Thinkcloud writes "In an open letter, the Apache Software Foundation has made its plans for OpenOffice clear, including an Apache-branded OpenOffice suite targeted at developers coming next year." From The H: "The ASF says it does not want to force any vision on the ODF community noting that 'it is impossible to agree upon a single vision for all participants, Apache OpenOffice does not seek to define a single vision, nor does it seek to be the only player' in the large ODF ecosystem. Instead, it wishes to offer a neutral 'collaboration opportunity' and notes that its permissive licensing and development model are 'widely recognised as one of the best ways to ensure open standards, such as ODF, gain traction and adoption.'"

angry tapir writes "A yet-to-be-patched flaw discovered in the Apache HTTP server allows attackers to access protected resources on the internal network if some rewrite rules are not defined properly. The vulnerability affects Apache installations that operate in reverse proxy mode, a type of configuration used for load balancing, caching and other operations that involve the distribution of resources over multiple servers."

think_nix writes "After the resignation of Apache from the Java SE/EE Executive Committee, the time has now come for Harmony to be added to the Apache Attic. Harmony was 'the project to produce an open source cleanroom implementation of Java.' An open vote was taken within the Project Management Committee, which resulted in a 20-2 majority to discontinue development."

Trailrunner7 writes "Two weeks after releasing a fix for the range-header denial-of-service flaw that was much-discussed on security forums and mailing lists, the Apache Software Foundation has pushed out another version of its popular Web server that includes a further fix for the same flaw. Apache 2.2.21 has a patch for the CVE-2011-3192 vulnerability that the group previously fixed in late August with the release of version 2.2.20. The vulnerability is an old one that recently resurfaced after a researcher published an advisory on a modified version of the bug and also released a tool capable of exploiting the vulnerability."

An anonymous reader writes "The National Security Agency has submitted a new database, Accumulo, to the Apache Foundation for incubation. Accumulo is based on the original BigTable paper with some extensions such as the ability to provide cell-level security. It appears there are some hurdles that must be cleared concerning copyright before the project could be accepted."

CWmike writes "The Apache open-source project has patched its Web server software to quash a bug that a denial-of-service (DoS) tool has been exploiting. Apache 2.2.20, released Tuesday, plugs the hole used by an 'Apache Killer' attack tool. On Aug. 24, project developers had promised a fix within 48 hours, then revised the timetable two days later to 24 hours. The security advisory did not explain the delay."

Trailrunner7 writes with the report that "The Apache Software Foundation plans to have a fix available in the next day or so [Note: that means today, now. --Ed.] for the denial-of-service problem in Apache that was publicized late last week. The bug, which in some forms has been under discussion for more than four years, involves the way that the Web server handles certain overlapping range headers. The vulnerability is a denial-of-service bug, but it is considered serious because a remote attacker can essentially take a targeted server offline with little effort and resources. The Apache Software Foundation, which maintains the popular open-source Web server, updated its advisory on the vulnerability, saying that it expects to have a full fix available for the vulnerability within the next 24 hours."

CWmike writes "Developers of the Apache open-source project warned users of the Web server software on Wednesday that a denial-of-service (DoS) tool is circulating that exploits a bug in the program. 'Apache Killer' showed up last Friday in a post to the 'Full Disclosure' security mailing list. The Apache project said it would release a fix for Apache 2.0 and 2.2 in the next 48 hours. All versions in the 1.3 and 2.0 lines are said to be vulnerable to attack. The group no longer supports the older Apache 1.3. 'The attack can be done remotely and with a modest number of requests can cause very significant memory and CPU usage on the server,' Apache said in an advisory. The bug is not new. Michal Zalewski, a security engineer who works for Google, pointed out that he had brought up the DoS exploitability of Apache more than four-and-a-half years ago. In lieu of a fix, Apache offered steps administrators can take to defend their Web servers until a patch is available."

snydeq writes "Neil McAllister sees Oracle's buggy Java SE 7 release as only the latest misstep in a mounting litany of bad behavior. 'Who was the first to alert the Java community? The Apache Foundation. Oh, the irony. This is the same Apache Foundation that resigned from the Java Community Process executive committee in protest after Oracle repeatedly refused to give it access to the Java Technology Compatibility Kit,' McAllister writes. 'It seems as if Oracle would like nothing better than to stomp Apache and its open source Java efforts clean out of existence.'"

Lisandro writes "Lucid Imagination just posted an announcement about a severe bug in the recently released Java 7. Apparently some loops are mis-compiled due to errors in the HotSpot compiler optimizations, which causes programs to fail. This bug affects several Apache projects directly — Apache Lucene Core and Apache Solr have already raised a warning, noting that the bug might be present in Java 6 as well."

CWmike writes "Hoping to further sharpen OpenOffice's competitive viability against Microsoft Office, IBM is donating the code of its Symphony open source office suite to the nonprofit Apache Software Foundation. Apache could fold this code into its own open source office suite OpenOffice, on which Symphony was based. In June, Oracle donated the OpenOffice suite to Apache. 'Prior to Apache's entry, there really hasn't been enough innovation in this area over the past 10 years,' said Kevin Cavanaugh, an IBM vice president. 'It's been constrained because we haven't had a true open source community with a mature governance model.'"

jfruhlinger writes "The forking of LibreOffice from the OpenOffice.org project, followed by Oracle's donation of OpenOffice.org to the Apache Software Foundation, has been something of a bumpy road. But if history is any guide, it's the fork, LibreOffice, that might have the brighter future."

snydeq writes "Oracle's decision to spin OpenOffice.org into an Apache incubation podling raises several questions regarding the future of the code, not the least of which is how it will co-exist with LibreOffice. Also of note are the business implications of Oracle's decision, which some see opening up commercial opportunities for OpenOffice.org support, as well as a likely push from Google and IBM to woo current OpenOffice.org customers to Google Docs and Lotus Symphony."

Julie188 writes "Oracle has finally officially spilled the beans: It's proposing OpenOffice.org as an Apache Incubator project — and not handing it to The Document Foundation. Oracle had announced earlier this year that it would be passing the torch to the community, but failed to provide any specifics about the ultimate destination. The Document Foundation is the organization behind the OpenOffice fork, LibreOffice."

angry tapir writes "Oracle has subpoenaed the Apache Software Foundation in connection with its ongoing intellectual property suit against Google. Oracle filed suit against Google in August, alleging that its Android mobile operating system infringes on seven of Oracle's Java patents. Google has denied any wrongdoing. The subpoena, which was received by ASF on Monday, seeks 'the production of documents related to the use of Apache Harmony code in the Android software platform, and the unsuccessful attempt by Apache to secure an acceptable license to the Java SE Technology Compatibility Kit.'"

An anonymous reader writes "Florian Mueller claims to have produced new evidence that he believes supports Oracle's case against Google on the copyright side of the lawsuit. Oracle originally presented one example to the court, and that file was found to have been part of older Android distributions, with an Apache license header. Mueller has just published six more files of that kind and believes the Apache Software Foundation will disown those just like the first one because those were never part of the Apache Harmony code base. Furthermore, various source files from the Sun Java Wireless Toolkit were found in the Android codebase, containing a total of 38 copyright notices that mark them as proprietary and confidential, but Google apparently published their source code regardless."

angry tapir writes "The cadre of volunteer developers behind the Cassandra distributed database have released the latest version of their open source software, able to hold up to 2 billion columns per row. The newly installed Large Row Support feature of Cassandra version 0.7 allows the database to hold up to 2 billion columns per row. Previous versions had no set upper limit, though the maximum amount of material that could be held in a single row was approximately 2GB. This upper limit has been eliminated."

itwbennett writes "The Apache Software Foundation announced Wednesday that the Object-Oriented Data Technology (OODT), first developed by NASA's Jet Propulsion Laboratory, has graduated to a top level project. The software 'provides a one-stop toolkit for building up a database, populating a database, setting up a work flow to get data into that database, and then serving out lots of different content from that database,' said Chris Mattmann, vice president of the OODT project. NASA uses the software to manage data from multiple domains, including astrophysics, earth carbon monitoring and land-water use. The National Cancer Institute also uses the software for its Daily Detection Research Network, which ties together multiple cancer research databases."

kfogel writes "The Apache Subversion project has just had to remind one of its corporate contributors about the rules of the road. WANdisco, Inc was putting out some very odd press releases and blog posts, implying (among other things) that their company was in some sort of steering position in the open source project. Oops — that's not the Apache Way. The Apache Software Foundation has reminded them of how things work. Meanwhile, one of the founding developers of Subversion, Ben Collins-Sussman, has posted a considerably more caustic take on WANdisco's behavior."

CWmike writes "Oracle has asked the Apache Software Foundation to reconsider its decision to quit the Java SE/EE Executive Committee, and is also acknowledging the ASF's importance to Java's future. In a message released late Thursday, an Oracle executive made conciliatory gestures to Apache. At least for now, the ASF doesn't seem eager to rejoin the committee. 'Give us a reason why the ASF should reconsider other than "please,"' ASF president Jim Jagielski said in a Twitter post on Thursday. The Java Community Process is 'dead,' Jagielski said in a blog post, also on Thursday. 'All that remains is a zombie, walking the streets of the Java ecosystem, looking for brains.'"