darthcamaro writes "The world's most popular web server is out with a major new release today that has one key goal — deliver more performance than ever before. Improved caching, proxy modules as well as new session control are also key highlights of the release. 'We also show that as far as true performance is based — real-world performance as seen by the end-user- 2.4 is as fast, and even faster than some of the servers who may be "better" known as being "fast", like nginx,' Jim Jagielski, ASF President and Apache HTTP Server Project Management Committee, told InternetNews.com." Here's list of new features in 2.4.
Catch up on stories from the past week (and beyond) at the Slashdot story archive
First time accepted submitter colinneagle writes "Open source has been so successful in giving us software like Linux, Apache, Hadoop, etc., why wouldn't the open source method work with other types of software? Probably no one expected that the criminals behind vast malware trojans would adopt open source methods to make their malware more dangerous, but they have. According to this report from Seculert Research, the makers of Citadel, a variant of the Zeus Trojan are using open source models to hone their code and make the Trojan more dangerous."
revealingheart writes "Mozilla has announced the release of the Mozilla Public License 2.0. The new version provides for compatibility with the Apache and GPL licenses, improved patent protections and recent changes in copyright law. The full license text is available online. Mozilla has updated their wiki with plans to upgrade their codebase; Bugzilla has also said that they will update (with an exemption to keep the project MPL only). The MPL was previously incompatible with other copyleft licenses like the GPL. The new version is compatible (unless exempted) and doesn't require multiple licenses (as currently stands with Firefox and Thunderbird). This will allow Mozilla to incorporate Apache-licensed code; but will mean that their software becomes incompatible with GPL2 code."
tsamsoniw writes "With financial backing from the likes of Michael Dell and other venture capitalists, open source upstart Nginx has edged out Microsoft IIS (Internet Information Server) to hold the title of second-most widely used Web server among all active websites. What's more, according to Netcraft's January 2012 Web Server Survey, Nginx over the past month has gained market share among all websites, whereas competitors Apache, Microsoft, and Google each lost share."
darthcamaro writes "There has been a tonne of hype about Big Data and specifically Hadoop in recent years. But until today, Hadoop was not a 1.0 release product. Does it matter? Not really, but it's still a big milestone. The new release includes a new web interface for the Hadoop filesystem, security, and Hbase database support. '"At this point we figured that as a community we can support this release and be compatible for the foreseeable future. That makes this release an ideal candidate to be called 1.0," Arun C. Murthy, vice president of Apache Hadoop, said.'"
Thinkcloud writes "In an open letter, the Apache Software Foundation has made its plans for OpenOffice clear, including an Apache-branded OpenOffice suite targeted at developers coming next year." From The H: "The ASF says it does not want to force any vision on the ODF community noting that 'it is impossible to agree upon a single vision for all participants, Apache OpenOffice does not seek to define a single vision, nor does it seek to be the only player' in the large ODF ecosystem. Instead, it wishes to offer a neutral 'collaboration opportunity' and notes that its permissive licensing and development model are 'widely recognised as one of the best ways to ensure open standards, such as ODF, gain traction and adoption.'"
angry tapir writes "A yet-to-be-patched flaw discovered in the Apache HTTP server allows attackers to access protected resources on the internal network if some rewrite rules are not defined properly. The vulnerability affects Apache installations that operate in reverse proxy mode, a type of configuration used for load balancing, caching and other operations that involve the distribution of resources over multiple servers."
think_nix writes "After the resignation of Apache from the Java SE/EE Executive Committee, the time has now come for Harmony to be added to the Apache Attic. Harmony was 'the project to produce an open source cleanroom implementation of Java.' An open vote was taken within the Project Management Committee, which resulted in a 20-2 majority to discontinue development."
Trailrunner7 writes "Two weeks after releasing a fix for the range-header denial-of-service flaw that was much-discussed on security forums and mailing lists, the Apache Software Foundation has pushed out another version of its popular Web server that includes a further fix for the same flaw. Apache 2.2.21 has a patch for the CVE-2011-3192 vulnerability that the group previously fixed in late August with the release of version 2.2.20. The vulnerability is an old one that recently resurfaced after a researcher published an advisory on a modified version of the bug and also released a tool capable of exploiting the vulnerability."
An anonymous reader writes "The National Security Agency has submitted a new database, Accumulo, to the Apache Foundation for incubation. Accumulo is based on the original BigTable paper with some extensions such as the ability to provide cell-level security. It appears there are some hurdles that must be cleared concerning copyright before the project could be accepted."
CWmike writes "The Apache open-source project has patched its Web server software to quash a bug that a denial-of-service (DoS) tool has been exploiting. Apache 2.2.20, released Tuesday, plugs the hole used by an 'Apache Killer' attack tool. On Aug. 24, project developers had promised a fix within 48 hours, then revised the timetable two days later to 24 hours. The security advisory did not explain the delay."
Trailrunner7 writes with the report that "The Apache Software Foundation plans to have a fix available in the next day or so [Note: that means today, now. --Ed.] for the denial-of-service problem in Apache that was publicized late last week. The bug, which in some forms has been under discussion for more than four years, involves the way that the Web server handles certain overlapping range headers. The vulnerability is a denial-of-service bug, but it is considered serious because a remote attacker can essentially take a targeted server offline with little effort and resources. The Apache Software Foundation, which maintains the popular open-source Web server, updated its advisory on the vulnerability, saying that it expects to have a full fix available for the vulnerability within the next 24 hours."
CWmike writes "Developers of the Apache open-source project warned users of the Web server software on Wednesday that a denial-of-service (DoS) tool is circulating that exploits a bug in the program. 'Apache Killer' showed up last Friday in a post to the 'Full Disclosure' security mailing list. The Apache project said it would release a fix for Apache 2.0 and 2.2 in the next 48 hours. All versions in the 1.3 and 2.0 lines are said to be vulnerable to attack. The group no longer supports the older Apache 1.3. 'The attack can be done remotely and with a modest number of requests can cause very significant memory and CPU usage on the server,' Apache said in an advisory. The bug is not new. Michal Zalewski, a security engineer who works for Google, pointed out that he had brought up the DoS exploitability of Apache more than four-and-a-half years ago. In lieu of a fix, Apache offered steps administrators can take to defend their Web servers until a patch is available."
snydeq writes "Neil McAllister sees Oracle's buggy Java SE 7 release as only the latest misstep in a mounting litany of bad behavior. 'Who was the first to alert the Java community? The Apache Foundation. Oh, the irony. This is the same Apache Foundation that resigned from the Java Community Process executive committee in protest after Oracle repeatedly refused to give it access to the Java Technology Compatibility Kit,' McAllister writes. 'It seems as if Oracle would like nothing better than to stomp Apache and its open source Java efforts clean out of existence.'"
Lisandro writes "Lucid Imagination just posted an announcement about a severe bug in the recently released Java 7. Apparently some loops are mis-compiled due to errors in the HotSpot compiler optimizations, which causes programs to fail. This bug affects several Apache projects directly — Apache Lucene Core and Apache Solr have already raised a warning, noting that the bug might be present in Java 6 as well."