A week ago, we discussed Microsoft's contribution to the Apache Foundation. Now, Bruce Perens has written an analysis "exploring the new relationship of Microsoft and the Apache project, how it works as an anti-Linux move on Microsoft's part, and what some of the Open Sourcers are going to do about having Microsoft as a rather untrustworthy partner." In particular, he notes: "...Microsoft can still influence how things go from here on. If they have to live with open source, the Apache project is Microsoft's preferred direction. Apache doesn't use the dreaded GPL and its enforced sharing of source-code. Instead, the Apache license is practically a no-strings gift, with a weak provision against patent lawsuits as its most relevant term. Microsoft can take Apache software and embrace and enhance, providing their own versions of the project's software with engineered incompatibility and no available source, just as they forced incompatibility into the Web by installing IE with every Windows upgrade."

Penguinisto writes "According to a somewhat jaw-dropping story in The Register, it appears that Microsoft has performed a trifecta of geek-scaring feats: They have joined the Apache Software Foundation as a Platinum member(at $100K USD a year), submitted LGPL-licensed patches for ADOdb, and have pledged to expand their Open Specifications Promise by adding to the list more than 100 protocols for interoperability between its Windows Server and the Windows client. While I sincerely doubt they'll release Vista under a GPL license anytime soon, this is certainly an unexpected series of moves on their part, and could possibly lead to more OSS (as opposed to 'Shared Source') interactivity between what is arguably Linux' greatest adversary and the Open Source community." (We mentioned the announced support for the Apache Foundation earlier today, as well.)

gbjbaanb writes "Ars Technica reports that Microsoft is to sponsor the Apache Foundation to the tune of $100k. From the article: 'I asked him if this could possibly be the beginning of a broader initiative by Microsoft to increase Apache compatibility with .NET web development technologies, but he says it's still too early to guess Microsoft's future plans for Apache participation. ... He doesn't anticipate a confrontational response from the developers working on individual Apache projects ... The response of the broader open source software community, however, is harder to predict.' (In related news, MS also intends to participate in the RubySpec project.)"

os2man writes "ApacheCon Europe 2008, the official user conference of the Apache Software Foundation will be held 7 April through 11 April in Amsterdam, The Netherlands. Some of the tracks will be broadcast via live streaming: System Administration (Wednesday), Web Security (Thursday) and Web Services and Web 2.0 (Friday). There's a 99 euro registration fee for the tracks, although all keynote sessions and the opening plenary are available free of charge."

SkiifGeek writes "Zone-H have recently posted the statistical breakdown of the collected website defacements from the last few years. Surprisingly, in 2007 more Linux servers suffered a successful attack than all versions of Windows, combined. Similarly, more Apache installations were successfully attacked than all IIS versions combined. A day after posting this data, Zone-H have questioned the appropriateness of continuing to operate the archive. Despite the valuable information that can be gleaned from the service, it may soon be lost to the world. The natural successor to the now-defunct Alldas archive of defaced websites, Zone-H's archive maintains records of over 2.6 million defaced sites but may be shut down due to the continuous accusations of impropriety leveled against them any time they disclose and mirror a reported defacement."

lisah writes "Reports are beginning to surface that some Web servers running Linux and Apache are unwittingly infecting thousands of computers, exploiting vulnerabilities in QuickTime, Yahoo! Messenger, and Windows. One way to tell if your machine is infected is if you're unable to create a directory name beginning with a numeral. Since details are still sketchy, the best advice right now is to take proactive steps to secure your servers. 'We asked the Apache Software Foundation if it had any advice on how to detect the rootkit or cleanse a server when it's found. According to Mark Cox of the Apache security team, "Whilst details are thin as to how the attackers gained root access to the compromised servers, we currently have no evidence that this is due to an unfixed vulnerability in the Apache HTTP Server." We sent a similar query to Red Hat, the largest vendor of Linux, but all its security team could tell us was that "At this point in time we have not had access to any affected machines and therefore cannot give guidance on which tools would reliably detect the rootkit."'"

jschauma writes "Yahoo published a press release announcing that it has become a platinum sponsor of the Apache Software Foundation. In their company blog, Yahoo points out their particular interest in the Apache projects Lucene and Hadoop, and that they have hired Doug Cutting, creator of both projects and VP at Apache. (Lucene powers the search on Wikipedia; Yahoo also provides hosting capacity to Wikimedia.)"

eldavojohn writes "According to Google, Microsoft's server software is at least twice as likely to host viruses or malware. The reason why? 'Google reports that IIS is likely used to distribute malware more often than Apache because many IIS installs are on pirated Windows versions which aren't configured to automatically download patches. (Even pirated Windows versions can automatically receive security fixes, however.) Our analysis demonstrates how important it is to keep web servers patched to the latest patch level,' Google notes."

An anonymous reader writes "The most notable changes found in this latest draft include making GPLv3 compatible with version 2.0 of the Apache license, ensuring that distributors who make discriminatory patent deals after March 28 may not convey software under GPLv3, adding terms to clarify how users can contract for private modification of free software or for a data center to run it for them, and replacing the previous reference to a U.S. consumer protection statute with explicit criteria for greater clarity outside the United States. The draft also does not prohibit Novell from distributing software under GPLv3 'because the patent protection they arranged with Microsoft last November can be turned against Microsoft to the community's benefit,' FSF executive director Peter Brown said."

An anonymous reader writes "As the load on an application increases, the bottlenecks in the underlying infrastructure become more apparent in the form of slow response to user requests. This article discusses many of the server configuration items that can make or break an application's performance and focuses on steps you can take to optimize Apache and PHP."

Famestay writes "Verisign's iDefense is putting up a $16,000 prize for any hacker who can find a remotely exploitable vulnerability in six critical Internet infrastructure applications. The bounty is for a zero-day code execution hole on the following Internet infrastructure technologies: Apache httpd, Berkeley Internet Name Domain (BIND) daemon, Sendmail SMTP daemon, OpenSSH sshd, Microsoft Internet Information (IIS) Server and Microsoft Exchange Server. 'Immunity founder Dave Aitel, who also purchases flaws and exploits for use in the CANVAS pen testing tool, says its doubtful iDefense will get any submissions from hackers. "It's very hard to exploit [those listed applications]," Aitel said. "IIS 6 hasn't had a public remotely exploitable bug in it. Ever." Several other hackers I spoke to had very much the same message, arguing that $16,000 can never equate to the amount of work/expertise required to find and exploit a hole in the six targeted technologies.'"

tbray writes "This is your friendly local Sun corporate drone reporting that we're going to be building and optimizing and DTrace-ing and shipping and supporting the AMP part of LAMP (details here). I think that basically the whole tech industry, excepting Microsoft, is now at least partly in the AMP camp."

produke writes "Increase your page load times and save bandwidth with easy and really effective methods using apache htaccess directives. mod_headers to set expires, and max-age, and cache-control headers on certain filetypes. The second method employs mod_expires to do the same thing -- together with FileETag, makes for some very fast page loads!"

drizzle writes "There's an interesting story on the Apache Marketing blog about whether or not Apache projects come with too much overhead, especially compared with other services or a roll-your-own approach. The article states, 'It's true that compared with SourceForge, Apache has a more rigorous management structure. The ASF has formalized processes and procedures that we believe represent best practices governance. All new projects must pass through an incubation period to ensure that all of the project's members have internalized these processes. However, each project's leadership has a tremendous amount of discretion in managing within this framework.' There is also a follow up article written by one of the httpd developers about 'What Apache brings to the table.' The article cites community, experience, legal framework, diversity, brand strength, and networking as reasons why developers and companies should consider bringing their projects over to Apache."

chris81 writes "For the first time ever, the Apache Web Server is powering more than 50 million websites, according to Netcraft's Web Server Survey for October. Although relative share fell by 0.67 percent, the total number of sites powered by Apache grew to over 52 million. Microsoft's IIS finished second with more than 15 million sites served."

capouch writes "The Washington Post reports that school administrators for the DC public school system are having an awful time getting their new administrative software to work properly." From the article: "'In my experience, the combination of an Oracle database, Windows operating system, Unix hardware and an Apache webserver is a bad combination,' Barlow wrote in the memo to Thomas M. Brady, the school system's chief business operations officer. 'In fact, through our research the last few days, we have found an advisory on the Apache website that states, 'Please note that at this time, Windows support is entirely experimental and is recommended only for experienced users.' The Apache Group does not guarantee that the software will work as documented or even at all...Barlow said officials plan to replace Windows with a different operating system."

schon writes "Today's the last day of ApacheCon Europe; There was a hilarious presentation entitled 'Why I Hate the Apache Web Server' for anyone who has expressed frustration with the various inconsistencies and nuances of the Internet's favourite config file. And yes, it includes a comparison to Sendmail."

An anonymous reader writes "Whitedust is reporting on a HTTP request smuggling vulnerability in Apache. The flaw apparently allows attackers to piggy back valid HTTP requests over the 'Content-Length:' header, which can result in cache poisoning, cross-site scripting, session hijacking and other various kinds of attack. This flaw affects most of the 2.0.x branch of Apache's HTTPD server."

dirkx writes "For the first time in 3 years - the Apache gathering will be once again in Europe." The next ApacheCon Europe will take place July 18-22 in Stuttgart, Germany. It will start off with tutorials about anything from Apache to Tomcat to XML, then continue with presentations on more in-depth topics: scaling, security, and more.

William Robinson writes "In a bid to be friendly with Open Source, SCO has included 7 OS products in their Unix product. Among the included packages are MySQL, PostgreSQL, Samba, Apache, Tomcat, and FireFox. SCO's position is consistent, spokesman Blake Stowell argued. 'We don't necessarily have issues with open source, we just have an issue with open-source technology that includes intellectual property it shouldn't' he said."