Bonjour sync not in OF 2? [A: Correct - use free WebDAVNav app instead.]

I just installed the OF2 beta for the first time, and as a natural starting point, I went to the Preferences menu to set up a sync with my other Mac where my primary OF1 database resides. However, the sync panel in Preferences appears to only provide 3 choices: No sync, the Omnisync server, or webdav. Is bonjour sync not going to be supported in v2, or is it just coming later? Using Omni’s server is not an option for me since I do have some work-related data in my OF DB, and my employer does NOT allow us to use cloud servers outside of our own control. (I would think this would be a fairly common restriction with large, security-focused, companies.) I don’t have OS X server, and would not be particularly excited about the prospect of configuring my own webdav server anyway, so the lack of Bojour sync would be a major loss for me in moving to v2.

Has Omni stated that Bonjour sync is coming later, or better yet, am I just missing how to configure it with v2?

Thanks,
Sam

dvcsam -
same concerns here. from the release notes, it would appear omnigroup is abandoning bonjour sync.

http://support.omnigroup.com/changes-in-omnifocus-2

i understand and know well that bonjour is flakey at times–have found myself cursing the inconsistent sync–but a reboot almost always gets me sync’d.

cloud sync is a deal killer and stand alone webdav server is expensive and unappealing as well.

hopefully there are enough like-minded folks that omnigroup restores local or adds a new local sync option.

heck, if the reports of apple restoring local, itunes-based calendar and contacts sync are true–due to the enormous number of users resistant to cloud-based syncing–it would be nice if omnigroup did same.

We do not currently have plans to reinstate Bonjour sync. Not only has it proven flakey (as @snakeears said), but it also runs afoul of Apple’s sandboxing rules.

We hope that most folks will be able to switch to Omni Sync Server or perhaps use this guide to run their own server. Or perhaps your employer would set up a WebDAV server you could use?

Wow, I am very sorry to hear this. I consider this a major functional regression. As I see it, I have four choices:

1. Stay on OF 1. This would be sad, given that I like much of what I’ve seen of the UI and new features of OF 2.

2. Move to OF 2, but abandon the iPhone and iPad apps, and stick to a single Mac-based OF 2 instance. (That is, no synch.) This might be the most reasonable choice for me, although I will especially miss being able to capture and view tasks at any time on my iPhone.

3. Move to OF 2, but do not use it OF for task management related to my job. Probably well over half of my projects and tasks are currently work-related, so this is not much of an option. And, no, there is no way my IT department would set up a WebDAV server for me, or even let me deploy my own.

4. Move to OF 2, but upgrade one of my Macs to OS X Server, and then have a go at setting up my own WebDAV server. I’ve never installed or run OS X Server, nor have I configured a WebDAV server, so I don’t really know what I would be getting into here. Unless Omnigroup only wants to appeal to the more techie types, I don’t think this would be an option for most folks.

I’m sure you guys are familiar with AgileBits’ very popular 1Password application. A while back AgileBits decided to move toward a cloud-based-only sync option between 1Password instances. The feedback from their user base was so negative that they eventually re-instated their Wifi-synch option. Cloud-only options are just not an acceptable answer for many of us.

Sam

Bonjour Sync is a requirement for me also.

Thanks
Ron

This is really sad. Need to start considering alternatives to Omnifocus then. I have all the company’s products for all the platforms - Omnifoucs has been in daily use with syncing to of1 from both my iPhone and iPad. Bonjour sync is really needed or then iCloud sync. Cannot put my data on Omni’s own servers and creating a webdav server looks way too much trouble…

Hey folks,

I think I may have found a solution to your liking. I did some searching (I promise I’m not being paid to say this, I just thought it might be helpful), and I found a German-based company named CloudSafe that provides a free WebDAV sync option individuals for up to 2 GB of storage.

Under their very in-depth Security section, in addition to being PCI and ISO 27001 certified, they explicitly state:

Employees of CloudSafe and our service providers are not able to access the contents of the safes. Furthermore we cannot retrieve your password. You can only assign this function to a minimum of two trustworthy persons - for reasons of security. This process is cryptographically secured and cannot be influenced by us.

and

We do not store your password. CloudSafe cannot view your stored encrypted data. In order to ensure that no one can guess your password we only permit sufficiently secure passwords for encrypting your private key.

Of course, in the end it’s up to you whether of not you feel comfortable trusting them, but it does look like a promising option. I created a free account with them, and it’s emphasized several times that your password must be sufficiently secure because it cannot be recovered if ever lost.

Best of luck!

– Chris

Unfortunately (but reasonably), for many companies storing data on any external server is a non-starter, regardless of what their claimed security policies are. I agree with the others - this limits the utility of OF and stops me from using on mobile devices.

This is a terrible decision, and one without need or basis.

I have hundreds of OF users at my company (out of tens of thousands of mac users), who will all have to find an alternative product. Corporate policies (at most organizations) prohibit use of third party cloud services, and securely configuring a webdav server is far beyond most users capabilities.

And frankly, I wouldn’t even use it if it were allowed. I don’t put my own confidential information into cloud services, especially ones that I don’t pay for (which means that the SLA is usually poor, and the recourse against downtime and security breaches is exactly nil). Just because you can do cloud, doesn’t mean you should only do cloud.

Unless local wi-fi syncing is restored (it does not have to be bonjour - the agile bits reference is right on target), we will all have to look for a new GTD solution. At the very least, bring back bonjour syncing, but put it under an ‘unsupported/advanced/figure it out yourself’ button.

I’m not sure I understand. Local Wi-Fi syncing is already available—right now—in OmniFocus 2 as an advanced / figure it out yourself option. I use it all the time:

What is gone is the feature where OmniFocus would try to automatically configure Apache for you (which it can no longer do from its sandbox), but that doesn’t stop you from configuring Apache on your own—either by looking at how OmniFocus 1 used to set this up (as a starting point, anyway), or by following any of the numerous guides out there for setting up WebDAV on an Apache web server. (Note that this server doesn’t have to run on a Mac, which means your IT department could set it up on any Apache web server they might already have for internal corporate use.)

We understand that easy-setup local syncing is useful: we are, after all, the folks who invested a lot of time building this functionality for OmniFocus 1 in the first place. We would love to provide an easy way to set up your own server again, and we might very well do just that with an independent download of some sort. It’s just difficult to provide that functionality from OmniFocus 2, given the limitations of staying within our sandbox.

(We were hopeful that Apple would be providing this as part of OS X Server, and they did get part of the way there. Unfortunately, their default setup seems to have some implementation bugs, which means we end up having to explain how to work around those bugs which is more work than just explaining how to set up Apache from scratch in the first place.)

You hit the nail on the head. As I noted in my followup email, the bulk of my users aren’t sophisticated enough to figure out how to enable it - securely - themselves. It’s ‘securely’ that’s the challenge. Even a step-by-step guide is likely to encounter resistance from our corporate security folks, but an automated tool (even a separate download) would probably pass muster - as long as it didn’t involve downloading and installing OSX Server (which triggers a whole different set of security policies).

If it’s a mac app store sandbox problem, well, then advanced users should buy directly from the OF site (which gives you more money anyway), or there may be another option.

I don’t know if you know the AgileBits folks, but they found a way to make wi-fi syncing work without having to deal with all the bonjour problems that have plagued the OF solution. It’s a direct sync, within the app store sandbox, without dealing with Apache, so it’s more secure. easier to configure, and a great solution. Maybe you could contact them and borrow/reuse/buy the code?

And just an update, after checking with our security folks, running a WebDAV server on a workstation is indeed prohibited. So the current ‘advanced’ workaround, won’t work. We need a direct app-to-app sync. I’d like to get clear direction from Omni on this. If it’s in, then great, we’ll hang in there for OF2. If it’s not, then we’ll need to start a replacement search (and be very disappointed that we’re going to lose one of the great productivity tools out there).

OmniFocus has only ever synced using the open WebDAV protocol. If all WebDAV servers are prohibited at your site, then I’m afraid restoring the Bonjour server won’t help your situation because that server was itself a WebDAV server—it was simply configured automatically for you.

P.S. — Asking security folks about running a “WebDAV server” is sort of like asking them about running an “email server” or an “ftp server”: they don’t know anything about what content it might be serving, how access is being authenticated, or how traffic might be protected from eavesdroppers—so it’s quite reasonable for them to be concerned about it.

WebDAV itself is just a protocol, one which has been designed with a reasonable amount of care (and which has been rather battle-tested) in order to provide secure, authenticated access to a designated set of files based on a set of credentials. Those designated files could be a single file on your disk, or it could be your entire network. For OmniFocus syncing (or OmniPresence syncing), this server doesn’t need to have access to anything outside of its own sandbox.

Direct app-to-app sync using a bespoke protocol is likely to be much less battle-tested and may not have thought through all these issues, so it’s actually likely to be less secure than WebDAV (except, perhaps, for a little bit of security through obscurity—which is generally considered the least safe approach of security, since all it takes is one person figuring it out and posting to the web and suddenly everyone using that obscure protocol is insecure).

If it would be helpful, I’d be happy to have an email or telephone conversation with your security folks (or anyone else’s) to see what constraints would need to be placed on an autoconfigured sync server in order to help them feel comfortable about letting their users sync data between their own devices. (I’m pretty familiar with these sorts of security concerns, and know those teams don’t have the easiest job: before founding Omni, I worked as a systems programmer on a team which secured a network of UNIX systems hosting tens of thousands of untrusted users, all of whom had unrestricted access to the shell.)

Thanks for the offer, Ken. Security is the root issue, but the inertia required to overcome corporate processes to get a WebDav server stood up for OmniFocus in a corporate environment is far beyond the realm of possibility.

Our company has perhaps 100-200 users who use OmniFocus. Even still,
for a company near the top of the Fortune 50, OF users are a bug on a
windshield. Macs are gaining acceptance, but the issue is one of
getting on the radar, asking for capital expenditures for a “server”,
testing, etc. is completely beyond anything our little organic user group can muster.

When it comes down to it, our group will lose, if we’re even recognized at all.
For example, our legal team put a moratorium on the use of Omni software
for years when our legal teams couldn’t agree on EULA terms.
(Intellectual property was the issue here.)

On the other hand, local sync isn’t something they care about.
They don’t have to support it, test it, etc. It’s up to the individual
to ensure they are compliant with corporate policies.

Could Omni consider having a Bonjour-sync enabled app available
through your web site, and the sandboxed version in the app store?
Other developers such as ClamAV and Devonthink have taken this route.

In fact, our company still doesn’t know how to handle procurement through the “app store”. They’d prefer to buy a license.

In regards to security, Omni, like many others, was vulnerable to Heartbleed. According to this article, Heartbleed has been exploited for years.

Hi All,

Concerning your point #4, one does not need mac os x server to run apache or webdav. In fact, apache is already distributed with the “normal” version of mavericks. It’s just that the setup is a little of a pain in the neck, as it involves editing the apache conf files.
Maybe a stupidity, but couldn’t omni provide a simple app which would just start apache and configure it to use webdav only for the purpose of syncing with omnifocus (or maybe also omnipresence)?

Cheers

If this is the case, that would be an excellent idea, and one that would work for us.

As soon as you start using cloud services & online access points,
some employees stop differentiating WHICH clouds they use & trend toward whatever they personally feel comfortable using as though all are equivalent.

From that standpoint, I can understand that the most sensitive proprietary information is best kept off the cloud.
A “my bad” may not cut it if market-advantaging proprietary information is compromised.

HEARTBLEED is a shot across the bow when it comes to some of this.

Aside: If we look at the recent OneNote implementation on Macs - they require an online account just to test-drive their software! Time to chuck that strategy.

I’m not an OF 2 tester but I was starting to think about using WiFi sync for many of the same reasons listed here and then ran across this thread. Question - would it help any of you if you knew that your data was encrypted at the client? More challenging for the user but this can be done in a way that the data is really only user accessible - e.g. allow the user to provide a key or data password that only the client knows. CrashPlan is an example of a cloud service that offers this.

For services where they want to provide a web interface, this isn’t a good option. But as long as the focus for OF is on Mac or iOS clients, this would seem doable and a good way to help those who have corporate policies prohibiting your data being in the clear on a cloud service.

– Alex

Ok, so Apple just restored local contact and calendar sync via iTunes with last week’s release of iTunes 11.2.1–satisfying a clear user need.

Is it possible Omnifocus folks can create the local sync feature via USB-cable in OF 2?

Thanks