1Password for Mac Sync Problem

fourwheelcycle
fourwheelcycle
Community Member
edited January 2017 in Mac

I use 1P for Mac (not an account) on two Mac laptops, syncing to a local network drive folder. When I leave home I set the traveling Mac's sync to None so that it won't look for the network folder when it is away from home. When I get home I set the traveling Mac's sync back to Folder and it generally merges any new items or item edits I made during my travel with the network drive's OPVault.

Yesterday I was using my other Mac, which is always set to Folder sync, and noticed it only had 175 total items compared to 198 items on the Mac I use most frequently. I checked the 198 Mac's sync and realized I had left it set to None ever since I went on a trip over the December holidays. I concluded I must have added 23 new items while I was away and since I got home, so I locked 1P on the 175 Mac and set the 198 Mac's sync to Folder. I expected the 198 Mac's new items would be added to the OPVault, but instead the 198 Mac's item count dropped to 175!

Shocked, I set the 198 Mac's sync back to None and did a restore from its most recent 198 item backup. With 1P locked on both Macs, I deleted the OPVault from the 1P Sync Folder on my network drive, then I deleted the Data and Backup folders from the 175 Mac and replaced them with the Data and Backup folders from the 198 Mac. Finally, I opened 1P on the 198 Mac and set its sync to Folder, which created a new 198 item OPVault on the network drive.

When I opened 1P on the 175 Mac, with its sync already set to Folder, it worked fine and showed 198 items.

1P is working fine today, with both Macs set to Folder sync and showing 198 items.

Can anyone explain what may have gone wrong when I set my 198 Mac's sync back to Folder after it had been set to None for a month? Do I misunderstand 1P's syncing algorithm, and should I not have been surprised when the traveling Mac's item count dropped from 198 to 175 when I set it back to Folder sync?

Merging OPVault items after travel has always seemed to work fine in the past, so I am wondering if there may have been some special circumstance that caused the sync process to function differently in this instance.

One possibility is that I did try a trial of the account version of 1P before my holiday trip, but I ultimately stayed with the non-account version. Could there have been some residual from the account trial on the 175 Mac, and in the OPVault it synced to my network drive, that caused this result? Or, were there upgrades to 1P for Mac that I installed on both Mac's during late December and early January, while one was set to Folder and the other was set to None, that could have caused this result?

PS I have El Capitan 10.11.6 and the latest versions of 1P for Mac on both Macs.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Drew_AG
    Drew_AG
    1Password Alumni

    Hi @fourwheelcycle,

    Sorry to hear you ran into trouble after re-enabling Folder sync on your "traveling Mac"! Although I don't know for certain why that happened, I suspect it's mostly related to your sync setup, which can be problematic for multiple reasons.

    On both of your Macs, you have Folder sync configured to sync directly to the .opvault file on your network drive. Instead, you should configure Folder sync to point to a local folder on the Mac, and then use a sync utility / file copy tool (such as Chronosync, rsync, SuperDuper, etc) to copy the contents of that folder to/from the network drive. One benefit is that you would no longer need to disable/re-enable Folder sync on your "traveling Mac" - it would still sync changes to the local copy of the .opvault file, and when you are back home and have access to the network drive, the sync utility / file copy tool would continue syncing changes between the local .opvault file and the copy on the network drive.

    With your current setup, you're likely running into a problem with conflict resolution - for example, the timestamps of files within the .opvault bundle could have been modified incorrectly on the network drive, which could have caused the 1Password app to think everything in the .opvault was newer/more up to date than the database 1Password reads. This is a bit of simplified speculation, but perhaps gives a general idea of what could have gone wrong. When syncing via Dropbox (for example), 1Password is programmed to know how Dropbox deals with conflict resolution, and therefore it understands how to handle that. But with your setup, conflicts in the .opvault file cannot necessarily be understood by 1Password, and that can cause unexpected behavior. This can be amplified by disabling/re-enabling Folder sync with your setup.

    One benefit of using a 1Password.com account is that we have much more control over how the sync works on our own server. When using other sync options, other software or services are being used which we don't control, so when something goes wrong, we might not have full insight into what happened. If you don't want to use a 1Password.com account, iCloud and Dropbox are the next best options, as 1Password is programmed to work with those services. But when using Folder sync, 1Password has no way of knowing what your sync solution is up to in the background.

    I know this probably all sounds fairly vague, but I hope it helps give a better understanding of why your current setup can be unpredictable. If you need help switching to a different sync option or setup, please let us know. Cheers! :)

  • fourwheelcycle
    fourwheelcycle
    Community Member
    edited January 2017

    Drew_AG,

    You wrote: "the timestamps of files within the .opvault bundle could have been modified incorrectly on the network drive, which could have caused the 1Password app to think everything in the .opvault was newer/more up to date than the database 1Password reads."

    I have read previous posts, by you and others, which advise against what I am doing and recommend using separate sync software to keep my network drive folder synced with a local Folder on each Mac. I have not gone this route previously because all the sync software I have considered, including ChronoSync, CCC, and SuperDuper!, warn that syncing to a network drive is fraught with challenges and complexities involving preservation of complete file identity and integrity. This is all beyond me, so rather than using sync software I do not fully understand I have just been letting 1Password sync directly to my network drive Folder, which it has done fine until this recent episode.

    Your comment above about my network drive changing timestamps within the .opvault bundle is just one more thing I do not understand. My network drive is just a SanDisk SSD plugged into my TimeCapsule, it does not have any NAS management software of its own and I do not understand how it could change .opvault timestamps (I don't mean to be authoritative, I just mean it is beyond me). I can understand how the 1P installation on my 175 Mac might change the timestamps in my network drive OPVault, which could be the underlying problem, but I don't understand how the passive SanDisk SSD could change the timestamps by itself.

    This episode may cause me to think further about my setup, and possibly change over to a different sync folder configuration, but for now I do not think I will switch to an account subscription. I tried the trial and, as you suggest, I felt very confident it was handling all my syncing effectively, with the assurance I could recover from any mistake I might make since there would always be a master file of my encrypted items on AgileBits' cloud servers.

    However, I keep having (possibly irrational) concerns that if I switch to an account subscription I may some day receive an email from AgileBits like the one Dropbox sent to all of its users on June 20, 2011: "Hi Dropboxers, Yesterday we made a code update at 1:54pm Pacific time that introduced a bug affecting our authentication mechanism. We discovered this at 5:41pm and a fix was live at 5:46pm." This was a benign coding error by Dropbox, but it opened up all of their user files for a four hour period. It seems to me that with human frailties involved there will always be the possibility AgileBits might also accidentally introduce a coding error someday which could undermine the careful and extensive security protections you have built into your system.

  • fourwheelcycle
    fourwheelcycle
    Community Member

    Drew_AG,

    At your suggestion, I looked at rsync and found it warns specifically that using it to backup files will change the time stamp on the files from their original creation or most recent modification time to the time they were most recently backed up by rsync. Apparently additional Terminal command language is needed to tell rsync to preserve the time stamp on files, but online forum discussions note time stamp preservation is not always assured, and that using rsync between different computers on the same network or between a computer and a network drive can require different command language (something about "mounting nodes" that I do not understand).

    From all of this, I conclude that preserving original time stamps is not easy, even if I try to do it carefully with a separate sync facility. I think I am going to keep letting 1Password sync to my network drive OPVault, but I am going to be aware that if I return from a trip and forget to set my travel computer back to Folder sync I need to be very careful about preserving the most recent new items and edits in my network drive OPVault, whether they were made on the travel computer or on other computers I use on my home network, when I finally remember to set the travel computer back to Folder sync.

    If anyone who reads this comment has successfully set up their own local network syncing configuration using a USB drive plugged into their Airport Extreme or Time Capsule I would appreciate hearing from them about what they have found will work.

  • Hi @fourwheelcycle,

    Hrmmm... this is interesting. I'm not sure that I can explain what went on with your items in your initial description. Even taking into account the pitfalls of NAS based sync... I can't think of a scenario that would have caused that.

    NAS based sync in 1Password is very much on our Not Recommended list. There are two main problems with it:

    1. There's no file system events for it. If one device writes to the NAS drive, the other devices don't get notified of that write. This means that other devices won't know to do sync and import changes.
    2. Performing sync when the drive isn't connected can cause issues. 1Password has gotten better with this, but there's still cases where we try to read the vault on the NAS and 1Password will just hang for a long time before macOS tells us that it has failed to read the file.

    Neither of those issues should cause data consistency problems though.

    Note that every time you connect/reconnect sync like you've been doing, 1Password has to take a very conservative approach to sync and run full conflict resolution on every item. This can lead to conflicts in sync, which you would notice as some changes getting moved into a Conflicts section within the item.

    If you see this again, I would actually love to see a Diagnostics Report from the device that goes from a higher item count to a lower one after performing sync. It may have hints about what's going on.

    Rick

This discussion has been closed.