Apache Comes With Too Much Community Overhead?

drizzle writes "There's an interesting story on the Apache Marketing blog about whether or not Apache projects come with too much overhead, especially compared with other services or a roll-your-own approach. The article states, 'It's true that compared with SourceForge, Apache has a more rigorous management structure. The ASF has formalized processes and procedures that we believe represent best practices governance. All new projects must pass through an incubation period to ensure that all of the project's members have internalized these processes. However, each project's leadership has a tremendous amount of discretion in managing within this framework.' There is also a follow up article written by one of the httpd developers about 'What Apache brings to the table.' The article cites community, experience, legal framework, diversity, brand strength, and networking as reasons why developers and companies should consider bringing their projects over to Apache."

Tell me about it

I just setup an Apache web server for use at home, and now I've got 4 Apache developers living in my basement. When they showed up, they said they were my Apache community overhead and I had to let them stay there. Oh, and I apparently have to feed them too!

Re:Tell me about it

[bhalter80]

Mine said food was optional but Bawls was not

Re:Tell me about it

[LiquidCoooled]

That's nothing, I installed Linux and now I've got a colony of penguins living in my freezer.

I'm dreading the upgrade to BSD.

Re:Tell me about it

Man, whoever marked this "over rated" is far too uptight. what a fag.

Re:Tell me about it

[geminidomino]

I'm dreading the upgrade to BSD.

Don't Be

Re:Tell me about it

That chick has as much to do with BSD as the movie March of the Penguins was about Linux.

Nice try though.

Re:Tell me about it

Hmm, I'd like to do some penetration testing on her Operating System.

Re:Tell me about it

[TheMMaster]

ahhhh... geekdom at its finest :) niiiice :)

now, lets see if I can get my girl to pose with a penguin beak ;)

Re:Tell me about it

[vondo]

Maybe if there were "Unfunny", "Stupid", "Misinformed" mods we wouldn't have to use "Overrated"

I think it's pretty rare that there is a joke posted that deserves to be the top comment, so I'll mod those down. They may be mildly funny, but not the first thing someone should see.

The GP post may be one of those rare exceptions...

Re:Tell me about it

[emgeemg]

...and I couldn't care less. =)

Re:Tell me about it

[mikefe]

now, lets see if I can get my girl to pose with a penguin beak ;)

Naw, she'd just need a black suit jacket, and not much else.

Re:Tell me about it

I think I'd prefer a penguin beak ... and not much else.

Re:Tell me about it

I clicked through all the pages to see if she got nude. She doesn't! Next time you mofo's should let me know I wouldn't get to see any boobies.

Re:Tell me about it

19 pages of a clothed hot chick so disapointing... you made me go to google image search with safe search off ;)

Re:Tell me about it

[GoombaJones]

"The blood thirstiest, shoot 'em firstiest, doggone worstiest buccanneer that ever sailed the Spanish main.cpp"

Re:Tell me about it

[Frizzle+Fry]

If you don't like jokes, then go edit your preferences and don't give a bonus for "funny" mods rather than modding them down and ruining it for the rest of us.

Re:Tell me about it

[Ashley+Bowers]

I agree I dreaded the upgarde but it only took me about a day to complete.Funny pengiuns joke!

Re:Tell me about it

[drinkypoo]

The FAQ says that you should focus on positive moderation. Use your preferences if you don't like funny comments. Of course, since Funny doesn't give a karma bonus, some people (like me) moderate funny posts as interesting, so that might not help. Just keep in mind that by negatively moderating funny posts, you're needlessly taking away karma and helping to harm slashdot - I come here as much for the humor as the ranting.

The fact that slashdot doesn't give karma for funny mods must stem from its American roots - that puritanical attitude gets into everything.

Re:Tell me about it

[Shakrai]

The fact that slashdot doesn't give karma for funny mods must stem from its American roots - that puritanical attitude gets into everything.

It's funny that you mention the FAQ but failed to quote this part: "Note that being moderated Funny doesn't help your karma. You have to be smart, not just a smart-ass."

Why did your otherwise insightful comment need to include a subtle slam directed at Americans? More to the point why should funny mods give karma? What's wrong with the current system?

Re:Tell me about it

[Jesse+Becker]

Perhaps you should ask Mr Popper for help? There's a book about it.

Re:Tell me about it

[drinkypoo]

Why did your otherwise insightful comment need to include a subtle slam directed at Americans? More to the point why should funny mods give karma? What's wrong with the current system?

First of all, I am an American. It wasn't intended to be subtle, either; if you thought it was subtle, I would hate to see what it looks like when you're on the pull.

Second, funny mods should give karma because humor is as important as anything else in life - our sense of humor is what keeps us "sane" (for some value of sanity.) I enjoy humorous comments as much as and in some cases more than those comments which have honestly earned an insightful or informative mod.

This is not and will never be an outlet of professional journalism. So why not reward people for being humorous? It's as valuable as any other comment around here.

Re:Tell me about it

[Shakrai]

First of all, I am an American. It wasn't intended to be subtle, either; if you thought it was subtle, I would hate to see what it looks like when you're on the pull.

Hehe, you don't wanna see me on the pull :) I just grow weary of the putdowns by Europeans (mostly).

Second, funny mods should give karma because humor is as important as anything else in life - our sense of humor is what keeps us "sane" (for some value of sanity.) I enjoy humorous comments as much as and in some cases more than those comments which have honestly earned an insightful or informative mod.

I completely agree with you. I rather enjoy humor and I'm known as a bit of a wiseass in the real world. I think the /. motiviation is to keep people from using +5's to build up karma and then go on a trolling spree. In any case I don't think it's a big enough thing to worry about -- though I would tend to agree that "overated" mods shouldn't subtract from your karma when you didn't gain any in the first place for your +5, funny. *Shrug*

This is not and will never be an outlet of professional journalism.

Sure it is! They even report the important stories twice incase you missed them. It's like CBS having "up to the minute" that repeats itself all night long after 3AM ;)

They must be doing something wrong

[winkydink]

After all, it's not like they created one of the most popular open source apps of all time or anything like that.

Re:They must be doing something wrong

[greenpenguin]

And not many webservers actually run it either, especially compared to Microsoft's server...

Re:They must be doing something wrong

[fermion]

By this logic, MS makes the best microcomputer operating system in the world, and we all jsut better start using it.

There is always room for self reflection and improvement.

Re:They must be doing something wrong

[mithras+the+prophet]

No, I think the analogous observation is that Microsoft must be doing something right, because they've created the most popular operating system software (and probably software, period) ever. Which is true: they are doing something right. That something might be nefarious business practices and ruthless leveraging of a monopoly, but they're obviously doing a good job of it.

Re:They must be doing something wrong

Your reasoning fails right about at the point bolded:

" By this logic..."

There's no logic connection between the parent post and yours.

Re:They must be doing something wrong

I'm sorry, but we're not allowed to be reasonable around here. We have to be stupid groupthink morons, and condemn MS just because our nerd friends all think Linux is better.

Re:They must be doing something wrong

[renoX]

> Which is true: they are doing something right.

They are or they have been? Microsoft monopoly is largely a result of the cheap cost of the PC, they saw that by selling their OS cheap on cheap PCs they would own the market, and then the 'net effect' will ensure that they would stay dominant.
What they are doing right is compatibility: as they understood that the 'net effect' is their strong point, they ensure compatibility with software installed basis so that they keep their advantage.
This advantage for MS also hurt the consumers as MS don't push security very strongly as it could hurt the compatibility for the software installed base..

Don't bet your business on OSS

Don't build your business on open source, unless you want to rely on the good will of others.

Did you ever stop to think, that as a business owner, OSS could be scarey on the desktop?

You are making your company dependent on the GOOD WILL of others.

If you buy from a business, at least you know the greedy bastards will want to make money, and keep updating and have a growing concern.

Sure, you know that linux works. BUT a business owner does not. IT IS NOT IN HIS/HER BELIEF system to think people just do stuff for free.

After all, they sure as hell are going to charge others, to make a profit.

So, after several months of trying to dual-boot Linux (Ubuntu 5.10) I finally give up. I think that it's a fine project, but there are a few areas where it fails to deliver.

Specifically:

- why is it so darn hard to install anything ? I have to use Alien on most of the downloaded packages, and even then it's anybody's guess whether the software would install at all.

- why is GRUB losing my Windows XP from menu.lst after each update ? Every damn time I have to manually edit menu.lst and hope that it would
work.

- why is multimedia (esp. DVD) so goddamn unreliable ?

- why is the file manager (at least the one that comes preinstalled) so darn useless ? Why can't I do basic file operations without invoking two different programs and a terminal window ?

Don't get me wrong, I _do_ think that Linux is a great project, but it
does have its share of problems. So does Windows, of course, but it's
at least user friendly, intuitive and consistent. The "Public" OS like
Linux should be more intuitive, not less.

THIS, is LINUX.

THIS is YOUR support structure when you have troubles with Linux, and you
will.

See the try XYZ distribution?

See the accusations of being stupid?

See the sour grapes (this mouse sucks, when every review of this mouse is +)

See anything factual?

I don't......

In fact I see a collection of rabid zealots trying to defend their
miserable OS.

Look, the point is the mouse does not, cannot and will not work with Linux
and if it can be MADE to function with Linux most people will give up LONG
before they get it working and this goes for MOST new hardware and Linux.

Most hardware is obsolete by the time Linux supports it.

However it all functions perfectly under Windows and Mac OSX.

Maybe that is why they are professional operating systems and Linux is a
wanabee clone of Unix?

My advice?

If you want to use advanced hardware to it's fullest, don't look at Linux
because it is terrible at this.

Re:Don't bet your business on OSS

[lidden]

"So, after several months of trying to dual-boot Linux (Ubuntu 5.10)"

Ubuntu 5.10 was relesed one month ago. I still think that was the closest to a true statement in that post.

Re:Don't bet your business on OSS

I'm just going to focus on the sensical parts of your post because I can't understand what you're talking about most of the time.

You are making your company dependent on the GOOD WILL of others.

Not really. You can just update every once in a while, but you also have the option to modify the source code yourself or hire someone to add the features you need. If you'd rather wait for some software company to add a feature to their product, you have to wait till they feel like adding it. If they ever do.

So, after several months of trying to dual-boot Linux (Ubuntu 5.10) I finally give up. I think that it's a fine project, but there are a few areas where it fails to deliver.

I've only tried Ubuntu on a live cd, so I can't comment on Ubuntu specifically, but setting up dual boot isn't that hard. With no previous experience, I was able to setup my desktop to dual boot SUSE and Windows XP Pro in one evening. If it's not working, you're probably doing something wrong.

If you want to use advanced hardware to it's fullest, don't look at Linux because it is terrible at this.

You make it sound like this is the fault of Linux. You don't seem to realize that the only reason you can use "advanced hardware" on Windows is because hardware manufacturers release working Windows drivers. If they distributed Linux drivers on their install CDs this wouldn't be a problem.

Re:Don't bet your business on OSS

[penguin-collective]

You are making your company dependent on the GOOD WILL of others.

Quite to the contrary: with OSS, you are not dependent on anybody.

The real thing you should worry about is that with closed source software, you are at the mercy of your vendor.

However it all functions perfectly under Windows and Mac OSX.

I'm typing this from a Mac OS X laptop--which I just had to reinstall because it was dying with a kernel panic during boot. Before that, it failed to read the xD cards from my new consumer digital camera. And among many problems, file associations are inconsistent under OS X, the green resize window button is unintuitive, and the Finder views switch haphazardly. The point is that even the best desktop operating systems have problems--Linux, OS X, and Windows are comparable in that respect. If you claim otherwise, you're simply trolling.

Re:Don't bet your business on OSS

"So, after several months of trying to dual-boot Linux (Ubuntu 5.10) I finally give up."

You're absolutely right. Linux is too damned hard and I'd much rather pay the ultra professional computer wizards at Dell to give me Windows on a silver platter. I, like you, have more money than brains, and enjoy being bent over at every available opportunity.

Grow up, learn to read, and BTW, Ubuntu has an excellent wiki that can help you solve most of your issues without alot of searching. There is a tradeoff for having something you can use free of charge. You have to be willing to actually LEARN about what you are using. Pathetic!!!!!

Re:Don't bet your business on OSS

[marafa]

You are making your company dependent on the GOOD WILL of others.

Quite to the contrary: with OSS, you are not dependent on anybody.

The real thing you should worry about is that with closed source software, you are at the mercy of your vendor.

tell me about it .. we bought an archiving software that was full of bugs that acted inconsistently and the company itself dint know how to deal with. in the end i believe we were a major reason the software company discontinued the product. problem is .. we are still stuck with the lousy piece of software and no support nor source code

Re:Don't bet your business on OSS

You know, it's not mandatory that you reply to every troll here.

Just to let you know.

Re:Don't bet your business on OSS

[Ohreally_factor]

Who is the wiseguy that uncommented this guy's mod_idiot line in his httpd.conf?

Re:Don't bet your business on OSS

[FragHARD]

>>So, after several months of trying to dual-boot Linux (Ubuntu 5.10)<<
I notice you list Ubuntu as one of the dual boot tryouts but not the other? I'm guessing XP because you mentioned it earlier in the post.... could be NT,98,ME,SE ??? Anyhow I think the problem arises from the nonstandard way microsoft grabs/tags partitions. Why don't you tyr using microsofts boot manager after all it should work excellent since it is from a trusted tried and true software manufacturer that you can trust your business with !!!

BSDs?

[RT+Alec]

How about the "overhead" of the various BSDs? FreeBSD, OpenBSD, and NetBSD all have what could be described as "too much overhead" in their development model. Yet all three are considered among the shining stars of FOSS operating systems. Stable, robust, and "you know what you're getting".

BTW- Apache is developed primarily on FreeBSD.

Re:BSDs?

[slavemowgli]

It may be just me, but I think you're reading too much into a Netcraft report here. Outside of the fact that FreeBSD and Linux seem to be about equally present here, the platform on which the projects's *website* is hosted doesn't say anything about the platform the project itself is developed on.

Case in point: openbsd.org is hosted on Solaris. Does that mean that OpenBSD is primarily developed on Solaris? Of course not. And the same thing goes for Apache, too. It's still possible that Apache is primarily developed on FreeBSD, of course, but a Netcraft report doesn't say anything about whether it is.

Re:BSDs?

[stevesliva]

Wow, I don't know whether to call you a fanboy, a PR flack, or the BSD reality distortion field.

Re:BSDs?

> Yet all three are considered among the shining stars of FOSS operating systems

No they aren't. Well, maybe NetBSD is, but the problems of the other two are well known.

Re:BSDs?

[Frums]

Interestingly enough, FreeBSD is in fact extremely popular with most of the httpd developers I know.

Re:BSDs?

[RT+Alec]

According to Apache's web site, quite a bit of Apache is actualy developed on FreeBSD servers. As far as the individual developers go, I believe Brian Behlendorf makes a good representative of senior Apache developers.

Re:BSDs?

Netcraft can't detect OpenBSD. Try looking at the apache version. It's never been released because OpenBSD makes their own version from old code.

Uh, what?

You want to do a project? Okay, well nobody is forcing you to work with Apache. The Apache community keeps consistently turning out good products. This tells me they're doing something right.

Yeah, so with sourceforge you don't have to spend as much time on organizational matters. And also on sourceforge 98% of the projects are stalled out in the planning stage. I don't see an improvement there.

Re:Uh, what?

Except for that bug-ridden tomcat. Come to think of it, most of the java related applications from the Apache foundation are wretchedly buggy and horribly unstable in both a daemon sense and a function/configuration sense. None of them even come close to holding a candle to the debugging ease, stability, security, configurability and usefulness of apache1.

Re:Uh, what?

I was considering contributing to the Geronimo project. I signed up. Before I saw a single line of code - I had more than 1000 mails in my inbox, emails that were dealing with purely administrative detail and discussions on organisational matters. I grew so fed up with it that my interest drifted elsewhere.
Admin overhead? you betcha!

Re:Uh, what?

[VENONA]

I'd agree with the Java side of things being buggy. I see it as code tossed over the wall. Weird, since that's the side that wants to play well with enterprise (multiple OSs, wide geographic spread, etc.--the old def) computing. The last place you'd expect to see code tossed over the wall. Also (I'm a security guy) Java is supposed to be very secure, but how many Tomcat servers have been replaced due to vulnerabilities? A lot. Maybe most. Also some JVMs, which should rude us *all* out.

I don't recommend Apache 2.x to clients, unless they have pretty specific needs that would overcome some serious migration issues. These do exist, but how long was mod_perl dysfunctional in 2.x? Yeah, quite a while. I still hear of problems.

Migrating existing Perl apps was a practical impossibility for a long time, for a lot of people, unless you changed the dev environment completely. Changing to a Java environment can be an ugly thought for a lot of OSS folk. Their reasons may be religious or rational, but they are most often present. No doubt you have your own opinions about pre-fork, etc., perform on your own hardware.

I have my own lists of things I don't like about Apache 2.x, and things that are stunningly cool. I won't go into it here, as I already feel badly about the cheap-shot security dig above. You could argue that 2.x has a better security future, as it will gain steadily more eyeballs, and I'd have nothing but some weird anecdotal evidence to fight that battle with, which is usually major lossage.

The Apache 1.x versions still get things done for a lot of people. There's a lot of infrastructure already built around even deploying it. I know I have a lot of scripts written that do various things with downloading, patching, packaging, and provisioning. Certainly I want a way to reliably query a system regarding exactly what modules are installed, much less trying to parse the config file, which even an Apache developer has problems with.

Last time I looked, that was hard, compared to 1.3.x. If I need to look again, somebody slap me. I'm grinding on some server fingerprinting and management code. Doing Apache right is important, so I won't mind at all. Really. Yes, I will release the code under the GPL. You may not want it, though. It's intended to show MS shops the basics by building a basic Linux/Unix lab infrastructure.

Yes, I know this is supposed to be about the Foundation, not the Web server. IMHO, the Foundation problems arise due to management being overly involved with corporate interests.

Re:Uh, what?

[squoozer]

Eh? How can you claim that most of the Apache Java stuff is buggy. I've been using the frouts of various Apache Java projects for years in numerous projects and have yet to find a serious bug. Perhaps I haven't been pushing the packages to their limit or something. The only projects that I have found to be a bit quirky is FOP but that's hardly supprising as it's never actually been properly released.

As for Tomcat being a security problem don't forget that it was never intended to be a replacement for a commercial offering (it was supposed to be the RI for the servlet and JSP specs) the community just sort of forced it into that role.

configuring apache #1 complaint, still unaddressed

[SuperBanana]

There is also a follow up article written by one of the httpd developers about 'What Apache brings to the table.' The article cites community, experience, legal framework, diversity, brand strength, and networking as reasons why developers and companies should consider bringing their projects over to Apache."

Two words why you shouldn't use Apache unless you absolutely need to (and most apache users don't NEED apache): configuration complexity.

Apache's configuration file hasn't changed dramatically since the days of v1.3, and it's still an absolute train wreck. It is seconded in nightmarish complexity and eccentricities by Sendmail- and barely at that. See the old slashdot story Why I hate The Apache Webserver.

I have an idea. Let's see replies here, suggesting Apache alternatives that are a)lightweight b)easy to configure c)open source with BSD or GPL (or similar) licensing. Why? IMHO, the Apache group has gotten a little too comfy with their market dominance and years of blind faith from unix users. Sounds like it's time to remind them that especially if you're already on an open-source platform, you have a lot of choices.

Let's see lots of people trying out different webservers, helping improve them if they come across problems, and helping integrate these different webservers into distributions better, and so on. (That debian package for "joeserve" out of date? Help update it! Init scripts a mess? Spend 15 minutes coding up some improvements and email in a diff to the maintainer. Etc.)

Re:configuring apache #1 complaint, still unaddres

[greenpenguin]

I'm inclined to agree, much as I like Apache. It is not very nice to set up, especially if you want to do something odd.

Taco

If you miss the love train, I won't feel sorry for you.

Comparison chart

[jbolden]

For most distributions Apache is configured to work pretty easily. I do agree that a very simple webserver (single user, single threaded, no virtual servers...) should be the default desktop webserver. Anyway here is a comparison chart.

Re:Comparison chart

[owsla]

That comparison chart was last updated in 1998. It's woefully out of date.

Mod parent down.

Re:Comparison chart

[jbolden]

I'd love to have something that isn't from 7 years ago too. But it gives you a good idea of

1) What's out there
2) What there goals are
3) What sorts of features they have
4) How large complex the program is

Obviously the small details are wrong now. But the themes are correct.

Dunno ..

[RedLaggedTeut]

I have this feeling that most of the stuff that you complain is hard to configure with Apache, that you couldn't do this with the lightweight stuff at all.

For simple stuff, what is so difficult about setting a port and a base directory?

Re:Dunno ..

[The+Spoonman]

How about the simple fact that unless you read, memorize and completely digest the entirety of the Apache documentation, there's no way to know exactly what the bare minimum is necessary in an httpd.conf to just serve static webpages on a particular port. Is a "MaxKeepAliveRequests" an absolute essential? "StartServers"? Which modules? Is dir_module an absolute minimum requirement?

"Oh, but httpd comes with a default configuration file", you say? The default configuration file is almost 1100 lines long! If you remove all of the comments (none of which say "you MUST have this line for Apache to work"), it's still over 300 lines long. Hardly a simple configuration. Are these important questions? For a server that's facing the Internet, it would be nice if I could follow the best practice of "minimum necessary", but Apache doesn't give that as an option. I finally had to figure it out by starting with a conf file that just had a "ServerRoot" directive and kept adding to it until the damn thing finally started and served pages. And, FORGET asking the Apache community for help. Their default answer to any question is "did you RTFM"? To which I respond: "Why not narrow it down to one or two of the 600 pages for a brother?"

Oh, and my config file after I got it down to barest? 15 lines.

Re:Dunno ..

[RedLaggedTeut]

Well sounds like you wanted to have fun, and you had fun, sort of, reducing the config file to its minimum.

Okay, the options are a mess, but you could find out which one you need by google.

Re:Dunno ..

[fimbulvetr]

fimbulvetr@media:/etc/apache2$ grep MaxKeepAliveRequests apache2.conf
# MaxKeepAliveRequests: The maximum number of requests to allow
MaxKeepAliveRequests 100
fimbulvetr@media:/etc/apache2$ grep StartServers apache2.conf
# StartServers ......... number of server processes to start
StartServers 5

Seems that they're documented enough to figure out a barebones configuration. I realize you're pointing out it's complexity and these examples are nothing but trees in the forest, and there are plenty more, but the point is that they _are_ documented. Apache is an extremely powerful and flexible webserver. For light servers, it's easy to get it up and running right away (by keeping the defaults) - and the reverse is true - it takes very little work to get a default httpd.conf to run in a highload environment (assuming you're running in a pretty standard one).

Now, if you need a super custom setup - it's not such a huge leap for the developers (and even the guy at apache who is the boss of what gets put in the default conf) to presume that the person needing it in a custom environment knows apache pretty well and knows what they need to use in the configuration file.

Finally, I do think it is reasonable to say that people who setup a website should take the responsibility of knowing, at least the basics, of running websites. Even if this means gathering more than a cursory understanding of the workings of apache or any other webserver, it is certainly going to be more beneficial for them than sitting around bitching about the complexities he doesn't want to learn.

Re:Dunno ..

[anti-trojan]

So did you document your findings? Do you have a link?

Re:Dunno ..

Okay, the options are a mess, but you could find out which one you need by google.

Yeah, why bother writing docs? Everyone knows sanity is overrated.

Re:Dunno ..

[petermgreen]

be very carefull when trying to minimise the config file for apache like that, you absoloutely MUST take account of the fact that it applies security after mapping to the filesystem or people will be able to use .. in the path to access stuff outside your document root.

Re:configuring apache #1 complaint, still unaddres

[Doppler00]

Why don't they just make the configuration file XML, release the specs, and someone comes out with a GUI configuration editor. Problem solved.

Re:configuring apache #1 complaint, still unaddres

[david.given]

If you want simple, static content, thttpd is stupidly tiny, stupidly scalable, and way faster than Apache. Unfortunately it uses the old fork model for dealing with CGI scripts which make it quite slow as doing that (but no worse than the old NCSA httpd). It has a number of interesting features, such as per-filetype bandwidth throttling (so you can specify that MP3 files only get transferred at 10kB/sec), but also has some suprising omissions --- the MIME type database is hard-coded, and it only handles HTTP 1.1. But if you have a simple site based mainly around static pages, thttpd is probably ideal for your purposes.

Maybe

Ok. maybe there is something wrong with the apache development process. I don't care.

Apache works great, and I have never had any difficulties using it or any of its modules. As a web server, it has done a great job, and been consistently secure and effective, so I will continue to use it, even given the mysterious flaws in its dev process that may or may not exist.

Configuration complexity

[Elrac]

Yes, Apache (Web server) is somewhat hard to configure. There's a large file with a lot of (documented) features and settings, and a lot of ways to go wrong there.

On the other hand, Apache is incredibly flexible: You can use it as a proxy, it does ssl, it fronts for Java Web servers, it rewrites URLs, it authenticates, it slices, it dices and I'm probably just scratching the surface.

Someone who knows his way around the config file - and that's really the only crucial thing to know about Apache - is able to get it to sing and dance. The header in the file warns people to read in-depth documentation rather than relying on comments in the file. There is documentation, there are books. If you're going to play at being a 'professional' Web admin, then you need some of this stuff.

For the less seriously inclined Web maker, programs like Webmin let you fiddle with a subset of Apache settings through a HTML front end. On an even broader front, many Web site hosters provide a dumbed-down interface that allows only a small subset of configuration options and keeps the user from doing anything really stupid.

And for anyone not covered above, yes, I'd recommend getting a simpler Web server. Personally, I find Tomcat a little easier to configure than Apache, but that's just me. I'm sure there are dramatically simpler products. Hell, lots of people have written their own!

The discussion in this topic is not about the complexity of using the Apache Web server, but the complexity of managing an Apache project. I'm not sure if I'd be perfectly happy "doing" an OS project under Apache, but... that's what choice is about, right?

Re:Configuration complexity

[islanduniverse]

I know this will probably get laughed at, but seriously... What about IIS ? AFAIK, ebay uses IIS, and from what I've used of it, it can do just as much as Apache (but I only have limited experience of both....)

Re:Configuration complexity

[fimbulvetr]

Just one link, but it should speak for itself:

http://archives.neohapsis.com/archives/fulldisclos ure/2004-06/1004.html

KBB, by choosing to run IIS, infected every web visitor of theirs one fateful day. Do you want to be _that_ guy?

Re:Configuration complexity

[zerocool^]

On the other hand, Apache is incredibly flexible: You can use it as a proxy, it does ssl, it fronts for Java Web servers, it rewrites URLs, it authenticates, it slices, it dices and I'm probably just scratching the surface.

You're exactly right, and your parent poster is exactly wrong. Attention, Please, Everyone:

EASE OF USE DOES NOT INDICATE A BETTER PRODUCT.

Apache is incredibly powerful. There's a reason it's the most popular webserver in use today, by far. And, with most linux distros, it's relatively easy to configure given the default configuration file.

The grandparent poster seems to suffer from the "I can't figure out how to do it in 5 minutes, therefore it's too hard" syndrome. Well, guess what? Work harder, or find a webserver that's easier to configure. For starters, there are any number of graphical (and ironically, web based) configuration utilities for apache. See ApacheGUI, Apacheconf, and Webmin. Aside from that, if the big bad config file scares you, maybe IIS is for you - you know, checkboxes and dropdown menus and insecurities.

But, seriously, the ratio of (Size and complexity of apache config file) to (complexity of the program) is very reasonable. I worked at a linux / solaris based webhosting company for almost 3 years. It took me about 2 or 3 months before I was completely comfortable working with almost all facets of httpd.conf. I understood the general idea in about a week, and there are still some parts that I'm fuzzy on, or don't get, or would need to google, but a couple of years ago, I could have almost written a config file by hand. They're seriously not that long, if you take out the commented sections (which are, of course, there to hold your hand). By contrast, I only scratched the surface of the sendmail config file.

Basically, my post boils down to: You can understand the basics of the apache webserver in an hour with a tutorial, google, and a test box to play with. Most of the time, the default options will work for you. There is almost no end to the amount of apache documentation available for you. And there's no need to understand the intensely complex aspects of the webserver outside of specific instances. For basic usage (as with most programs), stick close to the defaults, and google for answers to any questions you have.

Just because You, grandparent-poster, can't understand the apache config file in 5 minutes doesn't mean that the whole project should be scrapped. Every part of the config file serves a purpose. Any new project you create will need to have all the variables in the current project defined, or it will be less capable than apache. Please, take the time to learn what you're doing, and come up with real problems that need real solutions.

Just as an aside: vi versus Notepad.exe - Which is better?
vi is more cryptic, by far.
vi takes longer to learn
vi doesn't look as nice
Notepad is very easy to use
Notepad is graphical

However, once you take the time to learn vi, you'll see that it's difficulty in learning, once surmounted, leads to a much more powerful, capable text editor.

~Will

Re:Configuration complexity

> Notepad is very easy to use

just an addition to your point.
Notepad is not easy to use. It's easy to start typing. but that's no way to judge the ease of use of an application any more than hello world tells you anything about a programing language.

Vi - and in partcular Vim, is far easier to actually _use_ as an editor of any significant chunk of text.
How do I automatically indent based on syntax in Notepad?
Can I even automatically indent based on previous indentation?

How can I view a text file that has Unix line breaks?

How do I mark a position in the document to return later?
How do I go to the 235th line? - is CTRL + G, then typing the number then hitting OK really any easier than 235 SHIFT + G?

Re:Configuration complexity

[LionKimbro]

I really wish that there were a programmatic interface to Apache configuration.

I think we could really use some tools to help with Apache configuration.

• Something where, in any directory, you could ask: "Apache, tell me what you think about this directory. Talk to me, Mother Goose." You know- it could say, "Options ExecCGI, blah, blah, and blah." It would tell you if Apache had permission to go to that directory, it could tell you what rights Apache had in that directory, it could tell you what things it would do in that directory. That tool, right there, would end SO MANY HEADACHES.
• Something to programmatically change the Apache configuration. Why is this important? INSTALLERS. You can make automatic installers that don't mess up your other Apache stuff, if you could do this. That will result in speeding up web service deployments, and head us toward web component utopia.

Re:Configuration complexity

[zerocool^]

I agree with you. I love vi. My point was that most of those are what the sheeple would call "advanced features", i.e. most people point, type, and print.

Re:Configuration complexity

[petermgreen]

IIS was at least until recently considered to be full of security holes. I belive this has improved with version 6 but many still don't trust it.

its also windows only, apache runs on windows most unix and unix like systems and probablly a few others.

Re:Configuration complexity

[Jason+Earl]

IIS just seems like it does as much because the administration tools for it are so complicated. If there's one beautiful thing about apache it is that if you get a solid configuration you can simply scp it to the next machine and you are golden. However, comparing the functionality built into IIS to Apache's built in functionality is just ridiculous. I haven't used the newer versions of IIS, but I am pretty sure that they can't be configured as a proxy server, and I am positive that they don't have Apache's powerful URL rewriting ability. You also can easily setup up Apache to authenticate against all sorts of data sources from plain text files, to Active directory, to databases like PostgreSQL or MySQL. I am sure that the real Apache gurus could make a very long list of the features that Apache has that IIS doesn't have.

Re:Configuration complexity

Of course ease of use does equate to a better project. All other things being equal, we'd all choose an easy to use product with feature set X over a difficult and awkward one (say with binary configuration files you have to edit with a hex tool) with the exact same feature set.

So, yes, ease of use absolutely matters. It's not the only factor in the equation, but pretending it's not and that it's the fault of the user base for not being smart enough to use a particular product isn't a recipe for success.

As for the specifics of Apache; I won't touch the thing. Tomcat is plenty fast enough for me and does everything I need a web server to do.

Re:Configuration complexity

[zerocool^]

Ease of use equates to a better product *IF* the two products are otherwise equal, like you said.

If I gave you a webserver, and said, it's incapable of SSL, CGI, and the module API is still in its infancy, but the config file is only 10 lines, would you use it over Apache? No, of course not.

Ease of use is a checkmark to put in the plus column. However, just because a program is easy to use, does not mean that we should throw out all the harder to use programs, even if they're better from a security / technology / scalability / whatever aspect.

If you like tomcat, and don't use apache, BRAVO! That's what choice is all about - that's the spirit of open source software! I happen to have no clue how to use tomcat, so I use apache! But, I'm not going to sit here and tell you that Tomcat sucks because I can't master it in five minutes. I'm sure tomcat is an excellent program. It's just not for me. And if my origional post's grandparent post had said "I don't like apache - I find the config file too confusing, so I choose to use something else", everyone would have said "Bravo!". But, instead, he chose to find the flaw in the software, not in his understanding of it.

And I'm furthermore not saying that the apache complainers aren't smart enough. I'd say that most people, even the aforementioned ancestor post, who read slashdot are at least moderately intelligent. My problem is only when people say "I can't understand it, so it must suck". To me, that's either lazy or stupid. If you can't understand it, you have two choices - change your gameplan (find a different webserver), or study it until you understand. I have no respect for complainers. If you are complaining because you don't want to switch to a new gameplan, you're stupid. If you're complaining because you don't want to put the work into learning, you're lazy. I don't have room for either of those people.

~W

Re:Configuration complexity

[loom_weaver]

The original poster does have a point. A very powerful piece of software can still be easy to configure and not lose its power.

One way to do this is to have 3 different levels of configuration. Novice that exposes only a few options, medium, and finally advanced which gives you the entire gamut.

If 75% of the people just want to get something up and running then tailor the configuration to show them only the options those people will need. If an administrator needs more power then they can go into more advanced modes.

Configuring firewalls is an especially notorious. Many users want to just protect a single machine. Some want to protect a full blown network with NAT/DMZ/etc.

Likewise with httpd.conf. One person just want to set it up to test some web page development. Others want virtual domains and proxies.

Showing everything at once is overwhelming and often unnecessary.

Re:Configuration complexity

"Aside from that, if the big bad config file scares you, maybe IIS is for you - you know, checkboxes and dropdown menus and insecurities."

exactly what part of checkboxes and dropdown menus is responsible for insecurities?

Re:Configuration complexity

[makomk]

We should all be thankful the attackers hadn't read How to 0wn the Internet in Your Spare Time, or thought up the idea of a slow client/server worm themselves - or really large numbers of users/websites could've been infected.

Re:Configuration complexity

[Nazadus]

You are correct in many ways, however the usefullness of a product is *entirely* on the documentation *if* it's a complex project.

Example 1: Microsoft Windows API isn't documented well. Does this mean it sucks? No. I've seen some *really* cool stuff out there.

Example 2: Apache is flexible and has allot of documentation. Does this mean Apache is good? No. Their documentation is too complex. But this doesn't mean Apache sucks. It just means that using the more complex parts of it gets difficult.

Example 3: PHP is documented well and is flexible. Does this mean it's good? Heck yeah. You can even leave comments if it forgets something or you think something should be clarified better.

Just some things to think about.
Recently I've been working on a guide for getting OpenBSD with Apache/LDAP/PHP/a bunch of common stuff. It's been very tough due to lack of documentation. Especially LDAP, fucking A that's been tough. I even have three books and barely know where I'm going. I feel like a baby... naked.. or something.

The leap to just too difficult sometimes, and this can (and sometimes should) discourage people from using it as a real solution. If a boss finds out you've spent 4 days trying to learn *insert feature of the week here*, he's going to be pissed. The key is _good_ documentation. Good documentation is tough to write though...

I've only gotten Sendmail working once (on Slackware 9.1). After that I went Postfix becuase it was easier and felt beter documented. At the time I was a serious noob at the internet thing (as far as getting services running) so I should probably go back and see if anything has changed or if I'm just better than before?

Re:Configuration complexity

[zerocool^]

Right, but if I understand you correctly, what you're suggesting is to hide the more complex stuff from the casual user, and I think that's not a bad idea. The target of my aggression, the grandparent poster, wouldn't have wanted that - if you read his posts, he was looking for a way to "configure the minimum amount of stuff for security reasons". Giving him a simple config file, and telling him there were more advanced options somewhere else, wouldn't have helped him, because he wanted to go through and turn off or get rid of everything he didn't need.

~W

Re:Configuration complexity

[drinkypoo]

On the other hand, there's no need for apache to be quite so hard to configure, or to have such inconsistent configuration syntax, etc etc. As others have noticed in this thread, go back to Why I Hate The Apache Web Server for a nice list of many of the precise stupidities.

yes we had a similar problem

[caffeinemessiah]

especially compared with other services or a roll-your-own approach

...but that was in college on weekend nights.

Re:configuring apache #1 complaint, still unaddres

Because a huge percentage of webservers, or at least the important ones, that use apache don't have GUIs running on them and are configured via a remote login. And face it, XML is a bitch to edit by hand.

And on that note, there is absolutely nothing stopping someone from writing a GUI configuration editor that reads the current configuration files.

Re:configuring apache #1 complaint, still unaddres

[Vario]

Or if you want something smaller than Apache and a little more than just static pages try http://www.lighttpd.net/. It is secure and beats Apache 2 performance wise and the configuration takes only a few minutes. It runs on my small server for months now and is certainly worth a look.

Everyone missed the boat...

[}InFuZeD{]

Out of curiousity, did any of the above posters actually read the article? Or even the Slashdot post?

This isn't about Apache's Web Server at all. It's about the Apache foundation, and running projects with them. Apache's web server is just an example of a project that is run under the Apache Foundation... and any bloat / hard configuration in httpd has little to do with Apache Foundation's "overhead".

Re:Everyone missed the boat...

[bpbond]

Out of curiousity, did any of the above posters actually read the article?

You must be new here.

Article is not about the httpd server

[LFS.Morpheus]

First, If you actually read through the blurb (not even the article) you'd see that they're not talking about web servers - they're talking about Apache, the organization behind the web server.

Second, I would recommend the up-and-coming lighttpd, which I have used for both static and dynamic content. I have never used thttpd so I am not sure how it compares on the static end.

ROOTKIT

Now that folks, is pure comedy

Re:ROOTKIT

[Philip+K+Dickhead]

Hey, I've got the network!

Well, it should read:

[HeliumHigh]

"Apache Comes With Too Much of a Color Overdose?"
Hoowwllleeeeeyyyy crap. I thought Rob didn't have an 'eye' for color _before_ I saw the Apache page.

Seriously. Purple. Purple AND Yellow. Eugh!!

Re:Well, it should read:

[HeliumHigh]

Off topic? It is not! This is part of the community, and I am suggesting (or complaing) about the color scheme.. which is.. er... part of the community.

Re:configuring apache #1 complaint, still unaddres

No self-respecting geek wants easy to use/configure crap...

Go to the lightweight brainpower girlieman section if you want easy to use, its next to the barbell, home-gym area of the store.

IIS

[Elrac]

My only experience with IIS is the exercise of exorcising it on sight whenever I accidentally activate it in Windows. One reason I do this is that I'm reasonably familiar and comfortable with Apache, and would rather take the trouble to install Apache on a Windows box than fiddle with the available IIS. Another is that I've heard some bad things. Don't sue me for this, I don't know if this is true:

1. Frequent security issues. AFAIK, more than Apache.
2. Microsoft once tried to switch a Web site of their own from Apache to IIS, and failed. They quickly fell back to Apache after their IIS-based site crashed and burned in some way. I seem to remember the name Akmai associated with this story.

First Prime Factorization Post

apache = 0x617061636865 = 0x5 * 0xD * 0x1D * 0xD3BABFCA9
APACHE = 0x415041434845 = 0xD * 0x14B * 0x3E2BE92AB

So... What were you saying?

Just wait...

...until they get thirsty and start asking for beer. And not just any mass-produced US supermarket swill beer will do either. These fellows will demand the $8/sixpack good stuff.

Re:configuring apache #1 complaint, still unaddres

[fimbulvetr]

You have to be kidding me? XML? Are you out of your mind? Apparently you've drank the XML koolaid and you're parroting it's usefulness for everything but ending world hunger. Almost every OSS project I use relies on the ease and simplicity of text configuration files. Of the few XML configuration files I've ever used, I've been left with a disgustingly horrible taste in my mouth afterwords.

Some of use don't want some GUI to do our configurations, and we certainly don't want to be at the mercy of one. When the GUI breaks or doesn't work (It's KDE only, it's gnome only, Xorg isn't installed, one doesn't exist yet, the ones available don't support these new options yet, ad infinium), we don't want to have to construct super perl scripts with XML capabilities to do mass changes in configuration files. Some of you might be fine with your tomcat's server.xml file being 1500 lines and the accompanying bloat, but I for one choose less complexity, even if the only advantage is controlling configurations more efficiently.

Tough Call.

I'm not going to bash the Apache Foundation or Apache Developers, or even Apache itself. It's all good work, and lots of it, while I sit around doing SFA...so who am I to bitch?

However I believe that any bloat, be it at the Foundation, or developers, development, or Apache is all part-and-parcel of the Kitchen Sink mentality of computing.

I was going to blame the Linux community's Kitchen Sink mentality, but then I remembered Microsoft and their products (and just about everybody else) and realised that it's a computing thing, not platform specific.

Ever asked somebody to do an install for you, either because you don't have time, or it's new to you, or whatever? They will always install every last little thing, "Because you may need it someday".

I'm a minimalist when it comes to systems, and I mean minimalist: unless the system won't function without something, it's not installed. Yet I have never met anybody else with the same approach.

Humans and bloat go together I guess.

Re:Tough Call.

[yoshi_mon]

Ever asked somebody to do an install for you, either because you don't have time, or it's new to you, or whatever? They will always install every last little thing, "Because you may need it someday".

I'm a mean minimalist myself. The prosepect of a major distro upgrade do not always thrill me because it means I have to go though and see what exactly the "bare bones" install installed that I have to now remove.

Re:Tough Call.

[petermgreen]

ever considered switching to a distro where using the package management tool on the system is the supported way to upgrade?

Re:Tough Call.

[yoshi_mon]

I use a lot of flavors of Linux that offer what your talking about. However that is not the issue that I am actually refering to.

What I'm talking about is fresh installs for servers that I may be setting up. When setting up a server for a new client I tell them I'm comfortable with setting it up with whatever distro they might want. Often times that question alone is enough that I get the deer in the headlights look from them so I quickly then give them a list of the standard "big name" distros that they can consider.

So really the issue that I'm talking about is not so much upgrades as installs.

But what have they done recently?

[penguin-collective]

Yes, Apache 1.x is enormously popular. But that's not where the work in the Apache project has gone recently; recently, they have been working on Apache 2.x, XML-related projects, and lots of other projects. Are you using any of those more recent projects? How much impact have those projects actually had? And is the amount of effort that has gone into them justified by their impact?

Re:But what have they done recently?

[winkydink]

Actually, yes. I am part of the Spamassassin development effort.

Re:But what have they done recently?

[commanderfoxtrot]

(I agree with many of the chap's comments about Mammoth skiing- I worked as a ski instructor there once... but Courchevel/les 3 Vallees in France is still so much better!)

Apache-group software is excellent, but can indeed be confusing. There is so much there of merit, which just isn't understood.

I use Apache 2 and don't get too concerned about the accompanying fluff; so long as I can configure it, it doesn't concern me. But woe betide the person who can't and has to go to apache.org and fight to get through the content there to what he actually needs!

I suspect 99.9% of Apache software used is the web server. Perhaps the Apache group has grown too far.

Re:But what have they done recently?

Ant? SpamAssassin? Struts? Tomcat?

Re:But what have they done recently?

[boa13]

I suspect 99.9% of Apache software used is the web server. Perhaps the Apache group has grown too far.

I suspect you're wrong. At work, we're using tons of products made by Apache, in addition to the webserver itself. Ant, Tomcat, Struts, and plenty of XML-related and Struts-related libraries, off the top of my head. All these projects are high-quality software, and used as such by many companies working with Java around the world.

Apache is as bright a beacon in the Java world as it is in the webserver world.

Mod everything *except parent OT (n/t)

Really.

Re:Mod everything *except parent OT (n/t)

[nettdata]

What he said.

vs. the Red Hat girl

[matt+me]

Ok, whilst on free OS logo fetishes.

The Red Hat model.
http://www.madyiordache.com/TheRedHat.htm

Try thttpd from acme.com

[terryfunk]

Geez, any professional sys admin can configure apache. If they can't they should be fired. If you are not a sys admin maybe you should be running IIS on Microsoft. If so you will still have nightmares because sooner or later you get 'owned' and it will be sooner rather than later because by default IIS the OS is wide open.

You're a weenie, quit reading /.

JUST KIDDING!

Re:configuring apache #1 complaint, still unaddres

[Yaa+101]

The config file is fine, how about learning how to use something before actual using it?
It's not that there are no manuals and info.

Putting your $ where your mouth is

...except in this case, most Slashdotters probably have more time than money... All of the people who complain about the Apache config files should make the changes they'd like to see, and contribute their work back to the community. That's the whole point of open source: stop bitching and start fixing.

And yet

In that Digg.com article on Slashdot last week, all the readers posted that they come here "for the comments" and not the news. Kind of worthless, then, if nobody reads the article and just comes here to mouth off about whatever pops into their minds that's vaguely related to what's in the article headline...there's a reason Linus Torvalds said in the LKML that Slashdot is one big "public wanking session" where people who don't know what they're talking about get together.

Re:configuring apache #1 complaint, still unaddres

[mcrbids]

IMHO, the Apache group has gotten a little too comfy with their market dominance and years of blind faith from unix users. Sounds like it's time to remind them that especially if you're already on an open-source platform, you have a lot of choices.

Yeah, they need a message. Look at that beautiful graph now - Apache's hit 70% this month!

Obviously, they're hitting that percentage because, like, people don't have a choice in the matter. It must be dirty pool playing on the part of the ASF... right?

I find the Apache config file fairly easy to set up. It works reliably and without complaint every day, with now just shy of 5 years of perfect uptime...

Of course, you might consider this option... Pick your poison.

People should use Scrinchy instead

Apache has become rather bloated , and its
community is a part of that bloat.

A smaller, simpler server is in order, such as Scrinchy.
                  http://scrinchy.org/

Or, look at the numerous other small servers, here:
                  http://en.wikipedia.org/wiki/Tiny_web_servers

Seriously, other than httpd

[smittyoneeach]

...I thought apache.org was primarily about Java projects.
I won't go into a troll about how challenging it was, trying to set up Tomcat to work with a database.
Poring over the source code, what I gathered was that they were using XML files and the admittedly interesting reflection features of the JVM to more or less script the JVM and quite a bit of the app server, especially the security stuff.
The documentation was less than illuminating, and the source code little help. So I took a failing grade in the software engineering class, quit school, and got on with life.
Anyway, a survey of apache.org would reveal an overwhelming Java bias in their projects, no?

Cherokee

[tektek]

I know this is sort of off-topic, but has anyone tried the Cherokee web server? I've heard some good things about it, but not enough to try it out yet. We were using apache 2, switched to lighttpd, and now we're back at apache 2 again (switched back because lighttpd wasn't handling heavy loads very well which could have just been mis-configuration I guess).

Re:Apache has a lot of XML, SOA projects

Actually, Java projects are a minority of the Apache projects, they just happen to get a lot of press because of Tomcat and the IBM acquisition of Gluecode (and some Geronimo team members).

Apache recently has gotten a lot of new committers in XML and web services development. Like with Axis2 and Synapse.

They also have a project called Maven, which is a development environment framework.
There is also SpamAssassin, which is a product I use quite a bit. They claim to be the #1 open sourec spam filter. I don't know if this is true, but I know a lot of people who use it.

Re:configuring apache #1 complaint, still unaddres

[petermgreen]

afaict there are three main reasons for using apache

1: your already familiar with its configuration format (which i never had too much trouble with myself but some seem to hate)
2: you wan't to use software thats primerally designed to run under an apache module (think most php stuff).
3: you actually wan't the ability to do things like arbitary matches on urls and proxying some dirs to other servers and name based virtual hosting all at the same time.

So...if you were to start an open source project

Where would you host it? Apache, Source Forge, or somewhere else?

How important do you think the Apache brand is to attracting new developers to your project?

There's a problem?

[lseltzer]

I'd think at least twice before criticizing Apache's basic structure. There aren't many open source projects that are as successful as Apache and dominate their space as thoroughly.

Re:There's a problem?

This isn't about the apache webserver!

Re:There's a problem?

Couldn't the same have been said of the XFree86 project?

Re:configuring apache #1 complaint, still unaddres

[Excelsior]

You have to be kidding me? XML? Are you out of your mind? Apparently you've drank the XML koolaid and you're parroting it's usefulness for everything but ending world hunger.

He's not out of his mind, and you aren't proving your own sanity by being rude. There's nothing wrong with XML for configuration files, and plenty to gain. If you have config in XML, developers can write config integration or front-ends in any language that has an XML parser. PHP, Java, Perl, Javascript, Python, Mono/.NET, etc., etc. With normal text config files, you have to do ugly string manipulation, and you have no way to adjust from version to version without custom hacking for every setting in the config. This is why front-ends rarely exist for most text config files, and why front-ends do exist for many XML config files.

Further, with XML the configuration option and it's set value can be validated. Right now, we don't know if any setting in a text configuration is actually doing something or doing what we want. From version to version settings change, go away, gain new options, etc., and we have no way of knowing if our setting is valid until we view documentation - and even then we have to hope the documentation is up to date.

Some of use don't want some GUI to do our configurations, and we certainly don't want to be at the mercy of one.

No one is forcing you to use a GUI front-end for XML config files. But thanks for thinking that you are the center of the universe, and all those who want a front-end be damned.

When the GUI breaks or doesn't work (It's KDE only, it's gnome only, Xorg isn't installed, one doesn't exist yet, the ones available don't support these new options yet, ad infinium), we don't want to have to construct super perl scripts with XML capabilities to do mass changes in configuration files.

Editing an XML config file in a text editor isn't harder than a non-XML config file. The same "stuff" is there. Yes, it has tags around it that take up space, but big deal.

Roller Weblogger's Transition to Apache

[GuruThrill]

I've been monitoring Roller's transition through Apache's incubator process. You can get a glimpse of all the legal licensing issues a project has to go through to become compliant. Definitely an interesting read:

http://mail-archives.apache.org/mod_mbox/incubator -roller-dev/200511.mbox/thread

I, for one ....

I, for one welcome our new apache community overhead overlords!

Re:configuring apache #1 complaint, still unaddres

[vwjeff]

...I've been left with a disgustingly horrible taste in my mouth afterwords. MUST...RESIST... That's what she said.

Postfix, anyone?

[SuperBanana]

You're exactly right, and your parent poster is exactly wrong. Attention, Please, Everyone: EASE OF USE DOES NOT INDICATE A BETTER PRODUCT.

Is that why Postfix is miles easier to configure than Sendmail- and is faster, more secure, and just as flexible if not moreso?

*crickets chirping*

Re:Postfix, anyone?

[zerocool^]

And just to reply to this aspect of your idiocy, as well -

Postfix and Sendmail (and qmail, and exim, and several others) all have the same capabilities. They all send and receive mail. Given that their feature sets are relatively equal, then ease of use comes into play.

If I walked in with a mail server that didn't receive mail, and was only capable of sending 10 messages a minute, but had an amazingly simple 10 line config file, would *you* use it?

~W

Re:Postfix, anyone?

[jgrahn]

Is that why Postfix is miles easier to configure than Sendmail- and is faster, more secure, and just as flexible if not moreso?

It's not that simple. Sendmail has improved, and configuration-wise, serving mail will always be tricky to configure. That said, Postfix serves my mail, and I've not used sendmail since the 1990s.

PS

[SuperBanana]

PS: I didn't say Apache would be a better product. I said a long-standing complaint from USERS of Apache is that configuration is a royal pain in the ass. And that the Apache project has done absolutely NOTHING to address it.

I've used Apache for years and I understand it just fine. It doesn't make working with it any less confusing, and I resent the character assassination attempt.

See the presentation I linked to. The format, organization, directives, and parsing of Apache config files are all downright STRANGE sometimes.

PPS: I don't take seriously the words of a man who picks as his username, a character from the worst movie ever made (Hackers.) Furthermore- maybe you should make sure your website is up and running (it isn't) before you go lecturing us about how easy webservers are to configure.

Re:PS

[zerocool^]

Sigh.

1.) The Apache foundation hasn't "fixed" the config file issue because they (like most other serious web admins) don't consider it a problem - they consider it a strength.

2.) If you "understand it just fine", why are you still confused by it.

3.) Your user id indicates that you've not been around slashdot long enough to see one of my now hundred or more replies to people who tell me it was dumb to pick a username from the guy from hackers. I'm tempted not to even bother, but just for the sake of arguement, for the hundredth time, I was aware that it was lame when I chose my user ID. I didn't care then, and I don't care now, with the exception that morons keep thinking they're smart by pointing it out. I chose the name because it's tounge-in-cheek, and because I'm willing to admit that I am entertained by the movie hackers.

My website is down because the server that it was hosted on is down. I had a co-located server, but my interest in running that website continually fell off as the usefulness of it was supplanted by myspace (everyone who hung out on my web forums moved to myspace). All it was doing was hosting my webmail (using qmail, vmailmgr, courrier, vpop, and squirrelmail - all of which have config files *shudder*). So, when the onboard IDE controller died, I decided not to care, and went about the business of living my life, rearing my child, furthering my career, etc. So, if you're blaiming a dead ide controller on the Apache Foundation, be my guest.

Don't let it bother you, though. You're just like everyone else - even me occasionally - spouting off about shit you know nothing about, and expecting other people on slashdot to respect you for it. This time you got caught.

~W

They new more languages other than java

They are focusing too much on java for my liking. They need to go into rails project or python. Thats the future .. none of this java shit

Re:configuring apache #1 complaint, still unaddres

[earthbound+kid]

If there were a GUI XML tool you could a) use remote login and do it on the server in X11 or b) configure it on your computer, save the XML, upload it to your remote server then swap the files. Being headless is no excuse for being GUI-less.

mod_jk

They don't seem to apply their rigorous procedures to mod_jk, the plugin that JBoss.org has taken over development of. The quality of numerous releases over the past year has been very disappointing. The 1.2.15 release looks decent, but its predecessors were very buggy to the point of being what I'd consider beta software not ready for running in the enterprise environment.

Re:Apache has a lot of XML, SOA projects

[Florian+Weimer]

Actually, Java projects are a minority of the Apache projects, [...] Apache recently has gotten a lot of new committers in XML and web services development. Like with Axis2 and Synapse. They also have a project called Maven, [...]

Axis2, Synapse and Maven are Java projects.

Re:configuring apache #1 complaint, still unaddres

[KZigurs]

because configuring things like amount of connection threads alive requires to think about expected load of the system and capabilities of the system. Because there is a difference if you want to configure apache to have php/python_mod built in or you want to handle anything thru cgi, because there is a requirement to understand how http security domains work if you want to use http authentication, because good installation includes setting apropriate mod-masks on servable content. And then, there is, of course html vs. htm debate.

In short - GUI frontend wouldn't take care of thinking about your apache install as a system, dare I say, _service_ that fits your needs and infrastructure. On the other hand - there is a lot of people who took care to learn what it all means, took care to think about their needs and took care to configure their apache as they see it fit - and they did good.

If someone isn't capable to understand options in text file, he won't be capable to understand them when presented in a shiny GUI no matter what.

P.S. Apache config file really is _simple_. Really! Once you know why the hell those options are there. And if you don't - take the default one and you'll probably be ok.

Re:configuring apache #1 complaint, still unaddres

[TheRaven64]

Lighttp also supports FastCGI, so it can pre-fork a process to handle CGI requests and re-use the same process for every request to that script.

I hope OpenBSD will eventually drop their Apache 1 fork (they didn't import Apache 2 because of the license) and move to Lighttp.

Making Apache easy to install

[PGillingwater]

One complaint I've often heard is how Apache is difficult to install for beginners. I came across a great answer to this question recently. Check out the Apache Friends XAMPP package, which combines Apache, MySQL, PHP & PEAR, Perl, ProFTPD, phpMyAdmin, OpenSSL, GD, Freetype2, libjpeg, libpng, gdbm, zlib, expat, Sablotron, libxml, Ming, Webalizer, pdf class, ncurses, mod_perl, FreeTDS, gettext, mcrypt, mhash, eAccelerator, SQLite and IMAP C-Client.

It's very easy to install, and is set up to be easily administered. I now recommend it to users of my recently released DMO software, which provides a kind of Object-based DB layer on top of MySQL.

Re:Apache has a lot of XML, SOA projects

[smittyoneeach]

Prosecution rests.

Yeah

I'd Keep her in my freezer...

Maybe other projects have it wrong?

[walterbyrd]

I don't know, but I get tired of the endless half-baked FOSS projects out there.

For example, how many FOSS CMS projects are there? At least several dozen, maybe a few hundred. If half the effort went into about six CMS projects, those projects would be awsome.

When every FOSS developer decides to go his/her own way, you get an endless series of cr@p.

Fact is: Apache is way more successful than 99% of FOSS projects out there. So maybe everybody else is out of step?

Re:Maybe other projects have it wrong?

For example, how many FOSS CMS projects are there? At least several dozen, maybe a few hundred. If half the effort went into about six CMS projects, those projects would be awsome.

Two words: mythical man-month. That's not the way it works. Look at a monstrosity like Lotus Notes; sometimes more cooks spoil the soup. More resources are sometimes helpful, of course, but its not the end of the story; in many cases, a small development team can communicate more efficiently and coordinate rapid development much more easily.

Many such combination products - but XAMPP works

[walterbyrd]

There are many projects out there. I have tried several. I forget exactly what they are called: PHPTrio, or Apache2Trio? Again there are several.

But XAMPP actually works. It is up-to-date, installs easily, and works well.

That is my experience anyway.

Re:So...if you were to start an open source projec

[Wizarth]

On the webserver in my basement, of course!

Re:configuring apache #1 complaint, still unaddres

[Nevyn]

Saying that web server performance is better than Apache-httpd is like saying fish can swim better than dogs, it's true ... but pretty meaningless. Apache-httpd developers have publicly stated that they don't consider performance a design goal, and their email server is actually Apache-httpd in disguise.

As for lighttpd being "secure" it had a problem this year where you could bypass checks by using the NIL byte encoded. As a web server author I can only say "Like, Duh!" ... and after taking a 10 minute grep[1] of 1.4.7 I can see a buffer overflow already, I'm not sure how easy it is for a normal user to do (and it's only a couple of bytes) but I don't care too much either. The obvious DOS is there for the Range header, and the symlink "protection" is smoke and mirrors (stat check followed by a non-checked open()).

It also doesn't seem to support Accept/Accept-Language negotiation, which I thought was pretty weird (feel free to disagree).

Obviously I'm somewhat biased, given that I've writen my own, but then I do have a "security guarantee" with it.

[1] For anyone who does care do a strncpy grep in http_auth.c (I looked at version 1.4.7)

ASF "overhead" is good for some environments

[TheLoneGundam]

To get management to seriously consider Open Source, it's nice for them to be able to see some management processes in place. It's one of their concerns over Open Source - is it all just "wild and wooly" development, or is there a plan, is there change management, etcetera. So, to that end, this so-called "overhead" helps get Open Source adopted in places where PHBs have to be convinced.

Re:configuring apache #1 complaint, still unaddres

"...developers can write config integration or front-ends in any language that has an XML parser. PHP, Java, Perl, Javascript, Python, Mono/.NET, etc., etc. With normal text config files, you have to do ugly string manipulation..."

So what? Developers have to work harder, so that USERS can enjoy clean plain-text config files? What's wrong with that? Or you'd rather make developers' lives easier and users' harder?

It's that approach that has led to comically bloated and overengineered software such as RPM and gconfd.

Work hard, and make things better for end users.

Re:configuring apache #1 complaint, still unaddres

[beavis88]

Psst....XML *is* text! And even better, it can be *validated*!

And I realize that XML is an incredibly complex technology, but it is actually possible to edit XML directly using a text editor. No "super perl scripts" needed!

Variable, from the looks of it.

[jd]

Apache 2.x seems to be considered solid but sluggish, compared to the 1.x series, so I suspect there are people who held off the 2.0 series in the hopes that 2.1 will improve performance. And. yes, whilst I fully understand the natural desire to maintain high standards in coding, I do think that the Apache group cold-shouldering SGI's Apache Acceleration Project was probably not the greatest of responses. The fact that these were performance patches, given that 2.x has proved to be slower, has probably soured a few opinions along the way. Diplomacy is not a four-letter word (5 letters to many) and I'm sure that it would have been possible to have done more in a cooperative, rather than competitive, fashion.

On the other projects on the Apache site - Ant seems to be almost universally accepted as a build tool, and Tomcat seems to be one of the more significant servlet engines out there. Struts gets a lot of press, too. Never knew SpamAssassin was part of Apache, but there's no doubt it is also very popular. Beehive - not at this time, at least. The best-known Maven was a videoconferencing tool for the Apple Mac. The other tools listed also don't seem to have much publicity - yet. I'm not sure all of them are that useful, either. Tcl/Tk is used a lot for scripted GUIs, but is not suitable for web work, really. There WAS a Tcl/Tk plugin for Netscape - wonder what happened to that.

Some projects I'm surprised are NOT there:

• Pike seems to be interesting for web work and is certainly in (limited) use for that purpose.
  
• If there is any way of using client-side certificates for authentication or access control lists, it's not well documented.
  
• Multiviews for languages is all fine and good, but what about for browser capabilities? I doubt many people set the default language on their browser, anyway, and even fewer seem to configure their web servers to support the feature.
  
• Webcasts are horribly slow and inefficient because they are often accessed by many people at the same time. It would be better if Apache had a mechanism for supporting multicast webcasts.
  

Re:configuring apache #1 complaint, still unaddres

Lubricants are absolutely essential for any form of anal exploration because the anus does not produce any lubrication of its own. You need to be more than generous - too much won't be enough. Use lots of silicon or water based lube on your hand, wrist, anus, and condom and re-apply it regularly. Lubrication assists anal play and penetration and reduces the possibility of internal damage, grazing and bleeding. Lube also reduces the chance of a condom or or other barriers tearing.

Why do you care?

[Some+Random+Username]

It doesn't matter what OpenBSD includes in the base system, if you want to use another webserver, install it. That's what the ports/packages are for. And keep in mind, lighttpd is missing tons of functionality, and the author is outright hostile to suggestions to fix this.

Re:Why do you care?

[TheRaven64]

The package for PHP does not support FastCGI, and it does not appear to be an option in the port. Building PHP with support for FastCGI requires either modifying the port's Makefile, in which case you'll need to remember to do that every time you upgrade or building it manually and losing integration with the packages system. If the default web server were not Apache then I doubt that the default for things like PHP would remain 'works with Apache but nothing else.'

Actually, I'd rather see them make the base system a bit more modular, and remove things like Apache and possibly Sendmail to an 'audited ports' category - things not included in the base system, but which are subject to the same level of code review as other things in the default install. Or even have an Httpd3.8.tgz in the distribution sets, allowing you not to install it.

Re:Why do you care?

[Some+Random+Username]

Actually, building PHP with fastcgi support requires neither of those things. Just set CONFIGURE_ARGS to whatever you want it to be before building the port. Its not that big a deal is it?

Also, have you asked the maintainer to include a fastcgi FLAVOR?

Re:Why do you care?

[TheRaven64]

No, it's not that big a deal, but it is mildly irritating. As for asking the maintainer to include a fastcgi flavour - it was my intention to create this myself, and then submit it as a patch, rather than saying 'I want this feature, make it happen for me,' since I've found that attitude not to go down well with developers unless it is acompanied by a cash injection (or, at least, a beer or pizza injection).

Troll harder.

[Some+Random+Username]

Postfix is none of the above. Sendmail is incredibly simple to configure. You aren't trying to edit sendmail.cf are you? You are supposed to edit the mc file, which is very simple and easy to configure.

Sendmail has certainly had a bad history with regards to security, back in 1992 before postfix even existed. But its been hugely improved, with large parts rewritten even. Its track record in recent history has been fine, and the sendmail developers are at least responsive and proactive about security. When OpenBSD developers send them patches, they actually accept them!

I've never seen any benchmarks that put postfix significantly ahead of sendmail, even qmail is only faster when dealing with a mailing list type load, its local delivery is still around the same speed as sendmail and postfix.

And postfix is most definately less flexible than sendmail, I can't imagine how anyone could say something this obviously crazy. Learn sendmail before you make statements about how flexible it is.

Re:configuring apache #1 complaint, still unaddres

[Some+Random+Username]

First of all, it doesn't perform better than apache. It uses less memory than apache to serve many static files. Apache performs very well if configured correctly:
http://paul.querna.org/journal/articles/2005/06/24 /debunking-lighttpd?postid=82

Second, yes it did have a stupid error that less you use NULL to see a file's source instead of interpreting it. Of course, you shouldn't have your source in a web accessable directory anyhow, that's one of the major benefits of fastcgi. It would be nice if people would stop writing things and calling them "secure" when they aren't actually trying very hard to write secure code, but there's definately alot worse out there than lighttpd. Its no worse than apache, which is what most people are running anyways.

Third, does your webserver support any of the stuff lighttpd does, or is it just like thttpd (not terribly useful)?

And finally, where is this buffer overflow exactly? I certainly don't consider myself a C expert, but although the code is "wrong", I don't see any way to overflow salt.

Re:configuring apache #1 complaint, still unaddres

[Nevyn]

First of all, it doesn't perform better than apache. It uses less memory than apache to serve many static files. Apache performs very well if configured correctly [... snip ...]

Riiight. That's very misleading, if not outright misinformation. Yes, in certain situations Apache-httpd can happily flood the LAN connection ... but it can have huge problems with non-instant connections due to the one process per. connection model, it is also esp. bad when the number of connections goes high. And in more situations Apache-httpd being slow isn't your major bottleneck. But you can't say "it performs very well" with a straight face.

My reaction was mainly based on the fact that it gets old fast when people start saying "My HTTPD is super fast, see this perf. comparison against Apache-httpd" ... it's basically the exact same stuff from at least the 1999 paper (I'm sure there were referneces before, but 6 years old is enough for /.) "Performance Issues in WWW Servers".

As, I believe, I said before though multiple apache-httpd developers have said that speed/scalability/etc. isn't a driving force ... so it not being good isn't really a failure.

Second, yes [it's probably insecure] but [you could work around it with defense in depth] and [it's about as good as apache].

I don't disagree with any of that ... but the above implies that having defense in depth means you get a free pass to have one of the layers be bad. That's like saying because A-random-webserver is behind a firewall that understands HTTP and rejects bad requests it's now OK that it's a security nightmare. But we might just be agreeing vemenantly here.

Third, does your webserver support any of the stuff lighttpd does, or is it just like thttpd (not terribly useful)?

Useful is in the eye of the beholder, a significant number of people are fine with what thttpd provides ... personally I find that it's horrible to do things in apache-httpd that are easy in And-httpd. But then the developer staff are very open to my needs in the later :).

To possibly answer your question, And-httpd doesn't support CGIs or FastCGI yet ... so you might well think of it as "not terribly useful".

And finally, where is this buffer overflow exactly?

One of the lighttpd developers emailed me within a few hours of posting, so it's fixed in the latest CVS anyway.

I would like to take this opportunity...

[Randall311]

...to pump LightTPD as a lightweight and simpler web server solution alternative to Apache. LightTPD has a smaller memory footprint then Apache does as well. Apache processes had greater than 10% of my system memory used while running a personal web server. Running the same setup with lighttpd showed around 0.3% CPU used. Configuration is still a little confusing to the average newb, but IMHO setup was easier with LightTPD.

Re:configuring apache #1 complaint, still unaddres

[Some+Random+Username]

"Riiight. That's very misleading, if not outright misinformation. Yes, in certain situations Apache-httpd can happily flood the LAN connection ... but it can have huge problems with non-instant connections due to the one process per. connection model, it is also esp. bad when the number of connections goes high. And in more situations Apache-httpd being slow isn't your major bottleneck. But you can't say "it performs very well" with a straight face."

You are just plain uninformed. "certain situations" include almost all real world situations. Name a situation where apache can't serve files fast enough, but something else can. People have "preformance" problems with apache because they do things like write horrible slow PHP, and then complain that apache is slow. If you have slow shitty PHP code, then it will be slow. But that's not apache. And obviously apache is not tied to a single connection per process, I'm not sure why you think that.

"Useful is in the eye of the beholder, a significant number of people are fine with what thttpd provides ... personally I find that it's horrible to do things in apache-httpd that are easy in And-httpd. But then the developer staff are very open to my needs in the later :)."

My comment was that its not a fair comparison for you to sit there and talk about how perfect your webserver is, when all it can do is move files from disk to network. When you approach the functionality of lighttpd, then you can compare your respective security track records.