Self-signed security certificates.. (oh, the evil)

Discussion in 'Java' started by Andrew Thompson, Sep 10, 2005.

  1. There are a number of ways to get a security certificate that
    will (if accepted by the end user) allow applets and other
    projects to gain extended privileges.

    However, signing an applet or application can be a daunting
    task, especially in regards to acquiring a valid security
    certificate. As a result of this, a lot of developers are
    discouraged from taking that route.

    The developer might be prepared to pay for a fully verified
    certificate, but they generally would want to see the process
    work before they lay down $, right?

    Some of the ways of getting a certificate *for* *testing*
    purposes are expensive, while others are quite obtuse
    or difficult.

    Are there any IDE's that will do this stuff* for you?
    * Create a self signed certificate and sign a jar with it.

    Is my assumption that 'people want to see it work
    before paying money' valid?

    Most specifically, can anybody here attest that they
    *paid* for a code signing certificate before they had
    seen it work for a project?

    [ This is all leading to "Does it make sense to issue a
    'self-signed' certificate for all to use, in the name of
    '!!Danger!! - Developer Only!'..."? ]

    --
    Andrew Thompson
    physci.org 1point1c.org javasaver.com lensescapes.com athompson.info
    "Power and priviledge cannot move a people, who know where they stand, and
    stand in the law."
    Paul Kelly 'From Little Things, Big Things Grow'
     
    Andrew Thompson, Sep 10, 2005
    #1
    1. Advertising

  2. Andrew Thompson

    Roedy Green Guest

    On Sat, 10 Sep 2005 01:53:20 GMT, Andrew Thompson
    <> wrote or quoted :

    >Are there any IDE's that will do this stuff* for you?
    >* Create a self signed certificate and sign a jar with it.


    Once you see it done and you can it in a bat file, it is so simple you
    wonder what all the fuss was about.

    One the cert exists you jar and sign in ant like this:

    <!-- J A R -->
    <!-- Make genjar known to ant -->
    <!-- See http://mindprod.com/jgloss/genjar.html for details -->
    <taskdef resource="genjar.properties" />

    <target name="jar" depends="compile">
    <genjar jarfile="${jar.file}">
    <!-- include main class and all its dependencies -->
    <class name="${main.class}" />
    <!-- define the manifest -->
    <manifest>
    <attribute name="Main-Class" value="${main.class}" />
    </manifest>
    </genjar>
    <!-- S I G N -->
    <!-- get password from set jarsignerpassword=sesame -->
    <property environment="env" />
    <signjar jar="${jar.file}"
    alias="mindprodcert2005dsa" storepass="${env.jarsignerpassword}"/>
    </target>

    to generate your cert:

    REM DSA for JDK 1.2 compatibility, private-public pair.
    REM However RSA is what most modern certs use.
    rem see http://docs.sun.com/source/816-5539-10/app_dn.htm for
    construction of distinguished name

    REM generate private/public key pair
    keytool -genkey -storepass %jarsignerpassword -keyalg DSA -alias
    mindprodcert2005dsa -dname "CN=mindprod.com, OU=Java Code, O=Canadian
    Mind Products, L=Victoria, ST=British Columbia, C=CA,
    EMAILADDRESS= DC=mindprod, DC=com" -validity 999

    REM generate the self-signed certificate containing public key
    keytool -selfcert -storepass %jarsignerpassword -alias
    mindprodcert2005dsa -validity 999

    REM export the self-signed certificate in x.509 printable format,
    public key only.
    keytool -export -storepass %jarsignerpassword -alias
    mindprodcert2005dsa -rfc -file mindprodcert2005dsa.cer


    for details of cert generation see
    http://mindprod.com/jgloss/keytool.html
    --
    Canadian Mind Products, Roedy Green.
    http://mindprod.com Again taking new Java programming contracts.
     
    Roedy Green, Sep 10, 2005
    #2
    1. Advertising

  3. Andrew Thompson

    Roedy Green Guest

    On Sat, 10 Sep 2005 01:53:20 GMT, Andrew Thompson
    <> wrote or quoted :

    >Most specifically, can anybody here attest that they
    >*paid* for a code signing certificate before they had
    >seen it work for a project?


    Think "What is a certificate from Thawte for?". They are helping
    someone determine if a program they found on the net was indeed truly
    written by Canadian Mind Products, all without checking back to the
    CMP website.

    Thawte vouches : yes it was him. They are also indirectly vouching
    that Roedy Green and Canadian Mind Products really exist . CMP is a
    real company. They are in the phone book. Roedy has a passport. They
    are also vouching that CMP is flush enough to part with $400 US a year
    for the cert, no little fly by night. :)

    Let us say I am too cheap or poor to buy a cert and use a self signed
    one. Well, it is obvious that whomever created the cert is the
    person who created the CMP website. People trust whomever runs that
    website just as much as they trust the company Canadian Mind Products.

    So there really should not be an issue of trusting the identity of
    that cert ON MY WEBSITE. Now elsewhere, there is nothing to stop
    someone form taking one of my downloads, screwing with the code, and
    resigning with a fake certificate using my name.

    The problem is people don't realize this and are overly afraid of my
    phony cert on my website.

    I have been creating ASP PAD XML file descriptors for all my code
    which invites people to download and redistribute my downloads.
    Ideally I would like to sign those with a real certificate.

    --
    Canadian Mind Products, Roedy Green.
    http://mindprod.com Again taking new Java programming contracts.
     
    Roedy Green, Sep 10, 2005
    #3
  4. On Sat, 10 Sep 2005 03:24:54 GMT, Roedy Green wrote:

    > CMP is a real company.


    Do you mean that CMP is actually a *registered* comany?
    It had never occured to me. I understood that registering
    a company was a relatively expensive business, in just
    about any country.

    > ..They are in the phone book.


    [ I would prefer not to be, but could not be bothered
    paying the extra to have the phone company suppress
    the number! ]

    >..Roedy has a passport.


    ...I am *trying* to get one at the moment! ;-)

    > Let us say I am too cheap or poor to buy a cert and use a self signed
    > one. Well, it is obvious that whomever created the cert is the
    > person who created the CMP website. People trust whomever runs that
    > website just as much as they trust the company Canadian Mind Products.
    >
    > So there really should not be an issue of trusting the identity of
    > that cert ON MY WEBSITE.


    That is probably the only reason I am prepared to use a self-signed
    certificate. My software comes from my site only, so if the user trusts
    me, they should be willing to trust a self-signed certificate coming
    directly off my site - if they don't trust me, the rest is moot.

    --
    Andrew Thompson
    physci.org 1point1c.org javasaver.com lensescapes.com athompson.info
    "When you believe in things that you don't understand, you suffer.
    Superstition ain't the way"
    Stevie Wonder 'Superstitious'
     
    Andrew Thompson, Sep 10, 2005
    #4
  5. On Sat, 10 Sep 2005 03:10:58 GMT, Roedy Green wrote:

    > On Sat, 10 Sep 2005 01:53:20 GMT, Andrew Thompson
    > <> wrote or quoted :
    >
    >>Are there any IDE's that will do this stuff* for you?
    >>* Create a self signed certificate and sign a jar with it.

    >
    > Once you see it done ..


    Thanks Roedy. That looks (at a glance) like the answer
    to my question. A couple of bat files and the Ant task,
    would be the way to go.

    Would you (consider doing)/(have done) a page devoted to it?

    --
    Andrew Thompson
    physci.org 1point1c.org javasaver.com lensescapes.com athompson.info
    "He thinks he can run, it's a matter of pride. But he keeps coming back,
    like a cork on the tide."
    Paul Kelly 'Deeper Water'
     
    Andrew Thompson, Sep 10, 2005
    #5
  6. Andrew Thompson

    Roedy Green Guest

    On Sat, 10 Sep 2005 04:11:40 GMT, Andrew Thompson
    <> wrote or quoted :

    >Would you (consider doing)/(have done) a page devoted to it?


    The cert part is already done. ANT is on my todo list.
    --
    Canadian Mind Products, Roedy Green.
    http://mindprod.com Again taking new Java programming contracts.
     
    Roedy Green, Sep 10, 2005
    #6
  7. Andrew Thompson

    Roedy Green Guest

    On Sat, 10 Sep 2005 04:11:37 GMT, Andrew Thompson
    <> wrote or quoted :

    >Do you mean that CMP is actually a *registered* comany?
    >It had never occured to me. I understood that registering
    >a company was a relatively expensive business, in just
    >about any country.


    I am registered in that I have DUNS number and the Canadian equivalent
    of the IRS knows about it. I am not incorporated. That means all
    debts my company incurs are my personal debts. I can't just fold the
    company if something goes wrong.

    There is almost no paperwork at all to start a company in Canada, only
    to incorporate.
    --
    Canadian Mind Products, Roedy Green.
    http://mindprod.com Again taking new Java programming contracts.
     
    Roedy Green, Sep 10, 2005
    #7
  8. Andrew Thompson

    Roedy Green Guest

    On Sat, 10 Sep 2005 04:11:37 GMT, Andrew Thompson
    <> wrote or quoted :

    >That is probably the only reason I am prepared to use a self-signed
    >certificate. My software comes from my site only, so if the user trusts
    >me, they should be willing to trust a self-signed certificate coming
    >directly off my site - if they don't trust me, the rest is moot.


    The problem is people don't understand certs. But then again I have
    people afraid of unsigned Applets. There was even a twit afraid to
    look at a totally vanilla html page on my site.

    It is primarily a matter of familiarity not actual risk.
    --
    Canadian Mind Products, Roedy Green.
    http://mindprod.com Again taking new Java programming contracts.
     
    Roedy Green, Sep 10, 2005
    #8
  9. On Sat, 10 Sep 2005 04:18:24 GMT, Roedy Green wrote:

    > On Sat, 10 Sep 2005 04:11:37 GMT, Andrew Thompson
    > <> wrote or quoted :
    >
    >>Do you mean that CMP is actually a *registered* comany?
    >>It had never occured to me. I understood that registering
    >>a company was a relatively expensive business, in just
    >>about any country.

    >
    > I am registered in that I have DUNS number and the Canadian equivalent
    > of the IRS knows about it. I am not incorporated. That means all
    > debts my company incurs are my personal debts. I can't just fold the
    > company if something goes wrong.
    >
    > There is almost no paperwork at all to start a company in Canada, only
    > to incorporate.


    Oh right, in Australia you can ..
    - trade under your own name with no paperwork (barring Tax)
    - a 'registered business name', with a small amount of
    paperwork and a nominal yearly fee, or a *
    - company for a stupendous amount of paperwork and *enormous* fees.

    I would say that the 'registered business name' is the
    closest Aus. equivalent to what you are describing.

    --
    Andrew Thompson
    physci.org 1point1c.org javasaver.com lensescapes.com athompson.info
    "Power and priviledge cannot move a people, who know where they stand, and
    stand in the law."
    Paul Kelly 'From Little Things, Big Things Grow'
     
    Andrew Thompson, Sep 10, 2005
    #9
  10. On Sat, 10 Sep 2005 04:20:39 GMT, Roedy Green wrote:

    > On Sat, 10 Sep 2005 04:11:37 GMT, Andrew Thompson
    > <> wrote or quoted :
    >
    >>That is probably the only reason I am prepared to use a self-signed
    >>certificate. My software comes from my site only, so if the user trusts
    >>me, they should be willing to trust a self-signed certificate coming
    >>directly off my site - if they don't trust me, the rest is moot.

    >
    > The problem is people don't understand certs. But then again I have
    > people afraid of unsigned Applets.


    Some nong wrote to me imploring me to 'stop using Flash'(?!?).
    Since I use no Flash, I could not even be bothered replying...

    > There was even a twit afraid to
    > look at a totally vanilla html page on my site.


    ...but that takes the cake!

    Did you manage to help that poor sod?

    --
    Andrew Thompson
    physci.org 1point1c.org javasaver.com lensescapes.com athompson.info
    "If no one out there understands, start your own revolution and cut out the
    middle man."
    Billy Bragg 'Waiting For The Great Leap Forward'
     
    Andrew Thompson, Sep 10, 2005
    #10
  11. Andrew Thompson

    Roedy Green Guest

    On Sat, 10 Sep 2005 05:12:46 GMT, Andrew Thompson
    <> wrote or quoted :

    >..but that takes the cake!
    >
    >Did you manage to help that poor sod?


    I suggested he look at it a library. He was convinced somehow I would
    insert a virus into his computer.
    --
    Canadian Mind Products, Roedy Green.
    http://mindprod.com Again taking new Java programming contracts.
     
    Roedy Green, Sep 10, 2005
    #11
  12. Andrew Thompson

    Chris Berg Guest

    On Sat, 10 Sep 2005 01:53:20 GMT, Andrew Thompson
    <> wrote:

    .....
    >Is my assumption that 'people want to see it work
    >before paying money' valid?

    ......

    I have signed applet for many years now (6 years, i guess). I have
    used certs from Thawte and have been satisfied with their service - I
    even got some free technical assistance once.

    It takes some work to figure out exactly how to sign an applet - I've
    done it both for MS .cab type applets and for SUN .jar type.
    Completely different stories. But Roedy has a point: as soon as you
    get it right, you create a .bat file and forget about the details.
    That is, until you renew the cert, which you have to do once a year!!
    Then for some reason your .bat file doesn't work anymore because you
    installed a new key or a new VM. So, you have to adjust the .bat file
    which is not so easy as you have completely forgotten how it worked a
    year ago.

    Buy the cert, you WILL be able to use it. In Java2, it has become much
    easier, as you no longer have to write special code to ask for
    privileges, which you had to do in IE/MS-VM and in Netscape. That was
    REALLY a nuissance.

    By the way, I always found that applet code-signing has one major
    weakness: If the user doesn't acknowledge the security dialog (and you
    really can't blame him, with all the malicious code that websites
    these days try to persuade you to run), then the browser simply
    rejects the applet. I cannot understand why this is so. Why can't the
    browser just run the applet in the sandbox with normal applet
    privileges?. Every time the code does 'illegal' things, a
    SecurityException will occur, and your code could react, perhaps
    telling the user why it cannot save data on disk or whatever.

    Chris
     
    Chris Berg, Sep 10, 2005
    #12
  13. On Sat, 10 Sep 2005 13:42:50 +0200, Chris Berg wrote:

    > On Sat, 10 Sep 2005 01:53:20 GMT, Andrew Thompson
    > <> wrote:
    >
    > ....
    >>Is my assumption that 'people want to see it work
    >>before paying money' valid?

    > .....
    >
    > I have signed applet for many years now (6 years, i guess).


    [1]

    > By the way, I always found that applet code-signing has one major
    > weakness: If the user doesn't acknowledge the security dialog (and you
    > really can't blame him, with all the malicious code that websites
    > these days try to persuade you to run), then the browser simply
    > rejects the applet.


    Roedy's WassUp applet can work just fine in both signed
    and unsigned modes. I have seen it do so on a number
    of occasions.

    > I cannot understand why this is so.


    The only thing I can guess without an URL is that you are
    doing it differently to Roedy, and I further guess (from
    the fact that Roedy's works - whereas yours doesn't) wrong.

    Try it for yourself, visit the URL and *refuse* permission.
    <http://mindprod.com/applets/wassup.html>

    So, got an SSCCE and URL that shows the problem?

    [1] In all those words you do not seem to have answered the
    basic question you quoted - would you mind?

    --
    Andrew Thompson
    physci.org 1point1c.org javasaver.com lensescapes.com athompson.info
    "In a B-52 I come across the horizon - Drop my love on you"
    Underworld 'Underneath The Radar'
     
    Andrew Thompson, Sep 10, 2005
    #13
  14. Andrew Thompson

    Roedy Green Guest

    On Sat, 10 Sep 2005 12:46:28 GMT, Andrew Thompson
    <> wrote or quoted :

    >The only thing I can guess without an URL is that you are
    >doing it differently to Roedy, and I further guess (from
    >the fact that Roedy's works - whereas yours doesn't) wrong.


    you have to catch the Security exceptions and do something else.
    --
    Canadian Mind Products, Roedy Green.
    http://mindprod.com Again taking new Java programming contracts.
     
    Roedy Green, Sep 10, 2005
    #14
  15. Andrew Thompson wrote:
    > On Sat, 10 Sep 2005 03:24:54 GMT, Roedy Green wrote:
    >>Let us say I am too cheap or poor to buy a cert and use a self signed
    >>one. Well, it is obvious that whomever created the cert is the
    >>person who created the CMP website. People trust whomever runs that
    >>website just as much as they trust the company Canadian Mind Products.
    >>
    >>So there really should not be an issue of trusting the identity of
    >>that cert ON MY WEBSITE.

    >
    >
    > That is probably the only reason I am prepared to use a self-signed
    > certificate. My software comes from my site only, so if the user trusts
    > me, they should be willing to trust a self-signed certificate coming
    > directly off my site - if they don't trust me, the rest is moot.
    >


    The problem is not one of trusting you; it is trusting that there has
    not been a "man in the middle" attack. By using a third party, the end
    user is assured that the third party is confident that you actually
    signed the code.

    Ray

    --
    XML is the programmer's duct tape.
     
    Raymond DeCampo, Sep 10, 2005
    #15
  16. Andrew Thompson

    Darren Guest

    "Andrew Thompson" <> wrote in message
    news:1ak3ew06bzw2f.2katyvu4qyhs$...
    > There are a number of ways to get a security certificate that
    > will (if accepted by the end user) allow applets and other
    > projects to gain extended privileges.
    >
    > However, signing an applet or application can be a daunting
    > task, especially in regards to acquiring a valid security
    > certificate. As a result of this, a lot of developers are
    > discouraged from taking that route.
    >
    > The developer might be prepared to pay for a fully verified
    > certificate, but they generally would want to see the process
    > work before they lay down $, right?
    >
    > Some of the ways of getting a certificate *for* *testing*
    > purposes are expensive, while others are quite obtuse
    > or difficult.
    >
    > Are there any IDE's that will do this stuff* for you?
    > * Create a self signed certificate and sign a jar with it.
    >
    > Is my assumption that 'people want to see it work
    > before paying money' valid?
    >
    > Most specifically, can anybody here attest that they
    > *paid* for a code signing certificate before they had
    > seen it work for a project?
    >
    > [ This is all leading to "Does it make sense to issue a
    > 'self-signed' certificate for all to use, in the name of
    > '!!Danger!! - Developer Only!'..."? ]
    >


    I found this on google
    http://www.suitable.com/docs/signing.html
    The question is there any legal, moral reason why should not be able to
    produce code signitures for own web sites? After all my applet is not
    accessing a users own harddrive in fact its only testing a socket connection
    to my own website on port 80. Completely harmless.

    > --
    > Andrew Thompson
    > physci.org 1point1c.org javasaver.com lensescapes.com athompson.info
    > "Power and priviledge cannot move a people, who know where they stand, and
    > stand in the law."
    > Paul Kelly 'From Little Things, Big Things Grow'
     
    Darren, Sep 10, 2005
    #16
  17. Andrew Thompson

    Roedy Green Guest

    On Sat, 10 Sep 2005 17:45:18 GMT, Raymond DeCampo
    <> wrote or quoted :

    >The problem is not one of trusting you; it is trusting that there has
    >not been a "man in the middle" attack.


    By this you mean somebody interfering with the transmission from your
    site to the end user in real time, which is much less likely than the
    sort of attack of somebody downloading your code meddling with it,
    then reposting it elsewhere.

    The Thawte style cert will protect you from both. A self-signed cert
    will protect you from neither.

    The self signed cert does almost nothing but add a fancy checksum to
    the download.
    --
    Canadian Mind Products, Roedy Green.
    http://mindprod.com Again taking new Java programming contracts.
     
    Roedy Green, Sep 10, 2005
    #17
  18. Andrew Thompson

    Roedy Green Guest

    On Sat, 10 Sep 2005 17:58:29 GMT, "Darren" <> wrote
    or quoted :

    >The question is there any legal, moral reason why should not be able to
    >produce code signitures for own web sites? After all my applet is not
    >accessing a users own harddrive in fact its only testing a socket connection
    >to my own website on port 80. Completely harmless.


    Let's up the ante here by assuming you are a terrorist organisation
    and the combined resources of all branches of the US government are
    out to thwart you.

    The job of the government is to meddle with terrorist code to insert
    spyware.

    Let's say the terrorists are on a budget and decide to use a self
    signed cert.

    During the download, the government can rejar the app as it goes by
    adding spy code, using their OWN self signed cert which they
    conveniently include in the Jar, signing it "Terrists' R US" just like
    the original.

    How do the terrorists detect this? The jar seems perfectly normal.
    Some one gets suspicious ands says, lets download the public key from
    the cert to be sure.

    The CIA is on the ball, and intercept the request and delivers the
    public key of THEIR phony cert.

    Now if the terrorists were very clever, they would phone and ask the
    fingerprint of the cert and compare that. However the fingerprint
    displaying program was long ago compromised in a supposed Windows
    update.

    Another band of terrorists would use a Thawte Cert. For the CIA to
    pull the same stunt they would have to guess the private key of the
    terrorist cert. Thawte does not know it.

    To avoid the expense of code cracking, the CIA would insist that the
    instructions for buying certs be complicated. Then when naive
    terrorists came along to buy one, they could be easily duped into
    revealing their private key as part of the install or key creation
    procedures.

    Clever terrorists would use one-time pad encryption, and would never
    allow their crucial computers to be attached to the net. They would
    use linux not windows so that they could check out all updates. They
    would never trust certificates which are effectively under government
    control.
    --
    Canadian Mind Products, Roedy Green.
    http://mindprod.com Again taking new Java programming contracts.
     
    Roedy Green, Sep 10, 2005
    #18
  19. Andrew Thompson

    Darren Guest

    "Roedy Green" <> wrote in message
    news:...
    > On Sat, 10 Sep 2005 17:58:29 GMT, "Darren" <> wrote
    > or quoted :
    >
    > >The question is there any legal, moral reason why should not be able to
    > >produce code signitures for own web sites? After all my applet is not
    > >accessing a users own harddrive in fact its only testing a socket

    connection
    > >to my own website on port 80. Completely harmless.

    >
    > Let's up the ante here by assuming you are a terrorist organisation
    > and the combined resources of all branches of the US government are
    > out to thwart you.
    >
    > The job of the government is to meddle with terrorist code to insert
    > spyware.
    >
    > Let's say the terrorists are on a budget and decide to use a self
    > signed cert.
    >
    > During the download, the government can rejar the app as it goes by
    > adding spy code, using their OWN self signed cert which they
    > conveniently include in the Jar, signing it "Terrists' R US" just like
    > the original.
    >
    > How do the terrorists detect this? The jar seems perfectly normal.
    > Some one gets suspicious ands says, lets download the public key from
    > the cert to be sure.
    >
    > The CIA is on the ball, and intercept the request and delivers the
    > public key of THEIR phony cert.
    >
    > Now if the terrorists were very clever, they would phone and ask the
    > fingerprint of the cert and compare that. However the fingerprint
    > displaying program was long ago compromised in a supposed Windows
    > update.
    >
    > Another band of terrorists would use a Thawte Cert. For the CIA to
    > pull the same stunt they would have to guess the private key of the
    > terrorist cert. Thawte does not know it.
    >
    > To avoid the expense of code cracking, the CIA would insist that the
    > instructions for buying certs be complicated. Then when naive
    > terrorists came along to buy one, they could be easily duped into
    > revealing their private key as part of the install or key creation
    > procedures.
    >
    > Clever terrorists would use one-time pad encryption, and would never
    > allow their crucial computers to be attached to the net. They would
    > use linux not windows so that they could check out all updates. They
    > would never trust certificates which are effectively under government
    > control.


    That's the extreme and fair enough but as there appears to be a way (less
    i'm not reading this right) of producing a cert yourself then is there a
    legal or moral reason why i shouldn't? Surely these things are encrypted
    with a one way enryption etc, blah .


    > --
    > Canadian Mind Products, Roedy Green.
    > http://mindprod.com Again taking new Java programming contracts.
     
    Darren, Sep 11, 2005
    #19
  20. On Sat, 10 Sep 2005 16:38:13 GMT, Roedy Green wrote:

    > On Sat, 10 Sep 2005 12:46:28 GMT, Andrew Thompson
    > <> wrote or quoted :
    >
    >>The only thing I can guess without an URL is that you are
    >>doing it differently to Roedy, and I further guess (from
    >>the fact that Roedy's works - whereas yours doesn't) wrong.

    >
    > you have to catch the Security exceptions and do something else.


    I suspected it was something along those lines, but did not
    have time to check. WassUp is a great little applet.

    --
    Andrew Thompson
    physci.org 1point1c.org javasaver.com lensescapes.com athompson.info
    "We are about to attempt a crash landing. Please extinguish all
    cigarettes.."
    Laurie Anderson 'From The Air'
     
    Andrew Thompson, Sep 11, 2005
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    12
    Views:
    1,087
    Ville Vainio
    Feb 17, 2006
  2. Richard Maher
    Replies:
    8
    Views:
    473
    Roedy Green
    Sep 28, 2007
  3. Jon Lim
    Replies:
    0
    Views:
    155
    Jon Lim
    Nov 21, 2005
  4. Neumann
    Replies:
    0
    Views:
    106
    Neumann
    Aug 11, 2006
  5. Richard Maher
    Replies:
    2
    Views:
    130
    Richard Maher
    Sep 6, 2007
Loading...

Share This Page