security

A hot topic in the news today is Firesheep, a Firefox web browser extension that takes advantage of a security vulnerability in many popular websites like Twitter and Facebook and allows you to login to those sites as any other user on the network! This makes use of the practice of exchanging login information for web browser cookies that are then used to gain access, but which on open networks are subject to interception and reuse by other parties.

Our SSH tunnel manager Meerkat has always supported the ability to secure your web browsing on open networks. It does this with what's called a SOCKS proxy. The basic idea is you tell Mac OS X to use a proxy server, your web browser proxies all website requests through this server, and the server makes the actual requests for information to the website. The connection between your browser and the proxy server is encrypted via SSH, providing a workaround to network-based snooping.

Here's how to set it up:

Step 1: Add an SSH account to Meerkat

If you have an SSH account through your web hosting provider or someplace else, add the details to a new Meerkat account. [screenshot]

Step 2: Add a tunnel to Meerkat that uses this account

Be sure to check the Dynamic forwarding option and choose a high port (something in the 6000-9000 range is ideal) for the tunnel. [screenshot]

Step 3: Configure a SOCKS proxy in Network settings

In the System Preferences application, choose Network, then the AirPort connection, then Advanced... settings. Choose the Proxies tab, then SOCKS Proxy, then enter 127.0.0.1 as the hostname (this means the local computer, where the tunnel endpoint resides) and the port number from above. Choose OK, then Apply to apply the changes. [screenshot 1] [screenshot 2]

Step 4: Browse the web securely!

Just activate the tunnel in Meerkat. All web browser traffic will now go through the SSH account that you setup.

While these steps are a little involved, unfortunately web browser proxies aren't a simple procedure. One way that this can be automated is with Meerkat's free plugin for NetworkLocation, an application that can apply settings based on physical location changes. You can get the plugin in the NetworkLocation website's "Extras" section or from the sidebar on Meerkat's web page.

Have any questions about this? See the Meerkat support forums if you need a hand and we'll try to help out!

Happy -- and safe -- surfing!

Update: I've also heard tips from Meerkat users about setting their SOCKS tunnel to automatically start when using a particular web browser. Meerkat supports associating a tunnel with an app so that when the app stats, the tunnel is enabled and when it is quit, the tunnel is disabled. This is another great option to help with auto-configuration.

I'm pleased to announce a major release to Pukka, our flagship Delicious bookmarking application. Among many user experience improvements, the major new features are fast bookmark search and full AppleScript access to all of your bookmarks.

Search is something I've been wanting to do for a long time. But Pukka is such a lightweight app that I thought long and hard about how to best introduce the feature while keeping Pukka seeming fast and unobtrusive as people have come to expect. The easy route would have been another window or sidebar, but I feel that the new search bar really keeps the application tight and focused. As one beta tester said, "The response and animation on the search menu is very slick. It feels very light and nimble. Well done."

Pukka's other main new feature is especially useful for developers -- full AppleScript access to bookmarks. Pukka has long since supported posting through AppleScript, which has spawned all kinds of neat workflows such as Yojimbo integration.

But now, any developer can integrate Pukka into their application. You can rely on Pukka having all the bookmarks ready and can query them by a word in any of the fields, by their tags, or by their accounts.

To round out the new features, you can now drag and drop to reorder your accounts, allowing you to setup a preferred account for when Pukka launches. I've added a Quick Reference Guide diagramming out all of Pukka's major knobs and buttons, menu items, and keyboard shortcuts. And the main window is now resizable, autoflowing your tags and description as necessary for the smoothest look and minimal space.

Lastly, on the technical front, this release takes a couple of steps forward, too. Sparkle has been upgraded to 1.5, allowing for more secure upgrades and better collection of anonymous statistics so that I best know which platforms and features to support. And Pukka is now code signed so that you can be sure that what you download is exactly what I intended for you to run.

I hope you enjoy these updates to Pukka. I've got many more planned additions up my sleeve, so stay tuned!