Slashdot Mirror

Sometimes I really hate comments like this. Just how heavy to you think Apache is? With PHP/Perl/Python/Kitchensink support loaded in, sure.

Try loading Apache with just the barest essentials of modules (core functionality in Apache 2). The resource footprint ain't very big. Also, in terms of speed, Apache 2 can use the sendfile(...) API, memory map resources, and mod_cache if you load in support for it. In this configuration, you can easily saturate a gigabit ethernet connection. So unless you've got a gigabit internet pipe, use of thttpd vs. Apache is a moot point.

And besides, if raw web file serving performance is your goal, your script algorithms, internal caching model and judicious use of reverse proxies will make far bigger differences than your choice of web server.

Now then, on to WebDAV. Your comment, "Are there any small, light tools that will just do WebDAV and nothing else, that I can add to my setup?" belies a fundamental ignorance of what WebDAV is. It's an HTTP layer for file handling. By definition, anything that "will just do WebDAV" will need to be a web server. Subversion has it's own transport, but prefers the use of Apache for access to its version control repository. Why? Because Apache handles HTTP well. Why reinvent the wheel?

So in summary, in order to use thttpd with WebDAV, you would need to use thttpd as a proxy to another web server that also handles WebDAV, or you can get someone to write extensions to thttpd so that the WebDAV HTTP extensions PUT, DELETE, MOVE, PROPFIND, LOCK/UNLOCK, etc. are implemented correctly. Of course you would just be rewriting Apache+mod_dav, but suit yourself.

Sometimes I really hate comments like this. Just how heavy to you think Apache is? With PHP/Perl/Python/Kitchensink support loaded in, sure.

Try loading Apache with just the barest essentials of modules (core functionality in Apache 2). The resource footprint ain't very big. Also, in terms of speed, Apache 2 can use the sendfile(...) API, memory map resources, and mod_cache if you load in support for it. In this configuration, you can easily saturate a gigabit ethernet connection. So unless you've got a gigabit internet pipe, use of thttpd vs. Apache is a moot point.

And besides, if raw web file serving performance is your goal, your script algorithms, internal caching model and judicious use of reverse proxies will make far bigger differences than your choice of web server.

Now then, on to WebDAV. Your comment, "Are there any small, light tools that will just do WebDAV and nothing else, that I can add to my setup?" belies a fundamental ignorance of what WebDAV is. It's an HTTP layer for file handling. By definition, anything that "will just do WebDAV" will need to be a web server. Subversion has it's own transport, but prefers the use of Apache for access to its version control repository. Why? Because Apache handles HTTP well. Why reinvent the wheel?

So in summary, in order to use thttpd with WebDAV, you would need to use thttpd as a proxy to another web server that also handles WebDAV, or you can get someone to write extensions to thttpd so that the WebDAV HTTP extensions PUT, DELETE, MOVE, PROPFIND, LOCK/UNLOCK, etc. are implemented correctly. Of course you would just be rewriting Apache+mod_dav, but suit yourself.

In order for mod_dav to manage files, it must be able to write to the directories and files under its control using the User and Group under which Apache is running. New files created will also be owned by this User and Group.

Another possible denial-of-service attack involves a client simply filling up all available disk space with many large files. There is no direct way to prevent this in Apache, so you should avoid giving DAV access to untrusted users.

I dont disagree, I will just point out that people are trying to get everything to work. Look at the kaffe gump stats to see how it is faring. There are problems bootstrapping ant; more diags are being added to things to track them down. Once Ant is booting, more stuff will follow.

This month's meeting at my local Java user's group there was an impressive demo on Ruby on Rails. The presenter built a blogging application live in front of the group, literally in 10 minutes or so. Prior to this demo I had pretty much written Ruby off "just another alternative to perl or python" but I have to say that Rails looks really impressive, enough so that I'm taking a closer look at Ruby.

One of the guys in our user's group, Chris Nelson, is building a similar framework for Java - called Trails. He also built a blogging application live during the meeting. It took him a bit longer - perhaps 15-20 minutes. It was impressive as well, although I will say that for Trails you need to know a fair amount about Hibernate and Tapestry. Realize that he's been working on this only for a few months and suddenly you see that this work is very impressive too.

Anyone interested in developing web apps might want to check these projects out - very impressive stuff!

you try finding every hole in millions of lines of code

That would be a hell of a lot easier to do if I had access to the code.
Lots of people do it constantly!

Like strong Java OOD/OOP*. Like JDBC for database access that beats all other database abstraction layers I have seen. What about a lot of mature libraries and frameworks that make MVC2** application much easier. Ability to reuse your code in dekstop applications. And many more.

* Object Oriented Design/Programming
** Model-View-Controller 2 app architecture

--Coder

The second sentence at the Java Servlet Technology page (linked from the first sentence of the Jakarta Site - Apache Jakarta Tomcat page, the link I gave you, repeating the link from the second sentence of the book review) says "A servlet can almost be thought of as an applet that runs on the server side--without a face." Maybe you're not so much lazy as bad at reading. You can't pull this off, but people offer you help anyway, which you take as flames. Boy, you've got a lot to learn.

Tomcat is many things:

• an open-source servlet container developed by the Apache Foundation
• the reference implementation for the Java servlet specification
• a container for JavaServer Pages
• a standalone web server
• an add-on for Apache and other web servers

The key is understanding what a servlet is. A servlet is an instance of a Java class that is invoked in response to an HTTP request. In other words, it's custom Java code for handling and responding to HTTP request by web browsers and other clients. Think the Java equivalent of CGI applications. If you like Java, servlets (and the JSP technology that is built on top of them -- JSP pages compile into servlets) are a nice way to build dynamic websites.

You can use Tomcat in standalone mode or by hooking it up to a web server like Apache -- it ships with a module for the latter that directs servlet requests from Apache to Tomcat and back.

It's getting easier to find hosting services that offer servlet support, and they usually run Tomcat to do it. Personally, I use KGB Internet, but check the list of servlet ISPs for other alternatives.

Wait a second.... you had trouble setting it up? Should have taken a second. You download it, extract it, install it,or compile it. Then run the little startup.sh or startup.bat. Goto http://localhost:8080 and pretty much everything else is done through a web interface (assuming you added an administrator to the user xml file). From the web interface just add your War and whatever other little things you need to do. I semi-simplified the process, but it is anything but complicated. Involved perhaps, but its a great server with an almost flawless security history and performs really well. This may help.
Regards,
Steve

Click on the "Tomcat project's Web site" link in the second sentence of the "rest of the review". We can't click for you. But be advised, if you have to ask these lazy questions, you probably can't program a Tomcat app, no matter what it does.

Tomcat is a Java servlet container--that is--basically a web server that serves up Java servlets, JavaServer Pages, etc.

It can run standalone and also serve static files such as HTML pages/graphics, etc., or it can be configured to stand behind a web server such as Apache and only handle the servlet and JSP requests that are passed to it.

Tomcat is itself written in Java and is, of course ;) open source. See more at http://jakarta.apache.org/tomcat/index.html.

Tomcat is a software project to implement the Java Servlet specification. It's developed by the Apache group.

It lets you deploy your Java Servlets and JSP pages, among other things.

IIRC Lookout uses Lucene (or, more accurately) the .net port), so I guess this is a victory for free software,

It's also worth looking at Beagle, a similar project for Gnome using lucene.

Congratulations to the Lucene developers. Taking over the desktop :-)

Jmeter is pretty nice as well.

There is a reason why this is a specialty. There isn't a clear answer.

The answer depends on many factors such as:
- how heavy are the pages (many pictures?)
- what's the platform (Lamp/J2EE/etc....)
- how is the usage?, if someone gives you a figure for concurrent users, ask yourself what they mean by that. Some apps have users contstantly submitting, others once in a few minutes
- how are they connected? Reverse proxy can really help for slow connections!
- if you have performance problems, investigate where the pain really is. Is it the (R)DBMS, or the app server, memory IO.
- etc. etc.

Most of all: test! Get something like grinder, or opensta and put some serious load and stress on the setup. See where it hurts.
Make sure that if you have a problem, you actually fix the right problem. It is ok to add hardware, but you have to know what hardware to get.
Also many problems can be handled by configuration, such as preventing the system to come to crashing halt by limiting the amount of connections to the amount you can handle.

Look overhere Perl strategy doc It has some good advice that will help you also in non perl environments.

I'm the maintainer of the Apache Axis security doc, so if you have any input there, I'd be grateful. We try and be paranoid, but are probably not devious enough.

About the data driven graphs and SVG: Maybe you know about it, but just in case...
You don't need to wait for the browsers to support SVG if what you want is to display a static image. SVG can be converted directly to JPG or PNG before being send to the client. Batik is an apache probject to do that, and it is integrated very nicely into cocoon.
In cocoon, you'd just add a line to your XML transformation pipeline to ask for the result of your SVG transformation to be serialized to JPG instead of being sent directly as XML

It's not perfect, as the small SVG sizes make for nice web traffic ... but I've done some server-side transcoding of SVG to JPG using Batik and it turned out ok.

This allows you to keep nice scalable SVG data on the server and only send the rasterized version for what is needed. The upside is that customers don't need any plugin ... the downsides are that you remove any chance of SVG interactivity (as you're flattening it into a single image) and you have to spend CPU time rasterizing each time (unless you get a lot of repeat views of the same thing, in which case you could build a smart caching mechanism)

Will someone please tell the mainstream media that blogs and "the media" are not the same, are not trying to be the same, and will never be the same.

You see, they are different. (I feel like I'm a primary school teacher here.)

Blogs are one person's perspective on the news and can be a great way to watchdog the media - as many posters here have surgested. This isn't trying to uproot the main media becasue the main media currently doesn't have anything like this. (Retractions? No need to retract, we'll just hope no one notices.

Blogs can also be great grassroots news sources. You wouldn't hear about the Election from a blog and that's why I didn't write about it in mine - everybody already knows from the media! But, as we saw during the invasion of Bagdad (someone else google for the Bagdad Blogger - I'm too tired right now) and post 911 NY, blogs can be great grassroots sources, picking up stories which are later picked up and expanded upon by the media. Again, the media has no equivilent to this and shouldn't feel threatened by it.

What about project blogs? These are different again! CNN wouldnt carry a story about the latest version of Apache - why would they! ("Yeah but we survived before all these fancy "project logs" came about". Really? Guess which famous project blog this quote came from: ... register online prior to the conference and save US$100 on the full conference...). Essential infomation - if you're interested in it. So this is another kind of blog again.

Finally (and this is what *really* annoys me) there are personal blogs. These are personal and should NOT be confused with the above two. (It's not the personal blogs that annoy me, its that people group the two and critisize them as one entity when they are different.) Sometimes a personal blog can oscilate between the other categories, but personal blogs are great ways to keep in touch with family and friends. It's easier than email, more public, and less intrusive. (I live 6000 miles away from most of my friends because I'm a TCK and believe me, it is useful.) So what that they're just complaining about who they're crushing on - thats the kind of stuff I want to know. But not all blogs are personal and have this kind of infomation. "95% of the blogs out there are these little high schoolers writing their journal online" is a valid critisicm of blogging in exactly the same way that saying "95% of the websites out there are porn, personal homepages of highschool drama queens, and spam campaigns. Therefore its all useless". The statistics may be true but I still find the website of my best friend pretty useful, and BBC.co.uk too.

Something to think about...

Daniel

Beagle uses a new kernel feature called inotify which triggers an event any time a file is created or moved etc. Beagle watches for these events and reindexes files straight away, if needed.

In terms of the actual indexing, Beagle uses a C# version of Lucene which is designed for speedy searching.

This license resembles the Sender-ID license and therefor makes Open Source implementations with this license very dificult. Please read the Apache Software Foundation's position regarding sender ID. Lawrence Rosen states:

The open source development and distribution process works as well as it does because everyone treats open source licenses as sublicenseable, and most of them are expressly so. Open source licenses contemplate that anyone who receives the software under license may himself or herself become a contributor or distributor. Software freedom is inherited by downstream sublicensees. Meanwhile, the Microsoft Sender ID patent license continues the convenient fiction that there are "End Users" (S1.5) who receive limited rights.

And then:

The "nontransferable, non-sublicenseable" language in their reciprocal patent license (S2.3) also imposes an impossible administrative burden on the open source development community and, in essence, creates additional downstream patent licenses that will be incompatible with the AFL/OSL and similar open source licenses, and with the open source development process.

He continues:

The scope of the patent license is limited to compliant implementations. This is incompatible with the broad grant of open source licenses to create any derivative work whatsoever. In addition, as Internet software is often non-compliant for many possible different reasons, this would restrict the use of Sender ID unacceptably. In addition:

• Measurement of compliance is a problem.
• If compliance is needed to get a license, then it's a problem. If compliance is not needed to get a license, then the clause should just be dropped.
• Full compliance might be difficult to achieve for technical or resource reasons.
• Obvious extensions (many already under discussion) could be subject to unknown additional patents.
• Accepted best practices often exceed or conflict with compliance for Internet standards.

3.2 Patent License. To the extent Microsoft has Necessary Claims, Microsoft hereby grants You a nonexclusive, royalty-free, non-sublicenseable, personal, worldwide license under those Necessary Claims to use the Technical Documentation for the Licensed Protocols to:

(a) make, use, import, offer to sell, sell and distribute directly or indirectly to end users, object code versions of Licensed Implementations only as incorporated into Licensed Products and solely for the purpose of conforming with the Protocol as described in the corresponding Technical Documentation, and

Due to the similairities of the Sender ID license and this license I think, Open Source may never be able to live up to the requirements of this license. If it doesn't, it might not necessarily be at risk for litigation over whatever rights Microsoft might have, but Microsoft definitely gains the selling point of having legally unencombered implementations while Open Source has none.

As I said, IANAL. Maybe someone with more legal knowledge can comment on this subject. I hope I'm wrong.

Also, there is the Java-based Batik toolkit for displaying, manipulating, and transcoding SVG images. It can be used for converting SVG images into jpegs, etc. You might want to give ImageMagick a go; I'm not sure if it supports SVG.

This is very true. Sitting across the room from me, I have a 333 MHz Celeron (Pentium III version). It isn't really suited to using as a desktop system, so I have Apache and Music Player Daemon on it. With Apache I can serve up a small website or develop it from any computer on my network, and MPD lets me play music and control it from anywhere in the house. It's also just nice to be able to SSH home from school.

Old computers rock.

You can easily turn that off.

Cough.

No one uses Apache 2 in production. I guess all those sites don't have a clue about security.

FUD.

mod_defalte does GZIP encoding, and comes with the Apache 2.0 core:
http://httpd.apache.org/docs-2.0/mod/mod_deflate.h tml

Not to say that justifies it, but this is just one bugfix. I hope people maintaining servers running Apache don't rely on Slashdot to inform them of this bug. This seems more an issue for a mailing list.

Have any of these webmasters heard of stress testing tools? Finding database connection errors could be a lot easier than directing a large community to click a link.

Apache Bench (ab)

Apache Flood

Jakarta JMeter

Microsoft WAST

Have any of these webmasters heard of stress testing tools? Finding database connection errors could be a lot easier than directing a large community to click a link.

Apache Bench (ab)

Apache Flood

Jakarta JMeter

Microsoft WAST

Have any of these webmasters heard of stress testing tools? Finding database connection errors could be a lot easier than directing a large community to click a link.

Apache Bench (ab)

Apache Flood

Jakarta JMeter

Microsoft WAST

explanation in plain english

Cloudscape is a long way down the dependency graph, and you shouldnt expect it for a while. We need to get ant to boot first, which is seemingly a compiler problem.

A no-fee patent in exchange for BSD licensing sounds like a fair compromise to me.

It does? Sounds like a terrible deal to me, given that there are other options -- including the already-implemented SPF -- that don't require any patents at all.

Is this actually the case or are you speculating?

Assuming MS is offering the same licensing terms they were before, it's really the case. See Larry Rosen's analysis is included in the Apache Foundations position.

> What reason would Apache have to do anything with Sender-ID?

Perhaps because of SpamAssassin?

Quoting ASF:

Flexible: SpamAssassin encapsulates its logic in a well-designed, abstract API so it can be integrated anywhere in the email stream. The Mail::SpamAssassin classes can be used on a wide variety of email systems including procmail, sendmail, Postfix, qmail, and many others.

Since SpamAssassin is not limited to only one MTA and its purpose is to filter spam, the Apache Software Foundation needs to ensure proper domain validation is performed.

No matter how you cut the vulnerabilities in Win2K3 some of the vulnerabilities are definitely part of IIS 6.0. However I don't believe for a second that Microsoft is reporting all security problems, such as this problem that M$ still hasn't acknowledged.

The Apache group is much more forthcoming about security problems and I don't trust Windows as a server platform.

Good question. 1.3.32 is licenced under the 2.0 license: http://www.apache.org/licenses/LICENSE-2.0.txt

But what are these alternatives you mention that are so much better suited for every possible scenario?

There is, of course, no tool that meets the needs of every possible scenario. Instead, there are tools that meet the needs of common scenarios. Most of what MySQL is being (improperly) used for could be easily replaced with PostgreSQL. Postgres offer similar performance, but takes a minor hit for data integrity. As a bonus, you gain sub-selects, stored procedures, SQL-92 compliance, and other features of a "real" SQL database.

MySQL is quite decent for something like a blog, but why even bother with a complete server in those cases? An embedded database such as Berkeley DB or HSQL (formerly Hypersonic) would provide better performance and would get rid of security issues inherent in running a complete database server.

In still other instances, SQL databases are misused for large object data storage. In many of these instances, an Object Database such as ObjectStore (or your favorite open source choice of the 1000+ options) will provide better performance, without sacrificing much in the way of database management. (Standard database management tools are usually insufficient for dealing with databases containing large amounts of LOBs.)

Basically, the choice in database and database technology should be carefully weighed against the application instead of saying "I know SQL and MySQL is 1337!"

Some other database options include:

DaffodilDB
SAP DB
FireBird DB
Cloudscape (Soon to be open source)
Xindice (XML Database)
ObjectDB
DB4O
Prevayler

I seem to be wrong. Acording to this there IS a "Bayesian learner" in SpamAssassin now. I'll have to try it out

I found everything I needed to create a streaming jukebox-like server in the open source world. I use Apache + mod_musicindex to provide an acceptable user interface. The music is streamed via Icecast. For ripping on the Windows side I prefer Audiograbber because it will rip directly to ogg. It's not opensource, but it is freeware.

The interface provided by mod_musicindex could use some improvement, but is friendly enough to use and allows for playing or shuffling everything, by artist, and by album, as well as custom playlists. Since it is opensource, I could always tweak the parts of the interface I dislike, but it's not such a big deal that I have bothered.

I can access my music from any computer with a decent player (e.g. winamp 5 on a Windows box), so I can listen to my entire collection (that I've ripped) from work (yes, I have enough bandwidth). To keep the the RIAA off my back, access from outside my home network requires a username and password.

Unfortunately, this solution isn't possible for someone unfamiliar with Linux and Apache. Plus, Icecast can be a bitch to configure properly.

It would be cool if you could put txts and docs into a special folder acessible to the outside world.

Gee, if only someone could make some kind of program that could make files on your computer accessible to the outside world.

Use XSLT to transform your XML to DocBook, then use DocBook XSL to convert to XSL-FO, then Apache FOP to generate a PDF.

Alternatively, skip the DocBook step and transform straight to XSL-FO.

4758 Secure Coprocessor Driver for Linux
This project is a Linux device driver for the IBM 4758 PCI Cryptographic Coprocessor, which is a tamper-sensing and responding, programmable PCI card. It provides a highly secure subsystem in which data processing and cryptography can be performed.

ATM on Linux
ATM support for Linux is currently in pre-alpha stage. There is an experimental release, which supports raw ATM connections (PVCs and SVCs), IP over ATM, LAN emulation, MPOA, Arequipa, and some other goodies.

Abstract Machine Test Utility (AMTU) for Linux
Abstract Machine Test Utility (AMTU) is an administrative utility that checks whether the underlying protection mechanism of the hardware is being enforced. This is a requirement of the Controlled Access Protection Profile (CAPP) FTP_AMT.1.

Ananas Project: Summary
This is the source for Working XML, a column on developerWorks with companion project code that demonstrates the evolution of full-fledged XML applications. This is distributed under the artistic license.

Apache HTTP Server
The Apache project develops and maintains an open-source HTTP server for various modern desktop and server operating systems.

BlueHoc simulator
BlueHoc is a tool that predicts the performance of Bluetooth wireless hardware technologies. BlueHoc simulates the baseband and link layers of the Bluetooth specification.

COIN (Common Optimization INterface)
Developers can use Common Optimization INterface (COIN) to build optimization solutions. IBM mathematical optimization researchers opened the code they use in finding the optimal allocation of limited resources. The code has many applications in a variety of industries.

Channel Bonding
The Channel Bonding project works on methods to join multiple networks on Linux into a single logical network with higher bandwidth. The project team works with the Beowulf Ethernet Channel Bonding project, where bonding work began.

Consensus prototype
Consensus is a joint European project carried out by six companies. The project is partially funded by the European Commission. The project goal is to provide technology to support single-authoring for mobile devices. developerWorks hosts the open source implementation developed by the Consortium. Detailed information about the project is at the Consensus Project home page (http://www.consensus-online.org).

Content Query System (CQS) Project: Summary
Content Query System (CQS). CQS is a distributed peer-to-peer query system for the purpose of discovering content or data. XML messages are passed between systems and query "engines" are used to access the data that is being made available on the system.

Crypto Accelerator Driver
Device Driver Support for the IBM eServer Cryptographic Accelerator.

Crypto Interface Library
Generalized Interface library for the IBM eServer Cryptographic Accelerator Device Driver. Note, this is a low level api for the Specified adapter, it is not intended to be an interface which is written to by applications. Applications should use the openCryptoki PKCS#11 api for interfacing to the token.

Dynamic Probe Class Library (DPCL)
DPCL is an object-based C++ class library that allows tool developers and sophisticated tool users to build parallel and serial tools using a technology called dynamic instrumentation.

Embedded IBM PowerPC 4xx Linux Support
This project contains packages which enable adding support for IBM PowerPC 4xx Embedded Processors to

<a href="http://xml.apache.org/fop/">Apache's Formatting Objects Processor</a>
<a href="http://www.cranesoftwrights.com/training/">C rane Softwrights</a> has a book

Apache's Formatting Objects Processor
Crane Softwrights has a book

<URL:http://xml.apache.org/fop/>
<URL:http://www. cranesoftwrights.com/training/>

http://xml.apache.org/fop/
http://www.cranesoftwrights.com/training/

<a href="http://xml.apache.org/fop/">Apache's Formatting Objects Processor</a>
<a href="http://www.cranesoftwrights.com/training/">C rane Softwrights</a> has a book

Apache's Formatting Objects Processor
Crane Softwrights has a book

<URL:http://xml.apache.org/fop/>
<URL:http://www. cranesoftwrights.com/training/>

http://xml.apache.org/fop/
http://www.cranesoftwrights.com/training/

While its support might not be complete (http://xml.apache.org/fop/output.html#ps) Apache FOP can also render into postscript. The advantage of XML-FO, while it hasn't been very well received, is it tries to be sufficiently expressive to support any number of output types from print (PDF, PS, RDF, etc) to graphics (SVG).

Apache FOP Homepage

Very powerful if you ask me. I used it on a project back in 2000-2001 and was pleased with how it turned out at the time. I'm sure the current product is much, much, better than it was back then.

I have a similiar problem I solve through the use of XSLT and XSL-FO. Use XSLT to transform the XML into XSL-FO. Then, use Apache FOP to render the XSL-FO into PDF.

Another variation is to transform your XML into an HTML subset, then use a standard XSLT to transform the HTML into XSL-FO. A similiar technique is used by Aurigadoc to create all sorts of output formats using an XML source.

The obvious thing to try then is to set up Apache (or Squid, or similar software) running as a reverse proxy on that machine.

The first thing I did when finding out about this tool was to install it on a Windows machine with a couple of Samba mounted network drives (I'm hoping that it will index the content of these drives, but I can't tell yet), then set up Apache as a reverse proxy to provide the indexed material as a URL that would be widely accessible on the local LAN.

So far I can't quite get it to work -- I can connect from another computer (a Mac running Safari), but first I get complaints about running the wrong browser, and then I get errors about invalid URLs that apparently aren't being passed through.

Still though, it seems certain that this should be doable, and if it can be done, this would beat the living snot out of my company's current ht://Dig based search engine.

Google is right to make this tool inaccessible from non-localhost access -- the average home user does not need to have the contents of their hard drive set up with an easy to browse, globally accessible search interface. And I can see where Google wouldn't want this to work on LANs either -- it would cut into their business of selling search appliances. But come on, this is right on the cusp of working as it is, and it's only in beta. If Google doesn't provide a way to turn on access for local (e.g. 192.168.x.x) addresses, I'm sure that Apache or something like it can be configured to do this.