apache.org · Domains · Slashdot Mirror

Re:Express Logic Announces THREADX® MISRA Com by Desler · 2019-01-18 15:44 · Score: 2 · on Firmware Vulnerability In Popular Wi-Fi Chipset Affects Laptops, Smartphones, Routers, Gaming Devices (zdnet.com)

So by this logic Java is also not safe for anyone to use either, no?. You didn't forget that the massive Equifax hack was due to a remote code execution vulnerability in Apache Struts which is written entirely in Java, right?

https://blogs.apache.org/found...

And they really do invent tech. by ron_ivi · 2018-12-15 13:27 · Score: 2 · on CNN Contributor Urges: Stop Calling Facebook a Tech Company (cnn.com)

Cassandra came from facebook (http://cassandra.apache.org/ )

So did significant improvements to HBase, PyTorch, Haxl, PHP compilers, and much more.

And Facebook is inventing sophisticated AI hardware (https://code.fb.com/ml-applications/the-next-step-in-facebook-s-ai-hardware-infrastructure/) including semiconductor design (https://www.networkworld.com/article/3268974/hardware/is-facebook-looking-to-build-its-own-data-center-chips.html). and is the primary contributor to the Open Compute Project's work on more efficient data center hardware (https://www.opencompute.org//

TL/DR: The only reason they are able to invade our privacy that effectively is that they really are an impressive technology company.

Re:Build manager by Anonymous Coward · 2018-10-11 07:20 · Score: 0 · on Apache OpenOffice, the Schrodinger's Application: No One Knows If It's Dead or Alive, No One Really Wants To Look Inside (theregister.co.uk)

I'm guessing yes given they have nightly builds.

Doesn't have to be true. Probably the nightly builds are just running a script which was set up long ago and has no need to be changed. A real release might involve updating version settings and configuration which nobody understands any more. There are also many security fixes that have gone into LibreOffice which would need to be backported before it was reasonable to release to the real public, though often projects just don't bother with this. At least checking through all of the important LibreOffice critical vulnerability fixes would be a minimum expectation.

Re:Build manager by squiggleslash · 2018-10-11 06:45 · Score: 1 · on Apache OpenOffice, the Schrodinger's Application: No One Knows If It's Dead or Alive, No One Really Wants To Look Inside (theregister.co.uk)

I'm guessing yes given they have nightly builds.

Re:Where is Open source software to rescue us? by Aighearach · 2018-07-31 06:19 · Score: 1 · on With DaaS Windows Coming, Say Goodbye To Your PC As You Know It (computerworld.com)

Quickbooks is your example of bookkeeping software?

http://ofbiz.apache.org/

There is a lot more to accounting software than quickbooks. That's why that one is just the "quick" one, for people with few needs. It might actually just be personal tax accounting software for small business owners, too, since that is the part they actually have to do.

If you can do bookkeeping because you have a particular software application, you probably don't even need software to do your books, and you probably aren't using it to any advantage.

Re:Visibility is always better than invisibility by angel'o'sphere · 2018-07-10 05:09 · Score: 3, Insightful · on With So Many Eyeballs, Is Open Source Security Better? (esecurityplanet.com)

Very true, I only read open source source code if there is a bug I need to maneauver around or fix.
And most code is so bad, you don't really want to read it because of the night mares they induce, e.g. looking at https://lucene.apache.org/

Re:An opportunity missed by angel'o'sphere · 2018-06-07 08:18 · Score: 2 · on Oracle Lays Off Java Mission Control Team After Open Sourcing Product (infoq.com)

Kotlin and Scala were created long before Oracle bought Sun.

Regardless what compiler compiles them, they run on the Java JVM and use the Java Ecosystem like http://apache.org/ and maven central: https://mvnrepository.com/repo...

Who ever modded you up is an idiot.

Java is the biggest software ecosystem on the planet, regardless what "language" you use to program for it. A +/- 2% or 4% this year or that year in job search engines or tiobe does not change that. And the next 30 yeas it most likely wont change anyway.

However, in the US some people think that .NET is an alternative :D good luck ...

Re:Open Source vs Free Software? by angel'o'sphere · 2018-04-02 02:53 · Score: 1 · on Interviews: Ask a Question To Christine Peterson, the Nanotech Expert Who Coined the Term 'Open Source'

The biggest Open Source organization is probably: http://apache.org/

Guacamole by ei4anb · 2018-01-07 21:50 · Score: 1 · on Ask Slashdot: How Should I Replace My Netbook?

I have not found anything like that either so...
For the size form-factor I use an iPad Air with a cover that has a built in Bluetooth keyboard.
For a larger screen and better keyboard I use a ChromeBook.
I have a Linux and a Windows VM in "the cloud" that I connect to from those devices via Apache Guacamole https://guacamole.apache.org/
I installed Debian Linux on my EeePC and I use it for command line access to the Linux VM via ssh and occasionaly I run Firefox (via 'startx' because there is not enough space to install a full window manager).

Re: Not sure they understand licensing by ArmoredDragon · 2017-11-17 21:30 · Score: 1 · on CopperheadOS Fights Unlicensed Installations On Nexus Phones (xda-developers.com)

What? Who told you that? The lines of code they actually wrote can carry their license, but they can't relicense a whole file just because they made changes to it. Even if they did, they'd only be creating an unauthorized derivative work.

/facepalm

If there was an award for being the most outspoken idiot on slashdot, you would have gnawed on the plutonium medal after winning it several times now...

http://www.apache.org/foundati...

Even if you change every single line of the Apache code you're using, the result is still based on the Foundation's licensed code. You may distribute the result under a different license, but you need to acknowledge the use of the Foundation's software.

Google's uses "production is beta" approach in GC by Anonymous Coward · 2017-09-20 06:49 · Score: 1 · on Oracle's Larry Ellison Pokes Amazon Again With New Cloud Pricing Plan (siliconangle.com)

We started to move to Google Cloud because you're right, it has some really slick features and does feel like AWS 2.0. However, we noticed a disturbing trend with several of their services. Google seems to follow their general philosophy of "here, beta test our stuff for us" which would seemingly be fine since they almost always have a "LTS" and "General" version of their APIs. However, it seems they also have the same ADD based philosophy of ignoring/abandoning their LTS version when they have their new shiny version to play with. e.g. Google Batch services. Version 2.x canned their 1.x API in favor of Apache Beam which while very promising a) is still not fully baked and b) is different enough to require a rewrite of existing code. That sh*t may work when you're Google and have the resources to redo everything every year but it's going to piss a lot of customers off. We ended up canceling the migration because AWS just works (well, except when the US-East datacenter shits the bed).

Tez? Apache says hi by Anonymous Coward · 2017-09-18 06:01 · Score: 0 · on Google's New Payment App For India Transfers Money Via Ultrasound (buzzfeed.com)

https://tez.apache.org/

Equifax Breach - Apache Struts flaw relation by gabrieltss · 2017-09-11 10:20 · Score: 1 · on Government Officials Begin Investigating Equifax Breach (thehill.com)

I found this email I got interesting - it points to some things about the Equifax breach.

---Email-----

Based upon the tremendous amount of publicity surrounding the recent data breach at Equifax, as stewards of the Central Repository we felt it was important to share our perspective on the matter:

Apache Struts: Apache Struts is a popular open-source and free Model-View-Controller (MVC) framework for Java. It is developed and maintained by an active and highly responsible community of volunteer contributors. The Apache Struts project has a long and well documented history of securing, hardening, and maintaining the software that it produces.

Struts Vulnerabilities: Last week the Apache Struts project team disclosed to the world two different critical vulnerabilities in Struts2 that would expose applications to remote execution of code and enable direct access to customer-critical data. In both cases, and in keeping with their long standing practice, the Apache Struts team made fixes available prior to publicly disclosing the vulnerabilities.

Equifax Breach Disclosed: Separately, Equifax announced last week that it had suffered a massive security breach that exposed sensitive information, such as Social Security numbers and addresses, of up to 143 million Americans. Equifax said the breach happened between mid-May and July 2017. It discovered the hack on July 29. It informed the public on September 7, and reports suggest that a security vulnerability in Apache Struts was the cause of the breach.
At Sonatype, we don't pretend to know for certain what happened at Equifax. We do know that Apache Struts has a tremendous track record for finding security vulnerabilities and making fixes available in a timely manner. Organizations such as Equifax who leverage open source to accelerate innovation are themselves responsible for practicing appropriate hygiene in a timely manner when fixes for vulnerabilities are made available. For far too long, businesses have relied on network-based cybersecurity tools to defend the perimeter of the organization. Recent events at Equifax serve as a stark reminder that perimeter defenses by themselves are insufficient to protect critical data when in fact hackers are increasingly attacking vulnerabilities that exist in the application layer. 80% to 90% of every modern application consists of open source components. Therefore, in order to avoid unnecessary risk, organizations MUST automatically and continuously govern the quality of open source components and third-party libraries within their software supply chains. To ignore this problem anymore is simply negligent.
Sincerely,
Team Sonatype

Re:No, they don't. by Anonymous Coward · 2017-08-26 10:03 · Score: 1 · on Employers Want More Open Source Workers, Says Linux Foundation Study (zdnet.com)

You can't sell open source

Yes you can sell open source software under various licenses. However, you have your terms confused.

Free software is a subset of open source software often licensed under the GPL. There is nothing in the GPL that says you can't sell the software. When you transfer your binaries, however , the GPL license requires that you provide your customers with four freedoms:

The freedom to run the program as you wish, for any purpose (freedom 0).
The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this.
The freedom to redistribute copies so you can help your neighbor (freedom 2).
The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this.

You can sell software using other licenses, such as BSD and Apache. Both meet the definition of Open Source, but do not convey the rights listed above. In fact, these licenses allow you to relicense the code as proprietary. For instance, a quote from the Apache license:

You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.

This is how Apple has legally built it's operating system on top of the Mach kernel and BSD Unix. They sell it, and they have relicensed it. A person contributing significant code to these projects is therefore unable to acquire their own source code from Apple. This loophole renders these licenses as non-free.

Re: Public Post Should be Open to Everyone by ls671 · 2017-08-14 17:02 · Score: 1 · on Judge Says LinkedIn Cannot Block Startup From Public Profile Data (reuters.com)

Your phyton script should not know about that. Connection KeepAlive server settings like:
KeepAlive On
MaxKeepAliveRequests 50
KeepAliveTimeout 5

should be completely transparent to you. Your client library should transparently reconnect when it gets a Connection: close from the server. Heck, some sites don't even use keep alives (KeepAlive Off).

I have written such client software and I never bothered about MaxKeepAliveRequests setting on the servers and if KeepAlive was on, the libraries I used were doing the re-connection for me so I did not have to know the MaxKeepAliveRequests for every site I was connecting to. Heck, any browser does just the same!

Also, if you write a scraper, it is a smart move to sleep between request, any scraper like Google, etc. does sleep between request. 1 or 2 seconds is a nice value because your sleep time has to be less than KeepAliveTimeout for the connection to be re-used for the next request.

https://httpd.apache.org/docs/...
https://httpd.apache.org/docs/...
https://httpd.apache.org/docs/...

Re: Public Post Should be Open to Everyone by ls671 · 2017-08-14 17:02 · Score: 1 · on Judge Says LinkedIn Cannot Block Startup From Public Profile Data (reuters.com)

Your phyton script should not know about that. Connection KeepAlive server settings like:
KeepAlive On
MaxKeepAliveRequests 50
KeepAliveTimeout 5

should be completely transparent to you. Your client library should transparently reconnect when it gets a Connection: close from the server. Heck, some sites don't even use keep alives (KeepAlive Off).

I have written such client software and I never bothered about MaxKeepAliveRequests setting on the servers and if KeepAlive was on, the libraries I used were doing the re-connection for me so I did not have to know the MaxKeepAliveRequests for every site I was connecting to. Heck, any browser does just the same!

Also, if you write a scraper, it is a smart move to sleep between request, any scraper like Google, etc. does sleep between request. 1 or 2 seconds is a nice value because your sleep time has to be less than KeepAliveTimeout for the connection to be re-used for the next request.

https://httpd.apache.org/docs/...
https://httpd.apache.org/docs/...
https://httpd.apache.org/docs/...

Re: Public Post Should be Open to Everyone by ls671 · 2017-08-14 17:02 · Score: 1 · on Judge Says LinkedIn Cannot Block Startup From Public Profile Data (reuters.com)

Your phyton script should not know about that. Connection KeepAlive server settings like:
KeepAlive On
MaxKeepAliveRequests 50
KeepAliveTimeout 5

should be completely transparent to you. Your client library should transparently reconnect when it gets a Connection: close from the server. Heck, some sites don't even use keep alives (KeepAlive Off).

I have written such client software and I never bothered about MaxKeepAliveRequests setting on the servers and if KeepAlive was on, the libraries I used were doing the re-connection for me so I did not have to know the MaxKeepAliveRequests for every site I was connecting to. Heck, any browser does just the same!

Also, if you write a scraper, it is a smart move to sleep between request, any scraper like Google, etc. does sleep between request. 1 or 2 seconds is a nice value because your sleep time has to be less than KeepAliveTimeout for the connection to be re-used for the next request.

https://httpd.apache.org/docs/...
https://httpd.apache.org/docs/...
https://httpd.apache.org/docs/...

Re:Simpler solution by angel'o'sphere · 2017-08-14 11:33 · Score: 1 · on Deserialization Issues Also Affect .NET, Not Just Java (bleepingcomputer.com)

The build in ObjectOutputStream and ObjectInputStrream.

They allow serialized objects to either implement java.io.Serializable or java.io.Externalizable

https://docs.oracle.com/javase...
https://docs.oracle.com/javase...

( Why google finds the 7 version and not the 8 as first hits is beyond me :D )

The vulnerability comes from the option to overwrite "readObject()". Serialized data objects contain usually the classes as well. So when you read them, you also read and link the code, and hence use the supplied "readObject()" method.

However the vulnerability in the Apache.Commons libraries was a different one (don't remember right now how exactly), they exploited a bug in the library, so you could sent "code" without sending really a classfile.

https://blogs.apache.org/found...

Re:Apache Spark by angel'o'sphere · 2017-03-26 04:58 · Score: 1 · on Apache Hadoop Has Failed Us, Tech Experts Say (datanami.com)

Are we talking about the same : http://spark.apache.org/ ??
Why so angry?

Re:Counts sharing, not use. Javascript always shar by angel'o'sphere · 2017-03-19 01:48 · Score: 1 · on RedMonk Identifies 2017's Most Popular Languages: JavaScript, Java, And Python (redmonk.com)

I think he meant the thousands of Java projects hosted by http://apache.org/

Re:uh by rbowen · 2017-03-10 02:57 · Score: 1 · on Apache Servers Under Attack Through Easily Exploitable Struts 2 Flaw (helpnetsecurity.com)

The Apache Software Foundation is now more than 300 projects. See https://projects.apache.org/

Re:WTF does it do? by PhunkySchtuff · 2017-02-05 17:39 · Score: 3, Informative · on How Open Sourcing Made Apache Kafka A Dominant Streaming Platform (techrepublic.com)

OK, now it's starting to make more sense looking at the use cases

Here is a description of a few of the popular use cases for Apache Kafka. For an overview of a number of these areas in action, see this blog post.

Messaging
Kafka works well as a replacement for a more traditional message broker. Message brokers are used for a variety of reasons (to decouple processing from data producers, to buffer unprocessed messages, etc). In comparison to most messaging systems Kafka has better throughput, built-in partitioning, replication, and fault-tolerance which makes it a good solution for large scale message processing applications.
In our experience messaging uses are often comparatively low-throughput, but may require low end-to-end latency and often depend on the strong durability guarantees Kafka provides.

In this domain Kafka is comparable to traditional messaging systems such as ActiveMQ or RabbitMQ.

Website Activity Tracking
The original use case for Kafka was to be able to rebuild a user activity tracking pipeline as a set of real-time publish-subscribe feeds. This means site activity (page views, searches, or other actions users may take) is published to central topics with one topic per activity type. These feeds are available for subscription for a range of use cases including real-time processing, real-time monitoring, and loading into Hadoop or offline data warehousing systems for offline processing and reporting.
Activity tracking is often very high volume as many activity messages are generated for each user page view.

Metrics
Kafka is often used for operational monitoring data. This involves aggregating statistics from distributed applications to produce centralized feeds of operational data.

Log Aggregation
Many people use Kafka as a replacement for a log aggregation solution. Log aggregation typically collects physical log files off servers and puts them in a central place (a file server or HDFS perhaps) for processing. Kafka abstracts away the details of files and gives a cleaner abstraction of log or event data as a stream of messages. This allows for lower-latency processing and easier support for multiple data sources and distributed data consumption. In comparison to log-centric systems like Scribe or Flume, Kafka offers equally good performance, stronger durability guarantees due to replication, and much lower end-to-end latency.

Stream Processing
Many users of Kafka process data in processing pipelines consisting of multiple stages, where raw input data is consumed from Kafka topics and then aggregated, enriched, or otherwise transformed into new topics for further consumption or follow-up processing. For example, a processing pipeline for recommending news articles might crawl article content from RSS feeds and publish it to an "articles" topic; further processing might normalize or deduplicate this content and published the cleansed article content to a new topic; a final processing stage might attempt to recommend this content to users. Such processing pipelines create graphs of real-time data flows based on the individual topics. Starting in 0.10.0.0, a light-weight but powerful stream processing library called Kafka Streams is available in Apache Kafka to perform such data processing as described above. Apart from Kafka Streams, alternative open source stream processing tools include Apache Storm and Apache Samza.

Event Sourcing
Event sourcing is a style of application design where state changes are logged as a time-ordered sequence of records. Kafka's support for very large stored log data makes it an excellent backend for an application built in this style.

Commit Log
Kafka can serve as a kind of external commit-log for a distributed system. The log helps replicate data between nodes and acts as a re-syncing mechanism for failed nodes to restore their data. The log compaction feature in Kafka helps support this usage. In this usage Kafka is similar to Apache BookKeeper project.

WTF does it do? by PhunkySchtuff · 2017-02-05 17:37 · Score: 1 · on How Open Sourcing Made Apache Kafka A Dominant Streaming Platform (techrepublic.com)

I've got no idea what Kafka does, and the summary really doesn't tell you much at all. I was about to put in a helpful post saying what it is, but even after visiting their home page I've still got no idea.

Apparently Kafka is used for building real-time data pipelines and streaming apps. It is horizontally scalable, fault-tolerant, wicked fast, and runs in production in thousands of companies.

How about the Intro
We think of a streaming platform as having three key capabilities:
It lets you publish and subscribe to streams of records. In this respect it is similar to a message queue or enterprise messaging system.
It lets you store streams of records in a fault-tolerant way.
It lets you process streams of records as they occur.

What is Kafka good for?
It gets used for two broad classes of application:
Building real-time streaming data pipelines that reliably get data between systems or applications
Building real-time streaming applications that transform or react to the streams of data

OK, I still am not really sure what it does.

WTF does it do? by PhunkySchtuff · 2017-02-05 17:37 · Score: 1 · on How Open Sourcing Made Apache Kafka A Dominant Streaming Platform (techrepublic.com)

I've got no idea what Kafka does, and the summary really doesn't tell you much at all. I was about to put in a helpful post saying what it is, but even after visiting their home page I've still got no idea.

Apparently Kafka is used for building real-time data pipelines and streaming apps. It is horizontally scalable, fault-tolerant, wicked fast, and runs in production in thousands of companies.

How about the Intro
We think of a streaming platform as having three key capabilities:
It lets you publish and subscribe to streams of records. In this respect it is similar to a message queue or enterprise messaging system.
It lets you store streams of records in a fault-tolerant way.
It lets you process streams of records as they occur.

What is Kafka good for?
It gets used for two broad classes of application:
Building real-time streaming data pipelines that reliably get data between systems or applications
Building real-time streaming applications that transform or react to the streams of data

OK, I still am not really sure what it does.

Re:ok fine by rubycodez · 2016-08-24 09:47 · Score: 1 · on Linux Turns 25, Is Bigger and More Professional Than Ever (arstechnica.com)

Apache's Ofbiz https://ofbiz.apache.org/

iDempiere http://www.idempiere.org/

Re:Programming is not the important thing by infolation · 2016-06-23 20:19 · Score: 2 · on Google Launches Android Programming Course For Absolute Beginners (zdnet.com)

That's what Apache Cordova was invented for.

Mobile apps with HTML, CSS & JS
Target multiple platforms with one code base
Free and open source

Re:Typical KDE by Anonymous Coward · 2016-06-19 21:25 · Score: 0 · on KDE Bug Fixed After 13 Years (kate-editor.org)

Not sure if these are fixed (I gave up on Desktop Linux and moved to Windows for desktop stuff).
#1) https://bugs.kde.org/show_bug....
https://bugs.kde.org/show_bug....
https://bugs.kde.org/show_bug....
#2) https://bugs.kde.org/show_bug....

As for openoffice - it took them quite a while to fix this: https://bz.apache.org/ooo/show...

I assume it's fixed by now. :)

Re:Never heard of it... by antdude · 2016-05-15 17:59 · Score: 1 · on Microsoft Kills Its Game-Building Platform Spark (arstechnica.com)

Ditto, but I have heard of other Spark from Cisco, Apache, etc.

Shitty summary! At least link to Apache Mezos! by Anonymous Coward · 2016-03-25 01:28 · Score: 0 · on Microsoft and HP Enterprise Invest $73.5 Million In Mesosphere Startup (thestack.com)

Here is the URL that the fucking summary could not be arsed into linking to:

Domain: apache.org

Comments · 2,937