start and connect OneDrive to your Office365 subscription, your personal files will automatically sync to the OneDrive folder. It seems to work reasonably well.
  • However, files shared by others to you will not sync. The feature is just not implemented yet.
  • If you access Sharepoint or OneDrive from the website and click on the Sync Now button, the website will generate a link that looks like this: grvopen://http-etc-etc and pass it to the browser. By default this grvopen protocol will be associated with OneDrive and do nothing, because (guess what?) the feature is not implemented yet.
  • However, if you have a virtual machine with Windows and Office installed, there is a chance that the link will be passed to the Sharepoint client running on that machine. You probably don't want that: it will likely break things once the feature lands in OneDrive for Mac. So you can follow these instructions for VmWare Fusion to stop it from happening. Make sure to click on Clean Up Applications after deselecting Open your Mac files and web links using Windows applications. (Other virtualization products will have different ways of doing this, check your docs.)
I can see a forced approach where you configure OneDrive in your virtualized Office to use the same folder that OneDrive for Mac is using, but I expect this would bring up all sorts of issues. These sync programs do a lot of dirty tricks with file metadata and I'd rather not risk precious company files. I guess I'll just wait for MS to bring feature parity to OSX, and use the website in the meantime (which is actually slowly improving as well).

18 June 2016

Python SDK for Azure Basic Tutorial

As Spider-Man would say, from great enterprise comes great complexity. Microsoft cloud services are very, very enterprisey; which means they're also absurdly overcomplicated. One can probably spend most of his 30-day trial simply wandering around their dozens of different "portals" and "account management" screens. So here's a simple tutorial on going from zero to spinning up a VM with the Python SDK. (This is a work in progress, but hopefully it saves you the headaches I got).
  1. Sign up for an Azure free trial. You'll need a phone and a credit card, because MS requires verification like pr0n sites of yore.
  2. WAIT! DON'T DO ANYTHING! After the signup is successful and you're sent to the dashboard, chances are that your account is not actually fully formed, and you might be getting a lot of prompts about signing up for a Pay As You Go subscription. Wait 10 to 15 minutes. Grab a coffee; check Hacker News; live the enterprise life.
  3. close your browser and go back to the portal.
  4. Go to your active directory
  5. Create a Global Admin user by clicking on ADD USER (not the giant NEW, that would be too easy!). Write down the temporary password. (Note: I've no idea whether it has to be a global admin, but we're just trying to keep things simple here.)
  6. Now you have to associate the user to your Azure subscription, because you created it, it's in your AD, but obviously it's completely unrelated to your resources. Enterprise life! Go back to Azure portal, click on Subscriptions. NOTE DOWN YOUR SUBSCRIPTION ID, you'll need it later.
  7. Click on the subscription then Settings
  8. Click on Users (bottom right)
  9. Click on Add, select the Owner role, then add the new user to it. (Note: again, Owner is probably a bit too powerful, but we're trying to keep things simple.) Reference here.
  10. Now open a Private Window in your browser, or sign out of your account, because you have to log on the same portal as the new user.
  11. After logging on, you'll be forced to change the password. Done? Good; log out, close the window, the web-based ordeal is officially over.
  12. Create and activate a virtualenv (this procedure will differ depending on your platform/setup, reference here):
    mkdir azure_test && cd azure_test
    pyvenv-3.5 env
    source env/bin/activate
    pip install --upgrade pip   # this is optional but good practice
  13. install the Azure sdk
    pip install --pre azure
  14. Launch python and get cracking:
    sub_id = 'your-sub-id'  # you should have got this earlier, it's visible in "Subscriptions"
    # authentication reference at
    # http://azure-sdk-for-python.readthedocs.io/en/latest/resourcemanagementauthentication.html#using-ad-user-password
    from azure.common.credentials import UserPassCredentials
    credentials = UserPassCredentials('yourADuser@youraccount.onmicrosoft.com','youropassword')
    from azure.mgmt.resource.resources import ResourceManagementClient
    resource_client = ResourceManagementClient(credentials, sub_id)
    # one-off registrations, supposedly you won't need them next time
    # create the clients
    from azure.mgmt.compute import ComputeManagementClient
    compute_client = ComputeManagementClient(credentials, sub_id)
    from azure.mgmt.network import NetworkManagementClient
    network_client = NetworkManagementClient(credentials, sub_id)
    from azure.mgmt.storage import StorageManagementClient
    storage_client = StorageManagementClient(credentials, sub_id)
  15. Now follow the code to create a VM here, skipping the 4 lines that define resource_client, storage_client etc, because you already have them.

16 June 2016

The Nifty Minidrive is a Nifty Hack

I know it's fashionable to hate on the Nifty Minidrive: "overpriced SD adapter!" "I can get an equivalent one for $2!". Truth is, it's an ingenious hack; a well executed, high-quality concept conceived by two local Manchester lads with a Kickstarter campaign. I've tried the cheap alternatives and they just don't compare.

Yesterday I was in Staples (aka Home Depot) for various reasons, and on a whim I picked up a Sandisk 128GB SDXC card to replace the 64GB one I was already using with Nifty. A quick swap, and now I have a grand total of 640 GB of space on my MBPr. That was just too easy!

(This said, I hope Apple hurries up with the MBPr refresh so I can buy a new laptop with 1TB disk. I was really disappointed by the lack of hardware announcements at WWDC; my current MBPr is now 4 years old but I'm not going to drop two grand on a new machine with chips from 2014...)

25 May 2016

Change your login background in OSX

A little something for my long-suffering OSX readers: a simple script to change your login background. Note that images must be in PNG format.

Copypaste the code above, save it as /usr/local/bin/set_login_background.sh, and execute like this (the first line is necessary only on first usage):

sudo chmod a+x /usr/local/bin/set_login_background.sh
sudo set_login_background.sh /path/to/my-new-image.PNG

14 March 2016

WebCrypto and GPG - yet another missed opportunity

(Preface: I’m not good at crypto. My brain is just not big enough to juggle the necessary math. What I can do, in most cases, is juggling the basic concepts (private/public keys, certificates, chain of trust, hashing, signing, salting, encrypting, ciphers, etc) and parsing crypto-jargon enough to get by. I like to believe I belong to the silent majority of web plumbers out there — as far as I know, the world of real cryptographers and crypto-developers is still very small. If anything I say here is wrong, by all means let me know in comments.)

I’m yet again dismayed at the stubborness of crypto-nerd in making things as awkward as possible for the rest of us.

I’m currently trying to setup a simple browser extension to verify signed data, given public keys. A fairly mundane problem, one would think; and sure enough, browser vendors recently started to implement secure interfaces for this sort of operation. Great!

So let’s import a public key to verify some data. What is the most popular key manager/generator out there, something that has been around for 25 years in various incarnations? PGP/GnuPG, of course. So I export a standard RSA key in the classic armoured format and… nothing. SubtleCrypto.importKey() does not support it. Most examples I got from googling (like these excellent ones) use JWK, yet-another-JSON-format-invented-yesterday. There are a bunch of tools out there to convert OpenSSL PEM keys to JWK (for Node.js, unsurprisingly), but nothing straightforward for PGP/GPG. No biggie: considering GnuPG is only at the core of software distribution for (almost) the entire world of Linux, it’s understandable that it could be overlooked... /sarcasm

In the end, one could probably get by using hacks like the one described here. To be honest, I’ve not tried — by the time I found it, the evening had gone and the level of frustration was too high.

Projects like Let’s Encrypt demonstrated very clearly that everyday cryptography is held back by inconsiderate and hostile interfaces; once you remove them, people adopt it extremely quickly. It is understandable that legacy implementations (X509 and so on) will be awkward; but brand new interfaces which are supposed to gain widespread popularity outside the small circle of crypto specialists, designed in the last decade, should be better than this.