Posted on
by

I recently set up S/MIME for my email address. While in a day to day sense it is a lot simpler than PGP to use, primarily because native client support is near universal, the set up process was, to say the least, complicated.

By far and away the most complicated part of the process was obtaining the certificate required to sign and encrypt the emails.

Each certificate authority has a different procedure to obtain them; some requiring you to fill out an online form, some requiring a phone conversation (!!!), some would email you a link, others would offer you a direct download. Sometimes the certificate couldn’t be directly used, and would require you to install the certificate into your web browser, and then through some complicated process export them into a format that your email client could use.

S/MIME is mostly deployed within large organisations, so it is likely that it is envisaged that some IT department would take care of generating and installing certificates on a user’s behalf. But, if we want to see it more widely used, we need to streamline this process.

There is, in my mind, no reason why this process can’t be handled in a more streamlined way. Imagine setting up an email account in your mail client, wouldn’t it be cool if the last screen of the wizard prompted you to secure your email address, and gave you a short list of providers to click on? You mail client could then securely communicate with an endpoint, send the email address of the account, and then return and automatically install the generated certificate.

All that needs to happen is for the certificate providers to agree on some sort of protocol to do this, and for one or two email clients to implement it. It is the kind of problem that could be solved by getting a couple of developers from Commodo, Trust, Mozilla and the Microsoft Outlook team in a room for half a day.

How can we make this happen?

Posted on
by

WebMention is a modern re-implementation of PingBack, which uses only HTTP and x-www-urlencoded content rather than infinitely more complicated, not to mention bloated, XMLRPC requests. It was developed by the #indieweb community at IndieWebCamp, and is rapidly seeing adoption.

Since the best way to understand a protocol is to write an implementation of it, I bashed together a basic implementation of it for Elgg.

The plugin will automatically send webmention pings for content with URLs in the $object->description field (you can easily expand on this), it also exposes a webmention endpoint, and sets the appropriate discovery headers and meta tags. Plugin authors can hook into the plugin hooks that elgg-webmention generates and handle incoming mentions appropriately.

There is still a little more to do, the next step I think is to hook into a microformats parser, in order to get some richer semantic information as to the type of mention one is generating. My friend Ben has a very neat video of this kind of thing in action, and his idno project already implements it in the core code.

Have a play!

» Visit the project on Github…

Posted on
by


So, building on what I did before with lights and switches as well as the stuff I’ve been hacking together with my Home.API, I thought I’d build something that may actually be of practical use. So, here’s a device that will tell you, before you walk out the door, whether all your doors and windows are shut, and for bonus points, tell you when they were opened and closed.

As you can see from the video, my local Homebase didn’t have all the bits, so you’ll have to use your imagination a little. The “Real” version would use simple magnet + reed switch burglar alarm fittings connected with bell wire to the terminals on your Piface. An indicator panel connected on the PiFace’s output panel should sit somewhere visible by your front door.

The software, again written in python, is very simple. It loops through all 8 input connectors and turns on or off the corresponding light when it reads a switch open and closed, when it detects a change it writes some output to the terminal and writes a message to the system auth log. This last feature is made even more useful if you configure the Raspberry pi to send its logs to a central server, as I have previously written about.

The next obvious thing to do is to interface this system with the Home API, which would be straight forward to implement (and I will implement when I get a moment!)

Here’s the circuit:

Click on the circuit to see a larger image…

securitysystem

…and here’s the code:

Enjoy!