The Final Release of Apache HTTP Server 1.3

Kyle Hamilton writes "The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 1.3.42 of the Apache HTTP Server ('Apache'). This release is intended as the final release of version 1.3 of the Apache HTTP Server, which has reached end of life status There will be no more full releases of Apache HTTP Server 1.3. However, critical security updates may be made available."

We already have. Right away from Apache, even.

[Anonymous Coward]

Many of us have moved away from Apache altogether. I mean, with lighttpd [lighttpd.net] and nginx [nginx.org] available, there's really little need for Apache these days.

Re:

[xOneca]

Also Cherokee [cherokee-project.com]. I have used Apache for 4 years (I think last two were Apache 2.2). Now I'm thinking to move to Cherokee, since it's easy to configure.

Re:

[dgatwood]

Don't forget shell-script-based servers [apple.com]. It has a much smaller memory footprint than Apache, and it even runs PHP/Perl scripts. :-D

Re:

[dgatwood]

Interesting? Really? I was going for "Funny". If you actually use it, you'll discover that it's pretty darn impractical in a production environment. More of a demonstration of several advanced scripting techniques (simulating associative arrays, for example) than anything practical. Still a fun little piece of code.

Re:

[suso]

I know you're joking, but actually Apache 2.0 was released 10 years ago next month. I remember sitting in the audience at ApacheCon 2000 when they released it. Anyone who is still on 1.3 has been sitting on it for far too long.

Re:

[coolgeek]

Not really, when you consider they only got mod_perl for 2.x into a production release about 2-3 years ago.

Re:

[cerberusss]

Anyone who is still on 1.3 has been sitting on it for far too long.

Hey, somebody has to keep the corpse warm!

Re:

[Anonymous Coward]

Since the next-oldest news item at the bottom of httpd.apache.org is also dated 2008-01-19, one can easily deduce that the news entry was back-dated so it doesn't draw attention to a branch that has been superseded twice. And reading TFA would show that it fixes a CVE-2010 issue, so it would be even sillier to insist that this is 2008 news.

Re:

[wolrahnaes]

This does appear to be the case. It looks like the Apache crew have decided to just update their old posts for 1.3 and 2.0 related changes rather than add new posts, thus causing a misleading date.

Open Source

[Chris Lawrence]

This is the beauty of open source. Apache 1.3 is still widely used, and many products are still based on it. If the Apache Foundation no longer wants to maintain it, others are free to pick it up and carry on. I wouldn't be surprised if this happened sooner rather than later.

Re:Open Source

[Anonymous Coward]

Yes, the "beauty of open source" is that people waste time and energy on an obsolete product. Reminds me of Microsoft.

Re:Open Source

[Chris Lawrence]

But it's their time to spend as they want. There are people working on a new port of Firefox to Mac OS 9 (Classilla). That's an operating system that hasn't been updated in 10 years. But if people are having fun doing this, that's great. If the product was closed source, there would simply be no option.

Re:

[amRadioHed]

Wow, I can't believe there are people still using Mac OS 9. It was better than Windows 98, but that's about all it has going for it these days.

Re:

[AsmCoder8088]

Actually, Mac OS 9 is very secure. Even the US Army still uses it [tidbits.com] for secure web hosting.

Re:

[amRadioHed]

That's true, but its security comes from its limitations. Doesn't really explain why anyone would want to run Firefox on it though.

Re:

[0100010001010011]

HTML5 Porn.

Re:

[yuhong]

Not exactly, one fundamental advantage is that it used Pascal strings mostly, avoiding the problems of C strings. I once read a old Slashdot comment on the security advantages, and it made me even more sad about the failure of the Copland project, which would have been probably much more secure than Mac OS X ended up being.

Re:

[amRadioHed]

Good point, Pascal strings are more secure. But on the other hand the lack of protected memory and multiuser security model are less secure. I guess advantage may still be with the pascal strings, but I'm not sure.

The reason specifically mentioned in the article for Mac OS 9 being more secure was the lack of remote (or local) shell access which is what I was thinking of as a major liability for end users, at least for me.

Re:

[yuhong]

But on the other hand the lack of protected memory and multiuser security model are less secure.

And Copland would have added support for this while preserving the security advantages that classic Mac OS had, which why it is sad that it filed

Re:

[hardwarefreak]

Yes, the "beauty of open source" is that people waste time and energy on an obsolete product. Reminds me of Microsoft.

From Webster's, "obsolete": 1 a : no longer in use or no longer useful b : of a kind or style no longer current : old-fashioned

Whilst Apache 1.3 may very well fit the second definition, it certainly doesn't fit the first. It it still useful for a great many people, particularly those who serve static content for a single domain. They have no use for virtual directories and multiple domain hosting, or many of the Apache 2 features that have caused so much bloat and resource consumption.

I dare say that L

Re:

[kv9]

Whilst Apache 1.3 may very well fit the second definition, it certainly doesn't fit the first. It it still useful for a great many people, particularly those who serve static content for a single domain. They have no use for virtual directories and multiple domain hosting

I've been using vhosts and multiple domain hosting on 1.3 for the past 10 years or so.

Re:

[r7]

Yes, the "beauty of open source" is that people waste time and energy on an obsolete product

That's not what "obsolete" means. Fact is that httpd 1.3 does more than everything we need in less memory than any 2.X version. It also has had less than half the security vulnerabilities of the 2.X branch. Over the past 8 years that secure code base has saved something like one engineer-month (~$10K) in upgrades alone. But then I'm lazy, and happy to have better things to do than upgrade software for no good reason.

Unfortunately, NIH syndrome is endemic to software engineering. As a result we get stuc

Re:

[Improv]

The thing is, it'd take someone with both considerable energy and a good name to manage it - when a product is declared dead, pretenders might pop up like weeds but, just like the French/Iranian/Prussian/Russian/Persian royal family, nobody takes them seriously.

Re:

[jellomizer]

So after a project dies it forks off into a slew a Legacy systems all needed independent modifications and changes. That is the Ugly side of Open Source to me. A more beauty side is if the tools that did need to work on 1.3 once apache stopped 1.3 support went and modified their apps to work on newer web browsers.

Forking code to keep your project going is not the way, it is just a bad idea.

Re:

[vadim_t]

Why ugly? It's better than the project dying, period.

And one of those forks may become the new official version.

Re:

[Sir_Lewk]

Yeah, because a project dying and all the people that still use it being left out in the cold is really an attractive alternative.

Not.

Re:

[Richard_at_work]

If it forces people to upgrade to a better alternative, then maybe it is. Think IE6 - would it be better to maintain that ongoing (considering that many of the things the Slashdot groupthink wants to fix with IE6 are the explicit reasons why some companies are keeping it around) or kill it dead and have people upgrade?

Re:

[Vellmont]

So after a project dies it forks off into a slew a Legacy systems all needed independent modifications and changes. That is the Ugly side of Open Source to me.

Unless all the owners of the legacy systems got together and formed some sort of.. foundation to maintain the old version. They could all share the code and benefit from the modifications. They could call it something like the Apache Software Foundation (oops, I guess that one's already taken).

Kidding aside, the "problem" you describe has nothing t

Re:

[toddestan]

I would guess that 1.3.42 is probably pretty stable, given that no new features have been added for years, and is only a minor update to version 1.3.41 which is over 2 years old as it is. So I would guess anyone still using 1.3 can continue with 1.3.42 for the forseeable future without worries. And if something really bad did come up, apparently they left the option of issuing a security update open.

Too late

[Anonymous Coward]

They should have stopped at version 1.3.37

Re:

[KlomDark]

Until I "got" the joke, I was wondering why you didn't say "They should have stopped at version 1.3.41" :)

Re:Too late

[shutdown -p now]

1.3.37 is reserved for the OpenBSD fork.

Re:

[Hurricane78]

But now, it contains the answer to life, the universe, and everything! Which makes it clear why it will never need a change again. ^^

Bonus: The dude in the THHGTTG movie, with the British accent, going: “Forty-twoohoooo-ooo???”

Re:

[mebrahim]

, but their fate chose 42 for them.

web servers to app servers

[Lord Ender]

It seems that basic web sites made by uploading html and other files are going extinct, in favor of web apps like CMSs and blogs. As a result, the majority of the functionality provided by web servers like Apache is becoming unnecessary.

As an example, any web app which interfaces with Apache via Rack [rubyforge.org]middleware needs only the enabling of mod_rack. Other than that, you don't need to touch apache2.conf. Apache basically just handles the sockets; the rest of its functionality goes unused.

Re:web servers to app servers

[h4rr4r]

Just wait, it will come back. The wheel of computing just goes around and around, now we are reinventing thin clients via netbooks used only to use webapps. In another 5-10 years people will want thick clients again and websites that are actually usable and informative.

Re:

[ZERO1ZERO]

The wheel of computing - I 've seen this idea referred to here many a time - but when I google the term or similar like 'wheel of reinvention' etc I can't find any definitive article with examples.

I was explaining this to a colleague the other day in terms of how graphics processors keep chopping and changing what they do integrated, not integrated, now we are using the GPU as a massive co-processor, and give it time and it will be rolled back into the main CPU.

Anyway can someone point to a researched arti

Re:web servers to app servers

[SEE]

"Wheel of reincarnation" is the entry in the Jargon File; term "coined in a paper by T.H. Myer and I.E. Sutherland On the Design of Display Processors, Comm. ACM, Vol. 11, no. 6, June 1968"

Re:

[Bill, Shooter of Bul]

People want websites that are actually usable and informative today. I'm not sure what that has to do with thin or fat clients through. Could you elaborate?

Re:

[Mad Merlin]

I'm hoping the wheel of computing will do away with shortscreen monitors sooner rather than later and we can go back to using real monitors...

Re:

[jgreco]

The day of the static web page is indeed drawing to a close. With Facebook rewriting PHP into HipHop, other middleware products becoming capable of also serving content, and the general transition to "Web 2.0", the largely static Web of the '90's is nearer than ever to its eventual end. Apache 1 has been an absolutely fantastic tool over the years, and even though it's well past its "sell-by" date, the fact that many have continued to use it says a lot about the overall quality and robustness. Thanks to

Re:web servers to app servers

[mirix]

They can take my static web page from my cold dead hands.

Re:

[Voyager529]

Since you imply that you still have one, I'm assuming that it's not being hosted on Geocities.

Re:web servers to app servers

[mirix]

It's on an old PIII board, sitting in the closet, running Apache 1.3, oddly enough ;)

Re:

[Annymouse Cowherd]

The PIII means you set it up recently enough that you could've had it running 2.0. Why do you do these things...

Re:

[mirix]

OpenBSD shipped with 1.x when I installed it (still does, I think), and that's what I'm running.

Re:

[Anonymous Coward]

What you're heralding is nothing short of the eradication of a publicly accessible information pool. The registered-users-only part of Web 2.0 is basically opaque to external search engines. Links are nondescript blobs - short, short-lived and with at least one redirection through a slow third party server. If Web 1.0 was a library, Web 2.0 is a shopping mall. Banter and business, but hardly any real information.

I've recently shown a friend how to set up a web page the old fashioned way, i.e. write HTML wit

Re:

[Lord Ender]

What? Using passwords is not new to web apps. Apache itself supports passwords.

And using a CMS does not mean breaking linkability. Any RESTful CMS (like wikipedia) will provide links to data. Static pages have no monopoly on this.

Re:

[Trepidity]

Wikipedia is the moral equivalent of an old-school hyperlinked body of text, though, not really a dynamic website. It happens to be served dynamically, and can be edited by users, but at any instant in time there is a static snapshot of hypertext. In fact, it could've been implemented that way--- as a bunch of static HTML files that get edited. That's in contrast to AJAXy webapps, which don't really make sense to think of as hypertext.

Re:

[Lord Ender]

Wikipedia is a web app. This disproves your claim that web apps can't be linked.

Q to the E to the D.

Re:

[Trepidity]

It isn't, though. It's just a bunch of hypertext plus a text editor.

Re:

[colinrichardday]

The day of the static web page is indeed drawing to a close. With Facebook rewriting PHP into HipHop, other middleware products becoming capable of also serving content, and the general transition to "Web 2.0", the largely static Web of the '90's is nearer than ever to its eventual end.

But some content may well be better static, such as a web version of a textbook.

Re:

[Anonymous Coward]

Yea who cares about:
- redirects
- URL remapping
- mod_php
- mod_perl
- mod_svn
- web dav
- https

Re:

[Lord Ender]

Third party mods are not part of Apache proper. The other stuff really should be done by the app, where it can be altered without HUPing any processes.

Re:

[Eil]

It seems that basic web sites made by uploading html and other files are going extinct, in favor of web apps like CMSs and blogs. As a result, the majority of the functionality provided by web servers like Apache is becoming unnecessary.

Not so. Apache is a general-purpose HTTP server. It has a lot more power and capability than what 99% of websites use it for, which is serving static content and CGI script output. There are loads of web servers that are capable of these menial tasks and they use a fraction

Re:

[tarius8105]

Apache's popularity is due to it being the swiss army knife of HTTP servers in that you can do almost anything with it. In an enterprise environment you have cookie cutter applications and then there are applications shoved down your throat that just apache handles much better. Every time I went to Apache Con I would attend the mod_rewrite lectures because its interesting to see how you can handle different unique situations with just that module.

Misleading Summary

[RoFLKOPTr]

A lot of commentors seem to think that this is the final release of Apache. It is not. This is the final release of Apache 1.3... Apache HTTP Servers 2.0 and 2.2 are still being maintained.

(As an aside, can somebody explain to me how I ended up with 15 mod points? I've never seen this before)

Re:

[philgross]

I got 10 or 15 mod points a few times. I have no idea how or why. Since the last site update, I'm getting mod points much less frequently as well, although I think my karma is the same.

Re:

[Gordonjcp]

I have (briefly) had 25 mod points, but after using a couple they dropped back to 15.

Re:Misleading Summary

[jopsen]

(As an aside, can somebody explain to me how I ended up with 15 mod points? I've never seen this before)

You probably deserve them for being as kind as to point out that the apache HTTP server isn't finished... :)

Re:

[b4dc0d3r]

I regularly get either 5 or 15, usually 15.

I think it's because I tend to comment in bursts - nothing for a week, then 2 or 3 at a time, and then only when I have something useful to say. Except for the odd sarcastic or joking comment, or if I'm heavily medicated.

Plus I don't log in all that much, so when I do I have like 3 comments all at +5, or something like that, and bingo 15 mods.

Posting anon, but if you want to look for patterns in my comments my username is b4dc0d3r. I tend to get in to conversatio

Re:Misleading Summary

[Yossarian45793]

Nice try posting anon.

Re:

[Tynin]

You've gotten better karma which gives more mod points it seems. I've been getting 15 points for some time now. Comically, I just logged in to tell you this and noticed I've gotten another allotment of points :)

Re:

[QuoteMstr]

My karma is stratospheric, but I receive mod points infrequently, and in bunches of five.

Re:Misleading Summary

[Eil]

(As an aside, can somebody explain to me how I ended up with 15 mod points? I've never seen this before)

Those are to be used for moderating all of my last month's comments +1 Insightful. CmdrTaco told me himself, so you can trust me.

Re:

[Bacon Bits]

For quite awhile I was getting 10 and 15 points, but after burning some karma defending things the SlashDot hivemind dislikes, I'm back to getting only 5. I'm glad. Now I don't feel like I'm wasting so many points all the time as even now I usually have 1-2 expire.

Will Slashdot Upgrade?

[swajr]

I wonder if slashdot is actually going to upgrade now...

Re:

[Nimey]

Dear god, I hoped you were joking.

Slashdot's running on 1.3.41.

Re:Will Slashdot Upgrade?

[joe_bruin]

Dear god, I hoped you were joking.

Slashdot's running on 1.3.41.

This was obviously a joke. Slashdot is still run by a mess of perl scripts. They've yet to drag themselves into early last decade.

Re:

[hardwarefreak]

Dear god, I hoped you were joking.

Slashdot's running on 1.3.41.

This was obviously a joke. Slashdot is still run by a mess of perl scripts. They've yet to drag themselves into early last decade.

It seems you are both correct, slashdot is hosted by Apache 1.3.41 and perl:

[12:33:43][me@me]/$ telnet www.slashdot.org 80
Trying 216.34.181.48...
Connected to www.slashdot.org.
Escape character is '^]'.
HEAD / HTTP/1.0

HTTP/1.1 301 Moved Permanently
Server: Apache/1.3.41 (Unix) mod_perl/1.31-rc4
Location: http://slashdot.org/ [slashdot.org]
Content-Type: text/html; charset=iso-8859-1
Content-Length: 297
Date: Thu, 04 Feb 2010 06:35:42 GMT
X-Varnish: 785915486 785915484
Age: 0
Connection: close

Re:

[FreakyGreenLeaky]

You mean, as opposed to a mess of ruby or python?

Re:

[icebraining]

No, as opposed to PHP! /fear

Re:

[Anonymous Coward]

What's wrong with that? The 2.x series started off badly with security vulns every other day. Even now, there's no compelling business case for sites running stable software like apache 1.3 to upgrade.

Furthermore, the sensible upgrade path is to dedicated app servers behind a light weight reverse proxy (varnish, nginx etc).

Re:

[Anonymous Coward]

Content-Type: text/html; charset=iso-8859-1

can't be more disturbing than this.

Finished???

[KlomDark]

I thought the whole point of a patchy web server was that it was never done. ;)

err, not dead yet?

[goga_russian]

Apache: releasing last version, 1.3 on death bed.
Nginx: whats apache?

Farewell

[StrifeJester]

In my early days of running servers at home I used 1.x Apache a lot, it will be missed but I must say I love 2.x releases these days and haven't seen much 1.x out there lately.

But.....

[ducomputergeek]

the real question is: Has Netcraft confirmed it?

1.3

[jjohn]

For my money, apache 1.3 is the only apache. It's extremely stable and most of the security issues have been patched. Solid, solid code and a breeze to compile.

But remember: I am a grumpy old man.

Re:

[triflemenot]

I am a grumpy old man.

I don't like new software. They haven't made anything good since about 1990.

Re:

[jrexilius]

Agreed. I have been working on upgrading for quite a while but there is one issue I haven't figured out yet:

lingerd in apache 2.2 _with_ mod_php in pref_fork (as many linux source libs used in PHP not thread-safe).

As soon as the question comes up about linger_close people say "it doesn't matter in cuz its so multi-thredded coolz" but that does no good in a PHP app server model.

Anyone know if lingerd is still needed in 2.2-pre-fork mode? Cuz I know the module has not been updated for 2 family..

Re:

[Sunnz]

I would have been in the same boat if I didn't want to use SNI with Apache 2.

Or does Apache 1.3 actually support SNI now?