non-random ramble

PHP (17th October 2004)

So i bought this book Prgramming PHP I spent quite a long time in the book shop
deciding about which book to buy – for a while i was tempted by Perl but i read in one book that it had become a bit bloated
over the years as it does lots of different things aswell as script web pages so allthough it may be more powerful, its more difficult to use.
This kind of makes sense to me as im really a Jave developer so if i want a full blown language i would write a servlet, in the case of this website
i want something lightwieght that scripts my pages for me so PHP seems the way to go. Also WordPress uses PHP so it seems like a good choice.,
I also like the way you can just insert stuff in. SO for example ive made this page a .php document so here ive put “hello from jim” :

Which is a bit of php – i like that – kind of like JSP but without the hassle of a web container.
Sweet

So now i pretty much have the basics for my site architecture. I noticed that on Meyer’s site, you dont see files like someFile.php
so i realised you can call something index.php and then your URL is simply the directory name which looks a lot Sweeter
So this page is called index.php and thats all and how it works.

PGP 17th October 2004)

PGP is a way that people can easily digitally sign stuff and use encryption.
Theres all kinds of information about it everywhere – i have a good book that talks about it which ill try and dig out. Anyway –
I wanted to download Apache and allthough ive been on the apache site loads of times and also the Jakarta site
and downloaded loads of stuff ive never been bothered to understand the signing business.

SO today i worked it out. YOu first need to install pgp which you can do from here – you simply download and install it then when it
asks for your license key, you just click on “later” and it will work in freeware mode. Unfortunately you cant sign emails from outlook in this mode and have to buy a license. But what you can do is verify signed files.

There are instructions for all this on the apache site, but they use command line stuff and im currently working on a Windows XP machine.
Anyway you download the PGP key along with the zip file you want (in my case apache installer) and then if you look at it in file explorer you get a nice
PGP icon where the key is – you can then rigth click and do “extract and verify” which automatically downloads the keys from the key server (these are the keys of the people who signed the file) and
then checks that the file was indeed signed by them – you can see this because it pops up a window to say so.

SO thats all good – the signatures and the binary match but unfortunately you cant guarantee that the dignatures are really from the people they say they are.
For this to happen you need some trust – you have to enter the circle (or web) of trust. TO do this you actually need to have obtained the fingerprint of the key from somewhere other than the net to be absolutely sure
you know its ok. This can involve a face to face meeting (highly unlikely in the apache world) or a phone conversation, depending on how paranoid you are.

Anyway i dont reckon im going to be able to do this easily so im going to wait until i meet someone else who has done it and get their key and then use that
to validate the others.
all sounds a bit complex eh? will try to write it up more decently.

By the way one of the points of this log is not to help other people, but for my own personal assitence so i dont forget stuff as im finding it out:) the more stuff there is to know the harder it is to know it all and lets face it there is far too much stuff to know.