Mac OS X has improved support for encryption on many levels. There is the FileVault feature storing your home directory in a dynamically growing disk image that is encrypted using the AES-256 encryption standard which can currently be considered to be quite safe. Although the feature basically works I would recommend waiting for other bravehearts to gain some experience with it as it is potentially endangering your files. I have seem at least one encrytped home directory being destroyed completely after a forced reboot on an early Panther beta version. It might be that Apple has cleared out all nasty bugs now, but you never know.

Improved handling of SSL is also part of Mac OS X as you can now have a user interface in the Keychain application to store X.509 certificates (CERTs) in your and the system certificate keychain (X509Anchors, residing in /System/Library/Keychains). For instance, if you visit the encrypted version of the CCC Home Page you will get a warning in Safari that the certificate is unknown and you might be in trouble. The only reason for this is, that the System (obviously) does not know anything about the CCC‘s own Certificate Authority (CA) handing out signed certificates for SSL encryption of web sites and mail servers. But as the public key of the CA‘s certificate is online, you can add that knowledge to your system easily.

1. Get the CCC CA‘s certificate from http://www.ccc.de/ca/cacert.pem. This is stored in the so-called PEM format, which is the BASE64-encoded („ascii savvy“) version of the ASN1 DER binary format (see here for an explanation).
2. Once downloaded, double-click or drag the file to the Keychain application. A window will pop-up allowing you to review the certificate‘s contents and to store the CERT in the Keychain of your choice. In order to make Safari accept the CA, you have to select the X509Anchor keychain, that resides in your System directory. Storing the CERT in your private keychain is possible but useless.
3. Relaunch Safari and connect to the CCC Home Page via HTTPS again. There shouldn‘t be any more warning messages now.

I have described the process for doing the same thing with Mac OS X 10.2 before. This is now obsolete as the Keychain makes it a lot easier right now.

Even more intriguing, Apple has added the X509 certificate-based support for encryption into the Mail application as well. However, I still wasn‘t able to bring it to work as many Trust Centers spitting out certificate are giving out certificates in DER format only, which Keychain doesn‘t support yet (for no obvious reason, if you ask me, but better ask Apple). It is a bit disappointing they chose the X.509 way only leaving the Web Of Trust-based popular PGP/GPG encryption behind. Maybe they just wouldn‘t want to compete with PGP products and chose to focus on the X.509 standards.

Any hints for making X.509 encryption work in Mail.app would be appreciated. I tried it with various free example certificates from TC TrustCenter and Thawte but I did not succeed persuading Mail to offer me encryption buttons (as promised in the help system) or even to verify the signatures sent to me by the Trust Centers!

The trust centers themselves seem to be quite clueless as well as they still seem to live in a browser- and Windows-centric world, offering „certificates for Netscape Navigator“ and not realizing that CERT support has to be in the core of the operation system (and in case of Mac OS X, it already is). However, Joar has found a way by importing the CERT into Mozilla first and then converting it via Mozilla‘s backup function for inclusing in Keychain.

But beware: the X.509 approach to encryption is a bit problematic in my point of view. First, you have to give away your public key to public servers which is just an option in case of PGP/GPG. Second, you have to trust a trust center and other people have to trust the trust center that it trusts you to be yourself. There is no way of including your own first-hand-knowledge of identity of persons into this process. Actually, I wouldn‘t trust most of these trust centers, especially not VeriSign and all the sub-companies they already bought as they are far too close to the usual suspects in my point of view.

Mark Pilgrim, author of the always-so-excellent Dive Into Mark blog, has made an extensive review of Panther worth checking out.

Did you know? The middle east does no longer exist and the birthplace of civilization is right in the heart of Germany! On the other hand, does this mean the USA is planning a regime change here as well? You don‘t believe me? It was on the news: have a look for yourself. CNN can‘t be wrong! Can it?

Hmm. Just started a small weblog project on the University Of Arts Berlin to give the students something to communicate and design with. Interest seems to be high but as I failed turning everybody into Macheads so far I am in need for some good RSS readers on Windows. Can somebody point me to viable solutions?

I am not looking for the typical overfeatured and misdesigned Windows app that tries to do everything and fails in anything but something like NetNewsWire on the Mac: a simple tool to read RSS channels and (maybe as another tool) a simple editor program allowing to post to a Movable Type weblog.

I know there are some Windows tools mentioned on the external resources page of Movable Type but I am asking for first-hand knowledge and/or experience about the usefulness of some tools on Windows to recommend it to our students. Any helpful comment is appreciated.

„My favorite net things“, available in an audio version as MP3 (6.4M) and video version as MPEG-1 (46.8M) sings the lovely tune of the nerd in a digital world. [via 0x2a]

Joel Spolsky has posted an interesting summary of general understanding problems with encodings, character sets and Unicode in particular. Worth a read for every programmer.

His own weblog is a good example on how to do it right. Many people contribute to his web site by actually translating his content into various languages. So far there are 29 languages available and this a good test to see if your browser setup does it right. Wiith Safari and OS X everything displays like a charm. No missing glyphs, everything beautifully aligned. I love this machine.

So, auch wenn die Konfiguration ein wenig tricky ist, scheint das Setup für die neuen Weblogs immerhin zu funktionieren. So sind jetzt schon einige neue Weblogs eingerichtet worden und ein paar erste Postings sind auch schon zu verzeichnen (so berichtet Uli über sein Projekt zur Verwendung von Knochen als Stereoanlage) und Monika beehrt uns mit ihren Reflektionen zum Bloggging-Phänomen). Das ist doch schon mal was.

Tatsächlich hat das Blogging-Phänomen ja schon länger im Klassenumfeld um sich gegriffen. Ich schreibe schon eine Weile meine internationale Sektion, Jakob berichtet über alles andere als Raketentechnik und vereinigte sich jüngst mit anderen Gestaltern zu Neugriechen. Dazu versorgt uns Monika schon eine Weile mit täglichen Reflektionen aus dem Exil.

The fink project has started to fill the 10.3 stable and unstable tree with the ports already prepared in the 10.2-gcc3.3 tree. All the stable ports are available as binaries as well (via apt-get). This means, that there will be a long list of ported UNIX apps available once Mac OS X 10.3 ships.

You need to update your fink installation via fink selfupdate-cvs or fink selfupdate-rsync in order to get the new packages and change the distribution identifier in /etc/fink.conf to „10.3“ to get the new packages.

TidBITS presents a new eBook project worth checking out

No updates because I was busy testing my new Powerbook (which wasn‘t DOA but worked flawlessly once the correct RAM was installed) and digging in the dirt of upcoming OS releases :-). I will give my review on the new machine soon but I can say it is looking really good so far.