Today I release DfontSplitter 0.4.2 for Mac. This is a critical security update that fixes an issue relating to the Sparkle software update framework when the update pages are served over HTTP. As of 0.4.2, the update pages are now, naturally, served over HTTPS. (It was more than five years ago when the last release was made!)

The vulnerability means that in a scenario where an attacker could launch a man-in-the-middle attack during a Sparkle-enabled app’s update detection process, arbitrary JavaScript could execute in the WebView hosting the release notes. Due to the context that the WebView runs in, the app could then be convinced to run local files, expose local files to a remote server and even execute arbitrary code. More details and a full breakdown are at the post on Vulnerable Security.

This update fixes the Sparkle-related security issue by updating Sparkle and requiring HTTPS for all future DfontSplitter app update communications. Due to new build requirements in Xcode 7.2, the application now requires at least OS X Snow Leopard (10.6) and a 64-bit Intel processor.

The automatic updates feature within DfontSplitter should detect the update, but you can also download and install it manually.

Thanks to Kevin Chen for pointing out the existence of the issue with Sparkle and that it affected DfontSplitter. I had somehow missed the original reporting of the vulnerability, so I particularly appreciate Kevin bringing this to my timely attention.

The astute among you may note that in the Info.plist for this update, I explicitly disable the OS X 10.11 SDK’s check for HTTPS forward secrecy in the HTTPS communications to the update server. Once I figure out a cipher suite configuration that I am happy with, and understand, in Pound (my reverse proxy acting as the TLS terminus), I will update the app again to require forward secrecy.

About a month ago (whoops!), I released another open source project into the wild, SaveTimer.

This was one of those “wouldn’t that be a cool idea” moments that spontaneously resulted in a modest little project. The whole thing was conceived, built and published in the space of a few hours!

Save Timer

Notify a user if they have not saved in a ‘watch directory’ for a certain interval.

Basic Description

This is a very simple application, written in C#/.NET 4.5.2, which observes a specified ‘watch directory’ on a given interval. The most recent file in the watch directory is examined to determine its last modified time. If this is older than the specified interval time, the user is shown a message reminding them to save their work. The user can suppress the messages for an indefinite period of time by right-clicking the icon in the ‘clock box’/system tray and choosing ‘Stop reminding me’.

This was written to support academic examination access arrangements, where users are intentionally only given access to a cut-down word processor such as WordPad, without spellcheck support. Unfortunately, WordPad does not autosave, so this application provides a regular reminder for the user to save. In this usage, the user is given a blank mapped drive to save in. In addition to the regular save reminders, the application also ensures that the user has saved in the correct directory to avoid data loss and ensure compliance with controlled conditions of where they must save.

SaveTimer logo (the Dashicons clock, licensed under GPLv2 or later with font exception)

At the risk of sounding immodest, one of the most enjoyable things about this project was jumping right back into the C#/.NET environnment, with which I have spent less time recently, and discovering that I still had all of the intuition of how to build the functionality I desired. Perhaps this is testament more to Visual Studio’s IntelliSense suggestions and the simplicity of the application, rather than my memory, but it nevertheless was a rewarding feeling to quickly go from zero to an app that does a specific task quite well!

I’m also pleased to say it ran in… shall we say, production… without causing any issues. If it saves one piece of work, I think it will be worth it!

SaveTimer is released under the GNU GPLv3 or later. The code is available on GitHub and you can also download a ready-to-run executable, if you have .NET 4.5.2 installed. No installer required!

As I move closer to the significant milestone of one decade of having this personal blog, I felt that it was time for a significant overhaul of the look and feel of this site, as well as some of its non-blog post content.

Enter the 5.0 release! 🙂

Responsive and Refined…

Rather than evolving the existing stylesheet and making changes, I actually started over, using a new SASS-based CSS workflow. If you look really hard, you will see bits and pieces of the old CSS hanging around that I have migrated forward for the moment. In the fullness of time, though, any of the old code should be gone!

The result is a site that is truly responsive — it is designed for small screens first, then it scales up to larger displays, rather than having a full-size only layout, but removing content for display on smaller screens. I did have a retro-fitted responsive system before, but this approach is much cleaner and delivers a more consistent result.

A Font First!

Adding to the use of Colaborate for headings from my last design refresh, this design actually débuts my first experiment with editing fonts.

Thanks to the GPLv3 licensing terms of Colaborate, I was able to take it into TypeTool, and tone down its rather characterful lowercase ‘t’ for use as body text. The result is a custom font that, while it has its imperfections with kerning and missing ligatures, is an exciting first experiment for me — putting my interest type design to some practical use. I hope I will look back upon this first experiment with embarrassment later on when I have learned so much more, but for the moment it is very gratifying to have something to say “I did this” about!

You can download my source files for this font. This font, as it is based on Colaborate, is also licensed under the GPLv3 with font exception.

A More Modern Portfolio

The content on my Portfolio page had definitely aged, and was long overdue an overhaul. It now focuses on four main areas — Devops and Automation, Systems Administration, Web Development and Software Development.

More to Come!

As mentioned, this is a big change, but that doesn’t mean I am done! There are various other places where older content and design still might be evident, and I hope to get to more in the coming weeks.

NOTE: for the latest release of DfontSplitter, please link to https://peter.upfold.org.uk/projects/dfontsplitter.

The software development wheel has been turning again and I can now announce DfontSplitter 0.2 for Mac OS X.

DfontSplitter is a program which allows you to convert, or split, a Mac OS X .dfont font file into one or more TrueType font files (.ttf). TTF files are much more portable than this Mac-specific format.

This new release sports an entirely new interface built in Cocoa. It is a great improvement over the previous AppleScript interface which required a lot of unnecessary clicking and was generally quite horrible. The new interface also supports batch converting; you can drag several dfonts into the sources list and convert them all at once.

To download, please go to the DfontSplitter project page.

The DfontSplitter icon is from the Oxygen Icon set and is licensed under the Creative Commons BY-SA 3.0 Unported licence.

I have had a bug in DfontSplitter for Windows reported to me, which I have been able to confirm. On at least the following systems, the resulting TTF files that the program converts are reported as corrupted by Windows:

• Windows XP Professional SP3
• Windows Vista Business SP1

On my original development system, which was Windows XP Gold (unpatched – and also not connected to the internet), I had no problems.

This issue does not affect the Mac version of the software.

I am looking for anyone with access to Windows XP SP2 (or SP1, or XP Gold) to see if the problem is present there and hopefully from there I can work out if anything can be done, or how to potentially resolve it.

If you can help me out and you run or can run on one of these systems, please let me know by commenting below or email me.

For the time being, I can’t be sure which versions of Windows DfontSplitter will run on correctly. Sorry if you did download it and it didn’t work. 🙁

It’s been a while since I last did a video tutorial explaining how to use SleekTabs, so I thought I would dig up the project again and try to explain how to use it a little better.

The result has been my day’s work today. It’s a two part tutorial, showing you how to first set up a simple three-tabbed static web page with Ajax support, and then moving on into part two to show you how to configure fallback support (something that I never touched on previously).

Part 1

Part 2

More info about this tutorial, including the source files for this demo project, and a link to a live working completed version, is available on my documentation wiki.

I am aware that the audio quality is far from good – there is quite bad noise on the audio track and some obvious audio transitions that I really could have done better. However, I still think it’s a good resource for explaining SleekTabs and I’d love to hear any further feedback on either this or the program itself.

I’ve been a developer in PHP for quite some time now. I don’t honestly remember when it was that I first got a working WAMP setup, which kickstarted my interest in web applications with PHP, but I certainly remember how rewarding it was to finally get it up and running and be able to start with PHP.

Since then, I’ve embarked on a fair few projects in the language, and it has served me well for a lot that I’ve done with it.

I think the time has come, though, to expand my web application and programming horizons and look at something else.

I meant to blog about quite a long time ago, but I’m now investing time into learning Django (and therefore Python as I go along).

I bought Sams Teach Yourself Django to give me some direction in my learning of the framework. From what I’ve gone through (up to Hour 10 out of 24), I’m finding it a very useful tool to help me have a project in which to learn. I might follow up with a more in-depth review of it (either here, or on FOSSwire) if I think it worthy, once I’m done with it.

I’m also liking Django. While it lends itself more to larger projects than to small one-time scripts, it is an impressive framework on top of Python that automates lots of the things that you have to micro-manage in PHP.

Having said this, my ventures into the realm of Django and Python do not mean I’m abandoning PHP. Just as I’ve done with running Mac OS X alongside Linux without abandoning Linux, Django will become an addition to my repetoire, not a replacement for PHP. As always, it will be about the right tool for the job.