|
|
|
|
|
|
These are my web pages. They have stuff on them. I wrote most of this stuff. That generally means that it cracked me up or cracked someone that I know up or was useful to me at one time or is still useful to me.
There is a table of links at the top right of each page, which serves as a little index into both the current page, and the other pages. I usually put some descriptive text in square brackets in these links, so you can see them easily. If you click on a link, it takes you somewhere else on the same page. If the link is enclosed in funky EuroQuotes (like « FOO ») then it points to another web page on this site. When you click on the title of the thing you're reading (the bar with the grey background and the blue border, like the one that says HI THERE above), it takes you back to the top of the current page. There are a couple other kinds of links in these pages that don't look or work that way, which are mostly self-explanatory. All links to pages elsewhere on the web open in their own windows, so you don't lose your place; they are also a different color than all of the non-outward-pointing links, which are in some shade of of grey, just like life.
Some of this stuff here is just words. Some of this stuff is software. Some of this stuff is neither of the above. If the stuff you're looking at is just words, then they may offend you. I am not fond of censorship, generally, and I think that self-censorship is a particularly pernicious form of it, but we all do have to get along, don't we?
Well, no, I guess we don't at that. It would be nice, though, so I'll try if you try. If there is something on my web pages that offends you, please stop looking at it. I promise that there is no pornography, graphic violence, or other such stuff here, within reasonable limits of definition (if you find atheism obscene, well, then I'm afraid I can't help you).
There are a few pointers here to words and/or software I didn't write. These things are clearly marked, and are either reproduced with permission, taken from public sources, or utterly and completely illegal. Safe when used as directed. Void where prohibited by law. Just lay back, enjoy it, and think of England.
If the stuff you're looking at is software, it has no warranty whatsoever. If it blows your computer up, your bad, not mine. I generally release software under a BSD-style license, which means it's all open source software, free for any use you care to make of it. I write lots of software. It is almost universally for Un*x of some sort (OpenBSD, FreeBSD, and NetBSD are my flavors of choice, but I try to write software that is portable to any reasonable flavor of Un*x - YMMV). If you want to help me or add things to stuff I've written or collaborate in some way, that's cool, just send me email, and I'll get back to you when I can; I'm fairly busy, so don't be offended if this isn't as soon as you'd like. I would prefer it if you sent me email that is signed by your public key and encrypted to mine; my spam filters automatically pass such stuff through, for one thing.
I hope you find some part of this web site enjoyable, useful, or at the very least disagreeable. After all, if we all agreed, nothing much would ever get done, would it?
|
|
These are the 15 most recent entries on this web site, according to the information in the database. For the complete list, try the news page.
Not all entries have a timestamp associated with them, but most do, and this list is generated on demand, so it's as current as it gets:
Updated | Page | Title |
2004-01-04 | ||
2004-01-04 | ||
2003-12-25 | ||
2003-12-23 | ||
2003-12-23 | ||
2003-12-22 | ||
2003-12-20 | ||
2003-12-20 | ||
2003-12-20 | ||
2003-12-18 | ||
2003-12-17 | ||
2003-12-01 | ||
2003-11-01 | ||
2003-10-26 | ||
2003-10-22 |
|
|
If you are not interested in this kind of stuff, just skip it.
All of the downloadable files on this site have been cryptographically signed. The signatures are detached, in files named with the extension .asc.txt. This doesn't work for dynamically generated content, obviously (although a proposal of mine would make this possible, I haven't implemented it yet).
So, what this means is that URLs here that end in .cgi don't have a signature laying around, but everything else does. For instance, if a file named newcert.sh is available here (see the relevant entry on my hacks page for details), then there will also be a file called newcert.sh.txt.asc, which contains the detached signature.
This signature is a plain text file containing the results of the
command:
$ gpg --armor --detach-sign newcert.sh
I had to type the passphrase for my private key to do this; the resulting signature is verifiable by anyone with my public key on their gpg key ring, e.g. you, potentially. I try to put a link next to references to signed files that look like this: (S) everywhere, so you can get to the signatures easily.
All of the plain text files on this site have timestamps in them. Many of the individual entries on the various web pages also have timestamps associated with them. I try to make this timestmap be meaningful, and correspond as closely as I can make them to the time that I wrote the particular thing in question.
Furthermore, all of the detached signatures have time-stamps
built into them. For instance, if you attempt to verify the
signature on newcert.sh you would type
something like:
$ gpg --verify
newcert.sh.asc.txt - < newcert.sh
and gpg would
respond with output that looks like:
gpg: Signature made Sat Feb 22 12:35:08
2003 EST using DSA key ID 4FFCBB9C
gpg: Good signature from "attila
<attila@stalphonsos.com>"
Naturally, this requires that you first saved both newcert.sh, and newcert.asc.txt onto your local machine, and that you have GnuPG installed, my key on your public keyring, etc. You might want to check out my collection of crypto pointers, which includes a section on PGP.
The point of all this is to provide some assurance that when I claim that I wrote a particular thing, (a) I am the one who wrote it, and (b) I wrote it at or around the time I claim.
Now, of course, it's obvious to even the most casual observer that I could be lying about any or all of these time-stamps, and that there is no real way for me to prove conclusively that I am not. There are still a few experiments out on the Internet in the realm of digital time-stamping services. The idea here is that if you can get a disinterested, impartial third party to do this crypto time-stamp jazz for you, it carries more weight. I think this is a good idea. I think the more of these, the merrier. The problem is that the only reliable, free service of that kind uses an antediluvian version of PGP (2.6.x), which has very different ideas about detached signatures than modern versions of GnuPG. The result is that the signatures this service sends back to me for my files are no good. I have not yet started trying to diagnose where the problem lies, but I suspect that getting around it will either require me to switch to using PGP2, or that I will have to write some fairly ugly code to paper over the differences somehow. Neither idea sounds particularly appealing to me.
This depresses me. It sucks. Unfortunately, it is a common occurrence in the world of real-life crypto: a multiplicity of incompatible standards, software packages, and opinions. It is ironic that the fierce independence that characterizes most crypto.people, and which inspires them to try and build systems that improve individual privacy and security in the face of ever-intrusive governments and corporations, also has them frequently at odds with each other over issues so obscure, only other crypto.people understand.
I'm not slamming this or that service of software. I'm glad that there are people who spend their time trying to bash this stuff together and build things that work. I wish I could spend more of my time improving the world along those lines, but there's only so much one can do in a 24 hour day.
The end result is that I am not (yet) appealing to any third
party for independent verification of my time-stamps and
signatures. One could argue that I might as well not bother, since
the whole thing could just be a fiction on my part, but I don't
believe this is true. The signatures do prove something
(that the holder of the private key associated with
public key 0x4FFCBB9C made them, e.g. me). Furthermore, you
can compare the time-stamps in the files with the time-stamp that
gpg reports in its output: they should be pretty close (within a
minute or two). The time-stamps on individual entries, sadly,
require a bit more work to be useful for the purposes of proof.
|
|
The HTML for my web pages is dynamically generated by WebApp (version 0.5.23), a web application framework that I have written from the ground up. It is written in perl, template-based, and does not subscribe to the code-on-a-web-page mentality of e.g. PHP, Mason, etc. It focuses on security, performance, simplicity, and portability. It is not all things to all people, and was not designed to be. You might find it interesting, or you might not, but I've certainly enjoyed building and using it. YMMV.
There is a database behind this webapp that stitches together the content that you see here. I have converted my pages to a webapp, from static HTML, to make it simpler for me to update and add to them, and also so that I can add more features, as time permits.
If you are interested in how I have done this, I'll be happy to share the code. I am always improving it, but I like to hear from people with new ideas on how to do these things. If I were 10 years younger, I'd be calling this site my "blog", but I just can't bring myself to do it...
I edit all of the code and text in
Emacs,
serve the content via Apache,
and store the data in PostgreSQL,
all of which run on FreeBSD-based
servers. Whatever graphics there are here are done with
GIMP. No proprietary
software was used for any aspect of the creation of this site.
|
|
all original material on this site copyright © 1999-2008 attila <attila@stalphonsos.com>. all rights reserved