Today I release DfontSplitter 0.4.2 for Mac. This is a critical security update that fixes an issue relating to the Sparkle software update framework when the update pages are served over HTTP. As of 0.4.2, the update pages are now, naturally, served over HTTPS. (It was more than five years ago when the last release was made!)

The vulnerability means that in a scenario where an attacker could launch a man-in-the-middle attack during a Sparkle-enabled app’s update detection process, arbitrary JavaScript could execute in the WebView hosting the release notes. Due to the context that the WebView runs in, the app could then be convinced to run local files, expose local files to a remote server and even execute arbitrary code. More details and a full breakdown are at the post on Vulnerable Security.

This update fixes the Sparkle-related security issue by updating Sparkle and requiring HTTPS for all future DfontSplitter app update communications. Due to new build requirements in Xcode 7.2, the application now requires at least OS X Snow Leopard (10.6) and a 64-bit Intel processor.

The automatic updates feature within DfontSplitter should detect the update, but you can also download and install it manually.

Thanks to Kevin Chen for pointing out the existence of the issue with Sparkle and that it affected DfontSplitter. I had somehow missed the original reporting of the vulnerability, so I particularly appreciate Kevin bringing this to my timely attention.

The astute among you may note that in the Info.plist for this update, I explicitly disable the OS X 10.11 SDK’s check for HTTPS forward secrecy in the HTTPS communications to the update server. Once I figure out a cipher suite configuration that I am happy with, and understand, in Pound (my reverse proxy acting as the TLS terminus), I will update the app again to require forward secrecy.

As I move closer to the significant milestone of one decade of having this personal blog, I felt that it was time for a significant overhaul of the look and feel of this site, as well as some of its non-blog post content.

Enter the 5.0 release! 🙂

Responsive and Refined…

Rather than evolving the existing stylesheet and making changes, I actually started over, using a new SASS-based CSS workflow. If you look really hard, you will see bits and pieces of the old CSS hanging around that I have migrated forward for the moment. In the fullness of time, though, any of the old code should be gone!

The result is a site that is truly responsive — it is designed for small screens first, then it scales up to larger displays, rather than having a full-size only layout, but removing content for display on smaller screens. I did have a retro-fitted responsive system before, but this approach is much cleaner and delivers a more consistent result.

A Font First!

Adding to the use of Colaborate for headings from my last design refresh, this design actually débuts my first experiment with editing fonts.

Thanks to the GPLv3 licensing terms of Colaborate, I was able to take it into TypeTool, and tone down its rather characterful lowercase ‘t’ for use as body text. The result is a custom font that, while it has its imperfections with kerning and missing ligatures, is an exciting first experiment for me — putting my interest type design to some practical use. I hope I will look back upon this first experiment with embarrassment later on when I have learned so much more, but for the moment it is very gratifying to have something to say “I did this” about!

You can download my source files for this font. This font, as it is based on Colaborate, is also licensed under the GPLv3 with font exception.

A More Modern Portfolio

The content on my Portfolio page had definitely aged, and was long overdue an overhaul. It now focuses on four main areas — Devops and Automation, Systems Administration, Web Development and Software Development.

More to Come!

As mentioned, this is a big change, but that doesn’t mean I am done! There are various other places where older content and design still might be evident, and I hope to get to more in the coming weeks.

I have had a few design overhauls in my time here on this site. I haven’t, however, done anything significant to the site’s design since the beginning of 2012!

I have just finished another unrelated web design project with which I am very pleased, and, as frequently happens, it threw into sharp relief just how tired this site looked!

I am well aware that this site is also in need of a fairly generous content refresh as well — and I hope I will make some time to do that soon. For now, though, I hope the visual refresh keeps things going.

It is primarily a typographical refresh this time around. You might notice:

Who Shot the Serif, Part 2!

All serif fonts are gone!

Headings

Colaborate, by Carrois Type Design, replaces Charis SIL for the header at the top of the page, and also does significant service for header text across the site.

Body Text

Colaborate’s funky looking ‘t’ character adds… well, character… but it wasn’t working for me across all the body text. Body text, then, loses its traditional Helvetica/Arial choice from before, and uses Roboto by Christian Robertson. It’s being included via Google Fonts, which should keep things nice and speedy!

There’s More… (I Hope!)

I have further ideas to tweak and refine the design, and of course, a desire to get some new content out here as well. With any luck, there will be a bit of time soon to act on those things. Watch this space.

UPDATE 2011-05-09: While some particularly stubborn fonts do require this process, users who have previously experienced difficulty with older versions of DfontSplitter should first try with DfontSplitter 0.3.1 or later, which include a possible fix for this issue.

I think I’ve finally found a solution to this annoying error message that Windows gives when you use DfontSplitter to convert some fonts and then try and use those converted fonts in Windows.

It involves using a third-party open source application called FontForge to convert the TTFs that DfontSplitter gives you from a Mac-specific TTF format into ‘regular’ TTF format.

A full tutorial on using this method is included as a YouTube video screencast below.

If you can’t or don’t want to watch the video, essentially the process is:

• Use DfontSplitter on the .dfont file as normal
• Open the resulting TTF files you want in FontForge
• Export each TTF file from FontForge with File > Generate Fonts. Make sure TrueType format is selected.
• Import the resulting TTF files into Windows fonts folder.

Please do let me know if this process works for you and give any feedback — especially if you’d previously had problems using a .dfont you had wanted to use on Windows.

UPDATE: As of iOS 4.2, you can now change the font via Settings > Notes. No hacks required!

If you don’t like Marker Felt, the default font used when writing notes in the Notes application in iPhone OS, you can actually write in a different font. It’s not a feature that is exposed via the user interface — in fact it seems to be something that is an unintended side effect rather than a feature.

First, you need to enable the Japanese QWERTY keyboard. From the home screen, go to Settings > General > Keyboard > International Keyboards. Now scroll to Japanese, tap it and switch on the QWERTY keyboard.

Now fire up Notes and make a new note, or edit an existing one. Press the globe button at the bottom left of the keyboard to switch over to the Japanese keyboard.

Then type a character — doesn’t really matter which one — and immediately press the globe again to switch back to your default keyboard. The rest of this note will be beautifully typeset in Helvetica.