Archive: August 2015

<<< July 2015

Home

September 2015 >>>


Sunday,  08/02/15  09:47 PM

Whew, August.  And it's quiet, too... 

Yesterday I drove up to Lake Arrowhead, and cycled around the lake.  A beautiful place to sail, should have brought a boat, although it's a beautiful place to ride, too.  The drive up was a little "interesting", as route 183 was blocked by a forest fire.  (Looks like it will be a tough summer for fires, and has been already.)  I ended up off-road on some dirt tracks, with a great deal of dust to show for it, but I made it.

When I was a kid I had a friend whose parents owned a house at Lake Arrowhead, and spent considerable time up there, hanging out and sailing.  (This was where I first formed my theory that wealthy men have pretty daughters :)  Being back after so many years, it's amazing the memories which are triggered.  Most of them were things I wouldn't have remembered any other way, but being there again brought them back vividly.  Amazing the stuff we keep packed away in our brains :) 

California drought report: this lake is completely full of water.

From the pages of history: "The Computer Girls", a 1967 Cosmopolitan article.  "Now have come the big, dazzling computers - and a whole new kind of work for women: programming."  How interesting, right?  Also worth remembering that digital computers replaced human computers, who were often women... 

A new book to read: Digital Gold, Bitcoin and the Inside Story of the Misfits and Millionaires trying to Reinvent Money.  Philip Greenspun posted a positive review

Also interesting, the Amazon Kindle price for this book is $14.99, which is a dollar more than the hardcover price.  Hmm...

Meanwhile, and related, Ethereum has launched.  "Ethereum is a decentralized platform that runs smart contracts."  An explicit attempt to duplicate the Bitcoin blockchain, with a more powerful "instruction set".  (You will recall from Bitcoin 102 that every Bitcoin transaction is a computer program.)  The problem with this noble effort is that until "ethers" become valuable, the nodes in the network won't have sufficient incentive to keep each other honest.  This is the compelling advantage of THE Bitcoin blockchain. 

Apropos: Uber vs Piketty.  "Thomas Piketty famously argues that owners of capital grab ever-larger shares of wealth, and that the single best ‘solution’ to this alleged problem is a global tax on wealth and high rates of income taxation...  Ashley Schiller had a brilliant insight, which I share here with her kind permission: Uber (and other ‘sharing economy’ innovations, such as Airbnb) allow ordinary people to turn their consumption goods into capital goods."  It would have been difficult to predict that helping people use personal cars as taxis would create a multi-billion dollar business, and yet, there it is, despite the best efforts of government regulations to interfere.

 

 

dog days

Monday,  08/03/15  11:09 PM

This is being blogged with a dog on my lap. You have been warned...

Mission creep?  NASA is crash-testing Cessnas so we can find more planes when they do crash.  This is all very exciting but doesn't seem to be within NASA's mission.  Or it shouldn't be... 

And meanwhile ... Star Trek's Uhura will join a NASA mission (but not to space).  This 747 is a Stratospheric Observatory for Infrared Astronomy.  As with testing Cessnas, this seems like noble work, but not within NASA's mission. 

Mission creep is one of the two key problems with government agencies, they never willingly do less, and their work is never done.  (The other problem is they're inefficient, having no motivation to do less or finish.)  If there is work we taxpayers agree to jointly fund - such as crash testing aircraft, or infrared observatories - then our government agencies' only role should be to pay for it.

In private spaceflight news, Largest plane in the world to perform test flights in 2016.  This is the Stratolaunch Roc, built from melding two old 747s together, and designed as a reusable way to launch rockets.  This is what space exploration looks like...  (By all means click through and view the video!) 

How interesting: Twitter collapses 5%, tumbling toward IPO-level prices.  As a business Twitter are doing just fine, but they're not growing fast enough to satisfy their investors; hence the trouble.  I remember the Twitter IPO was considered a success because it had a big bounce, but now look.  Meanwhile Facebook, whose IPO was considered a failure because there was no bounce, is growing nicely... 

More government regulation gone wild: California has a plan to end the auto industry as we know it.  Well actually, to mandidate electric cars.  I love electric cars, but in no way is this the government's business.  Setting emissions requirements ... sure, but mandating technology ... no. 

This sucks: Massive wildfire threatens 6,300 properties North of San Francisco.  There are currently 23 wildfires burning in California, the result of a dry winter, summer, and lots of lightning storms. 

Finally, news you can most definitely use: how to slice a bagel along a mobius strip.  Excellent.

 

 

National Geographic photos

Tuesday,  08/04/15  08:42 PM



 


National Geographic are having their annual photo contest
Please click through to enjoy all the pictures, and vote!
Here're the ones I found the most amazing...



 

 

lost in space

Thursday,  08/06/15  07:05 AM

Lately I've been lost in space*, reading as much as I can about space exploration, colonization of Mars, the 146 moons in our solar system, etc...  what could be cooler than the world "out there"?  When I was younger it seemed more important to everyone, maybe because the Apollo program was such a visible success.  Anyway it's great exploring it on paper**, but will be even cooler to really do it***.

* some of you may say, so what's new?  Yeah :)
** well, on Kindle
*** not clear yet but maybe VR is how we will really do it

Not happy about this: NASA ‘forced’ to extend $490mn contract with Russia for manned space flights.  If the pioneers of the Apollo program could see this headline, they'd spin in their graves.  The U.S. *must* get back to where we can launch people into space. 

To be clear, our dependence on Russia is troubling, but what really bothers me is that instead of moving forward, we've moved so far backward in our capabilities.

I *think* this is good news: Senate passes commercial space bill.  "The bill extends an existing provision of federal law that limits the ability of the Federal Aviation Administration to impose safety regulations on passenger-carrying commercial spacecraft.  The bill also extends through 2020 the commercial launch indemnification regime, where the government is responsible for any third-party losses from launches in excess of a level the company must insure against."  I'm definitely in favor of the first provision, iffy on the second. 

Cool animated GIF of the day: The moon transits across Earth, as seen by NASA's Deep Space Climate Observatory.  This is not CGI.  Yay. 

Now you can drive around Mars with NASA's Curiosity simulator.  Excellent.  I'm sure it will be only a matter of time before we can do this with an Oculus VR headset :) 

Curiosity is the best name for a space robot ever, right?

CNet: Let's go to Mars!  Yeah, lets... :)  I did not write this article, but I could have... 

Space Mining is closer than you think, and the prospects are great.  What's especially great about this is that it provides the economic incentive private companies need to invest in space exploration.  Ultimately there has to be a payback or it won't be done.  One key point the article doesn't mention: a lot of space mining can be done outside the deep gravity wells of planets, like asteroids and comets.  It's actually a lot easier to travel in space if you avoid landing!

 

 

the great debate

Friday,  08/07/15  12:50 PM

So, did you watch the great debate?  Or should I say, debates, because, weirdly, there were two of them?  I though it was great theater, for the first time in a long time I'm genuinely engaged with the Presidential race, trying to figure out who to support.

Longtime readers know, I'm actually more of a Democrat than a Republican (voted for Al Gore), but ever since the vast lurch to the left which started with John Kerry and has continued with Barack Obama, I just can't support Democratic candidates.

My first observation echos the Michael Ramirez cartoon at left; the GOP has a lot of bench strength.  I can't support all of these candidates - and of course, Donald Trump is an idiot - but there are a lot of good choices.  Watching the debate, you would have to conclude it's an impressive group of people.  Also a pretty diverse group, and a fairly young group.  Good stuff.

So ... who won?

I think besides the Republican Party itself, there were three winners:

  • Marco Rubio.  Even if you don't agree with him, he's good.  We could do much worse.
  • Ted Cruz.  The smartest guy in the room.  I'm afraid he might be slightly too arrogant, but how great would it be to have a smart President?
  • Carly Fiorina.  The clear winner of the "undercard", she's a strong contender.  She needed people to get to know her, and they did.

A fourth choice would be Ben Carson; he's an impressive guy (brain surgeon!) but I just don't see him as a politician.  Making the leap from business leader like Fiorina is easier.

[Update: after thinking about it, another victor last night was Fox.  They did a great job of asking tough questions.  Can you imagine MSNBC treating Hillary Clinton, Bernie Sanders, and Joe Biden that way?]

And ... who lost?

  • Donald Trump.  I guess there will always be a group rooting for him, the way you root for a train wreck, but he showed himself to be unserious*. 
  • Jeb Bush.  Nobody could figure out why he was riding so high in the polls, and after last night, he won't be anymore.
  • Scott Walker.  He's a likeable candidate and had a lot of momentum, but I think he failed to stand out in this distinguished company, and lost ground as a result.

This debate probably presages a shakeout where the candidates that were already off the radar and didn't do anything to improve will fall further back.  Rand Paul, Rick Perry, John Kasich, Chris Christie, Rick Santorum, etc.

You might find this interesting: Camille Paglia rates the debaters (in the Hollywood Reporter).  A feminist liberals take on the GOP's slate.  I found her comments quite insightful, and it's especially important to understand how these candidates will appeal to potential undecided voters, not just how they're regarded preaching to their choir.

It will be a most interesting campaign.  Pass the popcorn!

* an observation about Trump: he is not going to be the Republican candidate, and I think after this becomes obvious to him he's going to drop out.  I was mildly worried that he'd be a divisive force as an independent candidate, but I can't really see him doing that; first, it would be expensive, and he doesn't have as much money as he says he does, and second, he would ultimately lose, and he hates losing.

 

Friday,  08/07/15  09:51 PM

Want to be more productive?  Have a job that requires dedicated periods of concentration?  Then listen to music.  It's fun, and it works...

My current favorite Slacker channel: Masters of Metal.  YMMV!

Apple Music clocks more than 11M trial customers.  Which have so far collectively paid $0 for trying the service.  I can't get too excited, I've heard zero friends raving about the service. 

First I passed on Apple Watch, and now Apple Music.  Hmmm...

Powerline celebrates Milton Friedman's birthday by linking his "20 best quotes".  They're all great, folksy wisdom from a solid thinker, well worth checking out.  You have to like #1: 

I do not believe that the solution to our problem is simply to elect the right people. The important thing is to establish a political climate of opinion which will make it politically profitable for the wrong people to do the right thing. Unless it is politically profitable for the wrong people to do the right thing, the right people will not do the right thing either, or if they try, they will shortly be out of office.

The NY Times editorializes: The Right Minimum Wage: $0.  "The idea of using a minimum wage to overcome poverty is old, honorable – and fundamentally flawed."  That was in 1987.  Everyone has a right to change their mind, but those arguments are just as compelling today. 

Related: Plunder and Deceit reaches #1 on Amazon's bestseller list

Interesting article by Laura Hudson in Boing Boing about the game Never Alone, which features an Alaska Native girl named Nuna and her pet arctic fox.  "Cook Inlet Tribal Council members weren't just asked to superficially consult; they became part of a greenlight committee that had equal numbers of E-Line employees and Natives, and worked together to address problems related to everything from concept art to personnel."  After watching the video, I wanted to play the game, which is amazing because I'm not really a gamer. 

Also interesting, this post featured an image in webp format, the first time I've seen that.  My ancient version of Photoshop didn't know what to do with it, so I had to screen print and cut-and-paste.  My first reaction to a new image format is "who ordered that?" but I guess we mustn't stand in the way of progress :)

A great use of technology: Machine learning used to predict fine wine price moves.  I'll drink to that, but of course using it to make fine wine finer would be a higher and better use. 

Of course they are: North Korea is creating a new time zone.  It is offset from South Korea, China, and Japan by ... 30 minutes.  That will certainly make things easier. 

Wow: IBM are buying Merge Healthcare for $1B, to add medical images to Watson.  "When IBM set up its Watson health business in April, it began with a couple of smaller medical data acquisitions and industry partnerships with Apple, Johnson & Johnson and Medtronic. Last week, IBM announced a partnership with CVS Health, the large pharmacy chain, to develop data-driven services to help people with chronic ailments like diabetes and heart disease better manage their health."  This is probably the biggest visual search deal yet, and it's focused on medical imaging.  How interesting! 

Also of note: the stock photo which accompanies the article (shown at right) is pretty dated; most Radiologists have PACS systems and can compare images side-by-side on a computer screen.

 

 

Rosetta!

Saturday,  08/08/15  08:16 PM



The NY Times celebrates the one-year anniversary of the ESA's Rosetta spacecraft encountering comet 67P/Churyumov-Gerasimenko.  Rosetta dropped the Philae lander onto its surface in November and has been following the comet as it swings closer to the sun.  This photo essay is incredible, a must see.  The gases emitted by the comet stream away from the sun in the "solar wind", and provide an eerie backdrop.

Imagine looking out the window of your spaceship and seeing this!


 

re: politics

Saturday,  08/15/15  07:46 PM

Wow, one week!  Where did it go?  (Oh yeah, I was coding ... :)

This week was "the week after" ... the great Republican debate.  Consensus seems to be that the "winners" were Cruz, Fiorina*, and Carson, Trump held serve, and everyone else lost.  Looks like we're going to have to come to grips with Donald Trump, we can't just say "he's an idiot" and ignore him.  I'm not surprised by Ted Cruz, of the professionals, he's the most professional, and of the conservatives, he's the most conservative.  Ben Carson is an impressive guy, but I can't really see him as President.  Fiorina I've written about; she's interesting, and might very well end up as the Republican VP candidate. 

* Fiorina is especially notable because she wasn't part of the main debate, but the storyline seems to be that she won the undercard and is surging...

Check out this post, it's notable for having post-debate-survey numbers, but also for the disrespect shown by [liberal blog] Boing Boing (which I mostly like, but not for their politics). 

I'm pretty surprised, as is [conservative log] Powerline, that Trump easily survived his strange comments about Megyn Kelly.  I think it shows his strength.  Scott "Dilbert" Adams says he is a Clown Genius:  "As far as I can tell, Trump's 'crazy talk' is always in the correct direction for a skilled persuader. When Trump sets an 'anchor' in your mind, it is never random. And it seems to work every time.

Of all the Republican candidates, Fiorina seems most focused on taking the fight to Hillary Clinton.  She asks What has Clinton accomplished?  Good question.  

BTW Clinton's proposal for college socialism is astonishingly bad; yeah, let's make college even more expensive*.  Government-subsidized loans are already the biggest reason college is expensive (exactly like government subsidized housing loans have made real estate so expensive), and this would only make things worse.  Why are basic economics so difficult for so many people to understand?  Hint: they can't handle the truth :) 

* time was, I liked Bill Clinton better because of his smart wife.  I thought she would fix healthcare.  But no, turns out she wasn't that smart, didn't fix healthcare, and seems to have become less savvy all around.  I will be shocked if she's our next President, in fact, I'll be shocked if she survives to become the Democrat candidate.

If I had to bet, I'd bet on Joe Biden, maybe with Hillary as VP.  I'd definitely pay money to watch a VP debate between Fiorina and Clinton :)

The laws of economics haven't been repealed: Latest Seattle employment numbers.  "The loss of 1,000 restaurant jobs in May following the minimum wage increase in April was the largest one month job decline since January 2009."  There's no such thing as a free lunch. 

Related: for a beautiful example of bogus progressive economic non-logic check out this flyer about Walmart.  "Walmart costs taxpayers an estimated $1 billion per year subsidizing low wages and benefits."  Get that?  If only Walmart would pay their employees more, taxpayers would not have to subsidize their wages and benefits.  Clearly that's Waltmart's fault, right ... It couldn't possibly be the government policies which allocate tax money to this purpose... 

Now if only Walmart would pay for housing and college...

 

 

re: space

Saturday,  08/15/15  09:06 PM

You know how when you buy a new car, you suddenly see them everywhere?  Maybe it's because I've been paying more attention to space, but it seems like space stories are everywhere...

NASA have a new blog, a Tumblr, and of course you should subscribe.  Or you could rely on the Ole filter, because I'll definitely be linking away... 

So ... greens grown in space are now on the Space Station astronaut menu.  Excellent.  It is no accident that The Martian is a botanist; think about it and you'll realize growing (and raising!) food in space will be a critical need.  It is SO expensive to send stuff out of Earth's gravity well, that synthesizing it on the fly is well worth it. 

This applies to all sorts of things besides food, too, like rocket fuel, building materials, and even the "air" we'll breathe...

Among the amazing pictures taken by the Hubble Space Telescope, this one, of the Lagoon Nebula in Sagittarius.  "Hubble can see astronomical objects with an angular size of 0.05 arc seconds, which is like seeing a pair of fireflies in Tokyo from your home in Maryland."  This is not false color by the way.  Click through to enbiggen amazingly! 

From Engadget: Watch live as two ISS cosmonauts perform a spacewalk.  Yeah, every part of that sentence is surprising, but remember, Russia is currently the only country that can fly astronauts into space.  (I think the correct term is "EVA", however, technically a spacewalk only occurs on a surface :) 

When you see these pictures, it looks like something from a movie, doesn't it?  Except that maybe the spacesuits are bulkier in real life :) 

Here's a cool video from astronaut Scott Kelly, also on the ISS, showing our "galactic home".  Kelly is there for a year, as part of a twin study; he has an identical twin brother, also an astronaut, who is not on the ISS. 

In a NASA video, they ask: Why do we explore?  "Simply put, it is part of who we are, and it is something we have done throughout our history. In “We Are the Explorers,” we take a look at that tradition of reaching for things just beyond our grasp and how it is helping us lay the foundation for our greatest journeys ahead." 

The design story behind NASA's "worm" logo, sadly retired.  Sadly is right, this was cool.  Nothing looked better on the side of a huge rocket, either... 

... Okay, I take that back :)

To infinity, and beyond!

 

 

filter pass

Sunday,  08/16/15  09:36 PM

Hmmm, so after politics and space, what else is going on?

Today I took a nice little ride from Gaviota to Jalama Beach.  This skirts the famous Hollister Ranch property, a vast private property along the California Coast spanning Point Conception.  Was a great ride up and down and around some amazing land.  Just when you think we're overpopulated, you realize ... we're not even.

BTW the New Yorker recently ran a story by Dave Eggers ("The Circle") about The Actual Hollister.  Apparently Eggers thought the famous Abercrombie & Fitch brand was named after a little town in the Central Valley, also called Hollister, and neither he nor his editors thought to Google and discover Hollister Ranch.  Remember that the next time you believe anything you read in the New Yorker.

Inhabitat reports Santos, Brazil is bringing attention to biodiversity with birdwatching street guides.  Excellent, but even more excellent is this picture of an owl.  Hehe.  Have to look at things from all angles, right? 

The unexpected benefits of allowing the mind to wander and zone out...  perhaps an important part of the joy of cycling? 

Here we have a compilation of the world's most incredible watch mechanisms.  Want!  There are all so much cooler than any smartwatch, right?  I honestly can't pick a favorite but I do very much like the one pictured here... 

And so Google have split themselves into their search business (aka their real business), and everything else (aka their R&D), under an umbrella company called Alphabet.  Seems like it makes sense, and I doubt very much it has anything to do with keeping talent.  I found this interesting: "We liked the name Alphabet because it means a collection of letters that represent language, one of humanity’s most important innovations, and is the core of how we index with Google search!"  Hmmm... but what about in the future, when most search is visual search? :) 

CurrentC may not launch until next year.  So be it.  Here's a doubly self-contradictory sentance: "Certainly going faster is always better - that’s not necessarily a debatable point. But we’re going to do it right.John Gruber comments:  "Where by 'we’re going to do it right', he means 'we are doing it all wrong'."

 

 

escape velocity

Saturday,  08/22/15  01:51 PM

The biggest news around here is that my youngest daughter Megan has reached escape velocity!  Next week (!) she's moving out to attend the School at the Art Institute of Chicago as a Photography major.  We're pretty excited for her - and looking forward to a little trip to Chicago to help her settle in, first of many :) - but it will be weird having an empty nest.  Whew.

Speaking of escape velocity: Bitcoin committer releases Bitcoin XT fork allowing blocks larger than 1MB amid disagreement among Core committers.  The explanation makes sense: there was disagreement, and by releasing the new code "the market" of Bitcoin miners can decide. 

"This leaves one last mechanism for resolving the dispute. We can make a modified version of the software, and put it to a vote of miners via the usual chain fork logic used for upgrades. If a majority upgrade to the new version and produce a larger than 1MB block, the minority would reject it and be put onto a parallel block chain. To get back in sync with the rest of the network they would then have to adopt the fork, clearly resolving the system in favour. If the majority never upgrade, the fork would never happen and the 1MB limit would be hit."

I haven't decided whether to upgrade my fledgling Bitcoin node yet.  Stay tuned.

Chris Dannen asks: Will the Sean Parker of blockchain please stand up? 

I've wondered myself: Where is the world's most remote city?  "One Russian city sits on a distant peninsula surrounded by volcanoes. Iquitos, in the heart of the Amazon jungle, has no roads leading in or out. Then there are contenders in Tibet, Greenland, Australia …" 

Of course, this will be the answer soon: How (and why) SpaceX will colonize Mars.  But we have to define "world's" and "remote".  Perhaps a colony on [Martian moon] Phobos would qualify?  But then again, what if we colonize [planetoid] Ceres

And what are those bright lights on Ceres, anyway?  Is there already a colony there, signaling us? :)

Starting a startup?  This is a great article by Noah Kagan: You're still modeling growth incorrectly.  "Given the life-or-death importance of achieving growth, it's ironic that growth teams, marketers and founders often treat it as a matter of faith. Their execution plans amount to working really hard, then dropping on their knees to pray to the growth gods that everything will magically work."  Guilty as charged. 

Easy as 1,2,3,5:  The Connoisseur Of Number Sequences.  "For more than 50 years, the mathematician Neil Sloane has curated the authoritative collection of interesting and important integer sequences."  Excellent. 

Hmmm...  fruit leather purses are a thing now.  So be it.  I wonder, are these considered a vegetable? 

Totally agree with this:  All voters should be required to pass the same basic civics test as legal immigrants.  Administered in English. 

By the way, if you think this proposal is racist, examine your assumptions; I would suggest claiming this proposal is racist is racist.

Jimmy Iovine is still worried about the future of music.  As he should be.  Apple Music does nothing at all to make the future of music any brighter.  The key problem is how to get royalties from consumers of streaming services into the hands of artists. 

As this is being typed, I am listening to The Fixx on Slacker.  No money has changed hands, and there are no ads.

Note: the iPod and iTunes both significantly helped artists.  So Apple have historically been a force for good.

Cannot wait! - there a new trailer out for The Martian.  Not sure whether I'm anticipating this more or less than the new Star Wars.  Both a lot :) 

BTW, please make sure you read the book before you see the movie.  And do not start the book on a day when you have anything else planned.

Slashdot: the real NASA technologies in 'The Martian'.  Cool but a little wishful; we are going to need a way for humans to reach escape velocity first. 

And now this: you probably need more Tasmanian imps* in your life.  Most definitely! 

* an imp is of course a baby Devil

 

streaming royalties: a modest proposal

Sunday,  08/23/15  11:27 PM

Here's a modest proposal for paying out royalties to artists for streaming music.  This is THE problem confronting music today.  Streaming services like Spotify, Pandora, Slacker, and now even Apple Music have become the easiest and best way for consumers to discover and play music, but they don't pay out much money to artists.  And they don't pay out the right amounts to artists.

Yesterday I blogged:

Jimmy Iovine is still worried about the future of music. As he should be. Apple Music does nothing at all to make the future of music any brighter. The key problem is how to get royalties from consumers of streaming services into the hands of artists.

The chart at right illustrates the problem.  Well, yeah.  So what would Jobs have done?

We don't know, but here's my proposal.

First consider the revenue side.  Streaming services earn money from two sources, monthly fees and ads.  The ads are mostly pay per impression.  So every streaming service can easily compute the revenue they've earned from each subscriber.

Next, costs.  The streaming services have operational cost, and they have to make money.  Say they have a net margin of 50%.

And finally, the payout of royalties.  Each streaming service already keeps track of how much time each user is listening to music (not ads, and not paused), and how much time they spend listening to music from each different artist.  So here's the formula:

The Payout for each artist is the Sum of the Revenue from each subscriber times the Total time that the subscriber listened to this artist, divided by the Total time the subscriber spent listening to music.  The M is the percent margin.

As an example, say I pay Slacker $10/month and 5% of the time I listen to Depeche Mode.  Also suppose Slacker's margin is 50%.  Then D.M. get $10 * 5% * 50% = 2½¢/month from me.

Some good things about this:

  • It's easy to compute and understand.
  • It's transparent.  Everyone gets to know which artists are popular.
  • There is no incentive for music services to reduce listening.  This is the worst part of the pay-per-track model.
  • There is no incentive for music services to focus subscribers on any artist.  They can showcase new artists, no problem, and feature established artists too, no problem.  And the payouts simply follow what people listen to.
  • The concept of "album" is not considered.  It's outdated and irrelevant.

So it's easy, and it's fair.  What do you say, Apple?

 

performing HTTP authentication in CGI

Monday,  08/24/15  05:13 PM

Pardon this nerdy post, but here is how you can do HTTP authentication processing in a CGI program.  The Internet doesn't know how to do this, and I do.  So here you go, Internet.

Here's how HTTP authentication works.  A request is sent to a server, and if there is no authentication the server responds with a 401 status.  This causes the client (browser) to prompt the user for a username and password.  When entered, the username and password are combined and sent to the server in the Authorization: header, like this:

Authorization: basic <username:password>

The <username:password> part is base-64 encoded, which is *not* encryption, so to avoid sniffing this should only be done on an SSL-encrypted (HTTPS) connection.

The server validates the username and password, and if there's a problem, it sends back a 401 status again.  If everything is okay, it processes the request, such as executing a CGI program.  So far so good.

Now ... what if you don't want the server to perform authentication for you, and instead, want to perform the authentication inside the CGI program itself?  Aha, glad you asked!

You have to modify the Apache [webserver] configuration, as follows:

... in modules section, if not already enabled:
LoadModule authn_anon_module modules/mod_authn_anon.so

... in server section, or in <VirtualHost>:
SetEnvIf Authorization (.*) HTTP_AUTHORIZATION=$1

... in appropriate <Directory>:
AuthName "My auth realm"     (required; default if realm not set)
AuthType Basic               (username:password, base64-encoded)
AuthBasicProvider anon       (use anonymous auth)
Anonymous *                  (allow any username)
Anonymous_NoUserID on        (optional, ok if username blank)
Anonymous_MustGiveEmail off  (optional, ok if password blank)
Require valid-user           (optional, forces auth processing)

Here's what's happening.  Loading mod_authn_anon enables the use of a "AuthBasicProvider anon " directive.  That's the secret sauce.  The "Anonymous * " directive allows any user through the server checking.  Once through the server checking, the SetEnvIf directive sets an environment variable named HTTP_AUTHORIZATION with the value of the Authorization: header, from where it can be accessed by the CGI program.

You can tune the way this works a bit.  The "Require valid-user " directive means the initial 401 will be sent (because there is no Authorization: header), so you will always prompt for entry of a username and password.  That's probably what you want, but if not, you can omit this directive in which case no Authorization: at all is okay and a blank value will be passed through to the CGI.  The "Anonymous_NoUserID on " directive allows a blank username; if omitted, a blank username will be treated like a missing Authorization: header, and a 401 will be returned by the server.  The "Anonymous_MustGiveEmail off " directive allows a blank password; if omitted, a blank password will result in the server returning a 401 directly.  (The anon mechanism was initially devised for anonymous FTP, where an email address is often supplied as the password.)

Note that in all cases the CGI can return a 401 itself by writing a "Status: 401 " header, which will cause the client (browser) to prompt for a username and password again.

Trust me, this works, and I tried just about everything else.  You are welcome!

 

the week that was, 8/24

Monday,  08/31/15  11:21 PM

Wow, August is GONE.  How did that happen?

And even more significantly, my youngest daughter Megan is gone; last weekend we moved her our to Chicago, where she will be studying Photography at the School of the Art Institute of Chicago (SAIC).  She's happy and delighted, and I'm happy and delighted for her, but whew, it is a time of change.

This is a slide from the SAIC Orientation for parents, entitled "Campus Life" :)

And meanwhile, it's all happening...

 

 
 

Return to the archive.