..idle writings from an idle mind..

..is now in beta.

Feature list
Download link

Seems to eat up more memory, which I’m not so impressed about – and the new tab design is awful. It seems to be copied directly from Google Chrome – and I didn’t like it there, either. On the positive side, the Windows version is less ugly.

EV SSL support has been improved! Go to a website secured with an EV SSL certificate, and you get the organisation name in the address bar lit up in green. Interestingly enough, when I tried a website that I know is using a revoked certificate, Safari happily let me access it (as a part of the EV SSL certificate standard, CAs must provide certificate status information by either OCSP or CRL, and it’s expected that browsers will check that information before allowing access). Turns out the OCSP checking switch is built in to Keychain Access and doesn’t appear to be on by default. To turn it on (in Leopard, might be different in other versions of OS X):

• Open Keychain Access
• Go to the Keychain Access menu, select Preferences
• Select Certificates, set the OCSP dropdown to ‘Best Attempt’
• Close Keychain Access

Sadly, client certificate support is still rubbish – changes in OS X 10.5.3 notwithstanding (it’s improved since I last kvetched about it though). When you go to a site you don’t have a certificate for, you get a useless “Forbidden” error (or whatever the server is configured to do in case of failed authentication). It would be nice if Safari at least told me that the site expected me to provide a client certificate that maybe I don’t have.

The “Identity Preference” thingo is great, but it wasn’t thought out very well. If you accidentally choose the wrong certificate, you get a useless error message — and then you have to go hunting in Keychain Access to delete the identity preference before you get another go (not very Mac-like, Apple .. please fix!). Suggestion – a failed connection after attempting to present a certificate should result in Safari prompting me again.

Another problem I have with the identity preference thing is that once the certificate is chosen, it stays chosen until you manually hunt down and remove the preference in Keychain Access. I would really prefer it if Safari would prompt me at least once per session to confirm which certificate I want to use (perhaps with the option to save that selection permanently). If I was trying to use multiple certificates on the same web address (which I do at work, logging in to different accounts on the same system), going in to Keychain Access all the time to delete preferences would get really old very quickly.

It makes me sad that Internet Explorer has been getting client certificates right for years now; Safari is so much better than IE in most aspects – just not this one!

Rant over

- zac.

Was in Adelaide last weekend – the kind of impromptu, “ooh look I can fly to Adelaide and back for less than a night out drinking”, *click* *purchase*.

Went to the Shaw and Smith cellar door for a wine tasting and then in to Hahndorf for lunch. Flight back was looking good – was in my favourite economy seat – but there were two kids in the row directly behind me who spent most all of the flight screaming or crying, while their parents did exactly nothing about it.

This weekend I’m up in Brisbane, seeing family and going to the Flyertalk piss-up at the Qantas Club in the domestic airport. Should be good!

- zac.