That certainly sounds very compelling, but how does it integrate
with TenFourFox? Did you design an add-on to connect the pieces?
Have you thought about using something like Platypus to add a GUI
overlay to the progress indicator?
Have been brainstorming with the guy over at Sevan.Mit and he thinks if we do a /usr/pkg install of OpenSSL and Python we can bypass a lot of problems with new TLS.
Things has got me thinking however about NTP. Even TenFourFox relies on NTP to do its job. He has a newer version of it too, that I'm testing. But since Apple's time-servers are probably hard-coded in, do you know what bash command framework I would start with?
To deal with the security exploit you observed a while back, my set uses an invisable process that runs COMMAND=/usr/sbin/ntpdate -u every hour, and has worked great. Is it possible to do something similar calling his new version of NTP with an explicit time-server address? Would their be any security things to worry about??
No, there shouldn't be any issues with a specific timeserver address as long as it's a public one. I would recommend using multiple servers instead of just one to avoid overreliance on any one system (i.e., pass multiple server names), and the public servers you prefer should be stratum 1 or 2.
In my case, I now have a hardware GPS-based stratum 1 time server on my own network, so I no longer have a need for public time sources.
FWIW, the TenFourFox Downloader contains its own version of OpenSSL. The library is statically compiled into the curl binary it uses, so there is no need to install anything in /usr/pkg. I think this would be preferable to avoid breaking other binaries which may not be ABI-compatible.