Free SSL Certificates A Bad Idea?

Partially missing the point

I just found this site which is offering free SSL server certificates. Initially this seems like a great idea... but I think they miss the point slightly.

Wilst I'd agree with them that Verisign, Thawte (owned by Verisign) etc. are expensive for the service they provide, a large part of which can be automated, what they are doing isn't as simple as this page makes out.

As well as providing a certificate which provides encryption (which it's pretty trivial to do yourself without the sites need) they are also providing a trusted third party service (though, again, how far we want to trust Verisign is another matter).

This trusted third party makes a number of check on the applicant for a secure certificate, trying to legitimise the ir presence in the real world, and then sign the certificate. The signing means that you can be a bit more confident that the site you are engaging with is (relatively) legitimate.

I've just managed to set up a certificate through this site for one of my domains. The details aren't checked by them, and so I could have easily forged what I've entered. If they become a trusted Certificate Authority this certificate could now be used for phishing attacks.

One scenario is that users start to authorise all certificates issued by this Authority, without them being accepted by browser producers as a trusted Authority, and then being transmitted to a site which looks authentic, because the SSL certificate is there, and so seems secure. Most people don't look at SSL Certs - and indeed most, in my experience, are confused when they get prompts saying there is a problem with a cert, and take the path of least resistance not realising the implications.

In principal I like the idea of this kind of stuff, but it only works in a fully trustworthy world. And whilst it would be nice to be able to trust everyone it only take one 'bad apple' to spoil the fun for everything.

published 2005.02.25 updated 2014.11.03

That was close

Back safely from Thailand

For all of those who haven't asked we are safely back from Thailand and weren't in the area affected by the Tsunami. We felt the earthquake in Bangkok where we were on Boxing Day morning as we were about to head north to Chang Mai. As news filtered through to us, mostly via SMS, we realised how fortunate we were as we had planned to visit the Andamon sea a few days later.

Rather than panicing and returning immediately we changed our destinations around and headed to Koh Samui (instead of Krabi) for New Year. Those not directly affected in Thailand had to carry on with their lives, heavily supported by tourism. And not clogging up airports so that they could be used by those who needed them seemed the right thing to do, even if it felt a bit weird.

My thoughts are still with the family and friends of all those who were not as fortunate as Angie and I.

published 2005.01.08 updated 2014.11.03

'blogging' at 30,000FT over Siberia

Ok, I know it's not a first

but it's a first for me goddamit and so I just had to do it. iChat audio works very well via it too, can't get skype to work that well, but I think that might be a user problem *cough* ...

more details on the service on Lufthansa's site.

published 2004.11.16 updated 2014.11.03

Oh dear. oh dear. oh dear.

I know I'm not alone in this sentiment.

How could it happen? How could Bush be re-elected? Well, quite simply, because the two party system doesn't work. Is freedom really being able to vote for either of two people you don't agree with, or voicing your magnial beliefs in a vote for the other parties?

I think not. It's all a smokescreen. And there ain't know smoke without fire.


published 2004.11.03 updated 2017.06.26

the iPod myth

Why is it that iPod users are all theives?

I own an iPod.

I'm also a director of PostEverything that makes it's money from selling CD's.

Now, there is a common myth that exists in the Music Business, and the computer industry, that because I own an iPod I steal music. I see a lot of people say this, every day. Well I'd like to break some news to you. I don't. It would go against what I believe.

I buy CD's. I rip them onto my Mac, and I copy the MP3 files to my iPod. I then put the CD's on my shelves. I've got about 500 CDs. More than will fit on my 20Gb iPod.

This isn't to say I never download music. Yes, I download tracks from time to time. Mostly to check stuff out, which I then go and buy, or stuff that you simply can't go and buy. And despite the record labels objections there is a lot of music in this category... the thing is I could try and buy records second hand, but then the artists/labels still don't benefit from it anyway. Just whoever is selling it on ebay.

Another myth : only Apple can sell content for the iPod. No, I can buy MP3s from Bleep and they work fine on my iPod. I can also produce AAC files from CDS which are smaller and higher quality than MP3 files and put them on my iPod. all with free tools.

The problem that other suppliers have is that they can't use apple's DRM [Digital Rights Management] software to control how those music files are used. Apple have acknowledged that they only included DRM - and light, breakable DRM at that - to be able to get the labels on board.

I hope that's helped dispell a couple of myths about the iPod. As always it's the computer industry big wigs spreading fud to hurt another player. Kinda like gangsta rap...

published 2004.10.05 updated 2014.11.03

So predictable it's not funny

Once again a delay with Apple and new product delivery

Dear Apple Store Customer,

Thank you for ordering the new Airport Express!

We are very excited about the response to this great new product!
Unfortunately we cannot meet the previously estimated ship date
for this product and we now expect to ship your order by July
30th, 2004.

If you would like to track your order, please visit our Order
Status website at
Once your order has dispatched, you will receive a Shipment
Notification email, which will enable you to track your order.

Your business is very important to us, and we apologise for any
inconvenience that this change may cause.

Thank you for shopping at the Apple Store.

Kind regards,

The Apple Store Team

You really thought Apple would have learnt not to announce products until they are ready to ship, and would have had a good idea of expected demand by now. _sigh_

published 2004.07.15 updated 2014.11.03

Is today...

"International ask a stupid question day"?

published 2004.06.09 updated 2014.11.03

Burgled! (or Robbed?)

A rude awakening...

I was woken up at 4:30 this morning by the sound of creaking floorboards. Angie thought it might be a mouse. "Bloody big mouse". Armed with a mirror - it was there and it was heavy - I went to invetigate. Hiding behing my kitchen coutner I found a 5'8" tall Mediterranean looking man who claimed "I'm just looking for somewhere to squat, show me the way out and I won't cause any trouble" whilst flashing a knife.

I showed him to the door and as he exited noticed he'd picked up my camera bag which contained my Nikon Coolpix 5700, a pair of £185 sunglasses and , er, some other bits. But I wasn't going to get into a fight over it.

When the police came [as they did, promptly] they were really good. They found a ladder propped outside of my flat which had come from a local building site. The burglar had climbed up and through our bedroom window whilst we slept and walked through our bedroom without waking us. Scary.

The polcie got fingerprints, and we've had a look at mugshots, but who knows if anything will come of it. They seem to be taking if very seriously. And Angie and I seem to have dealt with any issues it may have caused, so all goes on.

My advice: don't sleep with your windows wide open!

published 2004.05.17 updated 2014.11.03
show menu