Slashdot Mirror

Try this EDS solution.

He basically addresses this in the paper. Each node only knows about a couple of its neighbors, and transmits information to them.

In his example, Curious Blues and Curious Yellows eventually are battling one another for control of the entire internet. Even if this is a bit apocalyptic, it is an interesting scenario in which viral infection is a part of the internet landscape.

One angle the author did not pursue is the collaborative design and programming of a Curious Blue by the general public as opposed to by "trusted" anti-virus companies a la McAfee or Symantec. Programmers could be nominated as "committers" to the project after reaching a certain level of "trust" with the existing "committers". Sound familiar?

People could then voluntarily infect systems under their control with this version of Curious Blue. At this point, the collective expertise of the public is mobilized against this entire class of worms. As we accumulate "trusted committers" we increase the number of minds searching for ways to inoculate the general public against new strains of Curious Yellow.

Another benefit of this kind of vaccine distribution is that patches for specific security vulnerabilities can be distributed using this network. Any open source project (think OpenSSH, Apache, etc) that wants to quickly distribute urgent security updates can securely distribute and install them using this opt-in network.

There are existing software projects that could be leveraged in something like this. Each of the linux package management systems, FreeBSD's ports, Apache Gump, and CVS/Subversion each have something to contribute to this project.

Search for "throttle" on http://modules.apache.org/search

Search for "throttle" on http://modules.apache.org/search.

Sounds like a job for Cocoon, an Apache XML project which allows multiple pipelines that transform content (in XML format) that target not only different browsers, but also different serializers which can translate the XML into different file formats including HTML, WML, PDF, VRML, SVG, and VoxML.

Cocoon, with its use of XSLT to transform XML data from one format to another, does a great job of separating content from layout (and other presentation), and of allowing the site developer to tweak the presentation based on the requesting client's needs and capabilities.

Cocoon is gaining popularity, there's one book now with a couple more comining out soon (note NO affiliate info in URLs):

Use Apache! nuff said...

And the last time I checked Sun's JVM does not include an Application Server(ie like ASP.NET).

Agreed, but the openness of the language and the Java community allows for others to come up with even better solutions. Downloading the J2SE sdk and Tomcat is cheaper than buying Visual Studio .NET from a development standpoint.

I agree with your first statement, at my work though, we're all running Win2k with IE 5.5, and certainly no .NET CLR. Granted installing it is trivial, but when the number of workstations is in excess of a few thousand, this becomes a pretty big headache. Also to take note of is that if you've already got a Java devel squad, why switch to .NET? Learning C# wouldn't take that long, sure, but the entire point of .NET is that you can maintain a heterogenous project composed of different languages. If you're not taking advantage of MSIL (MSIL, bytecode, what's the difference?), then why switch to .NET? Ubiquitous runtime environment? Yeah, Java has that. Plus the JVM is ported to other platforms that .NET is not yet. Even when [if] Mono hits primetime, it will be a while until [if] they get Windows.Forms working. Slower runtime than native compiled code? Yeah, they both got that.

So while we're talking Java, where's the gain?

Hmm. I found a thread at http://www.php.net/manual/en/security.apache.php
which seems to validate your claim. However, one of the writes that one can use apache2's perchild mpm module. This seems like a pretty good solution to me. There's also mention of open_basedir.

Sound better to you?

How exactly did you go about setting this up? Can you go into details?

It's really not that difficult, if you have a good hosting setup. Our hosting system is designed to be 100% automated, all controlled from our custom written control panel.

We use Zeus' virtual server feature. Every customer has their own virtual server. In Zeus, everything is a virtual server. There is no concept of a main server like in Apache. Thus each virtual server can have its own configuration and be independently controlled.

Each virtual server can have subservers. Subservers is similar to Apache's mass virtual hosting (but better). A virtual server has a subserver directory, which is a directory full of symlinks with the name of the site hostname, pointing to the site content directory. When a customer runs out of bandwidth, we simply place a .htaccess file (Zeus mostly supports these) with a redirect line in the root of the subserver directory. Due to the directory layout, customers do not have access this directory.

If I had to set this up under Apache (ick), I would use the mass virtual hosting module. The virtual host directory would be full of symlinks with the name of the site hostname, pointing to the site content, as with Zeus. The difference with Apache is that all sites for all customers would be in one directory. Apache configuration is much more messy and not easily scriptable. To redirect the disabled sites, the symlinks would be changed to point to a different directory.

Accumulating bandwidth statistics for this can be done in different ways. We use a custom ISAPI module which sends logging info through a socket to a daemon which accumulates statistics and periodically saves them to a MySQL database. Doing a SQL query for every web request would not work.

For Apache, a similar module could probably be written. Or server logs could be processed. Logs could be written to a pipe and the process on the other end could accumulate bandwidth and other statistics (or write out logs for something like Analog to process).

A script runs from cron that processes the bandwidth statistics in the database. It updates the bandwidth counters in the database for the user, making it easy to see how much bandwidth is left from the control panel. When a customer is low or runs out, the script sends a notification email. When the customer is out of bandwidth, the script updates a table which tells the backend hosting daemon to actually disable the sites. After the customer buys more bandwidth, the script updates the table telling the daemon to enable them again.

(Hint: SQL databases are a very nice way to let daemons on different servers communicate with each other.)

So far we've completed converting 3 of our "books" from Script to DocBook. The largest book being over 175 chapters with about 600 pages. The most time consuming problem was the project requirements were that the DocBook version must look very similar to the Script version. We used the XSL stylesheets from docbook.sf.net and FOP.

Script is a formatting language (think RTF) and DocBook is a markup language. There was a lot of inconsistant formatting in the Script versions which decreased readablilty. The consistant formatting of correctly marked up DocBook is a very good thing.

I spent a lot of time customizing the XSLT stylesheets. XSLT has a nice mechanism that allows you to import and then overide parts of the imported stylesheets. This is real nice because we can upgrade the upstream style sheets without modifing our customizations. This isn't completely true if there are big structual changes to the upstream stylesheets but since our changes are in seperate files it's rather easy to refit our customizations.

We had two people working on this project. One customizing the stylesheets, me, and another who took the Script source and added DocBook tags. This worked quite well. We were commited to the project and were able to stick with it until completion. This worked very well.

I encouraged another department to give DocBook a try and this didn't work so well. They currently only publish their interal docs to HTML and their documentation source was written in HTML. For them the overhead of DocBook and their lack of desire for paper output made it not worth it for them.

Previously we could only print to paper. Now we have a single source to generate HTML, PDF, Paper (from pdf), and Windows Compiled HTML Help files (basicly HTML with extra meta info).

Some people seem to just not understand the advantages of marking up the structure of the document instead of the formatting. If you want to use DocBook because of the hype then odds are you'll piss people off in the short time, maybe long term too, by forcing it on them. If you and management understands the long term advantages of structed documentation then I really recomend DocBook.

But then I limited myself to Free Software, whereas someone willing to use non-Free software might easily find an off-the-shelf package to get around the PS/PDF hurdle.

uses Cocoon2 as a web-publication engine. The Norm Walsh xslt sheets are your best general-purpose transformation, but they sometimes choke on Xalan. This Wiki Page should clear up that problem.

One of the authors, Roy Fielding, is on the Apache Board of Directors. I haven't read the paper yet and I'm sure he can be objective, but still.

Okay, I am not familiar with the SourceCast product from CollabNet, so I can't speak to its features, and I'm talking out of my wazoo. However. Every piece of software on www.tigris.org is open source, most using the Apache license. And, while I'm sure that CollabNet is doing something really interesting to add value to the packaged-up whole that is SourceCast, I'd be willing to bet that what they are doing isn't THAT much more than building an integrated package. If anyone out there has more info, please chime in, but my bet is that SourceCast is an extremely cleanly-integrated packaging of www.tigris.org components such as Subversion, Scarab, Anzu, Eyebrowse, etc. And, frankly, those individual components look very useful in their own right. So, maybe your first project might be to find individual components that meet some of your requirements, and integrate them yourself.

To the original poster: I don't know if it could be adapted for your purposes, but you may well want to check out Forrest, at xml.apache.org. I have been examining it for my own use, and it looks like it might make a very interesting part of a distributed development framework.

Good luck, and let us know how it turns out.

Apache 2.0.43 was released also, available here, also.

Hey, it's not only the 2.0x branch that has a new version:
Apache-1.3.27
check it out!!!

Actually, you are mistaken. Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN- 2002-0840

Apache release notes here: http://www.apache.org/dist/httpd/Announcement.html

Here's the relevant doc. VERY handy.

But going to http://www.apache.org/dist/httpd/
, I read:

Apache 2.0.42 is the best available version.

So, where's 2.0.43? Or is someone reporting this too early?

But going to http://www.apache.org/dist/httpd/
, I read:

Apache 2.0.42 is the best available version.

So, where's 2.0.43? Or is someone reporting this too early?

If demon is using apache, and if they have mod_asis set up (it's in the default apache module set, IIRC), you can use as-is files. Check this page for docs on the module. Looks like it'll probably work for what you want.

Yikes! Having evaluated Google along with many other search vendors and open source search tools for the enterprise, I can say that this would be a bad idea long term. The Google search appliance:

• is closed
  
• requires an ongoing fee for no new functionality
  
• has a hard limit to the number of indexable docs
  
• can't really do anything that open source tools do

It's also specified by the Jakarta coding standards.

Use url rewriting for redirects, it saves on HTTP transactions.

Also a very addictive game called crack attack, which runs on windows and linux, and is under the GPL:
Crack Attack

Other things that you should consider include Python and PyGame (don't forget SDL as well!).

[x]Chat runs under windows (native), and is the only irc I'd consider using (beats the hell out of mirc).

Putty is an open source ssh/telnet client. Its possibly the best telnet client for use under windows. Then again, could anything be worse than C:\Windows\Telnet.exe ?

I've probably missed quite a few good ones, but these are things I seriously like.

I have read about it, twice. I've also read about a lot of other systems, this particular subject has been a bit of a passion for me.
The non-legacy support is via WebDav... essentially the same thing as FTP just over HTTP. They are not using CAP anywhere.

They are not using LDAP everywhere, either. They are storing the free/busy lists on the filesystem via WebDav or FTP, not that this info should be stored in LDAP. They are storing the user account info and the address book info in LDAP, which is as it should be. OpenCAP is storing the calendar data in a db format (looks like berkley db currently) with LDAP support for users.

You've missed the point of my post. It's soley about the calendaring. I think you'll find that I agree very much with their choice of Cyrus and OpenLDAP. I also find the reason for their choices for a "quick and dirty, works with today's client's" acceptable for the interim. As I said, "It's a nice start.".

What it is not, is an "Exchange Killer", nor will it be till it supports CAP with a design like that of OpenCAP. Essentially you need to integrate:

an MTA: preferably Sendmail, due to extensive LDAP and TLS support
Cyrus IMAP: for POP3/IMAP/NNTP gateway, cyrus uses SASL and LDAP allowing integration
OpenLDAP: user accounts, address book, sendmail routing info, alias lists, etc.
OpenCAP: real-time shared calendaring
Apache + WebDav + IMAP gateway: shared web folders.

You could use subversion with IMAP gateway capabilities to provide a common storage.

I would also like to see an indexing engine like Lucene which can be extended to index multiple sources and types.

Now throw a web front end for user and a single way to configure all the integrated components and you can replace Exchange and/or Notes.

I'd personally like to see the admin and user frontends done in J2EE on JBoss so that you would have a sort of development platform (like Outlook + Exchange is) that businesses would be really keen to jump on. If you know anything about JBoss, think of MBean's providing gateway services from the backend servers and then providing abstracted and federated API level access to them via CORBA, SOAP , RMI, JMS, etc.

If OpenCAP is as good as Sendmail, JBoss, OpenLDAP and Cyrus, then my proposal should be scalable enough for the largest enterprise. It would also have the integration, security, developement and integration potential to attract the largest of corporate messaging users. The users who didn't need these, high-end features would just get a great messaging system that would grow with their organization.

What BS. No moderation necessary.

From Bugtraq:

Apache AND Tomcat - All Versions - 51 combined (18 Tomcat / 33 Apache )

IIS - All Versions - 102

Microsoft products DO suck.

And there's this:

"The Apache Tomcat Team announces the immediate availability of new releases which include a fix to the invoker servlet.
Binary and source distributions for Apache Tomcat 4.1.12 Stable are available here.
Binary and source distributions for Apache Tomcat 4.0.5 are available here."

How long would MS have you wait before a fix? Hell, before even _telling_ you if they had their way and it wasn't uncovered by a third-party?

Still, this news item _should_ have been on the front page. ;)

LEXX

What BS. No moderation necessary.

From Bugtraq:

Apache AND Tomcat - All Versions - 51 combined (18 Tomcat / 33 Apache )

IIS - All Versions - 102

Microsoft products DO suck.

And there's this:

"The Apache Tomcat Team announces the immediate availability of new releases which include a fix to the invoker servlet.
Binary and source distributions for Apache Tomcat 4.1.12 Stable are available here.
Binary and source distributions for Apache Tomcat 4.0.5 are available here."

How long would MS have you wait before a fix? Hell, before even _telling_ you if they had their way and it wasn't uncovered by a third-party?

Still, this news item _should_ have been on the front page. ;)

LEXX

We will outsmart OpenSource....

Read as:

We will outsmart, PHP, Perl, MySQL, OpenMosix, Apache, Audacity, Crystal Space, MiKTeX, SDL, Vega Strike, X-Tractor, FileZilla, ... (yes most of this also runs, if not exclusively, on windoze).

Or:

We will outsmart freedom and choice.

Somehow, I don't see it. Then again, a lot of money can buy a lot of laws....

As an author take a template and fill in the bits of information to create an html page. Then have that data propagated to a similar template for a pdf, word doc, etc.

Why can't WebDAV be the standard? From what I have seen WebDAV has a lot of the needed functionaility for a CMS. Jakarta Slide (Open Source Java CMS) is implementing WebDAV as their foundation.

Netware 6.0 comes with Apache 1.3 out of the box. In order to install Apache 2.0, you must follow strict instructions that explicitly warn you that the 2.0 code for Netware is highly experimental:

"Due to the fact that Apache 2.0 for NetWare has not received the same level of testing as on other platforms, the binaries for Apache 2.0 have been made available for testing purposes only. We DO NOT recommend that Apache 2.0 for NetWare be used in a production environment at this point."

See this for reference.

-bk

I have had a few false positives, but that's probably because I've not gone back and rebuilt my corpus since debugging...I'm very pleased with the results so far...

This is not really a good way to test, as there are numerous ways to mask the Server-Software. In Apache this is easily done by setting ServerTokens Prod in httpd.conf. Actually, any setting other than Full will also hide this information.

To find out if/what-version-of openssl is installed on your system, try this:


[17:24:33 root@lunix /root]# find / -name openssl
/usr/local/ssl/bin/openssl
[17:26:48 root@lunix /root]# /usr/local/ssl/bin/openssl
OpenSSL> version
OpenSSL 0.9.6d 9 May 2002
OpenSSL>


If you see something like the above, you need to upgrade.

I recommend httperf and http_load for banging on lists of URLs really hard. At one place I worked, one of our developers rigged up some shell scripts that would play back log files through httperf and that worked pretty well.

If you want to record browser sessions for testing specific paths through the site, look at http-recorder or roboweb. There's also webchatpp, HTTP::WebTest, and HTTP::MonkeyWrench on CPAN. More info on this can be found on the mod_perl mailing list or on PerlMonks.

Both Cactus and HttpUnit allow you to do unit tests on web components. Both are extensions of JUnit. Cactus allows you to do unit tests of servlets and JSPs, while HttpUnit allows for unit tests of the resulting HTML code. (Cactus also integrates HttpUnit to a certain degree.)

Obviously, these tools are targeted at Java development. I have less experience with HttpUnit than with Cactus, but I imagine it could be used as a general test suite.

It's exactly what I am doing using Java implementation of XML-FOP. Check Apache FOP. By the way it is free :)

The other free PDF libraries are available for Common Lisp, Python, C

Conclusion: I know what I am talking about. But I am not that "expert" as you may think about me. Here is an example of what real experts are saying:

It is practically impossible to teach good programming to students that have had a prior exposure to BASIC: as potential programmers they are mentally mutilated beyond hope of regeneration.

Will you argue with Dijkstra? I won't. Although he is talking about myself as well - I am poisoned with PHP experience as you do. I just aware of that fact and you don't.

It must be my ServerTokens setting. :)

does anyone know a webdav server for free ?

Yeah, there's an obscure one that you probably haven't heard of.

when distros will start shipping 2.0 as standard, everyone will "just use" it.

<wear suit="flame resistant">
I don't think that "everyone" is the best word to use here. Most real unix sys-admins I know won't touch rpm's for things like Apache, OpenSSL, Postfix, etc. They build them from scratch in order to have more control over their servers. Typically unix sys-admin's like control. Thus they use unix not that other borg like OS. So, I agree that more people will use Apache 2.0 when distro's include it. But that is not the major reason people are not using it.
</wear>

BTW: One great reason to use Apache 2 is that mod_proxy is much faster and works better. From some reports I have read it is now a better way to go than mod_jk.

Go download yourself a copy of
Apache 2
JBoss 3.0.2 with Jetty
XDoclet

Use mod_proxy to connect Apache and JBoss/Jetty. Use XDoclet to write your code for you. And now you are an Enterprise Application developer. Have fun! Try not to spill anything.

Let's clear up a few things. Yes, PHP support has been somewhat slow in coming, but the main reason is that there is very little motivation for us to rush to support it. This is because most of us really don't see the advantage of 2.0 yet. The threaded mpms don't work at all on FreeBSD due to bugs in the FreeBSD kernel threading code. These are fixed in FreeBSD's CVS, but are not in any released version as far as I know. Also, as was mentioned, PHP itself is threadsafe, for the parts that count anyway, but what about the 100-150 different libraries that PHP can link against? We know some of these are not threadsafe. We also think we know that a number of them are threadsafe. The rest, who knows. Do you want to be the first to discover that a certain library is not threadsafe? Thread safety issues don't tend to show up until you start banging at the server with production-level load. And the errors can be quite subtle and random in nature. These are not PHP libraries we are talking about. These are things like libgd, freetype, libc, libm, libcrypt, libnsf.

Of course, if you run the non-threaded pre-fork mpm, it should be ok. But really, what is the point then? That's why PHP support has been slow going. We develop stuff because we need it ourselves for something. Right now spending a lot of energy on supporting Apache 2 seems somewhat futile. What we need here is a concentrated effort on the part of many different projects to pool their knowledge and generally improve the thread safetyness of all common libraries. I have written a summary and started this work here:

Thread Safety Issues

I would very much appreciate comments and additions to this. I don't think Apache 2.0 is dead in the water, it just needs better overall infrastructure in terms of non-buggy kernels and a push to make all libraries threadsafe before it can really become a viable solution for sites needing dynamic content.

Or, alternatively, we might start pushing the FastCGI architecture more to separate the Apache process-model from the PHP one.

Apache 1.x has a big problem when it comes to dynamic/updating data in shared hosting environments: security, or lack thereof.

All php, mod_perl, (and pretty much anything except suexec cgi) based pages are run as the same uid/gid as the apache server. Everything your scripts have read/write access to, so does everyone else on the same machine.

So, for instance, if your database passwords are in a php script, or a file that a your php script reads, the webserver must have read access to that data in order for it to work. Since everyone else's scripts also run with the webserver uid/gid, they also have read access to your database username/password info, and can therefore connect to your database, and do all the damage they want.

To address this problem, Apache 2 has the perchild MPM which allows a virtual host to have it's own process fork, uid/gid, and thread pool. Unfortunately, the perchild MPM is not presently stable.

With that being unstable, and php and mod_perl also being "experimental", Apache 2 doesn't really offer an advantage over 1.3 yet. ...But don't be so certain that Apache 1.x "ain't broken".

Why switch ?

1.Your site has started to receive more traffic maybe and you want a more scalable server.

2.You are running your site on operating systems other than Unix and want to see better performance maybe?

3.Make use of the new Module Enhancements ?

Check out this page for a complete list

Isn't mod_deflate similar in function to mod_gzip? I have not tried it yet, but it seems to play the same role.
PHP support seems to be somewhat stable on apache2 using the prefork mpm. The threaded mpm's don't work on FreeBSD, so I didn't really have a choice.
The preformance seems to be pretty good after I removed the unneeded modules. --Matt

The official announcement of this release can be found here.

Apache 2.0.40 was released August 9th, fixing the hole. You can read the advisory, but you should have upgraded already. The real news is that many Apache web servers are still unpatched. Won't admin's ever learn?

Here is the best way to secure IIS. Go here and dowload the win32 version of apache. Edit the config files and reboot. Problem solved.

If you want to write fast perl on apache, or write Apache modules in C, get "Writing Apache Modules with Perl and C" by Lincoln Stein, Doug MacEachern.

However, wait for version 2 unless you can beg, borrow or steal it, 'cos despite the review above, I reckon quite a few things might change.

Also check out perl.apache.org, especially the mod_perl guide.

If you want to write fast perl on apache, or write Apache modules in C, get "Writing Apache Modules with Perl and C" by Lincoln Stein, Doug MacEachern.

However, wait for version 2 unless you can beg, borrow or steal it, 'cos despite the review above, I reckon quite a few things might change.

Also check out perl.apache.org, especially the mod_perl guide.

Info like: What is the equivalent of a Struts Model-2 architecture in the dotnet world? Or more specifically, do the C# APIs provide something similar.

http://www.tricker.net/