seanwillson.com

while surfing the mac hint sites yesterday i saw a posting about how-to set up mail.app to use a thawte certificate to send signed and encrypted email messages. i was pretty geeked, but then i wasn’t sure if i wanted to give thawte my information, just to get a cert (big brother and all). why couldn’t i create my own certificate authority and sign my own certs. there really was no technical reason, trust reason yes, technical no … so i did just that …


first i went to google and did a search on “open ssl cert generation” and turned up this very useful page. i followed the directions in the “setting up your openssl ca” section. in short i created my ca keypair ( openssl genrsa -des3 -out CA.key <key_size> ) with a key size of 1024. i then created my ca certificate ( openssl req -new -key CA.key -x509 -days 1095 -out CA.crt ) with the 1095 days as my validity time. this is straight out of that webpage, nothing different yet. once your there be sure to do as the author said and secure your files with the proper permission, i used ( chmod 400 <filename> ) to protect each of the generated files.


now is where the directions vary from the origional thawte directions because we have to get our cert as a trusted authority before we can import it into our keychain. to do this open up the finder application and goto the directory where you stored your certs. double click the .crt file that was generated in the above steps, this should launch keychain access application and ask you where you want to import this cert into. choose the x509 anchors from the list and click ok. this will add your cert to the trusted x509 authorities. you should be prompted at that step for your administrator password.


now that we have the cert trusted we have to generated a p12 certificate like the thawte directions did. to do this you need to run another openssl command to generate it (openssl pkcs12 -export -inkey CA.key -certfile CA.crt -in CA.crt -out mycert.p12). once this was generated double click on the mycert.p12 file in finder and imported it into your login keychain. once it’s imported into keychain access you need to give mail.app permission to access this certificate.


after that your done, just quit mail.app and restart it. you should have all of the features defined in the thawte posting and can send signed and encrypted email messages.


as a note, if you want to print out your x509 fingerprint for your cert you can use this command ( openssl x509 -fingerprint -noout -in CA.crt ). also, if you want to view your x509 anchors you can import this keychain into the keychain access application by going to file -> add keychain and selecting it from the /system/library/keychains directory. you should see your generated cert in that trusted list now. enjoy and let me know if you have any questions.

on the way into work today i was coming out of union station and i saw the front page of a local news paper with the headlines “we’re doomed!!!” it was in huge letters on top an x-ray image of the sun. the picture was referring to the recent solar flare that was ejected from the sun yesterday. it was the 3rd strongest flare in “recorded” history (which for solar astronomy isn’t that long).


my gripe isn’t with the fact that they were reporting on the story. hell i’d love it if the media reported on any astronomy news, but the fact is they never do and when they do, it’s usually badly written sensationalistic journalism. do we really need millions of hysterical people worrying about ejected plasma from our sun hitting the earth’s magnetic field? well yes we need people “thinking” about it and realizing that it’s happening but it does noone any good to over dramatize it. if they had just reported the story, presented the facts and printed the amazing imagery we’d have been well served. hell i bet people could have actually learned something about our local solar system. instead we’ve turned it into next summers bad action movie starring bruce willis.


come on people, wake up and smell the plasma (bad astronomy joke i know). is everything about exploiting something or someone for the almighty $$$? i really honestly hope not. if your really interested in learning about space weather alerts, warnings, and forecasts you should check out the space science center, a division of the national oceanic and atmospheric administration. if your interested in sensationalism in the media stop purporting to caring about your planet, go sit in the corner, and read your news paper.

i’ve successfully converted my collection (2500+ songs) of 256 kbps mp3’s to 192 kbps aac. it’s essentially mp4 if you look at the standard, except that it’s more advanced thus it has more benefits. it has improved compression which means that i get the same or better quality as my mp3 and it takes up less space. typically, a cd of mp3’s imported at 256 kbps was taking up about 120 mb. with aac i get the same high quality sound in only 80 mb. that means i can fit more songs on my ipod. aac also supports mulitchannel audio, higher resolution audio (rates above 96 khz), and improved decoding efficiency (i.e. your machine isn’t pegged when you importing). i was able to take my collection from 18 gb of space to 16 gb. of course while i was reimporting all of my audio i found a bunch of cd’s that i wanted to add in so now instead of having 2500 tracks i have 3000 tracks in the same space. not to shabby if i do say so myself.

this weekend amy and i are heading to michigan for my brother and sister-in-law’s baby shower. yours truly has been working his butt off thinking about, researching, and using my new computer to write up the games. amy and i are going to be mc’ing the games and most of the event. we have a lot of fun games planned and are really excited to see everyone and have a great time.

i’ve spent most of the weekend getting my recently purchased and configured powerbook reconfigured to use panther. i did a complete backup of my home directory and then performed a clean installation of the os. I read a few posting from various forums about people that had trouble doing an upgrade so i figured i’d rather do one install instead of two in the event that it failed the upgrade.


my first impression thus far has been in a word, comfortable. i’ve always thought that osx was a intuiative operating system but it has always been missing a flow. they never seemed to get things working as smoothly as you would expect, yet it was still better than windows. well with panther it’s all changed. the new exposé and fast user switching are really pushing the apple operating system into new areas where others can do nothing but copy. you can’t really imagine how useful or smooth exposé is until the first time you use it. to instantly see every window you have open on the computer or within an application makes navigation a lot easier. i always have tons of applications open and it takes forever to find my way around sometimes. this makes a time consuming task a simple task for anyone to do.


i was also pleased to see apple steal a feature from windows, the alt tab view that shows your currently open applications. they of course added a bunch of features that windows doesn’t have and likely will end up copying from the mac. you can use your mouse to navigate through the view and you can hit “h” to hide the application or “q” to quit that application.


an another great application enhancement is their threaded discussions in their mail application. i know, something simple that every other application has had forever right? yes, and no … they added a nice threading view but took it one step further and allowed you to thread between mailboxes and folders. imagine having your inbox with a bunch of messages and no context to what you said in the thread. that’s easily solved by command clicking the sent mail folder and you instantly have all of the messages from that mailbox threaded with the other messages so you can see flow. pretty cool ahe?


in short i love the changes they made, i love the new brushed metal interface on more applications, the subtle color changes, and improved usability, and more. i could go on for hours but you get the point. if you own a macintosh i highly recommend you upgrade to panther.

my copy of panther arrived today while i was at work. i’ll be installing it tomorrow with brawnski. i have to backup my data in case something bad happens first though. thank god for the ipod, it’s my little harddrive that could. i’ll let you know how it goes tomorrow hopefully. i’m looking forward to working the the new xcode development tools. i have a bunch of ideas on things applications to write for my replay tv.

i installed the demo version of netnewswire a few weeks back but was unable to get the weblog posting piece working. as you likely already know i’m running movabletype to run this blog. anyhow, i was ready to give up on netnewswire until i found a posting on the yahoo soap::lite perl forum that described my problem and provided a workaround.


in short if your running movable type and you use iis on windows (not that there is another operating system supported) and can’t seem to get xml-rpc, soap, or blogging tools working then you likely have this problem and don’t even know it. to fix it you have to open the HTTP.pm file in you extlib/SOAP/Transport/ directory. do a search on SERVER_SOFTWARE and the line before it occurs the first time place this snippit: undef $ENV{SERVER_SOFTWARE};


that’s it, the next time you try to xml-rpc, soap, or your favorite blogging tool (which all use xml-rpc) it should work. i hope this helps someone else as much as it helped me.