--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/vm/index.html	Wed Mar 06 15:47:02 2013 -0800
@@ -0,0 +1,89 @@
+
+<!DOCTYPE html>
+<html>
+<head>
+  <meta http-equiv="content-type" content="text/html; charset=UTF-8">
+  <title>webappsec vm welcome - jsFiddle demo</title>
+  
+  <script type='text/javascript' src='/js/lib/dummy.js'></script>
+  
+  
+  
+  <link rel="stylesheet" type="text/css" href="/css/result-light.css">
+  
+  <style type='text/css'>
+    
+  </style>
+  
+
+
+<script type='text/javascript'>//<![CDATA[ 
+window.onload=function(){
+
+}//]]>  
+
+</script>
+
+
+</head>
+<body>
+  <body>
+    <h1>Welcome to the WebAppSec WG Test VM</h1>
+
+    <p>This is a virtual machine to help develop tests for the WebAppSec WG's specs.  If you're not viewing this in the VM, you can get a copy here: <a href="about:blank">link</a>.  It is an Ubuntu system that runs in <a href="https://www.virtualbox.org/">Oracle VirtualBox.</a> The username/passwword is webappsec/webappsec.</p>
+
+    <h2>Why use this VM?</h2>
+    <p>Many W3C recommendations can be tested in a purely browser enviornment.  Lucky them.  If your spec has dependencies on the Same Origin Policy, does server side work, cross-origin work, or depends on HTTP headers, you probably need a server.</p>
+        
+    <p>This VM attempts to duplicate the production environment the W3C deploys at www.w3c-test.org so we can rapidly develop tests that you can be confident will still work once you check them in and execute them on the standard infrastructure.<p>
+
+        <h2>What is here?</h2>
+        <p>An Apache2 installation.
+        <ul>
+            <li>Listening on:</li>
+            <ul>
+                <li>HTTP ports 80, 81, 82, 83, 88</li>
+                <li>HTTPS port 443</li>
+            </ul>
+            <li>For the names:</li>
+            <ul>
+                <li>w3c-test.org</li>
+                <li>www.w3c-test.org</li>
+                <li>www1.w3c-test.org</li>
+                <li>www2.w3c-test.org</li>
+                <li>www3.w3c-test.org</li>
+            </ul>
+        </ul>
+            
+        </p>
+        <p>The web root is in /var/www.  Under this are included:
+            <ul>
+                <li>The W3C test framework under [webroot]/resources and [webroot]/testframework</li>
+                <li>The WebAppSec Mercurial repository under [webroot]/webappsec</li>
+            </ul>
+        </p>
+
+        <p>The VM also includes installs of Opera Next, Chrome Beta and Firefox Aurora for local testing.  The web server does bind to the "public" IPs for the VM, so you can also test against it using a browser on your host machine.  To do so:</p>
+    <ul>
+        <li>Set the VM network adapter to be NAT or host-only.  (the root user/pass are public information, so don't put this VM directly on the Internet!)</li>
+        <li>In the VM, run <code>$sudo ifconfig</code> to get the machine's IP address.</li>
+        <li>Configure your host OS's /etc/hosts or eqiuvalent to resolve the names listed above to the VM's IP.</li>
+        <ul>
+            <li><i>Remember to undo this when you want to test against the real server again!</i></li>
+        </ul>
+        <li>Grab the end-entity certificate from <code>/etc/ssl/certificates/stardotw3cdashtestdotorg.cer</code> or the root certificate from the VM in <code>/home/webappsec/cybervillainsCA.cer</code> and install it as a trusted root CA in your test browser for https tests.</li>
+        <ul>
+            <li><i>Note: I destroyed the private key for this certificate authority after issuing the single certificate for this VM, but you still might not want to do this except on a test machine.</i>
+             </li>
+    </ul>
+
+        <h2>Still confused? Help with this documentation.</h2>
+	<p>This file lives in <a href="https://dvcs.w3.org/hg/webappsec/vm">https://dvcs.w3.org/hg/webappsec/vm</a>.  Please update and add to it to help others. 
+        </p>
+  
+</body>
+
+
+</html>
+
+