Critical Section

Archive: August 24, 2015

performing HTTP authentication in CGI

Monday,  08/24/15  05:13 PM

Pardon this nerdy post, but here is how you can do HTTP authentication processing in a CGI program.  The Internet doesn't know how to do this, and I do.  So here you go, Internet.

Here's how HTTP authentication works.  A request is sent to a server, and if there is no authentication the server responds with a 401 status.  This causes the client (browser) to prompt the user for a username and password.  When entered, the username and password are combined and sent to the server in the Authorization: header, like this:

Authorization: basic <username:password>

The <username:password> part is base-64 encoded, which is *not* encryption, so to avoid sniffing this should only be done on an SSL-encrypted (HTTPS) connection.

The server validates the username and password, and if there's a problem, it sends back a 401 status again.  If everything is okay, it processes the request, such as executing a CGI program.  So far so good.

Now ... what if you don't want the server to perform authentication for you, and instead, want to perform the authentication inside the CGI program itself?  Aha, glad you asked!

You have to modify the Apache [webserver] configuration, as follows:

... in modules section, if not already enabled:
LoadModule authn_anon_module modules/

... in server section, or in <VirtualHost>:
SetEnvIf Authorization (.*) HTTP_AUTHORIZATION=$1

... in appropriate <Directory>:
AuthName "My auth realm"     (required; default if realm not set)
AuthType Basic               (username:password, base64-encoded)
AuthBasicProvider anon       (use anonymous auth)
Anonymous *                  (allow any username)
Anonymous_NoUserID on        (optional, ok if username blank)
Anonymous_MustGiveEmail off  (optional, ok if password blank)
Require valid-user           (optional, forces auth processing)

Here's what's happening.  Loading mod_authn_anon enables the use of a "AuthBasicProvider anon " directive.  That's the secret sauce.  The "Anonymous * " directive allows any user through the server checking.  Once through the server checking, the SetEnvIf directive sets an environment variable named HTTP_AUTHORIZATION with the value of the Authorization: header, from where it can be accessed by the CGI program.

You can tune the way this works a bit.  The "Require valid-user " directive means the initial 401 will be sent (because there is no Authorization: header), so you will always prompt for entry of a username and password.  That's probably what you want, but if not, you can omit this directive in which case no Authorization: at all is okay and a blank value will be passed through to the CGI.  The "Anonymous_NoUserID on " directive allows a blank username; if omitted, a blank username will be treated like a missing Authorization: header, and a 401 will be returned by the server.  The "Anonymous_MustGiveEmail off " directive allows a blank password; if omitted, a blank password will result in the server returning a 401 directly.  (The anon mechanism was initially devised for anonymous FTP, where an email address is often supplied as the password.)

Note that in all cases the CGI can return a 401 itself by writing a "Status: 401 " header, which will cause the client (browser) to prompt for a username and password again.

Trust me, this works, and I tried just about everything else.  You are welcome!


Archive: August 27, 2014


Archive: August 27, 2013


Archive: August 27, 2012


Archive: August 26, 2011

Alex at LMU

Friday,  08/26/11  08:14 PM

Alex' new home at LMUWell, she's off!  We moved Alex into her dorm at LMU this afternoon.  It was one of those sad/happy things.  The school is great, her dorm is great, the people are friendly and amazing, and I think she's going to have a wonderful freshman year.  But we're going to miss her!


Archive: August 25, 2010

Alexis' edition...

Wednesday,  08/25/10  10:47 PM

Happy Birthday Alexis!It's the Alexis edition of my blog, as she turns 17 today... congratulations, to the most wonderful kid imaginable... and meanwhile, we find:

Chest Beating: NEMA Working Group 6 have approved supplement 145 to the DICOM standard, "Whole Slide Imaging for Microscopy".  This means that the huge complicated images created by scanning entire microscope slides can now be stored using the DICOM standard, a major step forward for my company Aperio and the entire digital pathology community.  It will take time for this standard to be adopted and propagate, but just having a standard is a major step forward, and every journey starts with the first step.  Yay.

From the August 9 issue of the New Yorker:

  • cool parking garage from Herzog and de MeuronThe Wheelhouse - "Herzog and de Meuron reinvent the parking garage" - and how great is that?  I've always admired the spiral parking of the circular Marina Towers adjacent to the Chicago River...

  • Empty Chamber - "Just how broken is the Senate?" - judging from this article, the answer is very broken indeed.  Yikes.

Squirrel drinking coffeeHere we have the T.O. Acorn's Squirrel of the Month.  A great feature, and a great choice :)


Archive: August 23, 2009

how projects really work

Sunday,  08/23/09  10:47 AM

how projects really work

my marketing colleagues point out that marketing got closest to what the customer really needed :)


son of death ride

Sunday,  08/23/09  12:04 PM

In a couple of weeks I'm going to ride a relatively new event called Son of Death Ride, which has the motto "that which doesn't kill us, makes us stronger".  Nice.  This ride is also billed as the toughest one day ride in the U.S.  So be it. 

Here's the ride profile, it is out and back, for a total of 138 miles and - gasp! - 17,352 feet:

son of death ride route profile

That first climb is from 3,500' to 9,000' in 16 miles, which works out to about 7%.  Ouch.  At that summit you'll be 16 miles into the ride, with 122 miles left, and already toast.  I'm looking forward to it already.


weekend of August 22, redux

Sunday,  08/23/09  11:20 PM

Tonight we celebrated Alex' 16th birthday (which isn't really 'till Tuesday), had all the girls home, and it was great fun, much laughing and telling of stories.  Yes I must show off:

my girls, 8/23/09
Nicole, Megan, Alexis, Jordan, Shirley

Earlier I was able to get some work done and for the first time in a while did my "usual" ride around the lake and through Hidden Valley.  All set, ready for another tough week!

But first, a little blogging...

how stupid do they think we are?Rich Lowry: They think we're stupid.  "The Obama team is saddled with a foundering health-care strategy. But it has a fallback plan - relying on the sheer dimwitted gullibility of the American public.  How stupid do they think we are?"  Actually the public are pretty stupid, amplified by a stupid media.  But still, this is not going to fly. 

I actually don't think the Obama team think we're stupid though, I think they think they're right, and that we'll see they are given time.  Unfortunately they're wrong, and we're all going to see it together.  History is not on their side.

Ann Althouse: "Basically, Obama has a big problem. He got lots of people to trust him, chiefly by speaking in vague generalities. It only works from a distance."  And for a short time...

It was only a matter of time:  Tell your story!

Performance - by MC SpandexThis is excellent, Performance, by MC Spandex.  Well done in addition to being dead on and funny.

Avatar: 3D movie teaser trailerAvatar: How James Cameron's 3D film could change the face of cinema forever.  This will be interesting; it seems almost certain that someday all movies will be 3D, and perhaps this will be seen as the pioneer.  The premise behind the movie is pretty cool; humans on Earth have their brains wired into aliens on another planet.  Cool...

47 million year old fossilized jewel beetleAmazing new fossil photos.  Including the 47 million-year-old jewel beetle shown at left.  Wow.

Cool movie about the 505 Worlds on San Francisco BayVia Sailing Anarchy, check out this movie about the 505 Worlds.  How fun would it be to race against 100 505s in San Francisco Bay?

Onward, into the week...  I cannot promise to blog every day, I'll try, but be patient with me if I can't, and stay tuned :)


Archive: August 27, 2008

Wednesday,  08/27/08  10:47 PM

Suddenly the Olympics seem like they were so long ago!  Weird.  Did you know the U.S.Open is being played right now?  Yeah, me neither.  And now that I do know, I don't care.

Katrina victims' illiteracy hampers recovery.  Here's the subhead: "More than 40 percent of New Orleans adults lack the literacy skills to comprehend basic government forms. And Hurricane Katrina recovery programs have done little to ease the burden."  Get that?  It isn't their fault, because the government's programs haven't fixed the problem.  Wow.  Reading the article we get more victimology: "I didn't get a lot of school when I was a child. I guess they didn't have enough to go around."  See, there's always a they, and it is always their fault.  Ridiculous.

Alberto ContadorAre you ready for the Vuelta de Espana (Tour of Spain)?  It starts this weekend, of course...  Look for Team Astana to dominate, led by Alberto Contador (at right).  With Levi Leipheimer and Andreas Kloden, and with Denis Menchov and Cadel Evans not participating, they could sweep the podium.  This is the first year of the last three where I didn't have plans to visit Spain in September; I'm going to miss it!

More cycling: How Google Earth helped Kristin Armstrong win a gold medal.

Red digital movie cameraInteresting story in Wired about the new Red digital movie camera.  Developed by Jim Jannard, previously the founder of Oakley sunglasses, this camera shoots movies at 30fps with 4K x 2K resolution, good enough to be compared to analog film.  The cameras cost about $20K, but that's monthly rental on a movie film camera.  Plus the digital cameras don't need expensive film, and of course the resulting movies can be edited digitally without any transcoding.  The future is here!

More future: the Electric Cadillac?  Why not?  Someday all cars are going to be electric, the only question is when that day will come.

Today I discovered KillerStartups, which showcases 15+ new startups every day.  Today's startups include short movie reviews, a Canadian camping network, a way to make your email address anonymous, and help managing playdates for your kids.  Incredible, each of these has a bunch of people working to make them successful.  Just when you thought you've seen everything, you realize "everything" is so much more than you thought.



Archive: August 27, 2007


Archive: August 9, 2006

the inflection point

Wednesday,  08/09/06  11:23 PM

Friends, colleagues, blog visitors, lend me your eyes...

Tonight I had a weird and moving experience which I wanted to share.  Here’s the message: life is short, and you should enjoy each day as if it were your last, because you never know what will happen.

As you may know I live in Westlake Village, CA, about 140 miles northwest of my office in Vista, CA, and hence I have a rather long commute.  I’ve been driving down to Vista at least once a week for nearly five years now, and it really isn’t bad; I enjoy the drive time as a quiet time for reflection and planning.  In those five years I’ve seen my share of accidents but fortunately I’ve avoided any myself and have had only a few annoying near misses (knocking on wood).  However, tonight as I was traveling home from the office I had the experience of seeing three entirely separate horrible fatal accidents.  I didn’t see any of them happen, but in each case I was close enough that emergency vehicles were still arriving as I sat in traffic behind them.

The first was a big truck which jackknifed across the center divider just South of the border control station in Camp Pendleton, smashing at least two other cars in the process.  The second was a three car accident where the 73 joins the 405, seemingly caused by a car ramming the end of a guardrail and subsequently bursting into flame.  The third was a car which ran into the center divider of the 405 in the Sepulveda Pass (north of L.A.), and then bounced across five lanes of traffic before ramming a hillside and flipping, spinning and smashing at least three other cars as it did so.  Each accident was worse than the previous, and seeing all three in sequence was a spooky and sobering experience.

It occurred to me that ordinary people like you and me died in these accidents, within minutes of the time I passed them.  They got up that morning living their day per usual, going about their business, with no idea at all that this day was going to be their last.  If they had known, maybe they would have kissed their kids a little longer, or hugged their dogs, or been nicer to their colleagues in email.  Maybe they would have made a donation to a charity, or spent time in their backyard enjoying the sun.  Or coded an amazing piece of software :)

I don’t want to be too sappy about this, but for me this really was an “inflection point”.  The memory of that drive is going to stay with me, and I’m going to try to live each day as if it were my last, because you just never know.


Archive: August 14, 2005

losing something

Sunday,  08/14/05  09:08 AM

I had a random thought last night which I thought I'd share.  There is a visceral human reaction to losing something.  People never ever want to give up something they feel they already have.  This is not a cold logical calculation, even if you give people something which is way more valuable than the thing you're taking away, they hesitate.  (This is why FREE is the most powerful word in marketing :)

The idea of accumulating "stuff" must have hit early on in the evolution of humans.  Anthropologists tell us we were herders, and [probably] harem-based, and both of these imply possession.  Intelligence may have evolved so we could evaluate trades.  Anyway however it happened, it is now true; we are materialistic.  Any human society which has attempted to deny this has failed, and the human society which is most successful is the United States, which celebrates materialism and features it as a core value.  One of the first things that must happen to transform a failed state is some sort of rule of law, including some rights to personal possession.

Losing something doesn't only mean losing an object, it can also mean losing a right, such as freedom.  And losing rights provokes even more of a reaction than losing objects.  Tell someone they can't do something, especially something they could do yesterday, and you are going to get strong resistance.

The implications of this for businesses are significant, especially those targeting consumers.  Any product or service which trades one thing for another is going to have tough sledding compared to a product or service which gives you something for nothing.

Media companies are finding this out the hard way.  Consumers do not want products with strings attached.  They are used to buying something, and owning it, and having complete freedom to do with it what they want.  Any kind of restriction is taking that freedom away, and is going to piss people off.  It isn't just that they won't buy the product or service - although they won't - it's that they're actually going to be insulted and angry.  Look at the way consumers have reacted to DRM.  ("You mean I buy it, but then I can't do what I want with it?")

Consumers don't do a logical calculation and say, okay, I get it, I pay you $X and get Y product with Z strings attached.  No.  They say, no way, if I give you $X for Y product I expect zero strings attached.  Don't take my freedom!  I hate losing something!


175 505s!

Sunday,  08/14/05  10:12 AM

From Sailing Anarchy, a great blog (which unfortunately does not have permalinks):

Is this the largest fleet for a World Championship?  175 505's are registered for the CSC 2005 505 World Championship in Warnemunde, Germany!  And yes, they will all be racing on the same course, at the same time.  Team USA is 10 boats strong, and I think it's noteworthy that Howie Hamlin and Cam Lewis are sailing together again, with a combined age of about 100!  On the other side of the spectrum, California high school sailing phenom, Parker Shim, has bought a boat and will also be competing.

Can you even imagine 175 505s on one start line?  Good thing they use a rabbit start.  I would not bet against Howard and Cam, man, what an all-star team!

505 start - watch the rabbit!

A 505 start
The boat on port tack is "the rabbit", everyone else starts on starboard and must duck the rabbit.
Typically the rabbit is the boat which finished 10th in the previous race.

I sailed in the 505 worlds at Kingston, Ontario, back in 1990.  "Only" about 100 boats.  We sailed our asses off and finished about 40th.  I really think boat-for-boat the 505 fleet is the strongest in the world.  If you win the 505 worlds, you're my hero.


Archive: August 27, 2004


Archive: August 27, 2003

Bloggers as Filters

Wednesday,  08/27/03  07:23 PM

Bloggers are interesting sources of information and analysis, and entertainment as well.  But did you ever think of them as filters?

I did an interesting thing yesterday; I subscribed to Yahoo's new headlines RSS feed in my RSS Reader.  Suddenly I was inundated with news entries.  Some of them were interesting, most of them weren't, and many of them were duplicates of other feeds I already subscribe to, like CNN News.  So, what to do?

This has actually happened to me before.  It happened when I first subscribed to Wired News.  It happened when I first subscribed to DayPop's Top 40.  It happened with Salon.  Each time there was this glut of new entries, many of which I didn't care about.  And each time there was this question, do I keep it for the good stuff, or drop it because the signal to noise ratio is too low?

So here's my answer.  I'm going to drop Yahoo, and rely on other bloggers to filter it for me.  If there's anything interesting or important, I'm counting on one of the blogs to which I remain subscribed to point it out! 

Now think about that for a minute. 

A digression.  There is way more stuff happening in the world every day than I could ever comprehend.  If I subscribed to every feed I possibly could, I would never be able to read all the items, it would be like drinking from a fire hose.  The compression of information from websites into RSS feeds is really good - RSS is a great thing - but even just reading the item summaries would be impossible.  So I want to filter "everything" to just a managable trickle. 

I want the most interesting things only, the most interesting things to me.  How is that done?

One way is to filter "everything" is to subscribe only to feeds which have information I really care about.  That's great in principle, but there are few feeds like that.  I have a wide band of interests, and outside that band there are sometimes weird things which peak my interest.  Most of the feeds I find interesting have a signal to noise ratio of about 10-40%, meaning I skip past a majority of their items.

Another way is to use other bloggers as filters, and this is exactly what I do.  In fact it is probably exactly what you do, too.  The reason you are reading this is because you read my blog, and that's because you rely on me to be a kind of filter.  If I think it is interesting, maybe you will, too :)

Much has been made of the dichotomy between "thinkers" and "linkers".  Some bloggers mostly originate information, or add analysis or commentary to daily events.  These are thinkers.  (Steven Den Beste would be an A-list example.)  Other bloggers mostly link to things which are off their site, usually adding some light commentary or opinion.  These are linkers.  (Glenn Reynolds is an A-list example here.)  Some bloggers do both, they alternate between thinking and linking.  (Dave Winer does this, and I try to do it too :)  Thinkers add information to the blogosphere, which is a good thing.  But linkers contribute too, because they inherently act as filters.  Consider Boing Boing, one of my favorite blogs.  They cast a really wide net and consistently come up with wacky things I find interesting.  In so doing, they are creating value; there is no way I could monitor all the information sources they monitor, and filter it down myself.

So although I think it is a great thing that Yahoo and a bunch of other news outlets are summarizing information as RSS feeds, I'm not going to subscribe.  Instead, I'm going to subscribe to your blog, and count on you to filter the feeds for me.  Thanks in advance!


Wednesday,  08/27/03  11:31 PM

Okay, here we go, I'm the filter...

Kestrel RocketRemember SpaceX, Elon Musk's new company?  They just published an update about their progress.  Particularly interesting is Elon's testimony before the Joint Hearing on Commercial Human Spacecraft.  Check out the videos of the Kestrel rocket firing, too.  This is great stuff!

So - would you fly into space if you could?  I would.  I would be scared to death, but what a once-in-a-lifetime experience...

MarsHey, its that time again!  Yeah, you know, every 70,000 years we get really close to Mars, and can see some amazing pictures.  Check out Close Encounters of the Martian Kind for more...

I find it really really weird that after putting a man on the moon in 1969, we've done nothing for 34 years.  Well, maybe not nothing, but certainly nothing like what we're capable of doing.  Like landing men on the moon!

Unfortunately, Wired reports Mars Trip not on Political Radar.

NASA did just launch a new space telescope, SIRTF, built to see objects either too cold to cast their own light or obscured by interstellar dust.  Excellent.

L.T.Smash, the blogging reservist called up to serve in Iraq, chronicles The Long Road Home.  I'm glad he made it home safely but will miss his on-the-scene reports.  He was a first-rate example of first-person blogging.

This sounds like a joke, but it isn't: A Swedish moose hunter has invented a matchbox-sized device that can trace just about anything that moves.  (Spy Gadget Leaves Nowhere to Hide.)  "Using mobile phone text messages and satellite navigation technology, the surveillance gadget can reveal its location to an accuracy of 10 ft in 140 countries."  What will those moose hunters think of next?

And here's a terrific application of technology: Cell transplant restores vision.  "A blind man can see again after being given a stem cell transplant."  Wow.

NYTimes: Life-Extending Chemical Is Found in Certain Red Wines.  So be it, yet another reason to drink Lewis Reserve :)

On the online music front, CNet reports Indie labels lure Net music stores.  "A new set of services aimed at giving independent music labels online distribution is springing up, hoping to reach companies like Apple's iTunes and the new Napster."  Interesting.

Then there're artists like Ottmar Liebert, who just began selling CDs directly from his site.

737 hailstormCheck this out - pictures of a 737 which flew through a thunderstorm featuring golfball-sized hail stones.  Apparently nobody was hurt, but the plane needs a little bondo.  Wow.  [ via Boing Boing ]

Tim Oren and I had an interesting email exchange about "Oren's Laws of Microsoft".

Speaking of Tim, who's a VC, David Hornik says the Q2 Venture Economy is Looking Up.  Cool.

More VC blogging; Bill Gurley discusses Much Ado About Options.  "Should stock options or restricted stock be expensed?  The answer to the question is an easy one: it doesn't matter."  Seems not everyone thinks so, but Bill's argument is persuasive.

This is a cool digital clock.  Well, sort of digital, anyway :)  [ via Robert Scoble ]  Just goes to show, once again, you can find just about anything on the 'net.

I haven't spent much ink on the SCO vs. Linux battles - it pisses me off, but what can one do, eh? - but this is worth linking; Eric Raymund's Open Letter to Darl McBride (Darl is SCO's CEO).  Read it and you'll know all you need to know about SCO.  Disgusting.

In case you think CSS is a clean standard, check out Dave Hyatt's latest rant.  (He's an Apple developer working on Safari.)  "It took me 10 hours just to decide that what I did in the first place was correct."

Finally, would you believe a tennis racket with a chip?  Active dampening to stiffen the racket...  "While the ball is still on the strings, intellifibers stiffen and stabilize the racquet head and throat."  I am not making this up.


'14   '13   '12
'11   '10   '09
'08   '07   '06
'05   '04   '03
flight  X
About Me

Greatest Hits
Correlation vs. Causality
The Tyranny of Email
Unnatural Selection
Aperio's Mission = Automating Pathology
On Blame
Try, or Try Not
Books and Wine
Emergent Properties
God and Beauty
Moving Mount Fuji The Nest Rock 'n Roll
IQ and Populations
Are You a Bright?
Adding Value
The Joy of Craftsmanship
The Emperor's New Code
Toy Story
The Return of the King
Religion vs IQ
In the Wet
the big day
solving bongard problems
visiting Titan
unintelligent design
the nuclear option
estimating in meatspace
second gear
On the Persistence of Bad Design...
Texas chili cookoff
almost famous design and stochastic debugging
may I take your order?
universal healthcare
triple double
New Yorker covers
Death Rider! (da da dum)
how did I get here (Mt.Whitney)?
the Law of Significance
Holiday Inn
Daniel Jacoby's photographs
the first bird
Gödel Escher Bach: Birthday Cantatatata
Father's Day (in pictures)
your cat for my car
Jobsnotes of note
world population map
no joy in Baker
vote smart
exact nonsense
introducing eyesFinder
to space
where are the desktop apps?