In the 1950s, 1960s, and 1970s, it was normal for computer users to have the freedoms that are provided by free software. Software was commonly shared by individuals who used computers and by hardware manufacturers who were glad that people were making software that made their hardware useful. Organizations of users and suppliers were formed to facilitate the exchange of software; see, for example, SHARE and DECUS. By the late 1960s change was inevitable: software costs were dramatically increasing, a growing software industry was competing with the hardware manufacturer’s bundled software products (free in that the cost was included in the hardware cost), leased machines required software support while providing no revenue for software, and some customers able to better meet their own needs did not want the costs of “free” software bundled with hardware product costs. In United States vs. IBM, filed January 17, 1969, the government charged that bundled software was anticompetitive.[7] While some software might always be free, there would be a growing amount of software that was for sale only. In the 1970s and early 1980s, the software industry began using technical measures (such as only distributing binary copies of computer programs) to actually prevent computer users from being able to study and customize software they had paid for. In 1980 copyright law[where?] was extended to computer programs.

The HTTP Authentication hooks in PHP are only available when it is running as an Apache module and is hence not available in the CGI version. In an Apache module PHP script, it is possible to use the header() function to send an “Authentication Required” message to the client browser causing it to pop up a Username/Password input window. Once the user has filled in a username and a password, the URL containing the PHP script will be called again with the predefined variables PHP_AUTH_USER, PHP_AUTH_PW, and AUTH_TYPE set to the user name, password and authentication type respectively. These predefined variables are found in the $_SERVER and $HTTP_SERVER_VARS arrays. Both “Basic” and “Digest” (since PHP 5.1.0) authentication methods are supported. See the header() function for more information.

Note: PHP Version Note
Superglobals, such as $_SERVER, became available in PHP » 4.1.0.

An example script fragment which would force client authentication on a page is as follows:

Example #6 Basic HTTP Authentication example
< ?php
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
} else {
echo "

Hello {$_SERVER['PHP_AUTH_USER']}.”;
echo “

You entered {$_SERVER['PHP_AUTH_PW']} as your password.

“;
}
?>

Example #7 Digest HTTP Authentication example

This example shows you how to implement a simple Digest HTTP authentication script. For more information read the » RFC 2617.
< ?php
$realm = 'Restricted area';

//user => password
$users = array(‘admin’ => ‘mypass’, ‘guest’ => ‘guest’);

if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
header(‘HTTP/1.1 401 Unauthorized’);
header(‘WWW-Authenticate: Digest realm=”‘.$realm.
‘”,qop=”auth”,nonce=”‘.uniqid().’”,opaque=”‘.md5($realm).’”‘);

die(‘Text to send if user hits Cancel button’);
}

// analyze the PHP_AUTH_DIGEST variable
if (!($data = http_digest_parse($_SERVER['PHP_AUTH_DIGEST'])) ||
!isset($users[$data['username']]))
die(‘Wrong Credentials!’);

// generate the valid response
$A1 = md5($data['username'] . ‘:’ . $realm . ‘:’ . $users[$data['username']]);
$A2 = md5($_SERVER['REQUEST_METHOD'].’:’.$data['uri']);
$valid_response = md5($A1.’:’.$data['nonce'].’:’.$data['nc'].’:’.$data['cnonce'].’:’.$data['qop'].’:’.$A2);

if ($data['response'] != $valid_response)
die(‘Wrong Credentials!’);

// ok, valid username & password
echo ‘Your are logged in as: ‘ . $data['username'];

// function to parse the http auth header
function http_digest_parse($txt)
{
// protect against missing data
$needed_parts = array(‘nonce’=>1, ‘nc’=>1, ‘cnonce’=>1, ‘qop’=>1, ‘username’=>1, ‘uri’=>1, ‘response’=>1);
$data = array();
$keys = implode(‘|’, array_keys($needed_parts));

preg_match_all(‘@(‘ . $keys . ‘)=(?:([\'"])([^\2]+?)\2|([^\s,]+))@’, $txt, $matches, PREG_SET_ORDER);

foreach ($matches as $m) {
$data[$m[1]] = $m[3] ? $m[3] : $m[4];
unset($needed_parts[$m[1]]);
}

return $needed_parts ? false : $data;
}
?>

Note: Compatibility Note
Please be careful when coding the HTTP header lines. In order to guarantee maximum compatibility with all clients, the keyword “Basic” should be written with an uppercase “B”, the realm string must be enclosed in double (not single) quotes, and exactly one space should precede the 401 code in the HTTP/1.0 401 header line. Authentication parameters have to be comma-separated as seen in the digest example above.

Instead of simply printing out PHP_AUTH_USER and PHP_AUTH_PW, as done in the above example, you may want to check the username and password for validity. Perhaps by sending a query to a database, or by looking up the user in a dbm file.

Watch out for buggy Internet Explorer browsers out there. They seem very picky about the order of the headers. Sending the WWW-Authenticate header before the HTTP/1.0 401 header seems to do the trick for now.

As of PHP 4.3.0, in order to prevent someone from writing a script which reveals the password for a page that was authenticated through a traditional external mechanism, the PHP_AUTH variables will not be set if external authentication is enabled for that particular page and safe mode is enabled. Regardless, REMOTE_USER can be used to identify the externally-authenticated user. So, you can use $_SERVER['REMOTE_USER'].

Note: Configuration Note
PHP uses the presence of an AuthType directive to determine whether external authentication is in effect.

Note, however, that the above does not prevent someone who controls a non-authenticated URL from stealing passwords from authenticated URLs on the same server.

Both Netscape Navigator and Internet Explorer will clear the local browser window’s authentication cache for the realm upon receiving a server response of 401. This can effectively “log out” a user, forcing them to re-enter their username and password. Some people use this to “time out” logins, or provide a “log-out” button.

Example #8 HTTP Authentication example forcing a new name/password
< ?php
function authenticate() {
header('WWW-Authenticate: Basic realm="Test Authentication System"');
header('HTTP/1.0 401 Unauthorized');
echo "You must enter a valid login ID and password to access this resource\n";
exit;
}

if (!isset($_SERVER['PHP_AUTH_USER']) ||
($_POST['SeenBefore'] == 1 && $_POST['OldAuth'] == $_SERVER['PHP_AUTH_USER'])) {
authenticate();
} else {
echo "

Welcome: ” . htmlspecialchars($_SERVER['PHP_AUTH_USER']) . “
“;
echo “Old: ” . htmlspecialchars($_REQUEST['OldAuth']);
echo “

\n”;
}
?>

This behavior is not required by the HTTP Basic authentication standard, so you should never depend on this. Testing with Lynx has shown that Lynx does not clear the authentication credentials with a 401 server response, so pressing back and then forward again will open the resource as long as the credential requirements haven’t changed. The user can press the ‘_’ key to clear their authentication information, however.

Also note that until PHP 4.3.3, HTTP Authentication did not work using Microsoft’s IIS server with the CGI version of PHP due to a limitation of IIS. In order to get it to work in PHP 4.3.3+, you must edit your IIS configuration “Directory Security”. Click on “Edit” and only check “Anonymous Access”, all other fields should be left unchecked.

Another limitation is if you’re using the IIS module (ISAPI) and PHP 4, you may not use the PHP_AUTH_* variables but instead, the variable HTTP_AUTHORIZATION is available. For example, consider the following code: list($user, $pw) = explode(‘:’, base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));

Note: IIS Note:
For HTTP Authentication to work with IIS, the PHP directive cgi.rfc2616_headers must be set to 0 (the default value).

Note: If safe mode is enabled, the uid of the script is added to the realm part of the WWW-Authenticate header.

PHP transparently supports HTTP cookies. Cookies are a mechanism for storing data in the remote browser and thus tracking or identifying return users. You can set cookies using the setcookie() or setrawcookie() function. Cookies are part of the HTTP header, so setcookie() must be called before any output is sent to the browser. This is the same limitation that header() has. You can use the output buffering functions to delay the script output until you have decided whether or not to set any cookies or send any headers.

Any cookies sent to you from the client will automatically be included into a $_COOKIE auto-global array if variables_order contains “C”. If you wish to assign multiple values to a single cookie, just add [] to the cookie name.

Depending on register_globals, regular PHP variables can be created from cookies. However it’s not recommended to rely on them as this feature is often turned off for the sake of security. $HTTP_COOKIE_VARS is also set in earlier versions of PHP when the track_vars configuration variable is set. (This setting is always on since PHP 4.0.3.)

For more details, including notes on browser bugs, see the setcookie() and setrawcookie() function.

We have just released F-Secure Internet Gatekeeper for Linux 4.00. This version includes our new scanning technology that improves detection capabilities and product performance. The same scanning technology is already in use in our award-winning Internet Security 2010 for Windows. Version 4 also brings in better anti-spam capabilities with a new Spam Detection Engine. For more information, please have a look at the release notes.

Please find the release package in the following location:

f-secure-internet-gatekeeper-for-linux-4.00.2138.tar.gz
md5sum: 51802c59873b11b0350b9d621a8177bd
sha1sum: 713dc49b7c982e9c2893c74618af7a83ec546d2d

PS. For all of you Debian and Ubuntu users, there is now a .deb package available for easy installation. Sorry for not having a repository up yet, let us know you want it and we’ll see what happens The usual contact address is at the bottom of this page.f-secure.com

Long-time open-source software executive Matt Asay recently left Alfresco to join Canonical as its Chief Operating Officer. Matt also founded the Open Source Business Conference (OSBC), which takes place this week, and is speaking at The Linux Foundation’s Collaboration Summit next month. Matt took some time recently to share his perspective with me on why Canonical can take Linux places Red Hat can’t, how Linux beats Apple, and how the Ubuntu community’s passion and focus on design will change the way people see Linux for a long time.

After four years at an open source application company, you’re coming back to Linux. Why now? And, why Canonical?

Asay: I loved working for Alfresco, a company with excellent technical and business leadership. I joined Alfresco because I wanted executive mentoring, first, and to help build an explosive, profitable company. Both were fulfilled in my four years there.

I wanted a new challenge – one where I could apply the lessons learned at Alfresco and have success reflected industry wide. However, I didn’t want to leave my friends at Alfresco unless it was to work with other good friends.

Canonical offered me both.

When Mark [Shuttleworth] texted me shortly before Christmas it was a surprise, but a welcome one. We’ve been friends for several years and have talked extensively about business, but never specifically about me joining him at Canonical. His text hit me at the right time.

Never has the opportunity for Linux been more promising; and as Linux goes, so goes the open-source industry. Canonical can take Ubuntu Linux into markets and opportunities that no one else can, including Red Hat, a company for which I have deep and abiding respect and affection (in part because of the wonderful people I know there).

We have the chance to turn the technology world upside down. At Canonical we have Google or Apple-sized ambition, because we have community that dwarfs both of them put together. Our task is to work with the community to fulfill that opportunity. I believe we can. That’s what I signed up to accomplish.

You mentioned in your blog post about the move that you were intrigued by new challenges like cloud computing, consumer Linux adoption and community development. You’re on a panel at the Linux Foundation’s Collaboration Summit next month talking about the “open cloud.” Can you give us a peek: Does open source mean open cloud?

Asay: It doesn’t, but that should be a key component. As my friend Dries Buytaert of Drupal fame recently told ReadWriteWeb, the cloud threatens to lock in users by making it hard (or meaningless) to move data from one cloud/SaaS system to another. Open source mitigates against this tendency toward lock-in.

On the other hand, just because something is open source doesn’t mean it’s truly open. Source code may be open but the development process is closed, leaving users little better off than with proprietary licensing.

I believe open clouds are a combination of open source, open data, open APIs and open development. It’s at this confluence that strong communities form. Indeed, this might be the best evidence of truly open source/open clouds: community.

Can Linux compete with Apple?

Asay: I’m not sure this is the right question, as Linux already competes with and beats Apple in a huge array of devices. Linux spans everything from HPC to embedded devices and everything in between. Apple cannot compete with that. Could you build a supercomputer using Mac hardware? Sure, but you’d be mortgaging your house to do so and even then, the Mac would likely lose.

Of course, Apple doesn’t want to compete in such markets. It’s famously focused and opts to do a few things very well, like its iPhone and laptops.

Can Linux compete in these markets? Yes. Of course it can. Look at Android as perhaps the best example of effectively competing with Apple in mobile. Apparently Apple agrees with me, as its patent infringement suit against HTC is almost certainly a shot over Google’s bow, as The New York Times recently suggested. Apple is worried. And it should be.

On the desktop, too, Linux is going to give Apple (and Microsoft) a run for its money. Google is at the forefront of this with Chrome OS, which challenges the very foundations of Apple’s OS, as well as that of Windows.

But that’s just one front in the competition. There’s also the corporate desktop, where Apple competes by osmosis (if at all) and the traditional consumer desktop, where I think Canonical offers an exceptional experience with Ubuntu. I’m biased, of course, but given how much of a Mac fan I was (and still am), when I say that I haven’t felt the need to run back to my Mac after four weeks on Ubuntu, that’s meaningful.

Apple makes beautiful products, products that can be very easy to use and sometimes groundbreaking. We in the open-source world can learn much from the software Apple writes.

But having used both Ubuntu Linux and Mac OS X, as well as Windows, I just don’t think using Linux is tantamount to donning some hair-shirt to pay penance in the name of freedom.

The desktop – including Apple’s – hasn’t materially changed in the past 10 years. Real innovation, therefore, is happening at the edges of the desktop: in the cloud (tying desktop software to server-based services), for example, but also in new form factors (which Linux is pioneering as much as Apple with its iPad) and in new experiences (like “instant-on” technology like Ubuntu’s WebNow or DeviceVM).

In sum, yes, Apple leads in some areas, but I think if we were to tally up its total record against Linux, and not simply in the narrow categories it chooses to target, we’d see the balance weigh heavily in Linux’ favor.

How do you approach the challenge of community development? How does the emergence of open mobile development impact this?

Asay: Community development is difficult, but made infinitely more so if one’s code, development and business practices are also closed. As Apple has shown, however, community (at least in terms of a vibrant developer ecosystem that contributes around Apple products, rather than to them), and an exceptional product covers a multitude of proprietary approaches.

So, I don’t think Canonical (or anyone) can afford to say, “We’re open. Come on over and develop this clunky wreck we’ve started for you.” The foundation of any great community is great software. Canonical has a great community in large part because we’re committed to great software and so the innovators within the Linux community tend to congregate around the Ubuntu desktop. They then want to see their Ubuntu experience bleed into mobile, servers and cloud.

Mobile, far from challenging community development, particularly for Linux, enhances it. Mobile is ripe for open-source development because of the immense potential pool of talent from it draws: every developer has a phone and many will have the aptitude to do something with that phone’s software, particularly as mobile devices increasingly use a general purpose operating system, and not necessarily an “embedded OS.”

Sure, there’s the fear of fragmentation as the Linux Community disperses into competing efforts. But the reality is Linux has always been like that, and the kernel has thrived as a result as the different groups borrow from each other’s ideas. Mobile is not going to converge on just one or two platforms owned by Microsoft and Apple, as Accel partner Richard Wong asserts.

That’s good for mobile development.

What are the remaining hurdles for Linux in the enterprise? Are they technical or business challenges?

Asay: There are technical challenges, but after spending the last four weeks with Ubuntu Linux, I think the primary problem is simply human nature. People are used to their Windows or Macs machines. Most don’t necessarily have a strong preference for their OS. It’s just there. They care about the applications. Which ones? Facebook. Email. IM. Music. Movies.

Guess what? Only one of those is unavailable on Linux (iTunes, if that’s the preference, though there are other good alternatives).

Most people don’t know this. Most people don’t care to know this. They’re going to use whatever is put in front of them at work. Individuals don’t use SAP or Outlook or other enterprise software because they necessarily want to. It’s just what shows up on their machines when they start at a new company. They find their way to Facebook.com and Gmail.com without IT’s help or intervention.

However, I don’t think this is really where we’re going to see Linux adoption. Rather, I think the real opportunity is not in replacing an existing experience, like for like, but rather in creating new experiences for them, be it netbooks, instant-on offerings, mobile, etc. Most people are going to discover Linux by accident when they buy their TiVo, Kindle, etc. They won’t necessarily know that it’s Linux, and that’s just fine. Like the Mac, Linux will find its enterprise momentum through the consumers who carry it into the company from their homes.

Canonical and the Ubuntu community have done a lot to change the perception of Linux simply being an server OS. How does the company sustain that momentum and continue to push the technology envelope? What’s required?

Asay: A passion and eye for design. We have both. We’ve made the Linux desktop experience so easy that even I can use it. We’re going to do that on the traditional desktop, but we’re also going to continue to push Ubuntu into a variety of exciting form factors. Our community and our business partners haven’t allowed us to rest on our laurels, and I don’t expect them to start doing so.

This is what has animated our push into the cloud, where Ubuntu is already the dominant operating system, and by a wide margin. Not surprisingly (at least, to us), it has been the Ubuntu desktop experience that has made us so appealing on the server and in the cloud. Linux innovators use Ubuntu and have wanted that same tight experience for their servers. We’re the fastest growing server OS in large part due to the enthusiasm of our community.

OSBC returns for the seventh year in a row (wow!) this week. How have the conference sessions changed since those early days? What can we expect from the event this year?

Asay: I hadn’t realized we had been staging it for so long until you said that. “Wow” is right. It started out as: “This open source thing is interesting but how are we possibly going to fund its future?.” Then, it morphed into being about sharing strategies to fuel commercial open-source growth. Today, it is an excellent place to learn how to make open source work for your business, whether you’re Delta Air Lines, Facebook or Alfresco.

A significant portion of our program this year addresses what open source means for a Web-centric world. So, Facebook is keynoting but we’re not just talking about so-called “Web 2.0″ companies. We also have a range of Global 2000 enterprises like Virgin talking about how they’ve implemented open source, whether and how this saves them money or boosts productivity, and more.

I also really like how our legal track has matured, which reflects the maturing of the industry’s views on open source. The first OSBC dealt extensively with the legal risks of open source, but this one focuses on more practical issues like how to conduct due diligence when acquiring a company with open-source assets, or how to avoid patent pitfalls set by proprietary software. It’s nice to see people talking about the perils of proprietary software, seven years on, rather than the risks of open source. I think that’s the right perspective.

You’re helping to design the business track at LinuxCon. What do you think the business conversation at LinuxCon will focus on?

Asay: I’m fascinated by what Linux is doing to the mobile industry, and we’ll take a deep look at the business opportunities and challenges Linux is creating for a whole host of mobile operators. Generally speaking, Linux is lowering the bar to entering new markets for companies as diverse as Nokia, IBM and Red Hat. Why is this? And how do we take this wonderful thing we’ve all shared in creating and ensure it remains vibrant, free and revolutionary? We’re going to have a lot of fun.

Finally, what music are you listening to this season on the slopes?

Asay: I never listen to music while I ski; though I do sing quite often while I’m skiing, and I tend to crank music on the way up the canyon to the slopes (everything from Rage Against the Machine to Thom Yorke to Silversun Pickups to Morrissey to The Killers to…Haydn, when the mood is right). Recently I was rocking to Radiohead’s “Bodysnatchers” and Silversun Pickups’ “Panic Switch,” with a little Pixies’ “Wave of Mutilation” thrown in as I hit Little Cottonwood Canyon (I couldn’t help it, looking up at the beautiful slopes of Snowbird and Alta). Please read further at the best site of Linux

“What was Jeff Bezos, Amazon’s CEO, thinking? Amazon just signed a patent cross-licensing deal that pays Microsoft intellectual property fees for, among other things, patents that cover Amazon’s Linux-based Kindle e-reader and its Linux servers. Too bad Microsoft has never, ever been able to show that its patents cover anything to do with Linux.

Microsoft claims that Linux and other open-source programs violate its patent rights. They’ve been making those claims for years. What’s always been missing is proof.

Microsoft’s biggest lie, first made by Steve Ballmer back in 2004, is that Linux violates more than 200 of Microsoft’s patents. There’s one little problem with this assertion which has underlaid every Microsoft attack on Linux’s intellectual property since then: it’s not true.

As Dan Ravicher, the author of the OSRM (Open Source Risk Management) study that Microsoft bases all its claims on, told me at the time that “Microsoft is up to its usual FUD [fear, uncertainty and doubt].” Ravicher, a patent attorney and executive director of PUBPAT (Public Patent Foundation) added, “Open source faces no more, if not less, legal risk than proprietary software. The market needs to understand that the study Microsoft is citing actually proves the opposite of what they claim it does.”" blogs.computerworld.com

Hi Friends,

uCertify has release a new PrepKit for Windows 7. They have pre-released the kit and offering 50% discount on purchase. As per my information this is the first IT certification provider who is offering the preparation kit for exam 70-680 MCTS: Windows 7, Configuring.

The demo kit includes 30 free questions. All PrepKits of uCertify is backed with the industry best “First time pass, 100% money back guarantee”.

For further information, please visit:

70-680 – MCTS: Windows 7, Configuring

Hi Friends, In recent days, i often thought to learn something about Windows sharepoint however i got it something for a lazyman tool. This was my mentality until i got a prepration kit for me in TS:Microsoft Windows SharePoint Services 3.0, Configuring from the one of the best IT certification solution providers named uCertify. Using this S/W, i got a good support knowledge about sharepoint. However I like open source, as you know it but after learning from this S/W , using its practice tests, i got that i can invest my fresh hands in Sharepoint too. After that, i started searching on the net of there anyone else who liked ucertify sharepoint prepration kit or i am alone in the rush. I got blog saying same like me at last who passed the sharepoint exam. 

If you want to know more about uCertify Sharepoint prepration guide, please visit:

http://www.ucertify.com/exams/Microsoft/70-631.html

Finally, i am going to take the certification exam today, just pray for me guys…………..:)