I read this BBC News story about mistakenly issued security certificates recently, which allowed the people with those certificates to impersonate any Google websites and intercept traffic to them. It struck me as quite significant that this particular story made it to &#8216mainstream’ tech reporting.

There is a more detailed, and perhaps more accurate, commentary on this attack on Freedom to Tinker. It perhaps may not have been ‘cyber criminals’ as the BBC reported it when I first viewed the story!

Anyway, given the attention to this issue, I thought it a good opportunity to review this kind of attack against SSL/TLS — the security system upon which we all now depend. More importantly, I wanted to show Certificate Patrol, an add-on for Firefox that would allow you to notice a suspicious change to an certificate and thwart this kind of attack.

The weaknesses inherent in having too many organisations that are able to issue security certificates for any domain are becoming more clear. While this kind of attack is extremely rare, at the moment, ‘at the moment’ is a very poor security response! Hopefully, more awareness of these limitations of the internet’s authentication infrastructure can help put pressure on browser vendors, website owners and CAs to make everyone more secure.

Not too long ago I put together a screencast which aims to introduce Mac users who haven’t played with Terminal or command lines before and try and explain some of the initial concepts and to get doing a few things.

I’d love your feedback on the screencast — you can watch it either at its page on The Stealth Mac podcast website or Part 1 and Part 2 on YouTube.

I’m not a fan of the new ‘Ribbon’ interface that debuted in Office 2007. I have been playing around with the new beta of Office 2010, where the Ribbon is now the standard user interface across the suite.

In this short screencast rant, I explain why I just don’t like this new user interface and how I don’t think it actually solves the issue it was designed to solve.

Apologies for the poor resolution and audio quality of this screencast; in future screencasts done using this method I’ll be sure to optimise things better.

Comments here or over on YouTube are welcome. I realise many people are happy with, or even passionate about the new Ribbon for good reasons too. I just can’t see how it does any good, yet requires extensive retraining of users!

Thanks to a great suggestion by Nick Charlton, I decided to put together a screencast demonstrating how to set up public key authentication for logging into SSH servers on the Mac.

Setting up a keypair and then using it to log in to remote systems, instead of remembering separate usernames and passwords, can be a bit of a fiddly business, but I hope that in this screencast I can show how to get it set up.

Set Up Public Key Authentication for SSH on the Mac from Peter Upfold on Vimeo.

Take a look and let me know what you think!

Find this tutorial useful?

UPDATE 2011-05-09: While some particularly stubborn fonts do require this process, users who have previously experienced difficulty with older versions of DfontSplitter should first try with DfontSplitter 0.3.1 or later, which include a possible fix for this issue.

I think I’ve finally found a solution to this annoying error message that Windows gives when you use DfontSplitter to convert some fonts and then try and use those converted fonts in Windows.

It involves using a third-party open source application called FontForge to convert the TTFs that DfontSplitter gives you from a Mac-specific TTF format into ‘regular’ TTF format.

A full tutorial on using this method is included as a YouTube video screencast below.

If you can’t or don’t want to watch the video, essentially the process is:

• Use DfontSplitter on the .dfont file as normal
• Open the resulting TTF files you want in FontForge
• Export each TTF file from FontForge with File > Generate Fonts. Make sure TrueType format is selected.
• Import the resulting TTF files into Windows fonts folder.

Please do let me know if this process works for you and give any feedback — especially if you’d previously had problems using a .dfont you had wanted to use on Windows.

It’s been a while since I last did a video tutorial explaining how to use SleekTabs, so I thought I would dig up the project again and try to explain how to use it a little better.

The result has been my day’s work today. It’s a two part tutorial, showing you how to first set up a simple three-tabbed static web page with Ajax support, and then moving on into part two to show you how to configure fallback support (something that I never touched on previously).

Part 1

Part 2

More info about this tutorial, including the source files for this demo project, and a link to a live working completed version, is available on my documentation wiki.

I am aware that the audio quality is far from good – there is quite bad noise on the audio track and some obvious audio transitions that I really could have done better. However, I still think it’s a good resource for explaining SleekTabs and I’d love to hear any further feedback on either this or the program itself.

UPDATE: This still is fine for 2.0.0.x, but UnPlug does not run properly on Firefox 3 and later, so if you’re on 3.0, this unfortunately will not work.

Firefox extension UnPlug is a very useful tool for extracting embedded video from all sorts of websites.

It can be a bit alien to work out how to use at first though, so I’ve put together a quick video of just over a minute that walks you through the process. It assumes you’ve already got UnPlug installed and loaded into Firefox.

Due to popular demand, here is a quick demonstration video of SleekTabs and how to add a new tab. It’s just under three minutes long and it shows you how to modify the example file (index.php that comes with the download) to add a third tab.

It’s only available at YouTube quality at the moment, but I’m working on getting a download to a higher resolution version up shortly.

UPDATE: full 640×480 quality in H.264/QuickTime is available here. 6.3 MB.

Also, if you want to see SleekTabs in action for yourself, check out this page which is the example file I modified during the screencast. There’s not much to see, but it was asked for.

Hope this helps those people who wanted to take a look before committing themselves to a download!

Unfortunately, my normal screencast solution isn’t compatible with the new 3D effects and all that stuff, so I had to do it the old-fashioned way this time, and point a video camera at the screen.

So this is what it looks like (YouTube embed below, so you may need to click through if you’re in a feed reader):

I did a screencast yesterday of getting Firefox 2.0 yourself on Linux, at FOSSwire, which also features a lot of Linux/FOSS tutorials, tips, reviews, articles etc.

If you want to know how to install Firefox on Linux yourself, then this screencast is for you!

Watch it here.

Enjoy.