Protecting a web site area using Apache httpd basic security is very simple but you have no control over the login alert window displayed by the browser, so when at work we saw that since version 2.3 Apache added a module that will let you use a an html form instead of the ugly alert we decided to upgrade to latest version and give it a try.

I compiled Apache 2.4.2 on CentOS 6.2 32 bit. I won’t detail here the installation process, if you need help just follow this tutorial.

The following instructions are based on the mod_auth_form documentation page and the few tutorials I found online.

First of all create a test folder in the web server root and put a test page inside it

1
2
3
4

cd /usr/local/apache/www/
mkdir testfolder
echo 'It Works' > ./testfolder/index.html
chmod -R 755 testfolder/

Then create a login page in the webserver root that will be used to authenticate users

1
2
3
4
5
6
7
8
9
10
11
12

<html>
  <head>
      <title>Login page</title>
  </head>
  <body>
      <form method="POST" action="">
          User: <input type="text" name="httpd_username" value="" />
          Pass: <input type="password" name="httpd_password" value="" />
          <input type="submit" name="login" value="Login" />
      </form>
  </body>
</html>

Please note that leaving the action empty, after a successfull login the user will be redirected to the previously requested resource.

Now edit Apache main configuration file enabling required modules

1
2
3
4

LoadModule auth_form_module modules/mod_auth_form.so
LoadModule session_module modules/mod_session.so
LoadModule request_module modules/mod_request.so
LoadModule session_cookie_module modules/mod_session_cookie.so

and then add a Directory directive to protect the folder

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

<Directory "/usr/local/apache/www/testfolder">
    AuthFormProvider file
    AuthType form
    AuthName Reserved Area
    Session On
    SessionCookieName session path=/
    require valid-user

  # This is the login page
    ErrorDocument 401 /login.html

    # This is the file containing users login data
    AuthUserFile /usr/local/apache/auth/.htpasswd

</Directory>

Now add a user to the .htpasswd file and reload the web server configuration before trying to navigate to the protected folder.

1

htpasswd -c /usr/local/apache/auth/.htpasswd myusername

L’uomo oscilla tutta la vita fra il male e il bene, scivola, cade, si riarrampica, si pente, si ottenebra nuovamente, ma fino a che non ha varcato la soglia della malvagità il ritorno rimane nelle sue possibilità, ed egli resta nell’ambito delle nostre speranze. Quando invece, per la densità delle azioni malefiche, o il loro grado, o per il carattere assoluto del potere, egli oltrepassa d’un tratto la soglia, esorbita dall’umanità. Forse senza possibilità di ritorno.

[…]

Dobbiamo condannare pubblicamente l’IDEA stessa dello scempio compiuto da uomini sui loro simili. Tacendo sul vizio, ricacciandolo nel corpo perché non si riaffacci, noi lo SEMINIAMO, e in futuro germinerà moltiplicandosi per mille. Non punendo, non biasimando nepppure i malvagi, non ci limitiamo a proteggere la loro sterile vecchiaia, ma strappiamo da sotto alle nuove generazioni ogni fondamento di giustizia. Ecco perchè esse crescono “indifferenti”, non è colpa della “insufficiente educazione”. I giovani imparano che un’azione ignobile non viene mai punita sulla terra, anzi, porta sempre il benessere.

Non sarà accogliente un tale paese, farà paura viverci.

Reacting well to competition requires critical analysis of your own product and its shortcomings, and a complete, open-minded understanding of why people might choose your competitors.

They’re not fanboys. They’re not brainwashed by “marketing”. Your competitors’ customers aren’t passing on your product because they’re stupid or irrational.

They’re choosing your competitors for good reasons, and denying the existence of such good reasons will only ensure that your product never overcomes them.

In my opinion, the best computing model is one in which all the devices you use have operating systems, UIs, and interaction models that are appropriate for that device’s form factor and for its intended purpose with data being seamlessly shared between them. My interpretation of Windows 8 is that Microsoft tried to anticipate Apple combining their operating systems into one, and tried to beat them to it. However, I think they’ve beaten Apple to something Apple isn’t interested in doing, and that actually represents a big step backwards in computer interaction and productivity

SublimeText easily became my editor of choice and I’m spreading the word with my colleagues.
This is a nice tutorial that explains how to set up SublimeText: a good read even if it focuses on how to setup a development workflow on a Mac.

When you’re designing mobile interfaces, it’s best to make your targets big so that they’re easy for users to tap. But exactly how big should you make them to give the best ease of use to the majority of your users? Many mobile developers have wondered this, and most have turned to the user interface guidelines provided by the platform developer for the answer.

An incredible repository of open source reference articles.

Calomel.org is a privately held site dedicated to documenting open source programs and configurations. The goal of our domain is to be simple to maintain, trivial to navigate and efficient to serve.
[…]
We do not accept any donations, gifts or financial reimbursement for information found on Calomel.org. This site is run for the sole purpose of sharing what we have learned with anyone who is interested. If you wish to contribute, please teach what you know to others and hopefully they will do the same. We all benefit from knowledge freely shared.

After moving my website to Linode I had to install and configure Mailman and Postfix to manage some mailing lists and since the process is quite tricky, I decided to write down all the steps hoping it can be useful to beginners like me.

This tutorial assumes that you are using Debian 6 and the latest Mailman and Postfix stable versions and that you plan to use a dedicated subdomain for your lists.

I received a positive feedback on the Octopress theme customization I wrote for this website, so I decided to publish the modifications I made to the default theme.

I followed the Theming & Customization instructions and modified only the ”custom” files beacuse I wanted to be able to upgrade Octopress without having to re-apply my changes every time.

Feel free to use the following code, just please give me credit and some backlink love.