Current Project:
PGP/MacGPG
Everyone knows that email is inherently insecure... But, it's easy to forget about, or think nobody is looking anyway. This leads to a lot of very sensitive information traveling in clear text across the great wide internet. So, I've pursued various methods of securing my email. For my work address I have a thawte email certificate, which enables me to send encrypted and/or certified messages. This works very well for communicating with someone else who also has a cert from Thawte. Otherwise, it's pretty useless. If you're interested in using thawte with Mail in Mac OS X, check out this write-up from macdevcenter.
Other, like-paranoid individuals use PGP (Pretty Good Privacy). Also see pgpi.org. This, while suffering from the same problem of needing to be implemented on both sides, is, I think, more popular than Thawte and a bit more secure. So, I've decided to give it a try. Fortunately, it's compatible with Thawte, though only in the sense that they can be used with the same email account (i.e. not in the sense that you can use pgp keys to decrypt a message encrypted with a thawte certificate or vice versa). The process of integrating PGP with Apple's Mail application was a bit daunting, but I found several decent resources that eased the pain greatly:
- Mac Gnu Privacy Guard (Gnu Privacy Guard or GPG is a Gnu implementation of PGP). There are several useful apps here that make installing and using GPG on a Mac more... Mac-User friendly.
- PGP for Apple's Mail This is a bundle (think plugin) that integrates GPG with Apple Mail.
- Secure Encryption with GPGMail on Mac OS X This is a somewhat dated, but still useful, tutorial that steps through implementing GPGMail and MacGPG with Mac OS X and Apple Mail. Note: /usr/local/bin (the default install location for gpg) is not in the default path (as this article assumes). So, you will need to modify the $PATH variable or issue gpg with the full path (i.e. /usr/local/bin/gpg --options)
- GnuPG Keysigning Party HOWTO Even though, you're probably not yet planning a Keysigning Party (as wild and fun as it sounds, I can't imagine why not), this provides some useful practical information on using GPG once it's installed.
- The GNU Privacy Handbook And, if all else fails...
If you want to verify a PGP certified email that comes from me, here's my public key. Remember, to import, issue the following command: gpg --import /Local/Path/To/martin.gpg
Update: There's a great tutorial on this from the twit.tv network. The most recent macbreak is all about encrypting email with gpg/pgp. It is slightly dated already. The current version of GPG is 1.4.3. In the show, which was apparently filmed in March or April, the version Leo used was 1.4.2.2.
Recent Projects:
Redirect
Redirect is a package installer to assist you with Desktop and Documents redirects. This is for a Mac OS X managed client scenario. It allows you to have the efficiency of local preferences while keeping the Documents and Desktop folders secure on the server where they can be backed up. See the apps section for more info.
WGMA - Workgroup Manager Addendum
WGMA is a collection of tools that I have often wished were included in Workgroup Manager. Since, they aren't and probably won't be anytime soon. I wrote my own little app to accomplish them.
With WGMA you can do things like: restore permissions of every user's home folder on your server; copy a preference to every user's Library/Preferences folder; delete all the superfluous fonts that your users have installed....
Notice:
Microsoft has discontinued support for Internet Explorer for Macintosh. This means that, unless absolutely necessary, you should no longer be using IE on the Mac. This was already a relatively old browser and is becoming less and less compatible with modern web designs. It's also a good idea to ditch IE from a security perspective.