--- a/vm/index.html	Thu May 02 14:32:56 2013 -0700
+++ b/vm/index.html	Thu May 02 14:36:43 2013 -0700
@@ -1,5 +1,152 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta http-equiv="content-type" content="text/html; charset=UTF-8">
+  <title>webappsec vm welcome - jsFiddle demo</title>
+  <script type="text/javascript" src="/js/lib/dummy.js">
+  </script>
+  <link rel="stylesheet" type="text/css" href="/css/result-light.css">
+  <style type="text/css">
+ </style>
+  <script type="text/javascript">
+//<![CDATA[ 
+window.onload=function(){
 
-<!DOCTYPE html>
+}//]]> </script>
+</head>
+
+<body>
+<body>
+<h1>Welcome to the WebAppSec WG Test VM</h1>
+
+<p>This is a virtual machine to help develop tests for the WebAppSec WG's
+specs. If you're not viewing this in the VM, you can get a copy here: <a
+href="about:blank">link</a>. It is an Ubuntu system that runs in <a
+href="https://www.virtualbox.org/">Oracle VirtualBox.</a> The
+username/passwword is webappsec/webappsec.</p>
+
+<h2>Go to the <a href="/webappsec/tests/testRunner/">Test Runner</a>.</h2>
+
+<h2>Why use this VM?</h2>
+
+<p>Many W3C recommendations can be tested in a purely browser enviornment.
+Lucky them. If your spec has dependencies on the Same Origin Policy, does
+server side work, cross-origin work, or depends on HTTP headers, you probably
+need a server.</p>
+
+<p>This VM attempts to duplicate the production environment the W3C deploys at
+www.w3c-test.org so you can rapidly develop tests and be confident they will
+still work once you check them in and execute them on the standard
+infrastructure.</p>
+
+<p></p>
+
+<h2>What is here?</h2>
+
+<p>An Apache2 installation. </p>
+<ul>
+  <li>Listening on:
+    <ul>
+      <li>HTTP ports 80, 81, 82, 83, 88</li>
+      <li>HTTPS port 443</li>
+    </ul>
+  </li>
+  <li>For the names:
+    <ul>
+      <li>w3c-test.org</li>
+      <li>www.w3c-test.org</li>
+      <li>www1.w3c-test.org</li>
+      <li>www2.w3c-test.org</li>
+      <li>www3.w3c-test.org</li>
+    </ul>
+  </li>
+</ul>
+
+<p>The web root is in /var/www. Under this are included: </p>
+<ul>
+  <li>The W3C test framework under [webroot]/resources and
+    [webroot]/testframework</li>
+  <li>The WebAppSec Mercurial repository under [webroot]/webappsec</li>
+</ul>
+
+<p>The VM also includes installs of Opera Next, Chrome Beta and Firefox Aurora
+for local testing. The web server does bind to the "public" IPs for the VM, so
+you can also test against it using a browser on your host machine. To do so:</p>
+<ul>
+  <li>Set the VM network adapter to be NAT or host-only. (the root user/pass
+    are public information, so don't put this VM directly on the Internet!)</li>
+  <li>In the VM, run <code>$sudo ifconfig</code> to get the machine's IP
+    address.</li>
+  <li>Configure your host OS's /etc/hosts or eqiuvalent to resolve the names
+    listed above to the VM's IP.
+    <ul>
+      <li><i>Remember to undo this when you want to test against the real
+        server again!</i></li>
+    </ul>
+  </li>
+  <li>Grab the end-entity certificate from
+    <code>/etc/ssl/certificates/stardotw3cdashtestdotorg.cer</code> or the root
+    certificate from the VM in <code>/home/webappsec/cybervillainsCA.cer</code>
+    and install it as a trusted root CA in your test browser for https tests.
+    <ul>
+      <li><i>Note: I destroyed the private key for this certificate authority
+        after issuing the single certificate for this VM, but you still might
+        not want to do this except on a test machine.</i> </li>
+    </ul>
+  </li>
+</ul>
+
+<h2>Working with the test repositories:</h2>
+
+<h3>Mercurial (Hg):</h3>
+
+<p>The CSP test suite is managed under the W3C Mercurial repository at <a
+href="https://dvcs.w3.org/hg/">https://dvcs.w3.org/hg/</a></p>
+
+<p>The webappsec repository is alredy cloned under /var/www/webappsec. To get
+the latest, open a shell and</p>
+<dl>
+  <dt><code>webappsec@www:~$ cd /var/www/webappsec</code></dt>
+  <dt><code>webappsec@www:/var/www/webappsec$ hg pull</code></dt>
+  <dt><code>webappsec@www:/var/www/webappsec$ hg update</code></dt>
+</dl>
+
+<p>You will need a W3C account to commit tests. If you don't have one yet,
+start here: <a name="https" id="https"
+href="https://www.w3.org/accounts/request">https://www.w3.org/accounts/request</a></p>
+
+<p>When you are adding new tests, please create a new subdirectory for your
+username or organization under "/submitted" for the specification you are
+targeting. To check in a test:</p>
+
+<p><code>webappsec@www:/var/www/webappsec/tests/csp/submitted/myusername$ hg
+add myNewTest.html</code></p>
+
+<p><code>webappsec@www:/var/www/webappsec/tests/csp/submitted/myusername$ hg
+commit myNewTest.html -u myusername</code></p>
+
+<p><code>webappsec@www:/var/www/webappsec/tests/csp/submitted/myusername$ hg
+push</code></p>
+
+<p></p>
+
+<p>You will be asked for your username and password to complete the push to the
+repository. You can edit <code>~/.hgrc </code>to save your username and
+password but be sure to change the webappsec account password on your copy of
+the VM if you do this.</p>
+
+<p></p>
+
+<h2>Still confused? Help with this documentation.</h2>
+
+<p>This file lives in <a
+href="https://dvcs.w3.org/hg/webappsec/vm">https://dvcs.w3.org/hg/webappsec/vm</a>.
+Please update and add to it to help others. </p>
+</body>
+</body>
+</html>
+
+
 <html>
 <head>
   <meta http-equiv="content-type" content="text/html; charset=UTF-8">