How to contact Jacco de Leeuw

snail mail:������  Jacco de Leeuw
�����������������  J.C. van Wessemstraat 54
�����������������  1501 VM� Zaandam
�����������������  The Netherlands
home phone:������  +31-(0)75-6352068 (family/friends only, please)
mobile phone:����  by request (note: phone is mostly off)
PGP public key:� � download here or get it from a keyserver
PGP fingerprint:�  4CBF 8E95 F3A0 68EB 62D5� 1D30 D067 9035 FD37 B537
S/MIME X.509 cert: download here
�����������������  Issued by CAcert (rootCA) to "Jacco J.C. de Leeuw"
WWW homepage:����  http://www.jacco2.dds.nl
ICQ number:������  1571148

������������������
e-mail:���������� (jacco two atsign dee dee es dot en el)

E-mail is preferred (read fairly often). Due to spam I had to mask my e-mail address a bit. I hope you can still figure out what it is. Note: I am using a spam filter called SpamAssassin. When you send e-mail, please:

• Use a descriptive subject line. (Bad example: "Please help". Good example: "VPN server refuses connection").
• Do not use HTML e-mail. Use plain text instead.
• Enter your real name in the "From:" field of your e-mail program.

Should my spam filter accidentally classify your e-mail as spam (which is rare), your e-mail should stick out when I skim through my spambox.

RPM security

I have made available a couple of RPM packages for the Linux operating system. These can be freely downloaded from my webpage. So how to convince yourself of the authenticity and trustworthiness of these RPMS?

I have signed the RPMS with my PGP key. But that doesn't mean a thing since anyone can make a PGP key and attach a name to it. Before you can trust a PGP key, you'll probably want it signed by other, trustworthy people. Mine has been signed by only a few people. I also have a Thawte Freemail certificate (X.509) with "distinguished name". This means that the certificate contains my name: Thawte has verified my identity on the basis of my passport. If you mail me, I can send you an S/MIME signed e-mail which contains my GPG public key. After importing this key to your keyring, it allows you to check the signatures and the cryptographic checksums on the RPMS with rpm --checksig *.rpm. So if you trust Thawte as a Third Party, you can be sure that that the RPMS were genuinely made by me and that they have not been tampered with on the route between you and me.

Of course, this doesn't say anything about the systems with which I built these RPMS. For all you know they could have been hacked or trojaned. To the best of my knowledge, this is not the case for my systems. Of course, "you know better than to trust a strange RPM". A good article on the security of RPMs on the net can be found here. Source RPMs are always provided by me so you can inspect the source for irregularities. This is just one of the advantages of open source software.

Acknowledgements

I would like to thank friends and family who donated or lend out hardware to me. Thanks, guys!
Also much appreciated are the comments, suggestions and corrections that I received regarding my webpages.