Slashdot

An anonymous reader writes "Back in July, Microsoft announced it was making .NET available under its Community Promise, which in theory allowed free software developers to use the technology without fear of patent lawsuits. Not surprisingly, many free software geeks were unconvinced by the promise (after all, what's a promise compared to an actual open licence?), but now Microsoft has taken things to the next level by releasing the .NET Micro Framework under the Apache 2.0 licence. Yes, you read that correctly: a sizeable chunk of .NET is about to go open source."

bednarz writes with this excerpt from Network World: "Vulnerabilities discovered in XML libraries from Sun, the Apache Software Foundation, the Python Software Foundation and the GNOME Project could result in successful denial-of-service attacks on applications built with them, according to Codenomicon. The security vendor found flaws in XML parsers that made it fairly easy to cause a DoS attack, corruption of data, and delivery of a malicious payload using XML-based content. Codenomicon has shared its findings with industry and the open source groups, and a number of recommendations and patches for the XML-related vulnerabilities are expected to be made available Wednesday. In addition, a general security advisory is expected to be published by the Computer Emergency Response Team in Finland (CERT-FI)."

worb writes "Opera Unite comes with a web server which is supposedly going to 'redefine the web.' But how well does it actually perform? Is it a threat to other server solutions? Someone put it to the test, and published the results. While nginx, one of the fastest web servers available, is 5 times faster, a PHP+Apache+MySQL server is only 2 times as fast. A compiled C++ server, the MadFish WebToolkit, is 6 times faster. He concludes that Opera Unite's server is impressive, and that the others come nowhere close to the ease of use."

ruphus13 writes "Yahoo has been a vociferous Apache Hadoop user and supporter for several years now, and uses it extensively within its Search technologies. Hadoop has been gaining popularity in the Cloud Computing space, with companies like the NYTimes converting 4TB and 11 million articles to PDFs in under 24 hours using Hadoop and EC2 in late 2007. Hadoop has been made available in Amazon's cloud and Yahoo has now released its own Hadoop version. From the article: 'At today's Hadoop Summit in Silicon Valley, Yahoo! announced the availability of the Yahoo! Distribution of Hadoop, a source-only version of Apache Hadoop that Yahoo! uses within its own search engine. [Hadoop] is an open source software framework that helps process very large data sets, and is widely used in large-scale data mining applications as well as in search tools at sites like Facebook and many others. For developers and users interested in Hadoop, it's worth noting that the Yahoo! Distribution of Hadoop has been widely tested and developed at Yahoo! for years now.'"

Glyn Moody writes "The February 2009 Netcraft survey is not the usual 'Apache continues to trounce Microsoft IIS' story: there's a new entrant — from China. 'This majority of this month's growth is down to the appearance of 20 million Chinese sites served by QZHTTP. This web server is used by QQ to serve millions of Qzone sites beneath the qq.com domain.' What exactly is this QZHTTP, and what does it all mean for the world of Web servers?"

A week ago, we discussed Microsoft's contribution to the Apache Foundation. Now, Bruce Perens has written an analysis "exploring the new relationship of Microsoft and the Apache project, how it works as an anti-Linux move on Microsoft's part, and what some of the Open Sourcers are going to do about having Microsoft as a rather untrustworthy partner." In particular, he notes: "...Microsoft can still influence how things go from here on. If they have to live with open source, the Apache project is Microsoft's preferred direction. Apache doesn't use the dreaded GPL and its enforced sharing of source-code. Instead, the Apache license is practically a no-strings gift, with a weak provision against patent lawsuits as its most relevant term. Microsoft can take Apache software and embrace and enhance, providing their own versions of the project's software with engineered incompatibility and no available source, just as they forced incompatibility into the Web by installing IE with every Windows upgrade."

Penguinisto writes "According to a somewhat jaw-dropping story in The Register, it appears that Microsoft has performed a trifecta of geek-scaring feats: They have joined the Apache Software Foundation as a Platinum member(at $100K USD a year), submitted LGPL-licensed patches for ADOdb, and have pledged to expand their Open Specifications Promise by adding to the list more than 100 protocols for interoperability between its Windows Server and the Windows client. While I sincerely doubt they'll release Vista under a GPL license anytime soon, this is certainly an unexpected series of moves on their part, and could possibly lead to more OSS (as opposed to 'Shared Source') interactivity between what is arguably Linux' greatest adversary and the Open Source community." (We mentioned the announced support for the Apache Foundation earlier today, as well.)

gbjbaanb writes "Ars Technica reports that Microsoft is to sponsor the Apache Foundation to the tune of $100k. From the article: 'I asked him if this could possibly be the beginning of a broader initiative by Microsoft to increase Apache compatibility with .NET web development technologies, but he says it's still too early to guess Microsoft's future plans for Apache participation. ... He doesn't anticipate a confrontational response from the developers working on individual Apache projects ... The response of the broader open source software community, however, is harder to predict.' (In related news, MS also intends to participate in the RubySpec project.)"

os2man writes "ApacheCon Europe 2008, the official user conference of the Apache Software Foundation will be held 7 April through 11 April in Amsterdam, The Netherlands. Some of the tracks will be broadcast via live streaming: System Administration (Wednesday), Web Security (Thursday) and Web Services and Web 2.0 (Friday). There's a 99 euro registration fee for the tracks, although all keynote sessions and the opening plenary are available free of charge."

SkiifGeek writes "Zone-H have recently posted the statistical breakdown of the collected website defacements from the last few years. Surprisingly, in 2007 more Linux servers suffered a successful attack than all versions of Windows, combined. Similarly, more Apache installations were successfully attacked than all IIS versions combined. A day after posting this data, Zone-H have questioned the appropriateness of continuing to operate the archive. Despite the valuable information that can be gleaned from the service, it may soon be lost to the world. The natural successor to the now-defunct Alldas archive of defaced websites, Zone-H's archive maintains records of over 2.6 million defaced sites but may be shut down due to the continuous accusations of impropriety leveled against them any time they disclose and mirror a reported defacement."

lisah writes "Reports are beginning to surface that some Web servers running Linux and Apache are unwittingly infecting thousands of computers, exploiting vulnerabilities in QuickTime, Yahoo! Messenger, and Windows. One way to tell if your machine is infected is if you're unable to create a directory name beginning with a numeral. Since details are still sketchy, the best advice right now is to take proactive steps to secure your servers. 'We asked the Apache Software Foundation if it had any advice on how to detect the rootkit or cleanse a server when it's found. According to Mark Cox of the Apache security team, "Whilst details are thin as to how the attackers gained root access to the compromised servers, we currently have no evidence that this is due to an unfixed vulnerability in the Apache HTTP Server." We sent a similar query to Red Hat, the largest vendor of Linux, but all its security team could tell us was that "At this point in time we have not had access to any affected machines and therefore cannot give guidance on which tools would reliably detect the rootkit."'"

jschauma writes "Yahoo published a press release announcing that it has become a platinum sponsor of the Apache Software Foundation. In their company blog, Yahoo points out their particular interest in the Apache projects Lucene and Hadoop, and that they have hired Doug Cutting, creator of both projects and VP at Apache. (Lucene powers the search on Wikipedia; Yahoo also provides hosting capacity to Wikimedia.)"

benjymouse quotes this month's netcraft survey "In the August 2007 survey we received responses from 127,961,479 sites, an increase of 2.3 million sites from last month. Microsoft continues to increase its web server market share, adding 2.6 million sites this month as Apache loses 991K hostnames. As a result, Windows improves its market share by 1.4% to 34.2%, while Apache slips by 1.7% to 48.4%. Microsoft's recent gains raise the prospect that Windows may soon challenge Apache's leadership position."

eldavojohn writes "According to Google, Microsoft's server software is at least twice as likely to host viruses or malware. The reason why? 'Google reports that IIS is likely used to distribute malware more often than Apache because many IIS installs are on pirated Windows versions which aren't configured to automatically download patches. (Even pirated Windows versions can automatically receive security fixes, however.) Our analysis demonstrates how important it is to keep web servers patched to the latest patch level,' Google notes."

An anonymous reader writes "The most notable changes found in this latest draft include making GPLv3 compatible with version 2.0 of the Apache license, ensuring that distributors who make discriminatory patent deals after March 28 may not convey software under GPLv3, adding terms to clarify how users can contract for private modification of free software or for a data center to run it for them, and replacing the previous reference to a U.S. consumer protection statute with explicit criteria for greater clarity outside the United States. The draft also does not prohibit Novell from distributing software under GPLv3 'because the patent protection they arranged with Microsoft last November can be turned against Microsoft to the community's benefit,' FSF executive director Peter Brown said."

An anonymous reader writes "As the load on an application increases, the bottlenecks in the underlying infrastructure become more apparent in the form of slow response to user requests. This article discusses many of the server configuration items that can make or break an application's performance and focuses on steps you can take to optimize Apache and PHP."

Famestay writes "Verisign's iDefense is putting up a $16,000 prize for any hacker who can find a remotely exploitable vulnerability in six critical Internet infrastructure applications. The bounty is for a zero-day code execution hole on the following Internet infrastructure technologies: Apache httpd, Berkeley Internet Name Domain (BIND) daemon, Sendmail SMTP daemon, OpenSSH sshd, Microsoft Internet Information (IIS) Server and Microsoft Exchange Server. 'Immunity founder Dave Aitel, who also purchases flaws and exploits for use in the CANVAS pen testing tool, says its doubtful iDefense will get any submissions from hackers. "It's very hard to exploit [those listed applications]," Aitel said. "IIS 6 hasn't had a public remotely exploitable bug in it. Ever." Several other hackers I spoke to had very much the same message, arguing that $16,000 can never equate to the amount of work/expertise required to find and exploit a hole in the six targeted technologies.'"

tbray writes "This is your friendly local Sun corporate drone reporting that we're going to be building and optimizing and DTrace-ing and shipping and supporting the AMP part of LAMP (details here). I think that basically the whole tech industry, excepting Microsoft, is now at least partly in the AMP camp."

An anonymous reader writes "Document storage is hot, hot, hot! There has been an explosion of methodologies and tool sets — both open source and proprietary — to fulfill the demand for quickly locating and searching documents. Mash Apache Derby with a new OpenOffice 2.0 feature to create a repository that lets you store, search, and extract ODF documents in a standards-based manner."

produke writes "Increase your page load times and save bandwidth with easy and really effective methods using apache htaccess directives. mod_headers to set expires, and max-age, and cache-control headers on certain filetypes. The second method employs mod_expires to do the same thing -- together with FileETag, makes for some very fast page loads!"