×
Security

Apache Warns Web Server Admins of DoS Attack Tool 82

Posted by samzenpus from the protect-ya-neck dept.
CWmike writes "Developers of the Apache open-source project warned users of the Web server software on Wednesday that a denial-of-service (DoS) tool is circulating that exploits a bug in the program. 'Apache Killer' showed up last Friday in a post to the 'Full Disclosure' security mailing list. The Apache project said it would release a fix for Apache 2.0 and 2.2 in the next 48 hours. All versions in the 1.3 and 2.0 lines are said to be vulnerable to attack. The group no longer supports the older Apache 1.3. 'The attack can be done remotely and with a modest number of requests can cause very significant memory and CPU usage on the server,' Apache said in an advisory. The bug is not new. Michal Zalewski, a security engineer who works for Google, pointed out that he had brought up the DoS exploitability of Apache more than four-and-a-half years ago. In lieu of a fix, Apache offered steps administrators can take to defend their Web servers until a patch is available."
Java

Oracle's Java Policies Are Destroying the Community 314

Posted by Unknown Lamer from the shares-in-haskell-inc-up-ten-points dept.
snydeq writes "Neil McAllister sees Oracle's buggy Java SE 7 release as only the latest misstep in a mounting litany of bad behavior. 'Who was the first to alert the Java community? The Apache Foundation. Oh, the irony. This is the same Apache Foundation that resigned from the Java Community Process executive committee in protest after Oracle repeatedly refused to give it access to the Java Technology Compatibility Kit,' McAllister writes. 'It seems as if Oracle would like nothing better than to stomp Apache and its open source Java efforts clean out of existence.'"
Java

Java 7 Ships With Severe Bug 180

Posted by Soulskill from the meeting-expectations dept.
Lisandro writes "Lucid Imagination just posted an announcement about a severe bug in the recently released Java 7. Apparently some loops are mis-compiled due to errors in the HotSpot compiler optimizations, which causes programs to fail. This bug affects several Apache projects directly — Apache Lucene Core and Apache Solr have already raised a warning, noting that the bug might be present in Java 6 as well."
Open Source

IBM Donates Symphony Code To Apache Software Foundation 131

Posted by timothy from the don't-say-bequeath-until-you-die-please dept.
CWmike writes "Hoping to further sharpen OpenOffice's competitive viability against Microsoft Office, IBM is donating the code of its Symphony open source office suite to the nonprofit Apache Software Foundation. Apache could fold this code into its own open source office suite OpenOffice, on which Symphony was based. In June, Oracle donated the OpenOffice suite to Apache. 'Prior to Apache's entry, there really hasn't been enough innovation in this area over the past 10 years,' said Kevin Cavanaugh, an IBM vice president. 'It's been constrained because we haven't had a true open source community with a mature governance model.'"
Open Source

The Future of OpenOffice.org 66

Posted by Soulskill from the reply-hazy-ask-again dept.
snydeq writes "Oracle's decision to spin OpenOffice.org into an Apache incubation podling raises several questions regarding the future of the code, not the least of which is how it will co-exist with LibreOffice. Also of note are the business implications of Oracle's decision, which some see opening up commercial opportunities for OpenOffice.org support, as well as a likely push from Google and IBM to woo current OpenOffice.org customers to Google Docs and Lotus Symphony."
Open Source

Oracle To Give OpenOffice.org To Apache Incubator 129

Posted by samzenpus from the final-destination dept.
Julie188 writes "Oracle has finally officially spilled the beans: It's proposing OpenOffice.org as an Apache Incubator project — and not handing it to The Document Foundation. Oracle had announced earlier this year that it would be passing the torch to the community, but failed to provide any specifics about the ultimate destination. The Document Foundation is the organization behind the OpenOffice fork, LibreOffice."
Android

Oracle Subpoenas Apache Foundation In Google Suit 98

Posted by CmdrTaco from the battle-of-the-paperwork dept.
angry tapir writes "Oracle has subpoenaed the Apache Software Foundation in connection with its ongoing intellectual property suit against Google. Oracle filed suit against Google in August, alleging that its Android mobile operating system infringes on seven of Oracle's Java patents. Google has denied any wrongdoing. The subpoena, which was received by ASF on Monday, seeks 'the production of documents related to the use of Apache Harmony code in the Android software platform, and the unsuccessful attempt by Apache to secure an acceptable license to the Java SE Technology Compatibility Kit.'"
Google

Does Google Pin Copyright Violations On the ASF? 136

Posted by Soulskill from the plot-thickens dept.
An anonymous reader writes "Florian Mueller claims to have produced new evidence that he believes supports Oracle's case against Google on the copyright side of the lawsuit. Oracle originally presented one example to the court, and that file was found to have been part of older Android distributions, with an Apache license header. Mueller has just published six more files of that kind and believes the Apache Software Foundation will disown those just like the first one because those were never part of the Apache Harmony code base. Furthermore, various source files from the Sun Java Wireless Toolkit were found in the Android codebase, containing a total of 38 copyright notices that mark them as proprietary and confidential, but Google apparently published their source code regardless."
Databases

Cassandra 0.7 Can Pack 2 Billion Columns Into a Row 235

Posted by timothy from the but-only-if-they're-really-thin dept.
angry tapir writes "The cadre of volunteer developers behind the Cassandra distributed database have released the latest version of their open source software, able to hold up to 2 billion columns per row. The newly installed Large Row Support feature of Cassandra version 0.7 allows the database to hold up to 2 billion columns per row. Previous versions had no set upper limit, though the maximum amount of material that could be held in a single row was approximately 2GB. This upper limit has been eliminated."
NASA

Apache To Steward NASA-Built Middleware 27

Posted by Soulskill from the feathers-in-space dept.
itwbennett writes "The Apache Software Foundation announced Wednesday that the Object-Oriented Data Technology (OODT), first developed by NASA's Jet Propulsion Laboratory, has graduated to a top level project. The software 'provides a one-stop toolkit for building up a database, populating a database, setting up a work flow to get data into that database, and then serving out lots of different content from that database,' said Chris Mattmann, vice president of the OODT project. NASA uses the software to manage data from multiple domains, including astrophysics, earth carbon monitoring and land-water use. The National Cancer Institute also uses the software for its Daily Detection Research Network, which ties together multiple cancer research databases."
Open Source

Apache Subversion To WANdisco, Inc: Get Real 85

Posted by Soulskill from the you're-not-the-boss-of-me dept.
kfogel writes "The Apache Subversion project has just had to remind one of its corporate contributors about the rules of the road. WANdisco, Inc was putting out some very odd press releases and blog posts, implying (among other things) that their company was in some sort of steering position in the open source project. Oops — that's not the Apache Way. The Apache Software Foundation has reminded them of how things work. Meanwhile, one of the founding developers of Subversion, Ben Collins-Sussman, has posted a considerably more caustic take on WANdisco's behavior."
Java

Oracle Asks Apache To Rethink Java Committee Exit 266

Posted by kdawson from the with-sugar-on-top dept.
CWmike writes "Oracle has asked the Apache Software Foundation to reconsider its decision to quit the Java SE/EE Executive Committee, and is also acknowledging the ASF's importance to Java's future. In a message released late Thursday, an Oracle executive made conciliatory gestures to Apache. At least for now, the ASF doesn't seem eager to rejoin the committee. 'Give us a reason why the ASF should reconsider other than "please,"' ASF president Jim Jagielski said in a Twitter post on Thursday. The Java Community Process is 'dead,' Jagielski said in a blog post, also on Thursday. 'All that remains is a zombie, walking the streets of the Java ecosystem, looking for brains.'"
Java

Apache Resigns From the JCP Executive Committee 136

Posted by timothy from the I'll-resign-my-commission dept.
iammichael writes "The Apache Software Foundation has resigned its seat on the Java SE/EE Executive Committee due to a long dispute over the licensing restrictions placed on the TCK (test kit validating third-party Java implementations are compatible with the specification)."
Security

Doorways Sneak To Non-Default Ports of Hacked Servers 63

Posted by timothy from the buncha-jerkfaces dept.
UnmaskParasites writes "To drive traffic to their online stores, software pirates hack reputable legitimate websites injecting hidden spammy links and creating doorway pages. Google's search results are seriously poisoned by such doorways. Negligence of webmasters of compromised sites makes this scheme viable — doorways remain unnoticed for years. Not so long ago, hackers began to re-configure Apache on compromised servers to make them serve doorway pages off of non-default ports, still taking advantage of using established domain names."
Google

Google Wave Looking To Join Apache Software Foundation 79

Posted by samzenpus from the part-of-the-gang dept.
MMacFadden writes "The Google Wave team has officially submitted the open source version of Wave to the Apache Software Foundation as a candidate Incubator project. Google hopes that the wave technology will continue to grow, supported by the new open source community (which is made up of Google and non-Google employees alike). Here is the proposal itself."
Java

The Coming War Over the Future of Java 583

Posted by Soulskill from the can't-we-all-just-get-along dept.
snydeq writes "Fatal Exception's Neil McAllister writes about what could be the end of the Java Community Process as we know it. With the Apache Software Foundation declaring war on Oracle over Java, the next likely step would be a vote of no confidence in the JCP, which, if the ASF can convince enough members to follow suit, 'could effectively unravel the Java community as a whole,' McAllister writes, with educators, academics, and researchers having little incentive to remain loyal to an Oracle-controlled platform. 'Independent developers could face the toughest decisions of all. Even if the JCP dissolves, many developers will be left with few alternatives,' with .Net offering little advantage, and Perl, Python, and Ruby unable to match Java's performance. The dark horse? Google Go — a language Google might just fast-track in light of its patent suit with Oracle over Android." Reader Revorm adds related news that Oracle and Apple have announced the OpenJDK project for OS X.
IBM

Apache Declares War On Oracle Over Java 428

Posted by CmdrTaco from the pew-pew-pew dept.
jfruhlinger writes "The Apache Software Foundation, feeling increasingly marginalized as Oracle asserts its control over the Java platform, is fighting back, trying to rally fellow members of the Java Community Process to block the next version of the language if Oracle doesn't make it available under an open license amenable to Apache. Last month's Oracle-IBM pact was a blow against the ASF, which had worked with IBM in the past, but it appears that Apache isn't giving up the fight."
PHP

Measuring LAMP Competency? 453

Posted by kdawson from the diogenes-as-tech-recruiter dept.
An anonymous reader writes "Our company is getting ready to hire a number of programmers. While the majority of the prospective candidates do have good-looking resumes, we are looking to see if we can get some clear metrics in the assessment process. After a little research we have learned that there is a well-established PHP + MySQL training and certification process, and some of the candidates are already certified. There is also a candidate with a good portfolio, a lot of experience, and no certification. Most of the applicants also have some college/university science-related education. So our goal is to be able to somehow measure LAMP overall competency as well as basic computer science concepts such as BNF, data normalization, OOP, MVC, etc. How do Slashdot readers go about this kind of characterization?"
Security

Apache Foundation Attacked, Passwords Stolen 214

Posted by CmdrTaco from the yeah-we-meant-to-do-that dept.
Trailrunner7 writes "Combining a cross-site scripting (XSS) vulnerability with a TinyURL redirect, hackers successfully broke into the infrastructure for the open-source Apache Foundation in what is being described as a 'direct, targeted attack.' The hackers hit the server hosting the software that Apache.org uses to track issues and requests and stole passwords from all users. The software was hosted on brutus.apache.org, a machine running Ubuntu Linux 8.04 LTS, the group said."

Slashdot Top Deals