I worked on this a few weekends ago. So maybe I can help.
The first thing I would try to do is get nsv to work on your webserver at http://www.example.com/news. There are many ways to do this. If your server has apache running and you do not have root access then you'll want to configure your apache server to pass web traffic to the arc server at a specific port.
I asked around and had someone recommended configuring a virtual host and proxypass (mod_proxy). Proxies are inherently dangerous and you may still need root to configure mod_proxy. There may be other solutions out there though that don't require root, I'm not sure.
To get news.example.com to work you'll want to properly configure your virtual host. To get the web traffic to asv (arc's webserver) you'll want to configure mod_proxy.
Another option, if you are having access trouble on you current web host is to pick up a virtual server at linode | slicehost or similar and set everything up yourself. Worse come to worse you'll learn a lot about configuring a linux / freebsd server. I know I did.
And yes, I'm a little bitter about giving the frustrating "roll your own" answer since it's already overly used in the lisp and scheme communities. I'll make sure to update this thread when I get around to configuring my website(s) for asv.
Thanks for the advice. I've poked around mod_proxy but not sure where to drop those directives. I can lynx to localhost:8080 fine on the server (i.e. the site works locally on the server), so I guess I'm looking for a map from example.com/news -> localhost:8080, which at least seems like progress. Do I need to put some handler in .htaccess, or is that way off base? Ideas?
I don't think .htaccess will help you at all; example.com/news exists in "URL-space" not in the filesystem. So you don't need to do anything with a /news directory.
Yes, I read those. But the point of the challenge is that the last page displays "whatever he put in the input field". I tried out the supposed arc answer to the challenge and it doesn't actually display what I put into the input field.
Try writing "The first conquistador in what is now the US was Juan Ponce de Leon and the last was Don Juan de Onate Salazar." There's an o-with-acute-accent in Leon, and there's an n-with-tilde in Onate).
Try writing "Noroveirusyking a HliX", which is a headline from today's MorgunblaXiX (a newspaper in Iceland).
Try writing "Don't use the <blink> element!"
Or try writing some of the other problems I pointed out earlier. (A parent to this comment.)
* They do not work. *
If the challenge was "... as long as the input is in ASCII and doesn't include the '<' and '>' and '&' characters" then that's different. But that's not the challenge.
At the very least, raise an exception for out-of-range characters. The current code hacks some Latin-1 characters to ASCII, others to "X", and encodes characters >= 256 to &# escape codes. This is wrong.
To which kens added that because the server doesn't set the content-type encoding, if the browser autodetects the ASCII as being utf-7 then there's another possible attack.
