Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apache 1.3.32 Released

Posted by michael on from the 1.3-will-never-die dept.

chipster writes "Apache 1.3.32 has been released. This version of Apache is principally a security and bug fix release. You can read about the new features here, and get Apache 1.3.32 here. Also available is the 1.3 ChangeLog. Additionally, to compliment this release of Apache, mod_ssl- 2.8.21-1.3.32 has also been released."

27 comments

  1. whch license? by nocomment · · Score: 1

    Is that the new, somewhat unfree, or the old free license?

    --
    /* oops I accidentally made a comment, sorry */
    /* http://allyourbasearebelongto.us */
    1. Re:whch license? by chipster · · Score: 4, Informative

      Good question. 1.3.32 is licenced under the 2.0 license: http://www.apache.org/licenses/LICENSE-2.0.txt

  2. Nice. by MintyGreen · · Score: 1

    Nice job, Chip. And you already have it packaged, don't you?

    BTW: First post?

    1. Re:Nice. by chipster · · Score: 2, Informative

      Thx ;-) RedHat i386 RPMs are already available. http://norlug.org/~chipster/rpm_index/cat1

  3. Its time to hit... by A+beautiful+mind · · Score: 1, Offtopic

    ...apt-get update;apt-get upgrade folks ;) At least for the debian folk ;> Now, being a bit more serious, no careful sysadmin does that...right? Reading the changelog and making sure the release isnt broken in the respository is a good practice, at least, in the case of production servers. Its better to stay unprotected against some vulnerabilities for an hour or two then breaking your fine-tuned system. Especially since security should not start at application level.

    --
    It takes a man to suffer ignorance and smile
    Be yourself no matter what they say
    1. Re:Its time to hit... by MintyGreen · · Score: 1
      ...apt-get update;apt-get upgrade folks ;) At least for the debian folk ;>

      Funny, those commands work just fine on my RedHat, Fedora, Aurora, and Yellow Dog boxen. Then again, I'm using apt4rpm.
    2. Re:Its time to hit... by Bitsy+Boffin · · Score: 1

      Funny, those commands work just fine on my RedHat, Fedora, Aurora, and Yellow Dog boxen. Then again, I'm using apt4rpm. That's all very well, but on all the boxes I've seen with apt-get for rpm the repositories are somewhat devoid of packages, which kinda defeats the purpose of a package management system.

      --
      NZ Electronics Enthusiasts: Check out my Trade Me Listings
  4. Lighttpd by Per+Wigren · · Score: 0, Offtopic

    If you haven't done so yet, check out Lighttpd! An incredible fast and feature-rich yet minimalistic BSD-licensed webserver! My favourite part is that it runs PHP inside one or several minimal FastCGI-daemon(s) which can be placed on any host, so Lighttpd will act as a load-balancing frontend serving data from several hosts running only PHP (and no webserver at all)...

    --
    My other account has a 3-digit UID.
  5. 1.3.37 by kagaku · · Score: 5, Funny

    Not very long until 1.3.37!

    --
    everyday is another shooter.
    1. Re:1.3.37 by cant_get_a_good_nick · · Score: 1

      and me without mod points...

  6. Practical difference between Apache 1.3 & 2.0 by Arcane_Rhino · · Score: 2, Interesting
    What is the practical difference between Apache 1.3.# and Apache 2.0.#?

    1.3 ships with OS X (yes, I am one of those) and has always performed great. Plus, it is integrated in the operating system. I have always been curious about what advantages 2.0 might have and whether I should upgrade. I have installed it a couple of times, both from source and from binary but found it had to be executed from the shell. No big deal but the fact that I have not seen where anyone has integrated 2.0 into OS X's GUI web server makes me wonder why. I also do not want to ignorantly hand my bandwidth and personal files to everyone on the internet so I have been hesitant to simply jump in and begin serving with 2.0 without fully understanding what I am doing. (I am shell comfortable but not savvy.)

    I appreciate anyone who is willing to share their experience or knowledge or has a good link.

    Thanks.

  7. 1.3 VS 2.0 by wikinerd · · Score: 1

    There is absolutely no reason for a sane webmaster to use Apache 2.0.
    1.3 is fine, super-stable and most versions of 1.3 have the old Apache license. 2.0 is distributed under a new Apache license which cannot keep everyone happy. For example, Theo and his OpenBSD team decided to drop support for Apache in their OS.
    I have worked both with 1.3 and 2.0. 2.0 is modular and some people like it, but I think that monolithic programs are more stable and much more faster than modular ones.

    1. Re:1.3 VS 2.0 by ttfkam · · Score: 4, Informative
      Where to begin...

      There is absolutely no reason for a sane webmaster to use Apache 2.0.

      1. HTTP 1.1 compliant mod_proxy
      2. Caching separated out from mod_proxy
      3. Faster flat file serving
      4. Content filtering
      5. Ability to match processing model to problem at hand (yes, some operating systems have fast threading libraries)
      6. New development done on this branch
      7. Better reuse of code and platform abstraction with APR

      Shall I go on? The proxy and cache improvements alone were worth the upgrade to me. As far as problems with PHP, the pre-fork processing module retains the advantages of 2.0.x while retaining the robustness of PHP on 1.3.x.

      There is absolutely no reason for a sane webmaster to use Apache 1.3.x on new installations unless they have an absolute showstopper incompatibility.

      That said, 1.3.32 has the newer Apache 2.0 license, not the old one. So here you have the choice of the new license or older versions with bugs and security flaws.

      Theo and his OpenBSD team have dropped support, it's true. Can you find the reason why? Is it because the FSF states that it isn't GPL compatible? No, that can't be it because the older license wasn't either. Could it be because of the patent termination clause -- if you put a patented algorithm in the code and sue someone over patent violation, you can no longer use Apache software? I never knew Theo and Co. to be in favor of protecting software patents in open source software. So why?

      I was able to find this comment from Theo: "We've been clear: Their new license contains more stuff, and we do not accept MORE STUFF in licenses."

      I'm sorry, that's a bullshit argument. Imagine if a group of lawmakers were writing code on the side to make their jobs easier, a group of professional programmers found a problem with the small program, submitted a patch, and the lawyers proclaimed, "We will not accept this new code patch because we lawyers can't understand it at first glance." It's the same thing here folks. If you want no legalese at all, you submit your code to the public domain and be done with it. Why do we have these licenses with legalese? Because the public domain isn't good enough in many regards. That's why the various open source and free software licenses exist. They are not present so that coders can sit back with a cup of tea by the fire reading them with enjoyment. They are formulated by a group of people working in the problem area in which they have specialized so that you and I don't have to reinvent the wheel badly. THIS IS THE SOLE REASON THE APACHE SOFTWARE FOUNDATION EXISTS!

      The day I want Theo acting as my legal advisor is the day that I want OJ's lawyers hacking my production kernel. That said, the Apache 2.0 license is NOT that hard to understand. As for Theo's charge of containing "more stuff", that's like saying v1.0 of the Linux kernel is automatically better than v2.6.9 because they've added "more stuff" to the newer version.

      I have worked both with 1.3 and 2.0. 2.0 is modular and some people like it, but I think that monolithic programs are more stable and much more faster than modular ones.

      As for the modular vs. monolithic tripe, what pray tell do you think 1.3.x is? See all those LoadModule directives in your httpd.conf file? Take away modules and Apache 1.3.x does NOTHING. What's that? You can compile modules in statically with 1.3.x? Guess what Einstein? You can also do it with 2.0.x. Apache 2.0.x is simply slightly more fine-grained modularity.

      Regarding the speed and stablility argument, I call bullshit. 2.0.x is faster than 1.3.x under every metric I have seen used from dynamic content generation to flat file serving. Hell! Even server-side include processing is faster in 2.0.x. As far as stability, where is your data? Neither goes down for me. Then again, when running PHP apps, I use the pre-fork module because so

      --

      - I don't need to go outside, my CRT tan'll do me just fine.
    2. Re:1.3 VS 2.0 by Triumph+The+Insult+C · · Score: 2, Informative

      I'm sorry, that's a bullshit argument

      it contains more unfree stuff in the license. that is the 'MORE STUFF' they will not accept into the tree

      --
      vodka, straight up, thank you!
    3. Re:1.3 VS 2.0 by ttfkam · · Score: 2, Interesting

      The old license (and the BSD license) only dealt with copyright, not patents. The Apache 2.0 license adds a patent clause.

      If you get into a patent war with the ASF, you can't use ASF code anymore. This is terribly unfree? Apparently we have differing views on what "free" is. Since a software developer needs a cadre of patent lawyers on their side with the way things are going on the software patent arena, I for one welcome the clause. It allows me the freedom to compete and participate in a field that is steadily becoming more and more hostile to independent developers thanks to the USPTO and WIPO.

      If he (Theo) has an argument with parts of the new license, then he should critique those parts of the new license. "More stuff" does not make an effective or lucid critique in my opinion nor does your assertion of "unfree stuff."

      Unfree stuff like what? Be more specific. Convince me. Unfree stuff like what? Like the fact that the license is legalese? C'mon. That's laziness. It's what? 200 lines long? Spend an hour or two some evening going over it and be done with it. If there's something there that truly concerns you, let me know. I would like to know what you see as a problem.

      --

      - I don't need to go outside, my CRT tan'll do me just fine.
  8. Well, 1.3.32 was never really officially released by jimjag · · Score: 4, Informative

    Even though the 1.3.32 tarballs are available, it wasn't really officially released. The tarballs are placed there "early" so the mirrors can grab them and have them available before we release...

  9. Re:Practical difference between Apache 1.3 & 2 by ttfkam · · Score: 4, Informative

    Some differences:
    1. mod_proxy has been completely rewritten so as to be fully compatible with HTTP/1.1
    2. caching has been removed from mod_proxy and made into its own module, mod_cache, with a couple of implementations available
    3. your choice of pre-fork (1.3.x model), single process/multiple threads, and various hybrids

    As a point of fact, OS X Server comes with Apache2 as well (check your /opt directory). It doesn't have a GUI interface though. I don't know why. Since the GUI only edits the 1.3.x config files and starts/stops the service, there is no technical reason why it couldn't be supported by the GUI. My guess is that Apple, just like any other company, has to pick and choose what it spends effort on. Opportunity costs and all that. They probably started development on the Admin GUI while 2.0.x was still relatively new and untested. At the time, supporting 1.3.x was a no-brainer.

    The web accelerator's tendency to redirect clients to port 16080 in some configurations is annoying though. It makes me wonder if Apache2 configured as a reverse proxy and using mod_cache would work just as well.

    As for your security concerns, switching to 2.0.x will not arbitrarily hand your bandwidth and personal files to everyone on the internet. File and Directory directives still apply.

    --

    - I don't need to go outside, my CRT tan'll do me just fine.
  10. Apache 2 by Goo.cc · · Score: 2, Insightful

    It seems like most people are sticking with Apache 1.3.x instead of migrating to Apache 2.x.

    I was wondering why this is. Is there something bad about the 2.x release, or are people simply sticking with what they know?

    1. Re:Apache 2 by Anonymous Coward · · Score: 1, Insightful

      It's more of a case of "why break what's not broken?". The only reason I have Apache2 installed right now is because of SVN.

    2. Re:Apache 2 by Anonymous Coward · · Score: 1, Insightful

      Could be because 1.3 does everything that could be expected from a web server, and if not - there are loads of modules.

    3. Re:Apache 2 by roly · · Score: 1

      Myself, I like thttpd more, but when I need to use Apache, I stich to 1.3.x as I'm not used to 2.x for dynamic modules, and also 2.x conflicts with some PHP DSOs.

      --
      "With Microsoft, you get Windows. With Linux, you get the full house" - unknown
    4. Re:Apache 2 by Anonymous Coward · · Score: 0

      I switched to 2... One reason is that SSL comes standard. But really, I did it for the same reason I switched from Linux 2.4 to 2.6, and FreeBSD 4 to FreeBSD 5. It's newer. It's been out a while and seems to work at least as well as the previous one. The configuration is basically the same, so there's not much to learn. I see it more as, why should I stick with 1.3?

    5. Re:Apache 2 by neuroscr · · Score: 2, Informative

      Its the important modules: mod_ssl, mod_php, mod_perl, and various others are not all thread safe.

  11. Where not to use 2.0 by Anonymous Coward · · Score: 0

    Clearly the parent poster is unknowledgeable to state that no sane webmaster would deply 1.3 on new installations. If you are using client SSL certificates the only option is to deploy 1.3

    A design flaw in 2 prevents SSL certificate renegoitation in the POST method, a problem that has gone unaddressed for over 18months. Don't believe me, then read modules/ssl/ssl_engine_kernel.c and find out for yourself and quit posting FUD!

    1. Re:Where not to use 2.0 by ttfkam · · Score: 1
      I wrote:
      There is absolutely no reason for a sane webmaster to use Apache 1.3.x on new installations unless they have an absolute showstopper incompatibility.
      I don't use client SSL certificates, so it's not a showstopper for me.

      If a bug in any one feature disqualifies a version, then surely the HTTP 1.1 problems in 1.3.x's mod_proxy would surely apply. In this case, 1.3.x is not an option because I need and use mod_proxy. In fact, I would wager that more people use mod_proxy as a reverse proxy than use client SSL certs.

      Go back to your cave, troll.
      --

      - I don't need to go outside, my CRT tan'll do me just fine.
  12. APR's memory pools by Anonymous Coward · · Score: 0

    is what's holding me back from going to Apache 2.0. I find the design very awkward and very difficult to integrate C++ into. C++'s memory model is at odds with Apache Portable Runtime's memory pools. A leading researcher in high speed SMP memory allocators had this to say on the subject.

  13. Apache security documentation by Anonymous Coward · · Score: 1, Interesting


    http://www.cgisecurity.com/webservers/apache/