> "While the use of html links by a person might, in some
> applications, involve an export . . . we reiterate that the activity
> described by your submission is not an export activity that is subject
> to the EAR and would also not constitute conduct prohibited by Section
> 744.9 of the EAR."
Antonomasia speculated on cypherpunks thusly:
> I think a mere pointer is not an export, no matter what it points to,
> but a link with prohibited smuggled _content_ might be:
>
> <A HREF="http://www.cypherspace.org/~adam/print pack"C*",split/\D+/,echo.....
>
> although the quoting would probably take a lot of thought.
>
> Perhaps that's the kind of thing they mean ?
So the challenge is set, can we create an html HREF to a link where the link's name is a non-exportable program, and can we simulatneously persuade a unix shell to create a series of funny named directories, and file which is a non exportable program, and will the web server and web browser be willing to serve/request this file.
Lets find out...
Wow worked right off, now try changing into those directories:
cd: No match.
hmmm tcsh is getting confused here, lets try pwd
/home/aba/public_html/rsa/print pack"C*",split/\D+
ahh yep, it's actually working just tcsh is confused
Unmatched `.
more confusion, it's still working see:
/home/aba/public_html/rsa/print pack"C*",split/\D+/,`echo "16iII*o\U@{$
Unmatched `.
more tcsh confusion
Unmatched `.
and again
Illegal variable name.
cd: No match.
one very confused tcsh!
link to this web document self referentially
<HTML>
<HEAD>
<TITLE>RSA HTML Reference</TITLE>
</HEAD>
...
Here's the URL: Have you exported RSA today?
The HTML code you'll need looks like this:
> mmm...
>
> If one tried to run the above string, would it run? There is a
> difference between " and %22, no? If I am correct, the above code is not
> executable, and thus exportable.
I protested:
> It's not directly executable, agreed. What you have to do is save it
> in a file, and convert %xx into the ascii character for that hex number.
>
> Here do this, cut and paste:
>
> % perl -pe 's/%(..)/pack H2,$1/eg' > rsa.pl
> ^D
> %
>
> Then you're ready to rock:
>
> %
And then relented:
> However... I do take your point that the code contains some naughty
> characters which mean that you need to use %xx to allow it to be a
> valid URL.
>
> Challenge #2 then is can we change the code so that it no longer has
> any naughty characters and hence works without quoting, in such a way
> that it still works as perl! Hmm...
So the next challenge then is to create a link which doesn't have any characters which the URL spec requires to be quoted, had to break this up with /s because otherwise we were going over the limit on filenames on SunOS4.x (which is what the webserver at dcs is running).
The HTML code for that one is:
(The trailing ,$ is needed to make the code still executable in the presence of the trailing /. This means it's safe even if people use a trailing / after the directory name. We want to create a directory so that we can put an index.html in it, and have a browser recognize it as html, otherwise it wouldn't end in .html, and you would get to view the HTML source).