Monday, April 27, 2009

Obtaining a Free Fully Trusted SSL Certificate

Ever get that popup when you visited a supposedly "secure" website that says the certificate is not trusted? Reason you get that popup is because the person who signed/issued the certificate is not trusted by default on your computer.

The business of selling certificates is a lucrative one. Large certificate authorities such as Thawte and VeriSign make a killing issuing digital certifcates. They can arbitrarily adjust the parameters on the certificate and charge for it on a case by case basis. The reason they are able to do so is because almost every computer by default trusts these companies. You can check this in Windows by going to start, run, mmc.exe and adding the Certificate snap in. Look under Trusted Root Certification Authorities.

In general you have to pay quite a bit of money to get a certificate signed by one of these authorities. However there is one way to get a virtually "free" one.

Thawte offers a program called their Web of Trust:

Basically after going through the steps Thawte will give you a free certificate signed by an authority called "Thawte Personal Freemail CA". Because this CA is installed by default on all Windows installations it is trusted everywhere.

Getting this certificate involves a combination of sending in documents to Thawte or finding people who have already gone through the process to vouch for you. Once you have it though you keep it forever (as far as I can see) and can generate certificates with your e-mail address in it.

Wednesday, April 15, 2009

PyXMLSec Windows Binary

Xmlsec Python Bindings for Windows

Getting the python xmlsec library to work on windows is a bit of work though it really shouldn't be. Provided here are windows installers for xmlsec. The installer itself is produced by python distutils.

In order to get it to work you will also need libxml2. I am providing a copy of it here as well.


I used MinGW for compilation. The entire environment I used to compile pyxmlsec is available here. Look inside the pyxmlsec directory for build.bat.

Thursday, April 2, 2009

Eye Fi Standalone Server Version 2.0

I'd like to release an updated version of the Eye Fi standalone server in python that I have been working on. This version should work on Linux, Mac OS X, Windows, Solaris, or wherever else you can load a Python interpreter. As always I love comments so if you are using this feel free to e-mail me or drop me a note!

Source on GitHub:

Download (zip):

I know some people just like to browse around the source without having to download stuff (I'm one of those people):

This new version has the following features:
  • The server can now execute an arbitrary command on each uploaded photo. This is a very dangerous feature and should be used with caution. On the other hand it is also very cool. You can have the server FTP files, display them using an image viewer, or even run sorting programs on the images.
  • Improved security: the server now generates its own nonces instead of using one that was hard coded. The nonce is based on the random library provided by python. The INTEGRITYDIGEST field is also checked.
  • Ability to read settings from a configuration file (there is a included DefaultSettings.ini for reference). The file allows you to configure the listen port, console output, logging, download location, and execute on upload, and upload key.
Some other notable improvements but not really features are the addition of regression tests and support for Python 2.5. The regression tests are interesting since I run them against the official Eye-Fi Manager to make sure my behavior is a close match.

Getting usage information as to how to specify a configuration file:

C:\EyeFiServer\Release> -h
Usage: [options]

-h, --help show this help message and exit
Path to configuration file (example in

Actually specifying a configuration file:
C:\EyeFiServer\Release> -c DebugSettings.ini