Slashdot Mirror

I wonder if PHP has the same problem we do in Hadoop-land... the lack of enough qualified security people interested enough in a project to actually review code. For example, I'd love for someone with a clue to review Alfredo ( http://cloudera.github.com/alfredo/docs/latest/index.html ) before we build a dependency on it ( https://issues.apache.org/jira/browse/HADOOP-7119 ) . But it seems as though getting the right people involved is extremely difficult. :(

That's not very accurate. MSVC supports half of C++0x at best. Mainly the stuff that's easy to implement. http://wiki.apache.org/stdcxx/C%2B%2B0xCompilerSupport

Xcode is still GCC 4.2. MSVC 10 has most of the nice features of C++11:

http://wiki.apache.org/stdcxx/C++0xCompilerSupport

Thanks. It is suggested here that "Multi-master replication" is not supported, which is what CouchDB excels at.
    http://wiki.postgresql.org/wiki/Binary_Replication_Tutorial

Contrast with what is easy in that regard for CouchDB:
  http://wiki.apache.org/couchdb/Replication

Anyway, everything has strengths and weaknesses in different situations. But in general, I agree SQL systems can do a lot as a mature technology, and maybe more than some NoSQL advocates understand or are willing to admit.

As in the book, Data & Reality, it can be pretty hard to model data well. Every model make simplifications of reality, and sometimes we find out the choice of simplification was not a good one, especially if needs change. But I also agree with you that good tools can make that easier to handle. I think one big advantage of SQL systems over NoSQL Schema-free systems is that the database schema serves as form of documentation of intent of what is going on. That documentaiton of intent then is traded off against flexibility at the application level.

Ideally, one could use a system without those kind of documentaiton/flexibility tradeoffs.

I was all for a git migration at work, if only for perf reasons. With the new 1.7 features I am not so sure anymore.
I still love git, but I also think it is not a tool for everyone. Getting your head around distributed can be difficult for some people and implementing git in large corporate environment can require subtlety too.

Anyway have a look at the 1.7 changes http://subversion.apache.org/docs/release-notes/1.7.html

Ok, google's choices as you see them.

a) The GPL? I don't really understand why this is even a discussion. On one hand you're saying you should be able to do anything with anything you create, and on the other hand google shouldn't be allowed to. Since Android is effectively an application executing on Linux there's no reason for it to be GPL'd. There is no reason for it to be GPL'd other than that. One of the main reasons for Android to be under the Apache2 license is project Harmony http://harmony.apache.org/ that provide the class libraries. I don't know if they could have converted the class libs to the GPL and I really don't care, I'd prefer the Apache2 license to the GPL because as you say " I would certainly reserve that right on any software I write." - if I write apps I want to own the apps, or at least have something of a mechanism to stop people ripping me off.

b) Seriously? Did you read any of the things I'd posted? That license is between you (as the Android developer or android OS compiler - and even that isn't guaranteed) and Oracle. Remember, and this is important, Android does not run Java, it CANNOT run Java it runs Dalvik byte-code. The license you linked to was for the Java Development Kit, effectively a desktop JVM and compiler. Ergo executing Android does not violate this license, Writing apps for Android does not violate this license and I'm fairly sure that even compiling Android doesn't violate this licence although not 100% confident.

From that license file
"D. Java Technology Restrictions. You may not create, modify, or change the behavior of, or authorize your licensees to create, modify, or change the behavior of, classes, interfaces, or subpackages that are in any way identified as "java", "javax", "sun" or similar convention as specified by Sun in any naming convention designation."
Which is I presume what you're discussing here since there's no mention of embedded versions in the entire license agreement, this is an EULA for the download of the JDK, this may or may not be binding on Google (or indeed any large company) as it is specifically an End User License Agreement - quite a number of companies have their own licensing agreements with Sun and now Oracle over Java as it is different in the enterprise.
But a major point here is that you can use the Java SDK to create programs that run elsewhere and therefore are not subject to this license, secondly there is more than one java compiler for example - http://jikes.sourceforge.net/ which kinda means that if you also have a VM you're able to avoid the license completely.

On a moral level the authors of Java (which by the way isn't Oracle) do have the moral right to tell you what you can and can't create with their software but (and this is important) they've already done that in the license for the language spec and bytecode spec. You're suggesting that they should have absolute control forever - this isn't a good thing and cannot happen. Companies would create new languages rather than be controlled by a competitor.

If you had written a new programming language and you wanted it to be popular you'd have to have few restrictions as if those restrictions are too onerous then the majority of people will never use it. Please note that writing a program is not the same as writing a programming language, one is a program and the other a specification and syntax. If you had put in restrictions then nobody would use it and nobody would care, what you can't (legally, let alone morally) do is say yeah do what you want and then tomorrow say nope, you can only create kiddie games on it. Unless your license had that unilateral ability (and remember consideration is necessary for a license to be binding) that you could change it at any time then you're stuck - most companies read the licenses and as such refuse to do business with something that has the huge risk of randomly changing at no notice.

Finally your forced lice

this ip address simply re-directs to "slashdot.org".

so this does not solve the problem.

wget: you're doing it wrong. Try doing this instead to get the site index:

wget -O - --header="Host: slashdot.org" "http://216.34.181.45"

You need the header because nearly everyone uses name-based virtual host to host multiple sites from a single IP address. (Here's Apache's documentation on it.) The webserver looks at what site the browser requests in the "Host: example.com" section of the HTTP headers and serves content based on that.

A workaround is easy:

echo "order hosts,bind" > /etc/host.conf; echo "216.34.181.45 slashdot.org" >> /etc/hosts

Type in "slashdot.org" into browser and it should use the IP given in the host file, without a DNS lookup, but still have "Host: slashdot.org" in the http header. You could also set up a line pointing the yro, linux, and other subdomains to the right IP (216.34.181.48) and everything should work as expected.

This is pretty basic stuff that hasn't changed in years.

OpenOffice.org, being a huge project with lots of contributors, used Mercurial for version control (after a disastrous and painful switch to Subversion). LibreOffice uses Git.

IBM^WApache OOo has decided that's not good enough. No, they're going back to ... Subversion, 'cos NIH totally works.

Good luck! Let us know how that works out for you!

OpenOffice.org, being a huge project with lots of contributors, used Mercurial for version control (after a disastrous and painful switch to Subversion). LibreOffice uses Git.

IBM^WApache OOo has decided that's not good enough. No, they're going back to ... Subversion, 'cos NIH totally works.

Good luck! Let us know how that works out for you!

OpenOffice.org, being a huge project with lots of contributors, used Mercurial for version control (after a disastrous and painful switch to Subversion). LibreOffice uses Git.

IBM^WApache OOo has decided that's not good enough. No, they're going back to ... Subversion, 'cos NIH totally works.

Good luck! Let us know how that works out for you!

OpenOffice.org, being a huge project with lots of contributors, used Mercurial for version control (after a disastrous and painful switch to Subversion). LibreOffice uses Git.

IBM^WApache OOo has decided that's not good enough. No, they're going back to ... Subversion, 'cos NIH totally works.

Good luck! Let us know how that works out for you!

I don't agree with your analogy, as physical and digital security are too different. Not many houses can stand a SEAL attack, yet it is perfectly possible to connect a computer to the Internet with zero vulnerabilities...

No such thing good sir. Open BSD may stop blaster or some windows virus attaching itself to your system but does zero against attacks on the software that actually make it usable. Rarely are online attacks directed at the operating system hosting the front end. SQL Injection attacks make a database accessible regardless of the system, Vulnerabilities in your HTTP server can give you access to the root of your system, a myriad of poorly coded PHP or other server side code could give access to a system.

If you think not using Windows is the solution to your security concerns then you are acting as negligently as all the people who got caught out in the recent attacks. Windows itself is also quite secure when well patched, put behind a firewall with no ports open, but just like your mythical bulletproof BSD box it would also be quite useless.

Nobody seems to have posted this useful reference yet:

http://wiki.apache.org/stdcxx/C++0xCompilerSupport

If anyone knows of a better one, please correct me.

They already do, to varying degrees: Apache has a wiki entry describing levels of support.

I can't tell if you are trolling or not, but just in case.

I'll bet Amazon.com doesn't have 13,000 CONCURRENT clients. Gimme a break! When you LIE, at least make it believable

In fact, I wonder if there is a database on the planet that has that many CONCURRENT accesses.

Google has over 30,000 searches per second. Secondly he states that 13,000 users where using it simultaneously, not that the database had 13,000 open DB connections. Slashdot probably has more people viewing it than that now. I am sorry you suck at computing, but writing a web app to deal with 13,000 simultaneous clients is trivial. You will have room to talk when you need to deal with 30,000,000.

First, is Google running on PHP and MySQL? I think not. They use thier own database called Bigtable. Bigtable is NOT an SQL database. In fact, it isn't even a Relational Database. They even run their own custom Linux distro, don't they?

Sorry you suck at RDBMS design, and fact-checking. I would imagine that Google doesn't use Apache, neither. Nope. They use the Google Web Server. So, what was your point, again? Second, it depends on what he meant by 13,000 simultaneous users were USING it.

Third, I still call shenanigans because FMP Server has a hard limit of 100 concurrent web users (100 concurrent sessions), if they were using it to publish the database directly. And if they WEREN'T using it to publish the database to the web directly, I'm not sure how they were getting the data to the clients. And if they were using FileMaker Clients, FMP is only tested to 250 clients. It has no actual maximum; but 250 is pretty far from 13,000. and FMP isn't like MySQL: You don't open a connection; do a transaction or two, and close the connection, like you do in PHP/MySQL. Opening a FMP database is a many-seconds-long process. He said that FMP ran for 3 hours before it buckled. I don't think 13,000 FMP clients could have OPENED the database in 3 hours!

Ok, let's look at some REAL concurrent numbers. We'll leave the likes of Google, Yahoo, eBay, the NFL, GoDaddy and Amazon out of it; because what they are doing is FAR from trivial. And BTW, anyone can throw numbers around; but I am having a real hard time verifying your claim, other than the Google number. And as I said, what they are doing has NOTHING to do with PHP/MySQL; and so is a non-sequitur:

This Tomcat/Apache and Tomcat/IIS article seems to suggest a number of concurrent sessions that is a couple of orders of magnitude LOWER than 13,000 simultaneous users.

Apache documentation seems to suggest that 13,000 concurrent open sessions is pretty damned many, too.

OTOH, WebSphere has the ability to handle hundreds of thousands of concurrent connections; but again, we ain't talking no steenkin' LAMP configuration, like the original LIAR suggested. And those applications aren't thrown together in six hours, neither. So again, not germane.

So, the bottom line is: I'm positive it can be done; but it is not "trivial" to make it run well, and I have serious doubts as to whether a LAMP solution can get there in six hours worth of real-world MySQL/PHP coding.

I can't tell if you are trolling or not, but just in case.

I'll bet Amazon.com doesn't have 13,000 CONCURRENT clients. Gimme a break! When you LIE, at least make it believable

In fact, I wonder if there is a database on the planet that has that many CONCURRENT accesses.

Google has over 30,000 searches per second. Secondly he states that 13,000 users where using it simultaneously, not that the database had 13,000 open DB connections. Slashdot probably has more people viewing it than that now. I am sorry you suck at computing, but writing a web app to deal with 13,000 simultaneous clients is trivial. You will have room to talk when you need to deal with 30,000,000.

First, is Google running on PHP and MySQL? I think not. They use thier own database called Bigtable. Bigtable is NOT an SQL database. In fact, it isn't even a Relational Database. They even run their own custom Linux distro, don't they?

Sorry you suck at RDBMS design, and fact-checking. I would imagine that Google doesn't use Apache, neither. Nope. They use the Google Web Server. So, what was your point, again? Second, it depends on what he meant by 13,000 simultaneous users were USING it.

Third, I still call shenanigans because FMP Server has a hard limit of 100 concurrent web users (100 concurrent sessions), if they were using it to publish the database directly. And if they WEREN'T using it to publish the database to the web directly, I'm not sure how they were getting the data to the clients. And if they were using FileMaker Clients, FMP is only tested to 250 clients. It has no actual maximum; but 250 is pretty far from 13,000. and FMP isn't like MySQL: You don't open a connection; do a transaction or two, and close the connection, like you do in PHP/MySQL. Opening a FMP database is a many-seconds-long process. He said that FMP ran for 3 hours before it buckled. I don't think 13,000 FMP clients could have OPENED the database in 3 hours!

Ok, let's look at some REAL concurrent numbers. We'll leave the likes of Google, Yahoo, eBay, the NFL, GoDaddy and Amazon out of it; because what they are doing is FAR from trivial. And BTW, anyone can throw numbers around; but I am having a real hard time verifying your claim, other than the Google number. And as I said, what they are doing has NOTHING to do with PHP/MySQL; and so is a non-sequitur:

This Tomcat/Apache and Tomcat/IIS article seems to suggest a number of concurrent sessions that is a couple of orders of magnitude LOWER than 13,000 simultaneous users.

Apache documentation seems to suggest that 13,000 concurrent open sessions is pretty damned many, too.

OTOH, WebSphere has the ability to handle hundreds of thousands of concurrent connections; but again, we ain't talking no steenkin' LAMP configuration, like the original LIAR suggested. And those applications aren't thrown together in six hours, neither. So again, not germane.

So, the bottom line is: I'm positive it can be done; but it is not "trivial" to make it run well, and I have serious doubts as to whether a LAMP solution can get there in six hours worth of real-world MySQL/PHP coding.

"The egos in both organizations are entrenched now, merging would be very difficult."

Let's wait and see. Oracle has stated that they will pass OOo to Apache, they haven't told under which license. I bet it won't be under GPL.

Many details should be forthcoming from ASF, especially via http://wiki.apache.org/incubator/OpenOfficeProposal. No need to be GPL/LGPL, ASF licensing requirements are generally very good.

I'm looking forward to OOo being releases from ASF.

"The egos in both organizations are entrenched now, merging would be very difficult."

Let's wait and see. Oracle has stated that they will pass OOo to Apache, they haven't told under which license. I bet it won't be under GPL.

If they chose to hand it to Apache, I would assume they intend to use the Apache License.

Apache Camel
http://camel.apache.org/

Let me put my cards on the table - I really like camel. Camel will get your kids up in the morning, iron your shirts and make your tea. Camel is great, but those of you running a full-blown ESB are all going 'meh'. I'm going to ignore you, because I'm going to have to explain what camel is to other folks.

Apache Camel describes itself as an 'integration framework'. That means nothing to me, but I was looking for a solution in their problem space so I tried it.

In a nutshell, you configure camel to run 'routes', which take a single input, optionally processes it, and outputs it to one or more outputs. The good thing is that the input & output endpoints can be files, messages, db data, atom feeds, DNS lookups, FTP, HTTP, email... oh, look for yourself: http://camel.apache.org/components.html.

The processing can be handing it to Java code, xml transforms, system execs, making decisions based on the content it's handling, splitting, merging... there are recipes for doing any of the classic Enterprise Patterns mentioned in the article.

Team camel with a messaging broker (a server for queues that can safely queue and deliver messages - any data packet really) and you have a reliable and quick way to build complex workflows and process pipelines. Luckily, if you install Apache ActiveMQ, a very capable messaging broker, you get camel bundled-in, and you can just go ahead and add your routes a single XML file. You can very quickly be developing a camel-driven workflow/pipeline.

So if you have defined processes that you'd like to automate, I can't recommend camel enough. And this book is pretty much essential. I didn't grok where to start with camel from the extensive project documentation.

And this is my one criticism of camel (and a failure for me, I should be stepping up) - the beginner documentation isn't great, and it isn't at all clear how you'd go about running camel as a stand-alone process. The examples all use maven, and the review is correct in that you've got to have a handle on that to run it standalone. I've had much more mileage in using the version shipped with ActiveMQ, since I've always wanted to use it with a message broker (I'd recommend just for debugging and HA purposes - give each camel route an in & out queue to decouple and give you a chance to examine & inject data in & out of each).

Confession time - I have no java. Yes, I can read the code, but I've never understood the development environment, nor have I really had reason to. Luckily, I work with java developers who quickly understood camel from its documentation and could produce the java beans for complex processing within a route.

And my lack of java brings me to one problem that I've had with camel. It can be configured and driven best if you do it in java. But luckily for me, you can do 90% in a straightforward spring XML configuration. Routes that do a lot of work (eg, watch an email account, process messages to it that match a certain subject, lookup the from address in a db to get a uid, get that person's order history, split it into separate orders, email them a copy of each, send a PDF of the order to a remote printer, log the request) can be expressed in less than a dozen lines.

I think it appeals to me a lot because of my familiarity with shell pipelines and using those to do a lot of heavy lifting. Camel is similar in building pipelines, but it handles all the endpoint transformations for you (RSS->email, one line - sure you've got an application or script that does the same, but if you want to change it to RSS->ftp, it's not a simple change).

The camel documentation, like the book, treats the spring XML configuration as an afterthought. Fair enough, really, I'm just really glad it's there as an option for us java-impaired. I should be documenting the undocumented as I go and contributing back to this truly impressive project.

I had mod points, but I couldn't see anything worth modding when I started this spiel, I hope it's been useful if there's anybody still reading this story!

I have no idea what it is, but I really hope this project takes off

What is a Camel-TOE

Nice explanation in the first paragraph of what the book is about. This is missing far too often in other /. reviews.

The main camel website is apparently http://camel.apache.org/

However, I have been unsuccessful in figuring out how this would fit into my workflow.

It does not require you to: include the source of the Apache software itself, or of any modifications you may have made to it, in any redistribution you may assemble that includes it...

Two things. Number one: Google is the copyright holder for most of the software in question. Any community contributors presumably have copyright assignments to Google. Even if the code was released under GPLv3 (and it isn't) they would be under no obligation to release the code because they own it and can do whatever they like. The copyright holder cannot by definition, violate a license they grant. For the stuff that they aren't the copyright holder (e.g. the kernel), they have complied with the license and released the source code where required. Number two: the Apache Software License Version 2 is a non-copyleft license. Read it carefully and please tell me where it says that redistribution requires source code release.

Yes... Internal... Like the much closed ASF mailing lists? http://www.apache.org/foundation/mailinglists.html

You're not too bright, if you presume to think a Foundation doesn't conduct its business in private. The information concerns their business emails, not some dude or dudette writing to complain about a piece of java software or apache server that is broken, needs to be patched or please apply this patch.

if it was "unpatched" that generally means that there were security bugs in the version of apache that was running (otherwise they would have just said it wasn't up to date which wouldn't matter). If this web server was within the same scope as their cc processing system that would probably be a pci failure (not sure what vulnerability was). No one is saying that this was some vulnerability that would have allowed an attacker to run arbitrary code as root on the server however it may have given an attacker information on how their network was set up allowing them to find a more dangerous security vulnerability. Also apache httpd server doesn't have a good record of being immune to attacks, it's just not known to have more than expected.

The following is a list of security vulnerabilities that have been fixed in just apache httpd server 2.2
http://httpd.apache.org/security/vulnerabilities_22.html

Yes... Internal... Like the much closed ASF mailing lists? http://www.apache.org/foundation/mailinglists.html

I see nothing about communications between apache and IBM, in fact IBM isn't even referenced in the subpoena. Where do you come up with that?

They want to see communications between apache and the OHA.

I completely agree with the not being proficient in programming languages. And they should be required to take some security classes if they're going to be writing any significant code that runs as a CGI or acts as a service. For some reason they don't like it when I refuse to run their shell script CGIs. ... but I'd argue that they don't 'shape [it] ... so that they can modify the codes easily' ... Unless 'easily' means an attempt at a find & replace in 40+ places when they should've used a function in the first place ... but unfortunately introducing some mistake that results in team of people spending a week doing nothing, while a couple of people try to figure out what went wrong.

Yes, there are parts that are still 'science' and have floating specifications ... but then there's stuff like storing data in an archive and retrieving it. You might write some special cataloging system for it, but there is *no* reason for scientists who aren't archivists, and only barely programmers to be writing something from the ground up. It's a waste of effort, and it's a waste of tax payer's money that these things keep getting funded.

We've at least had some standardizations on file formats in the various disciplines. I'm hoping we can get some standardization in data systems to support data transport and mirroring as part of the NSF DataNet grants (although, I'm looking towards OODT, myself)

I'm looking forward to data browsing/ visualization standards (how many re-implementations do we really need to plot a few lines, map a grid onto an image, or allow someone to filter a table of data?).

Because really ... if we make these tools universal, the scientists can get back to doing science, rather than wasting time re-implementing yet another tool that doesn't really do anything better than the other stuff out there. (but they just haven't surveyed what the other stuff is out there, as they haven't looked outside their discipline)

disclaimer: I'm a programmer, working at a science data archive, in case it wasn't clear. And I've given a few presentations about how scientists need to stop implementing stuff on their own without getting help from programmers/informaticians/archivists/etc.

CouchDB provides an Erlang RESTful JSON API that can be accessed from any environment that allows HTTP requests.

Have you looked at http://trafficserver.apache.org/, which is Yahoo's frontend proxies that they open sourced and donated to the ASF a few ears ago? Pretty sure it does keepalive proxying.

Here's the project I worked on for GSoC 2010:

http://commons.apache.org/sandbox/gsoc/2010/scxml-js/

I haven't done a stable release yet, due to some process overhead with Apache Commons, but the project itself is pretty stable, is becoming more widely known, and I'm continuing to develop it as part of my Master thesis.

This was a project I had thought of several years ago, and the funding from GSoC finally enabled me to properly implement it. So, I think that's a success story.

There is a shortage of IP addresses, so many small (and even many larger) sites use virtual hosting for cost reasons. Dedicated hosts cost 3-4 times as much as shared hosting.

According to http://httpd.apache.org/docs/2.0/vhosts/name-based.html Name-based virtual hosting cannot be used with SSL secure servers because of the nature of the SSL protocol.

Ergo, If I run a small website on a shoestring budget, I don't use SSL

If Microsoft would ever fix this bug more sites would use SSL.

http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html

Why do I get I/O errors when connecting via HTTPS to an Apache+mod_ssl server with Microsoft Internet Explorer (MSIE)?

The first reason is that the SSL implementation in some MSIE versions has some subtle bugs related to the HTTP keep-alive facility and the SSL close notify alerts on socket connection close. Additionally the interaction between SSL and HTTP/1.1 features are problematic in some MSIE versions. You can work around these problems by forcing Apache not to use HTTP/1.1, keep-alive connections or send the SSL close notify messages to MSIE clients. This can be done by using the following directive in your SSL-aware virtual host section:

SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

4. 'only' for as long as Microsoft does not fix SNI-support (name based virtual hosting for SSL/TLS) in Windows XP so IE and Safari can use SNI, ohh, that won't happen. Windows XP has 51% of the Windows marketshare. :-( Or if we all get IPv6 ofcourse... hmm.

Well...

Apache did the fix in the 2.2.x tree starting with Apache 2.2.12 and OpenSSL 0.9.8j. Some people haven't deployed, tested, or trust a new tree. I know in the earlier days of Apache 2.0.x, I ran into significant problems that made it impossible for me to run it in production (heavy traffic resulted in a mandatory reboot after about a week). That has since been fixed, but I've only recently moved my own stuff to Apache 2.2.x

    See the Apache 2.0.x documentation, which clearly states you can't do it.

    Then the Apache 2.2.x documentation, which clearly states that you can, again with the above prerequisites.

    We can argue "but it's been over 2 years, everyone should be upgraded by now.", but in reality not everyone is. Many networks don't believe in patches, much less OS upgrades. I've seen infrastructures running on 10+ year old OS installations, because "that's what we tested with when we first set up, that's the way it will be". So even if your sysadmin is diligent about upgrading software and patching, they may still not be up to speed, if it happens to require an OS upgrade to get say the correct OpenSSL series to install.

    I used to give it 5 years, where the majority of customers would have upgraded their browsers. Now we have people still stuck with MSIE 6.0, either from their own paranoia, or poor company IT policy. It's never been uncommon to see *nix machines running with years of uptime. Unfortunately that means they never went down for full OS upgrades. So, SNI won't see wide deployment for at least a few more years.

    I'm sure Microsoft will catch up in time, likely (unofficially) porting over Apache and OpenSSL's work. Upgrading Microsoft products are a harder sell than upgrading Linux. For the Linux world, it only involves a little downtime while you do it. With Microsoft products, it's downtime and the cost of the new servers software. When the majority of folks are upgraded *and* become aware of the new abilities, will we really see mass SNI hosting.

    I way back in the infancy of the Internet, I worked at a hosting company. They assigned an IP per domain for http sites. We had huge arguments (err, discussions) about the feasbility of virtualhosts. Ya, that ate up a substantial pool of IPs until we finally switched, and then they were amazed how many unused IPs we had. Those were recovered by the provider later when we switched and requested a smaller address space.

4. 'only' for as long as Microsoft does not fix SNI-support (name based virtual hosting for SSL/TLS) in Windows XP so IE and Safari can use SNI, ohh, that won't happen. Windows XP has 51% of the Windows marketshare. :-( Or if we all get IPv6 ofcourse... hmm.

Well...

Apache did the fix in the 2.2.x tree starting with Apache 2.2.12 and OpenSSL 0.9.8j. Some people haven't deployed, tested, or trust a new tree. I know in the earlier days of Apache 2.0.x, I ran into significant problems that made it impossible for me to run it in production (heavy traffic resulted in a mandatory reboot after about a week). That has since been fixed, but I've only recently moved my own stuff to Apache 2.2.x

    See the Apache 2.0.x documentation, which clearly states you can't do it.

    Then the Apache 2.2.x documentation, which clearly states that you can, again with the above prerequisites.

    We can argue "but it's been over 2 years, everyone should be upgraded by now.", but in reality not everyone is. Many networks don't believe in patches, much less OS upgrades. I've seen infrastructures running on 10+ year old OS installations, because "that's what we tested with when we first set up, that's the way it will be". So even if your sysadmin is diligent about upgrading software and patching, they may still not be up to speed, if it happens to require an OS upgrade to get say the correct OpenSSL series to install.

    I used to give it 5 years, where the majority of customers would have upgraded their browsers. Now we have people still stuck with MSIE 6.0, either from their own paranoia, or poor company IT policy. It's never been uncommon to see *nix machines running with years of uptime. Unfortunately that means they never went down for full OS upgrades. So, SNI won't see wide deployment for at least a few more years.

    I'm sure Microsoft will catch up in time, likely (unofficially) porting over Apache and OpenSSL's work. Upgrading Microsoft products are a harder sell than upgrading Linux. For the Linux world, it only involves a little downtime while you do it. With Microsoft products, it's downtime and the cost of the new servers software. When the majority of folks are upgraded *and* become aware of the new abilities, will we really see mass SNI hosting.

    I way back in the infancy of the Internet, I worked at a hosting company. They assigned an IP per domain for http sites. We had huge arguments (err, discussions) about the feasbility of virtualhosts. Ya, that ate up a substantial pool of IPs until we finally switched, and then they were amazed how many unused IPs we had. Those were recovered by the provider later when we switched and requested a smaller address space.

Please see:

http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts

The explanation why name-based virtual hosting with SSL is impossible is here. One way to do it anyway is here. The reason why that is still not something people would use is that the browser side has to support it too. This page lists IE7 on XP as incompatible with the TLS extension.

The explanation why name-based virtual hosting with SSL is impossible is here. One way to do it anyway is here. The reason why that is still not something people would use is that the browser side has to support it too. This page lists IE7 on XP as incompatible with the TLS extension.

That is quite the misrepresentation. This thread is about Google supposedly misusing the Linux kernel headers which are GPL'd, this controversy is over a copyright violation. The Google / Oracle suit is over patent violations, the BSD license is a non issue in this case.

I only added more information to the union of your post and the parent, which might be carelessly read together like "oh no, OSS makes you get sued" / "no, it's only the GPL that does".
And by the way, Oracle is also suing Google for *copyright* violations, not only patents. Moreover, had Google used Oracle's GPLed JVM, they would be protected by the patent statement contained in the GPL (and missing in BSD-like licenses).

Stripping license text from source files *is* a violation even of some BSD licenses.

Thats a straw man. The issue in the current controversy is that if Google loses then third party app developers might be forced to open their source code per GPL requirements

I'm not talking about the current controversy, I'm talking about the BSD license not being the deus-ex-machina for all licensing controversies.
If, instead of being GPL, the linux kernel headers were under the Apache license, Google would still be liable because they didn't respect article 4 point C of the license, which would require them not to strip copyright notices from the code they're redistributing.

For predictive search, you'll want to get friendly with the Solr TermsComponent, which serves up the terms present in your index along with their frequency.

If you want to get really fancy, you can log your popular queries—particularly the ones that have a high correlation with click-throughs.

You're right, of course. /. editors suck.

SOLR is [related to] a text search technology that is often used in parallel with a database.

http://lucene.apache.org/solr/#intro

You can use and distribute copyleft software like anyone else.

The expensive part is that you can't (easily/effective) sell it, though to be fair you likely didn't pay for it either.

For users copyleft software can be some of theleast expensive. I don't have to upgrade, I don't have to pay for it, it doesn't have time bombs in it. If tehre are problems I can get them fixed without relying on the origional vendor to do it, and my data isn't locked up in proprietary formats.

Not all open-source licenses require you to distribute the source. MIT, BSD, Apache Harmony (which is what portions of the Android libraries are based on) don't require distribution of the source. So sure, you can effectively sell products derived from it. Microsoft has been doing so for decades (look at the license for their ftp program as an example).

Stuff like the apache harmony libraries - you know, that stuff google and oracle are fighting over? The one that doesn't require making the source available?

Stuff like the apache harmony libraries - you know, that stuff google and oracle are fighting over? The one that doesn't require making the source available?

http://couchdb.apache.org/

You can host stuff in the cloud like with one fo these providers:
http://www.couchone.com/
https://cloudant.com/
and then easily backup to a desktop or even another cloud service you run yourself:
http://osdir.com/ml/db.couchdb.devel/2008-01/msg00222.html

CouchDB is a document-oriented database that supports easy replication between databases (with some indirect ideas from Lotus Notes). But I don't know of its use as an email client? Maybe a new niche there to write one...

CouchDB does not send or recieve email directly though -- one missing feature IMHO, although you could build some sort of relay to it using web standard (and maybe someone has). Basiclaly, you'd need a gateway to and from CouchDB as a server somewhere to translate between mail protocols and the http protocols CouchDB likes.

In the long term, we need a semantic desktop though...
http://en.wikipedia.org/wiki/Semantic_desktop

My own fumbling attempts in that direction:
http://sourceforge.net/projects/pointrel/

Is the contract code compiled? I only see strings in annotations!

The annotation processor takes care of compiling the strings into bytecode and runs along the Java compiler, so you get static syntax and typing errors at compile time, as usual.

Perhaps, but the IDE won't be able to give you errors immediately. This requires a full compile of the source file to generate errors, which is a lot more fragile than if they avoided using strings and went with a more concrete syntax (like that used in Validate).

Guess they simply used the Harmony Code for this stuff and Harmony does not have the bug in.

It was fixed in Harmony a year and a half ago:

https://issues.apache.org/jira/browse/HARMONY-329

I haven't read the book yet but if you want to get started with OSGi and Felix just pop over to the Felix web site and read their getting stared documentation. It is clear and well written and I was able to get an OSGi app up and running is a couple or hours.

http://felix.apache.org/site/getting-started.html

Thunderbird's spam filtering isn't horrible; it's based on the same ideas as SpamAssassin, but can be easily hand-tuned. In addition, on a Linux desktop, you could always setup SpamAssassin with procmail, but this implies that your end-users actually understand things like procmail. ;)

Personally, I use dovecot+postfix+spamassassin on my home e-mail server and fetchmail to grab mail from remote servers such as my gmail account and then use Thunderbird's junk mail filters to filter out anything SpamAssassin misses.