Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apache 1.3.33 Released

Posted by CowboyNeal on from the one-more-try dept.

harmgsn writes "Following the release of Apache 1.3.32, the Apache Group released Apache 1.3.33 to fix a security flaw in mod_include and in the Content-Length field. The official announcement is available as well as the ChangeLog for the 1.3.x series."

7 of 227 comments (clear)

  1. Re:One small change by Electroly · · Score: 5, Insightful

    Without that "one small change", someone could own your computer by just sending a specially crafted HTTP response when you hit a website. I personally think anything that can allow "bad people" to get access to your computer without too much difficulty is something that should get fixed. Suit yourself.

  2. Re:A little overblown by Anonymous+Crowhead · · Score: 5, Funny

    After looking at the changelog [apache.org], is this a topic for the main page?

    No kidding. The Apache section is like Ralph Nader. It's always there, it gets about 1% as many comments as any other section, a boring story about it still hits the headlines now and again, but you try to get rid of it and it gets all crazy.

  3. Re:How by pavon · · Score: 5, Insightful

    Sure, no one has found any bugs Knuth's TeX in years. Same for Qmail, and others. You have to know exactly what you are doing before you start - which often means writing a throw away version of the software first to work out the kinks in the design. You have to have a simple clean design, and coding practice - as one of the Unix developers said debuging is 10x harder than writing code, so you you write code as cleverly as you can, you are, by definition, not qualified to debug that code. You have to know upfront how to write secure code, and think about with every function you write - never put this off for later. Then you have to have some one else rigorously read over every line of code to find any mistakes. Lastly you have to systematically test each part of the code individually and together. Then after years of widespread use without any major feature changes you will have weeded out nearly all of the bugs.

    Nearly all software that is written leaves out some of these things, choosing to balence getting something done with quality. Some find a better balance than others :)

    BTW. The mozilla programs are definately good programmers, but the codebase is certainly not the paragon of clean code. It is huge and unweildy, which is the main reason that Apple chose to build off of KHTML instead of Gecko when they made Safari. The situation has improved over time, but making an existing non-secure program secure, is much harder than doing it (mostly) correct from the start.

  4. I tried to migrate to Apache. by shaneh0 · · Score: 5, Funny

    During last years jihad on IIS & IE I decided it would be a good idea to migrate the company's web servers to Apache. I decided to start simple and submit a plan to migrate just the department intranet server.

    This is the actual response from management. The brain-dead VP that made this truly-enlightened decision first made a name for himself as a VP at a FAUCET COMPANY.

    Listen to the faucet kings great idea:

    "Shane, Thanks for your proposal. Unfortunately, I cannot approve the change. In fact, I've decided that we need to streamline these things in the future and make sure everyone is on the same page.

    From now on, we will only install software on the servers that is at version 2.0 and above. There will be no exceptions to this. It's about security and reliability. Everyone knows you dont buy a car the first model year, why should software be any different. I've never heard of apachee, but if these guys are as good as you say they are enough people will bite to keep them going, and when they come out with the next major realease I think you'll see then that we're better off for waiting for them to really get it right.

    thanks for beging on board with this, tom." [my name's shane]

    Two years ago this guy won the "visionary of the year" award at the company conference.

  5. Re:What ever by myg · · Score: 5, Informative
    Apache 2 has quite a few good things going for it over Apache 1. First off, it handles multi-threading much better meaning that very heavy workloads require less CPU time[*]

    Second, Apache 2 supports things like DAV which mean that to publish information on the web users need less access than with Apache 1 (such as shell accounts or worse FTP, since most ISP's don't think users should use SSH for some odd reason).

    Lastly, Apache 2 can run Subversion. So not only can you use DAV to update information without shell access of any kind but you can version that information too.

    [*] Why is multi-threading faster than the pre-fork model of Apache 1? Because there is less work to do when context-switching threads. A thread shares the same virtual address space with other threads in the process. Changing virtual address spaces is slow because it requires a TLB flush (as well as one or more extra registers to save). The TLB flush increases memory accesses.

  6. Re:How by Goonie · · Score: 5, Informative
    Sure, no one has found any bugs Knuth's TeX in years.

    Knuth is a freak of nature who spent eight years writing a program on his own, largely for his own edification and completely free of commercial pressure. Few others have that freakish ability, fewer still get to work on their pet project by themselves for that long before offering it to the world. So there are limits to how many lessons can be drawn from this very unusual example.

    --

    Any sufficiently advanced technology is indistinguishable from a rigged demo
    --Andy Finkel (J. Klass?)
  7. Future thought by SirLestat · · Score: 5, Funny

    I can't wait for release 1.3.37