Frequently Asked Questions
Q: What is Alue?
Q: Is there a live test site?
Yes, at https://verbosify.org/. Note that its main purpose is to be a home for the verbosify community, the test site status is secondary to that.
Q: Where can I report bugs?
You can use this Trac installation to report bugs and request new features. If your bug report has security implications, see the next two questions.
Q: How do I know whether my bug has security implications?
Sometimes it's obvious. If you are able to convince Alue to let you do something you aren't authorized to do or see something you aren't supposed to see, it's a major security vulnerability.
Also, if you manage to crash Alue by doing something to it through the Internet, it is security relevant.
Other kinds of bugs are not usually (but sometimes are) security relevant. Use your judgment.
Q: How can I report security vulnerabilities?
It depends:
- If the vulnerability has already been disclosed to the public, this Trac instance is preferred.
- Otherwise, send e-mail to antti-juhani at kaijanaho.fi. I will endeavor to respond within 24 hours. If you prefer, you may encrypt your email to the key 1EC237D9534584E8.
This Trac instance does have the facility to hide a ticket from the general public if it is marked as "sensitive", but I do not recommend its use for anything that genuinely needs to remain secret (whether temporarily or permanently), due to a vulnerability in the plugin providing this feature.
Q: How do I create my own Alue site?
Currently, the process is arcane. Ask antti-juhani at kaijanaho.fi for further information.
Better packaging is relatively high on my to do list, but there are one or two major items that need doing beforehand.
Q: What resources do I need to create my own Alue site?
Well, first, since the software is not yet well packaged, you need a competent system administrator (either you or someone who works for you) that does the actual work, since he or she will need to be able to understand arcane software matters.
You also need:
- a server (preferably Unix-based) to which your system administrator has root access, with
- no existing services on the HTTPS port of (one of) its IP address(es),
- no existing services on the NNTP and NNTPS ports of the same IP address, and
- an SSL certificate for some domain name attached to that IP address.
- a good C++ compiler (preferably G++)
- the Boost libraries, at least version 0.36
- the GnuTLS library
Note that Alue cannot be run on top of a classical webhosting service (even if LAMP enabled). This is not a deficiency – it is a fundamental restriction caused by what Alue is.
Q: Can Alue do virtual hosting?
You can certainly run separate Alue instances on separate IP addresses or on nonstandard ports, and expect it to work. (Well, the code may need minor fixes, since I haven't actually tested that.)
However, name-based virtual hosting – the thing you were probably thinking of – is not currently possible. There are two tricky issues to consider: HTTPS and NNTPS virtual hosting is possible with a TLS extension, but how many browsers and newsclients support it? And classical NNTP does not have any support for virtual hosting at all that does not have significant warts.
