CWmike writes "Developers of the Apache open-source project warned users of the Web server software on Wednesday that a denial-of-service (DoS) tool is circulating that exploits a bug in the program. 'Apache Killer' showed up last Friday in a post to the 'Full Disclosure' security mailing list. The Apache project said it would release a fix for Apache 2.0 and 2.2 in the next 48 hours. All versions in the 1.3 and 2.0 lines are said to be vulnerable to attack. The group no longer supports the older Apache 1.3. 'The attack can be done remotely and with a modest number of requests can cause very significant memory and CPU usage on the server,' Apache said in an advisory. The bug is not new. Michal Zalewski, a security engineer who works for Google, pointed out that he had brought up the DoS exploitability of Apache more than four-and-a-half years ago. In lieu of a fix, Apache offered steps administrators can take to defend their Web servers until a patch is available."
Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.
snydeq writes "Neil McAllister sees Oracle's buggy Java SE 7 release as only the latest misstep in a mounting litany of bad behavior. 'Who was the first to alert the Java community? The Apache Foundation. Oh, the irony. This is the same Apache Foundation that resigned from the Java Community Process executive committee in protest after Oracle repeatedly refused to give it access to the Java Technology Compatibility Kit,' McAllister writes. 'It seems as if Oracle would like nothing better than to stomp Apache and its open source Java efforts clean out of existence.'"
Lisandro writes "Lucid Imagination just posted an announcement about a severe bug in the recently released Java 7. Apparently some loops are mis-compiled due to errors in the HotSpot compiler optimizations, which causes programs to fail. This bug affects several Apache projects directly — Apache Lucene Core and Apache Solr have already raised a warning, noting that the bug might be present in Java 6 as well."
CWmike writes "Hoping to further sharpen OpenOffice's competitive viability against Microsoft Office, IBM is donating the code of its Symphony open source office suite to the nonprofit Apache Software Foundation. Apache could fold this code into its own open source office suite OpenOffice, on which Symphony was based. In June, Oracle donated the OpenOffice suite to Apache. 'Prior to Apache's entry, there really hasn't been enough innovation in this area over the past 10 years,' said Kevin Cavanaugh, an IBM vice president. 'It's been constrained because we haven't had a true open source community with a mature governance model.'"
snydeq writes "Oracle's decision to spin OpenOffice.org into an Apache incubation podling raises several questions regarding the future of the code, not the least of which is how it will co-exist with LibreOffice. Also of note are the business implications of Oracle's decision, which some see opening up commercial opportunities for OpenOffice.org support, as well as a likely push from Google and IBM to woo current OpenOffice.org customers to Google Docs and Lotus Symphony."
Julie188 writes "Oracle has finally officially spilled the beans: It's proposing OpenOffice.org as an Apache Incubator project — and not handing it to The Document Foundation. Oracle had announced earlier this year that it would be passing the torch to the community, but failed to provide any specifics about the ultimate destination. The Document Foundation is the organization behind the OpenOffice fork, LibreOffice."
angry tapir writes "Oracle has subpoenaed the Apache Software Foundation in connection with its ongoing intellectual property suit against Google. Oracle filed suit against Google in August, alleging that its Android mobile operating system infringes on seven of Oracle's Java patents. Google has denied any wrongdoing. The subpoena, which was received by ASF on Monday, seeks 'the production of documents related to the use of Apache Harmony code in the Android software platform, and the unsuccessful attempt by Apache to secure an acceptable license to the Java SE Technology Compatibility Kit.'"
An anonymous reader writes "Florian Mueller claims to have produced new evidence that he believes supports Oracle's case against Google on the copyright side of the lawsuit. Oracle originally presented one example to the court, and that file was found to have been part of older Android distributions, with an Apache license header. Mueller has just published six more files of that kind and believes the Apache Software Foundation will disown those just like the first one because those were never part of the Apache Harmony code base. Furthermore, various source files from the Sun Java Wireless Toolkit were found in the Android codebase, containing a total of 38 copyright notices that mark them as proprietary and confidential, but Google apparently published their source code regardless."
angry tapir writes "The cadre of volunteer developers behind the Cassandra distributed database have released the latest version of their open source software, able to hold up to 2 billion columns per row. The newly installed Large Row Support feature of Cassandra version 0.7 allows the database to hold up to 2 billion columns per row. Previous versions had no set upper limit, though the maximum amount of material that could be held in a single row was approximately 2GB. This upper limit has been eliminated."
itwbennett writes "The Apache Software Foundation announced Wednesday that the Object-Oriented Data Technology (OODT), first developed by NASA's Jet Propulsion Laboratory, has graduated to a top level project. The software 'provides a one-stop toolkit for building up a database, populating a database, setting up a work flow to get data into that database, and then serving out lots of different content from that database,' said Chris Mattmann, vice president of the OODT project. NASA uses the software to manage data from multiple domains, including astrophysics, earth carbon monitoring and land-water use. The National Cancer Institute also uses the software for its Daily Detection Research Network, which ties together multiple cancer research databases."
kfogel writes "The Apache Subversion project has just had to remind one of its corporate contributors about the rules of the road. WANdisco, Inc was putting out some very odd press releases and blog posts, implying (among other things) that their company was in some sort of steering position in the open source project. Oops — that's not the Apache Way. The Apache Software Foundation has reminded them of how things work. Meanwhile, one of the founding developers of Subversion, Ben Collins-Sussman, has posted a considerably more caustic take on WANdisco's behavior."
CWmike writes "Oracle has asked the Apache Software Foundation to reconsider its decision to quit the Java SE/EE Executive Committee, and is also acknowledging the ASF's importance to Java's future. In a message released late Thursday, an Oracle executive made conciliatory gestures to Apache. At least for now, the ASF doesn't seem eager to rejoin the committee. 'Give us a reason why the ASF should reconsider other than "please,"' ASF president Jim Jagielski said in a Twitter post on Thursday. The Java Community Process is 'dead,' Jagielski said in a blog post, also on Thursday. 'All that remains is a zombie, walking the streets of the Java ecosystem, looking for brains.'"
iammichael writes "The Apache Software Foundation has resigned its seat on the Java SE/EE Executive Committee due to a long dispute over the licensing restrictions placed on the TCK (test kit validating third-party Java implementations are compatible with the specification)."
UnmaskParasites writes "To drive traffic to their online stores, software pirates hack reputable legitimate websites injecting hidden spammy links and creating doorway pages. Google's search results are seriously poisoned by such doorways. Negligence of webmasters of compromised sites makes this scheme viable — doorways remain unnoticed for years. Not so long ago, hackers began to re-configure Apache on compromised servers to make them serve doorway pages off of non-default ports, still taking advantage of using established domain names."