Forgot your password?
typodupeerror

Please create an account to participate in the Slashdot moderation system

The Internet

Apache 2.4 Takes Direct Aim At Nginx 209

Posted by timothy
from the competition-drives-progress dept.
darthcamaro writes "The world's most popular web server is out with a major new release today that has one key goal — deliver more performance than ever before. Improved caching, proxy modules as well as new session control are also key highlights of the release. 'We also show that as far as true performance is based — real-world performance as seen by the end-user- 2.4 is as fast, and even faster than some of the servers who may be "better" known as being "fast", like nginx,' Jim Jagielski, ASF President and Apache HTTP Server Project Management Committee, told InternetNews.com." Here's list of new features in 2.4.
Operating Systems

Bad Guys Use Open Source, Too 84

Posted by timothy
from the malice-aforethought dept.
First time accepted submitter colinneagle writes "Open source has been so successful in giving us software like Linux, Apache, Hadoop, etc., why wouldn't the open source method work with other types of software? Probably no one expected that the criminals behind vast malware trojans would adopt open source methods to make their malware more dangerous, but they have. According to this report from Seculert Research, the makers of Citadel, a variant of the Zeus Trojan are using open source models to hone their code and make the Trojan more dangerous."
Mozilla

Mozilla Public License 2.0 Released 40

Posted by Soulskill
from the expect-3.0-beta-tomorrow dept.
revealingheart writes "Mozilla has announced the release of the Mozilla Public License 2.0. The new version provides for compatibility with the Apache and GPL licenses, improved patent protections and recent changes in copyright law. The full license text is available online. Mozilla has updated their wiki with plans to upgrade their codebase; Bugzilla has also said that they will update (with an exemption to keep the project MPL only). The MPL was previously incompatible with other copyleft licenses like the GPL. The new version is compatible (unless exempted) and doesn't require multiple licenses (as currently stands with Firefox and Thunderbird). This will allow Mozilla to incorporate Apache-licensed code; but will mean that their software becomes incompatible with GPL2 code."
Google

Nginx Overtakes Microsoft As No. 2 Web Server 340

Posted by samzenpus
from the up-and-coming dept.
tsamsoniw writes "With financial backing from the likes of Michael Dell and other venture capitalists, open source upstart Nginx has edged out Microsoft IIS (Internet Information Server) to hold the title of second-most widely used Web server among all active websites. What's more, according to Netcraft's January 2012 Web Server Survey, Nginx over the past month has gained market share among all websites, whereas competitors Apache, Microsoft, and Google each lost share."
Software

Hadoop 1.0 Released 38

Posted by timothy
from the doowop-doobie-dee-do-hadoop-whaeeeee dept.
darthcamaro writes "There has been a tonne of hype about Big Data and specifically Hadoop in recent years. But until today, Hadoop was not a 1.0 release product. Does it matter? Not really, but it's still a big milestone. The new release includes a new web interface for the Hadoop filesystem, security, and Hbase database support. '"At this point we figured that as a community we can support this release and be compatible for the foreseeable future. That makes this release an ideal candidate to be called 1.0," Arun C. Murthy, vice president of Apache Hadoop, said.'"
Open Source

ASF Lays Out Its Plan For OpenOffice.org 129

Posted by Unknown Lamer
from the not-quite-dead-yet dept.
Thinkcloud writes "In an open letter, the Apache Software Foundation has made its plans for OpenOffice clear, including an Apache-branded OpenOffice suite targeted at developers coming next year." From The H: "The ASF says it does not want to force any vision on the ODF community noting that 'it is impossible to agree upon a single vision for all participants, Apache OpenOffice does not seek to define a single vision, nor does it seek to be the only player' in the large ODF ecosystem. Instead, it wishes to offer a neutral 'collaboration opportunity' and notes that its permissive licensing and development model are 'widely recognised as one of the best ways to ensure open standards, such as ODF, gain traction and adoption.'"
Bug

Apache Flaw Allows Internal Network Access 99

Posted by samzenpus
from the protect-ya-neck dept.
angry tapir writes "A yet-to-be-patched flaw discovered in the Apache HTTP server allows attackers to access protected resources on the internal network if some rewrite rules are not defined properly. The vulnerability affects Apache installations that operate in reverse proxy mode, a type of configuration used for load balancing, caching and other operations that involve the distribution of resources over multiple servers."
Java

Apache Harmony Moves To Apache Attic 120

Posted by Soulskill
from the giving-up-the-ghost dept.
think_nix writes "After the resignation of Apache from the Java SE/EE Executive Committee, the time has now come for Harmony to be added to the Apache Attic. Harmony was 'the project to produce an open source cleanroom implementation of Java.' An open vote was taken within the Project Management Committee, which resulted in a 20-2 majority to discontinue development."
Security

Apache Fixes Range Header Flaw, Again 21

Posted by samzenpus
from the got-it-this-time dept.
Trailrunner7 writes "Two weeks after releasing a fix for the range-header denial-of-service flaw that was much-discussed on security forums and mailing lists, the Apache Software Foundation has pushed out another version of its popular Web server that includes a further fix for the same flaw. Apache 2.2.21 has a patch for the CVE-2011-3192 vulnerability that the group previously fixed in late August with the release of version 2.2.20. The vulnerability is an old one that recently resurfaced after a researcher published an advisory on a modified version of the bug and also released a tool capable of exploiting the vulnerability."
Cloud

NSA Makes Contribution To Apache Hadoop Project 102

Posted by samzenpus
from the need-a-hand? dept.
An anonymous reader writes "The National Security Agency has submitted a new database, Accumulo, to the Apache Foundation for incubation. Accumulo is based on the original BigTable paper with some extensions such as the ability to provide cell-level security. It appears there are some hurdles that must be cleared concerning copyright before the project could be accepted."
Security

"Apache Killer" Web Server Hole Plugged 48

Posted by samzenpus
from the shields-up dept.
CWmike writes "The Apache open-source project has patched its Web server software to quash a bug that a denial-of-service (DoS) tool has been exploiting. Apache 2.2.20, released Tuesday, plugs the hole used by an 'Apache Killer' attack tool. On Aug. 24, project developers had promised a fix within 48 hours, then revised the timetable two days later to 24 hours. The security advisory did not explain the delay."
Bug

Fix For Apache DoS Bug In the Pipes 49

Posted by timothy
from the gurgling-through dept.
Trailrunner7 writes with the report that "The Apache Software Foundation plans to have a fix available in the next day or so [Note: that means today, now. --Ed.] for the denial-of-service problem in Apache that was publicized late last week. The bug, which in some forms has been under discussion for more than four years, involves the way that the Web server handles certain overlapping range headers. The vulnerability is a denial-of-service bug, but it is considered serious because a remote attacker can essentially take a targeted server offline with little effort and resources. The Apache Software Foundation, which maintains the popular open-source Web server, updated its advisory on the vulnerability, saying that it expects to have a full fix available for the vulnerability within the next 24 hours."
Security

Apache Warns Web Server Admins of DoS Attack Tool 82

Posted by samzenpus
from the protect-ya-neck dept.
CWmike writes "Developers of the Apache open-source project warned users of the Web server software on Wednesday that a denial-of-service (DoS) tool is circulating that exploits a bug in the program. 'Apache Killer' showed up last Friday in a post to the 'Full Disclosure' security mailing list. The Apache project said it would release a fix for Apache 2.0 and 2.2 in the next 48 hours. All versions in the 1.3 and 2.0 lines are said to be vulnerable to attack. The group no longer supports the older Apache 1.3. 'The attack can be done remotely and with a modest number of requests can cause very significant memory and CPU usage on the server,' Apache said in an advisory. The bug is not new. Michal Zalewski, a security engineer who works for Google, pointed out that he had brought up the DoS exploitability of Apache more than four-and-a-half years ago. In lieu of a fix, Apache offered steps administrators can take to defend their Web servers until a patch is available."
Java

Oracle's Java Policies Are Destroying the Community 314

Posted by Unknown Lamer
from the shares-in-haskell-inc-up-ten-points dept.
snydeq writes "Neil McAllister sees Oracle's buggy Java SE 7 release as only the latest misstep in a mounting litany of bad behavior. 'Who was the first to alert the Java community? The Apache Foundation. Oh, the irony. This is the same Apache Foundation that resigned from the Java Community Process executive committee in protest after Oracle repeatedly refused to give it access to the Java Technology Compatibility Kit,' McAllister writes. 'It seems as if Oracle would like nothing better than to stomp Apache and its open source Java efforts clean out of existence.'"
Java

Java 7 Ships With Severe Bug 180

Posted by Soulskill
from the meeting-expectations dept.
Lisandro writes "Lucid Imagination just posted an announcement about a severe bug in the recently released Java 7. Apparently some loops are mis-compiled due to errors in the HotSpot compiler optimizations, which causes programs to fail. This bug affects several Apache projects directly — Apache Lucene Core and Apache Solr have already raised a warning, noting that the bug might be present in Java 6 as well."

We can predict everything, except the future.

Working...