Personal projects, ideas, and the occasional comments on life

I have always loved games that masterba… er, play themselves out. In such games the player sets the initial conditions– perhaps even writes a little code or designs something– and then lets it all hit the fan.

As of late I have been staring at Gratuitous Space Battles. In this one you design a small fleet of space ships, complete with hulls, engines, weapons, shields, and the like, and then set them against waves of enemies. The beauty of the game is no setup with work equally well against every enemy (at least once you are past the first few levels, that is).

This has re-sparked interest in my idea for something I am currently calling Evolution Battle (yes, yes, it is a dumb name). I envision it as SimLife mixed with something similar to Gratuitous Space Battles. Players wold create the “life” with its basic attributes and then stick them in with other “life” to compete for food and the like. I think it would be a great project for me since it would involves a few technical challenges I am not sure I have encountered before.

Just an honorable mention of a few of my other favorites: Crazy Machines (a near-clone of The Incredible Machine), the classic Conway’s Game of Life, Robocode, Bloons Tower Defense 3, and Lemmings (sort of).

There are a few services I run that I need to access over the web that I do not want anyone watching (phpMyAdmin, for example). The simple solution is to encrypt this traffic with SSL certificates. Here is how I did it on Windows with Apache 2.2:

• Install the latest Apache 2.2 with OpenSSL: http://httpd.apache.org/download.cgi.
• Open the Command Prompt and browse to [apache 2.2 path]/bin.
• Enter openssl req -config ../conf/openssl.cnf -new -out foo.csr -keyout foo.pem. Fill out this information the best you can but you can leave most of it blank. The most notable exceptions are the PEM Pass Phrase fields and the Common Name field (which should be the domain name you will use this certificate on). It is best that you leave the Challenge Password at the end blank.
• Enter openssl rsa -in foo.pem -out foo.key. You will be asked to reenter the password you entered in the last step.
• Enter openssl x509 -in foo.csr -out foo.crt -req -signkey foo.key -days 3650. You can replace 3560 with however long you want to certificate to be valid for.
• You will now wind up with four files: foo.crt, foo.csr, foo.key, and foo.pem. At this point you really only need foo.crt and foo.key and may delete the other two (unless you want to sign more certificates later on).
• Move your two remaining files somewhere safe (not any place where the web server will be able to serve them to clients).
• Open [apache 2.2 path]/conf/httpd.conf in your favorite text editor. Uncomment out the line LoadModule ssl_module modules/mod_ssl.so.
• Open [apache 2.2 path]/conf/extra/httpd-ssl.conf. Uncomment out the line Listen 443.
• In Windows Explorer browse to [apache 2.2 path]/conf and open up the configuration for the site you want to SSL enable. Make sure you are setup to listen on port 443 if you are running a virtual host. Add the lines SSLEngine on, SSLCertificateFile "[foo.crt path]", and SSLCertificateKeyFile "[foo.key path]".
• Restart Apache 2.2: net stop apache2.2 and net start apache2.2

Some notes:

• Certificates can only be used for whole domains or virtual hosts as opposed to a single directory. However with some clever allows, denies, and redirects in your web root you can do just about anything.
• Only one SSL connection per IP on the same server is allowed. This is by design within SSL.
• These certificates are self-signed. That means that anyone who views your new secure site will most likely be greeted with a warning they must accept before continuing. You setup the certificates yourself so you know there is nothing fishy going on but they might not know that. If you want to avoid this you will have to put out the cash to Verisign or someone else who can offer the same service.
• Check out the SSLCipherSuite and SSLCARevocationFile directives (which you will notice are missing in my instructions) to further lock down your site.
• Remember that if you ever change your certificate in any way the client may need to remove their old certificate before they will be able to view the site again.
• I generally replace foo with the domain name.
• Since this was always meant as a quick-and-dirty howto you can find more information at the Apache site.
• I am running Windows XP SP3, Apache 2.2.14, and the included OpenSSL 0.9.8k.