_Contact: ccpost_
+## Safari plugin for setting identity preferences
+
+Safari's handling of client-side certificate authentication [changed around OS X 10.5.3](http://support.apple.com/kb/HT1679), such that Safari won't present (and won't prompt you to present) a client-side certificate if certs are only optional. Unfortunately, most sites around MIT only optionally accept certs, in spite of the fact that they'll error out if you don't provide one.
+
+You can override this unfortunate behavior with "Identity Preferences", and IS&T's answer for this is [CertAid](http://ist.mit.edu/services/software/certaid/10x), which simply seeds the Keychain with a pre-defined list of websites for which Safari should present your cert. This isn't a great solution for, e.g., scripts.mit.edu, which has thousands of sites - far too many to give to IS&T to include in CertAid. If that wasn't irritating enough, Identity Preferences don't take affect until you restart your browser.
+
+A better solution would be a plugin for Safari that intercepted 401 errors sent over SSL, prompted you to set an Identity Preference, and then attempted to reload the page with the new identity preference set.
+
+_Contact: broder_
+
## Snapshotted virtual machines for all popular Linux distributions
A common need for people writing Linux software is to check that their