UnmaskParasites writes "To drive traffic to their online stores, software pirates hack reputable legitimate websites injecting hidden spammy links and creating doorway pages. Google's search results are seriously poisoned by such doorways. Negligence of webmasters of compromised sites makes this scheme viable — doorways remain unnoticed for years. Not so long ago, hackers began to re-configure Apache on compromised servers to make them serve doorway pages off of non-default ports, still taking advantage of using established domain names."

MMacFadden writes "The Google Wave team has officially submitted the open source version of Wave to the Apache Software Foundation as a candidate Incubator project. Google hopes that the wave technology will continue to grow, supported by the new open source community (which is made up of Google and non-Google employees alike). Here is the proposal itself."

snydeq writes "Fatal Exception's Neil McAllister writes about what could be the end of the Java Community Process as we know it. With the Apache Software Foundation declaring war on Oracle over Java, the next likely step would be a vote of no confidence in the JCP, which, if the ASF can convince enough members to follow suit, 'could effectively unravel the Java community as a whole,' McAllister writes, with educators, academics, and researchers having little incentive to remain loyal to an Oracle-controlled platform. 'Independent developers could face the toughest decisions of all. Even if the JCP dissolves, many developers will be left with few alternatives,' with .Net offering little advantage, and Perl, Python, and Ruby unable to match Java's performance. The dark horse? Google Go — a language Google might just fast-track in light of its patent suit with Oracle over Android." Reader Revorm adds related news that Oracle and Apple have announced the OpenJDK project for OS X.

jfruhlinger writes "The Apache Software Foundation, feeling increasingly marginalized as Oracle asserts its control over the Java platform, is fighting back, trying to rally fellow members of the Java Community Process to block the next version of the language if Oracle doesn't make it available under an open license amenable to Apache. Last month's Oracle-IBM pact was a blow against the ASF, which had worked with IBM in the past, but it appears that Apache isn't giving up the fight."

An anonymous reader writes "Our company is getting ready to hire a number of programmers. While the majority of the prospective candidates do have good-looking resumes, we are looking to see if we can get some clear metrics in the assessment process. After a little research we have learned that there is a well-established PHP + MySQL training and certification process, and some of the candidates are already certified. There is also a candidate with a good portfolio, a lot of experience, and no certification. Most of the applicants also have some college/university science-related education. So our goal is to be able to somehow measure LAMP overall competency as well as basic computer science concepts such as BNF, data normalization, OOP, MVC, etc. How do Slashdot readers go about this kind of characterization?"

Trailrunner7 writes "Combining a cross-site scripting (XSS) vulnerability with a TinyURL redirect, hackers successfully broke into the infrastructure for the open-source Apache Foundation in what is being described as a 'direct, targeted attack.' The hackers hit the server hosting the software that Apache.org uses to track issues and requests and stole passwords from all users. The software was hosted on brutus.apache.org, a machine running Ubuntu Linux 8.04 LTS, the group said."

Barence writes "Mozilla has announced plans to redraft the open-source license underpinning projects such as Firefox. The Mozilla Public License 1.1 has been used to distribute numerous projects including Firefox, Thunderbird, OpenSolaris and Flex for over a decade. In the first phase of this process, Mozilla will release an alpha draft based on feedback already received. This will be followed by 'commentary, discussion, and further drafting, followed by beta and release candidate drafts.' Mozilla intends to 'seriously investigate' whether it can make the MPL compatible with the Apache license, in an effort to 'help projects using the MPL become more flexible about using Apache-licensed code.'"

bennyboy64 writes "An IT security company has discovered a serious exploit in Apache's HTTP web server, which could allow a remote attacker to gain complete control of a database. ZDNet reports the vulnerability exists in Apache's core mod_isapi module. By exploiting the module, an attacker could remotely gain system privileges that would compromise data security. Users of Apache 2.2.14 and earlier are advised to upgrade to Apache 2.2.15, which fixes the exploit." Note: according to the advisory, this exploit is exclusive to Windows.

Kyle Hamilton writes "The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 1.3.42 of the Apache HTTP Server ('Apache'). This release is intended as the final release of version 1.3 of the Apache HTTP Server, which has reached end of life status There will be no more full releases of Apache HTTP Server 1.3. However, critical security updates may be made available."

darthcamaro writes "As expected, Facebook today announced a new runtime for PHP, called HipHop. What wasn't expected were a few key revelations disclosed today by Facebook developer David Recordan. As it turns out, Facebook has been running HipHop for months and it now powers 90 percent of their servers — it's not a skunkworks project; it's a Live production technology. It's also not just a runtime, it's also a new webserver. 'In general, Apache is a great Web server, but when we were looking at how we get the next half percent or percent of performance, we didn't need all the features that Apache offers," Recordon said. He added, however, that he hopes an open source project will one day emerge around making HipHop work with Apache Web servers.'"

Martijn de Boer writes "For a long time now Apache's webserver software has been serving up the Web. Because Internet usage is still growing every day, securing your growing number of servers has become very important. ModSecurity 2.5 has been written to illustrate and educate you the ease of use and inner workings of the ModSecurity module for the most widespread webserver." Read below for the rest of Martijn's review.

Dan Jones writes "The Apache Software Foundation may stop releasing new versions of the older 1.3 and 2.0 series of its flagship Web server product with most development now focused on the 2.2 series. Nothing is final yet, but messages to the Apache httpd developer mailing list recommend the formal deprecation of the 1.3.x branch, with most citing a lack of development activity. The Apache HTTP server project is one of the most successful and popular open source projects and has become an integral part of the technology stack for thousands of Web and SaaS applications. The first generation of Apache was released in 1995, and the 2.0 series began in 2002. Apache httpd 2.2 began in 2005, with the latest release (October 2009) being 2.2.14. However, the most recent releases of the 1.3 and 2.0 series servers were back in January 2008. With the combined total of active 1.3 and 2.0 series Apache Web servers well into the millions, any decision to end-of-life either product will be watched closely."

An anonymous reader writes "Two weeks ago, The Daily WTF's Alex Papadimoulis announced Bad Code Offsets, a join venture between many big names in the software development community (including StackOverflow's Jeff Atwood and Jon Skeet and SourceGear's Eric Sink). The premise is that you can offset bad code by purchasing Bad Code Offsets (much in the same way a carbon-footprint is offset). The profits are donated to Free Software projects which work to eliminate bad code, such as the Apache Foundation and FreeBSD. The first cheques were sent out earlier today." Hopefully, they work better than carbon offsets, actually.

An anonymous reader writes "Back in July, Microsoft announced it was making .NET available under its Community Promise, which in theory allowed free software developers to use the technology without fear of patent lawsuits. Not surprisingly, many free software geeks were unconvinced by the promise (after all, what's a promise compared to an actual open licence?), but now Microsoft has taken things to the next level by releasing the .NET Micro Framework under the Apache 2.0 licence. Yes, you read that correctly: a sizeable chunk of .NET is about to go open source."

bednarz writes with this excerpt from Network World: "Vulnerabilities discovered in XML libraries from Sun, the Apache Software Foundation, the Python Software Foundation and the GNOME Project could result in successful denial-of-service attacks on applications built with them, according to Codenomicon. The security vendor found flaws in XML parsers that made it fairly easy to cause a DoS attack, corruption of data, and delivery of a malicious payload using XML-based content. Codenomicon has shared its findings with industry and the open source groups, and a number of recommendations and patches for the XML-related vulnerabilities are expected to be made available Wednesday. In addition, a general security advisory is expected to be published by the Computer Emergency Response Team in Finland (CERT-FI)."

worb writes "Opera Unite comes with a web server which is supposedly going to 'redefine the web.' But how well does it actually perform? Is it a threat to other server solutions? Someone put it to the test, and published the results. While nginx, one of the fastest web servers available, is 5 times faster, a PHP+Apache+MySQL server is only 2 times as fast. A compiled C++ server, the MadFish WebToolkit, is 6 times faster. He concludes that Opera Unite's server is impressive, and that the others come nowhere close to the ease of use."

ruphus13 writes "Yahoo has been a vociferous Apache Hadoop user and supporter for several years now, and uses it extensively within its Search technologies. Hadoop has been gaining popularity in the Cloud Computing space, with companies like the NYTimes converting 4TB and 11 million articles to PDFs in under 24 hours using Hadoop and EC2 in late 2007. Hadoop has been made available in Amazon's cloud and Yahoo has now released its own Hadoop version. From the article: 'At today's Hadoop Summit in Silicon Valley, Yahoo! announced the availability of the Yahoo! Distribution of Hadoop, a source-only version of Apache Hadoop that Yahoo! uses within its own search engine. [Hadoop] is an open source software framework that helps process very large data sets, and is widely used in large-scale data mining applications as well as in search tools at sites like Facebook and many others. For developers and users interested in Hadoop, it's worth noting that the Yahoo! Distribution of Hadoop has been widely tested and developed at Yahoo! for years now.'"

Glyn Moody writes "The February 2009 Netcraft survey is not the usual 'Apache continues to trounce Microsoft IIS' story: there's a new entrant — from China. 'This majority of this month's growth is down to the appearance of 20 million Chinese sites served by QZHTTP. This web server is used by QQ to serve millions of Qzone sites beneath the qq.com domain.' What exactly is this QZHTTP, and what does it all mean for the world of Web servers?"

A week ago, we discussed Microsoft's contribution to the Apache Foundation. Now, Bruce Perens has written an analysis "exploring the new relationship of Microsoft and the Apache project, how it works as an anti-Linux move on Microsoft's part, and what some of the Open Sourcers are going to do about having Microsoft as a rather untrustworthy partner." In particular, he notes: "...Microsoft can still influence how things go from here on. If they have to live with open source, the Apache project is Microsoft's preferred direction. Apache doesn't use the dreaded GPL and its enforced sharing of source-code. Instead, the Apache license is practically a no-strings gift, with a weak provision against patent lawsuits as its most relevant term. Microsoft can take Apache software and embrace and enhance, providing their own versions of the project's software with engineered incompatibility and no available source, just as they forced incompatibility into the Web by installing IE with every Windows upgrade."

Penguinisto writes "According to a somewhat jaw-dropping story in The Register, it appears that Microsoft has performed a trifecta of geek-scaring feats: They have joined the Apache Software Foundation as a Platinum member(at $100K USD a year), submitted LGPL-licensed patches for ADOdb, and have pledged to expand their Open Specifications Promise by adding to the list more than 100 protocols for interoperability between its Windows Server and the Windows client. While I sincerely doubt they'll release Vista under a GPL license anytime soon, this is certainly an unexpected series of moves on their part, and could possibly lead to more OSS (as opposed to 'Shared Source') interactivity between what is arguably Linux' greatest adversary and the Open Source community." (We mentioned the announced support for the Apache Foundation earlier today, as well.)