CWmike writes "Oracle has asked the Apache Software Foundation to reconsider its decision to quit the Java SE/EE Executive Committee, and is also acknowledging the ASF's importance to Java's future. In a message released late Thursday, an Oracle executive made conciliatory gestures to Apache. At least for now, the ASF doesn't seem eager to rejoin the committee. 'Give us a reason why the ASF should reconsider other than "please,"' ASF president Jim Jagielski said in a Twitter post on Thursday. The Java Community Process is 'dead,' Jagielski said in a blog post, also on Thursday. 'All that remains is a zombie, walking the streets of the Java ecosystem, looking for brains.'"
iammichael writes "The Apache Software Foundation has resigned its seat on the Java SE/EE Executive Committee due to a long dispute over the licensing restrictions placed on the TCK (test kit validating third-party Java implementations are compatible with the specification)."
UnmaskParasites writes "To drive traffic to their online stores, software pirates hack reputable legitimate websites injecting hidden spammy links and creating doorway pages. Google's search results are seriously poisoned by such doorways. Negligence of webmasters of compromised sites makes this scheme viable — doorways remain unnoticed for years. Not so long ago, hackers began to re-configure Apache on compromised servers to make them serve doorway pages off of non-default ports, still taking advantage of using established domain names."
MMacFadden writes "The Google Wave team has officially submitted the open source version of Wave to the Apache Software Foundation as a candidate Incubator project. Google hopes that the wave technology will continue to grow, supported by the new open source community (which is made up of Google and non-Google employees alike). Here is the proposal itself."
snydeq writes "Fatal Exception's Neil McAllister writes about what could be the end of the Java Community Process as we know it. With the Apache Software Foundation declaring war on Oracle over Java, the next likely step would be a vote of no confidence in the JCP, which, if the ASF can convince enough members to follow suit, 'could effectively unravel the Java community as a whole,' McAllister writes, with educators, academics, and researchers having little incentive to remain loyal to an Oracle-controlled platform. 'Independent developers could face the toughest decisions of all. Even if the JCP dissolves, many developers will be left with few alternatives,' with .Net offering little advantage, and Perl, Python, and Ruby unable to match Java's performance. The dark horse? Google Go — a language Google might just fast-track in light of its patent suit with Oracle over Android." Reader Revorm adds related news that Oracle and Apple have announced the OpenJDK project for OS X.
jfruhlinger writes "The Apache Software Foundation, feeling increasingly marginalized as Oracle asserts its control over the Java platform, is fighting back, trying to rally fellow members of the Java Community Process to block the next version of the language if Oracle doesn't make it available under an open license amenable to Apache. Last month's Oracle-IBM pact was a blow against the ASF, which had worked with IBM in the past, but it appears that Apache isn't giving up the fight."
An anonymous reader writes "Our company is getting ready to hire a number of programmers. While the majority of the prospective candidates do have good-looking resumes, we are looking to see if we can get some clear metrics in the assessment process. After a little research we have learned that there is a well-established PHP + MySQL training and certification process, and some of the candidates are already certified. There is also a candidate with a good portfolio, a lot of experience, and no certification. Most of the applicants also have some college/university science-related education. So our goal is to be able to somehow measure LAMP overall competency as well as basic computer science concepts such as BNF, data normalization, OOP, MVC, etc. How do Slashdot readers go about this kind of characterization?"
Trailrunner7 writes "Combining a cross-site scripting (XSS) vulnerability with a TinyURL redirect, hackers successfully broke into the infrastructure for the open-source Apache Foundation in what is being described as a 'direct, targeted attack.' The hackers hit the server hosting the software that Apache.org uses to track issues and requests and stole passwords from all users. The software was hosted on brutus.apache.org, a machine running Ubuntu Linux 8.04 LTS, the group said."
Barence writes "Mozilla has announced plans to redraft the open-source license underpinning projects such as Firefox. The Mozilla Public License 1.1 has been used to distribute numerous projects including Firefox, Thunderbird, OpenSolaris and Flex for over a decade. In the first phase of this process, Mozilla will release an alpha draft based on feedback already received. This will be followed by 'commentary, discussion, and further drafting, followed by beta and release candidate drafts.' Mozilla intends to 'seriously investigate' whether it can make the MPL compatible with the Apache license, in an effort to 'help projects using the MPL become more flexible about using Apache-licensed code.'"
bennyboy64 writes "An IT security company has discovered a serious exploit in Apache's HTTP web server, which could allow a remote attacker to gain complete control of a database. ZDNet reports the vulnerability exists in Apache's core mod_isapi module. By exploiting the module, an attacker could remotely gain system privileges that would compromise data security. Users of Apache 2.2.14 and earlier are advised to upgrade to Apache 2.2.15, which fixes the exploit." Note: according to the advisory, this exploit is exclusive to Windows.
Kyle Hamilton writes "The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 1.3.42 of the Apache HTTP Server ('Apache'). This release is intended as the final release of version 1.3 of the Apache HTTP Server, which has reached end of life status There will be no more full releases of Apache HTTP Server 1.3. However, critical security updates may be made available."
darthcamaro writes "As expected, Facebook today announced a new runtime for PHP, called HipHop. What wasn't expected were a few key revelations disclosed today by Facebook developer David Recordan. As it turns out, Facebook has been running HipHop for months and it now powers 90 percent of their servers — it's not a skunkworks project; it's a Live production technology. It's also not just a runtime, it's also a new webserver. 'In general, Apache is a great Web server, but when we were looking at how we get the next half percent or percent of performance, we didn't need all the features that Apache offers," Recordon said. He added, however, that he hopes an open source project will one day emerge around making HipHop work with Apache Web servers.'"
Martijn de Boer writes "For a long time now Apache's webserver software has been serving up the Web. Because Internet usage is still growing every day, securing your growing number of servers has become very important. ModSecurity 2.5 has been written to illustrate and educate you the ease of use and inner workings of the ModSecurity module for the most widespread webserver." Read below for the rest of Martijn's review.
Dan Jones writes "The Apache Software Foundation may stop releasing new versions of the older 1.3 and 2.0 series of its flagship Web server product with most development now focused on the 2.2 series. Nothing is final yet, but messages to the Apache httpd developer mailing list recommend the formal deprecation of the 1.3.x branch, with most citing a lack of development activity. The Apache HTTP server project is one of the most successful and popular open source projects and has become an integral part of the technology stack for thousands of Web and SaaS applications. The first generation of Apache was released in 1995, and the 2.0 series began in 2002. Apache httpd 2.2 began in 2005, with the latest release (October 2009) being 2.2.14. However, the most recent releases of the 1.3 and 2.0 series servers were back in January 2008. With the combined total of active 1.3 and 2.0 series Apache Web servers well into the millions, any decision to end-of-life either product will be watched closely."
An anonymous reader writes "Two weeks ago, The Daily WTF's Alex Papadimoulis announced Bad Code Offsets, a join venture between many big names in the software development community (including StackOverflow's Jeff Atwood and Jon Skeet and SourceGear's Eric Sink). The premise is that you can offset bad code by purchasing Bad Code Offsets (much in the same way a carbon-footprint is offset). The profits are donated to Free Software projects which work to eliminate bad code, such as the Apache Foundation and FreeBSD. The first cheques were sent out earlier today." Hopefully, they work better than carbon offsets, actually.