Slashdot Mirror
Microsoft Sponsors Apache Software Foundation
gbjbaanb writes "Ars Technica reports that Microsoft is to sponsor the Apache Foundation to the tune of $100k. From the article: 'I asked him if this could possibly be the beginning of a broader initiative by Microsoft to increase Apache compatibility with .NET web development technologies, but he says it's still too early to guess Microsoft's future plans for Apache participation. ... He doesn't anticipate a confrontational response from the developers working on individual Apache projects ... The response of the broader open source software community, however, is harder to predict.' (In related news, MS also intends to participate in the RubySpec project.)"
Would, "It's a trap", be too cliche?
Could it be that they would like to quit supporting IIS? Make Apache do the dirty webserver stuff, but keep all the content creation in a dll or something. Maybe the 100k is for working on Windows API's and such?
That is the only logical conclusion, as nobody just gives money to the competitor. Right?
No comprende? Let me type that a little slower for you...
Okay, I have to admit this confuses me. There are a lot of possibilities where MS could make investments or try to push markets, but this seems business backwards. I can't tell if it is a magic trick or the real thing.
And for the subject reference:
A magician works on a cruise ship and entertains the audience with his show. The only problem is that the captainâ(TM)s parrot has figured out all his tricks and tells them during the show. âoeAaarrr, itâ(TM)s in his sleeve, itâ(TM)s in his sleeve, Aaarrrâ âoeAaarrr, itâ(TM)s under his hat, itâ(TM)s under his hat, Aaarrrâ
One night the parrot starts again to tell trick. The magician pulls out a gun and shoots at the parrot. The parrot dodged the bullet; it hit a propane tank and blew the ship into a million pieces. The only two survivors are the magician and the parrot floating on a piece of wood in the middle of the ocean.
The parrot looks around, looks at the magician and say: âoeAaarrr, ok, you got me. Where is the ship?â
B) Eliminate all the stupid users. This is frowned upon by society.
Based on Ballmers history, I'd say this is inroads by which to "divide and conquer". So; with the check, what was on the document saying what they wanted in return. Microsoft never gives anything away and usually takes everything it wants?
All content in this message is copyright (c) 2008. All rights reserved. RIAA is prohibited here.
Couldn't the same argument be used in reverse -- quit developing for KDE/GNOME, Windows already dominates, develop for that?
Oh, that's right -- monoculture is ok so long as its your monoculture.
Embrace
to see Microsoft embracing Apache, oh no, wait a minute I know how this is going ....
Doesn't that run counter to the idea that monoculture is bad in computing?
Apache 2.4 release notes
new modules:
mod_drm
mod_ooxml
mod_reject-firefox
So let me get this straight... you are lobbying for an elimination of competition, collusion, and handing a controlling interest of Apache over to MS?
Don't get me wrong, I'm all for compatibility between IIS and Apache, but to beg for either one of them to get snuffed out seems like an awfully huge risk.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
I sure as hell hope not, I cannot begin to list all the advantages of running IIS+.NET on Server 2003 over [insert language] and mod_whatever on Apache. Having to muck around with httpd.conf and chmod wouldn't exactly be an improvement over their current stack, especially for intra-corp applications.
(I realize the above paragraph might hurt some fanboys - sorry. You can have your platform, I recognize its strengths. Just leave mine alone)
This is probably part of Microsoft's push to make things like PHP and Ruby work better on Windows. After all, they'd rather you run WAMP than LAMP. They've been engaged with Zend on the FastGCI implementation for IIS that makes PHP so much better on Windows. I don't think they see IIS as some sacred cow to be protected. Again, as long as you're running everything on Windows Server =)
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
A better sponsorship would be to quit developing IIS and focus all of its development staff on Apache for Windows,
NOOOOOO!!!!In general I dislike most of Microsoft's technologies. First they make MFC. Code usually looks like someone threw up on the monitor. Then they go and get the same guy that came up with MFC to write C#, which is also horrible. And to top it off, on top of the crap that is C# they pile on things like Forms, WPF, and 1000s of other things that are all hideous.
No company in history has made uglier looking API's. The nice thing about open source is that if you don't like some API, there is a good chance someone has written another one that you will like.
So, err, where do I download this mystical .rpm or .deb file that puts a Windows GUI on Linux?
Is it in one of the unsupported repos, perhaps? Not that I have a use for it, but it'd be fun to play with, I guess...
Quo usque tandem abutere, Nimbus, patientia nostra?
I was mostly referring to application development which depends on a certain desktop, rather than "independent" apps or other *nix-specifics.
Well to use an analogy, if Apache and IIS were car companies, one is manufacturing cars that get 200 MPG, with keyless entry security systems that are highly customizable and can be purchased for $10. The other company makes a car that runs on baby kittens, can be hijacked everytime you go under 30 MPH (and whose top speed is 35 MPH) and can be purchased for $100,000.
Who do you think deserves the market in this case?
This is my sig. There are many like it but this one is mine.
take this with an Everest sized pile of salt!
GENERATION 24: The first time you see this, copy it into your sig on any forum and add 1 to the generation. Social exper
Steve Ballmer is either:
1) Trying to appear more "open" (what with all the lawsuits in Europe & the oh-so-enthusiastic reception of OOXML), so they can have more influence in the real standards body.
2) Simply trying that old trick (to pretend suck up to developers) & then turn around & do something else.
Eitherway, its a PR stunt because it's hard to believe Microsoft wants to change its definition of "industry standards" from "something we came up with" to---wait for it---"industry standards". Unless I'm missing something
Suspicious, wary.
and rightly so too. look at what happened to all those who got affiliated with microsoft in any way.
microsoft has huge negative karma to alleviate.
Read radical news here
If market share were determined by who deserved it, we'd have non-profit pharmas, home-based rapid-production kits, and most "work" would be a thing of the past.
However, the future will probably be more like Minority Report than Star Trek.
Well that is true in a world of closed source code but not in the open source world where security reviewers and amateurs are always looking at your code. When the whole world has access to your code all the time, you always have to be improving it and working on it.
When it is closed (such as IE was) you can sit on it and not develop for years. Keeping things open causes more people to force you to stay on your game or else they will eventually fork it. Thats kind of what happened with Mozilla and Firefox; Mozilla wasn't really doing things right so Firefox was created. Lucky for them he was willing to work WITH them.
This is my sig. There are many like it but this one is mine.
Apache has sold out. We must fork their code now and abandon their Microsoft-backed versions, no matter what the cost. Look at what Microsoft did to Novell and openSUSE - the same thing is going to happen to Apache. Tell everyone you know to stop using Microsoft-backed products. Friends don't let friends use Apache.
I have no doubt that you're a highly experienced WAMP admin, and that you know IIS on a first name basis, but if you're having trouble with chmod, its probably time to walk out of the server room.
He believes that this move is based on a legitimate desire by Microsoft to foster collaborative development of Apache technologies that implement Microsoft standards.
If that's true, then we have a grave situation. M$ can make apache compatible with M$'s home-grown standards and then claim that the standards themselves are open standards. Since the percentage of IT people who mistake an open-source implementation as an open standard is almost 100%, M$ can even be very successful at this. Since the standards themselves are not open, all web servers, except Apache and M$-IIS, will soon die out. Finally M$ withdraws support for Apache and thus giving it a final blow. Now M$-IIS becomes the king. I know that I'm sounding like a conspiracy theorist. But we have seen enough instances of this Embrace-Extend-Extinguish policy.
The largest prime factor of my UID is 263267.
bwaahahahahaha it runs on baby kittens!! :) I don't have any mod points for you, but you just made my day, thank you.
Anders Hejlsberg wrote MFC? While working at Borland in 1992? Huh, I never knew that...
Karma: Poor (Mostly affected by lame karma-joke sigs)
Never had a problem with it, it works as advertised. I like my security to be slightly more granular though, which is why I'd rather have ACLs on NT.
This is for internal corporate applications though, irrelevant in the context of where I'd run my blog or picture gallery.
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
I don't know how to tell you this man... but if I may, the repeated use of M$ in your posts makes you look like a moron, which I'm sure you're not (well, I hope).
Just a thought.
All your software are belong to us
I don't know how to tell you this man... but if I may, the repeated use of M$ in your posts makes you look like a moron, which I'm sure you're not (well, I hope).
Just a thought.
You must be new here.... (Note: GP is Twitter)
Thank God for evolution.
Microsoft may have a different perspective based on their judgement of the enviroment, and whether it's a Zero-Sum Game or not.
Non Zero-Sum Game = contribute to everyone; grow entire pie; so your own little percentage yields a high profit.
Zero-Sum Game = control hardware, software, and even services; shrink entire pie; so that you own a large piece that yields more profit relative to others' profit.
If you believe contributing to Appache would be good for everyone, and hence good for you, then you support them. (Google, Microsoft, Yahoo)
If you believe contributing to Appache would be good for everyone, and hence not good for you, then you don't support them. (Apple)
Q: What do you get when you cross Microsoft and Apache?
A: Microsoft.
You know, you might want to do some research and rethink your view on the security aspect of IIS and Apache - since version 5, IIS has been impressively secure.
Except a comparison between IIS and Apache is actually analogous while comparing an OS versus a Windowing system is far from analogous.
I really wouldn't mind having better ASP support on Apache (that doesn't hurt anyone), but this talk about "interoperability" between Microsoft and the ASF just brings back into my memory what happened to Novell.
/HAS/ (triple emphasis!) to keep their usual levels of strictness when it comes to outside contributors, specially Microsoft in this case.
The Apache Software Foundation
I hope they don't let their guard down. I'm quite concerned, honestly. I do have some hope that the ASF will handle this properly, and not let such a great project succumb to Corporate America.
Really dude, just relax a little. The frothy unrelated bullshit you persist on spewing into every story is really old.
And compared to Apache, it's still lacking. It's only secure in comparison to its HORRIBLE past track record.
This is my sig. There are many like it but this one is mine.
Neither KDE nor GNOME is a windowing system. However, they are platforms -- and platforms are platforms, so to speak. I could just as easily have said Java vs .NET or something, and I suppose I probably should have -- except its too popular on slashdot to hate both.
When I heard about this at OSCON, I had the same disbelief as anyone on slashdot. But then I thought.. what if it's true? What if MSFT isn't going to fold up and die a relic of the days of propriatry software? I wanted to see that, and I'm sure I'm not alone. But they have new management and can see how the software world is shifting just like everyone else. The "enemy" might be infected with "good", and we might get a powerful new ally instead of a vanquished foe. (What if this happend to the MPAA?)
But for now, I'm going to watch out for boar aviators and do what I can to slow the pace of infernal cooling.
Well to use an analogy, if Apache and IIS were car companies, one is manufacturing cars that get 200 MPG, with keyless entry security systems that are highly customizable and can be purchased for $10. The other company makes a car that runs on baby kittens, can be hijacked everytime you go under 30 MPH (and whose top speed is 35 MPH) and can be purchased for $100,000.
Who do you think deserves the market in this case?
The guy that sold a few thousand copies for $100k each. Considering that the other product would have to sell 100K to match the profit in 1 single sale of the other.
O.k. The guy would make far more money if it could sell that $10 one for $100K to a few thousand, but that's always an option to charge them to upgrade to the new improved version.
Yeah, I can't list any advantages, either.
This doesn't necessarily have anything to do with the Apache HTTP server. Apache also does tons of Java stuff.
Business. Numbers. Money. People. Computer World.
M$ has not brought much to the table. In return their marketing department is going to pretend there is community support for OOXML and other proprietary formats.
thats probably the thing they are going for.
Read radical news here
"old" does not mean that the idea is discarded.
Read radical news here
Uhh.. no, that's not true at all. Since IIS6 was released in 2003, there hasn't been a single critical security vulnerability in IIS. Not one.
The same can't be said for Apache.
If you need web hosting, you could do worse than here
Uhh.. you really have no idea what you're talking about. First, MFC is a library, C# is a language. Second, C# was developed by Anders Hjelberg, who Microsoft hired away from Borland. He's the guy that basically wrote Delphi. And no, he did not create MFC.
If you need web hosting, you could do worse than here
Where I work, both approaches are used.
The difference I've seen in the 10+ years since we've had web-based applications in the intranet is that with Apache you must have an experienced analyst who configures httpd.conf once, then the system runs forever. With IIS you must have someone with much less experience, who's always doing this or that to keep the system running.
The consequence is that we have a few very critical systems that run in Apache, while the less important systems run in IIS. We don't keep accounting with enough detail to be sure, but I'd guess the TCO for Apache is much less than for IIS, since so much less attention is needed.
So, you might ask, why not use Apache for everything? The simple answer is that the experienced analysts who take care of the critical systems do not like the kind of stuff that gets relegated to IIS. There are people who do not mind implementing a meeting room reservation system, and there are people who know how to configure Apache, and the two don't mix.
Unfortunately you need to read the manual before you even purchase the car, and the car comes in so many body styles, colors and designs - and every option under the sun. You can even throw in a Model T engine and have it run great.
The car that runs on baby kittens on the otherhand, comes with far fewer options, and these options are all kinda similar (different engine sizes and three or four colors) - but the support is great, everyone has one (so if you don't know something about it, your neighbor might) and the roads were designed with them in mind.
Sometimes it's not about features, it's about the marketing. Microsoft is successful not because they offer the best product, but because most people only know of their product and nothing else. And unfortunately until recently (Ubuntu and similar), Linux just hasn't been close in ease of use. The previously mentioned distros are a great step in the right direction but are still far from being ready for the prime time.
Meanwhile, I'm going to hop in my Aluminum iCar. It only has one button and is maintenance free. Only comes in black or white though, and it costs $150,000 - but hey, that's the price you pay for ease of use sometimes?
everyday is another shooter.
While I agree IIS security has improve dramatically, you might want to do your own research when you claim that there are no critical security vulnerabilities.
http://secunia.com/product/1438/?task=advisories
There are two remote system compromise vulnerabilities listed there.
"City hall" in German is "Rathaus" Kinda explains a few things......
Profit potential != deserves the market.
Some of us put things like customer service and social responsibility above profit.
I can take a pirated copy of Windows XP Pro Corporate and sell it for the same price as my competition sells legitimate XP Pro. But of course, I'd make more profit, as I don't have to buy the product. Does that mean I deserve the market more than the competition? Of course not.
Yes, it's an extreme example, but it makes my point.
"City hall" in German is "Rathaus" Kinda explains a few things......
Well at least the "threw up on the monitor" part was right. I actually really loved MFC when I first was using it, but as time went on I really wished that I had the time to re-do it in some way that read better.
So why will their investors support this move?
Twinstiq, game news
I wasn't aware of the February vulnerability, but the 2006 vulnerability is not a flaw in IIS, it's a flaw in ASP which is exposed via IIS (because that's really the only way to expose it). It would be like a flaw in mod_perl or something being attributed to IIS. In addition, ASP is not enabled by default, so it's a less critical flaw.
The February vulnerability appears more serious, however, it's still mitigated by the fact that the attacker can only execute code as the worker process, which severely limits things in the default configuration. But still, only one critical vulnerability in 5 years, with that vulnerabilty being only a few months ago?
If you need web hosting, you could do worse than here
A lot of us like permissions better than "User, Group, World". That's why a number of file systems support ACLs.
man setfacl is your friend.
Have u ever heard of ACLs for ext3?
Wasn't a massive fan of MFC either if I'm honest but C#? What's wrong with it exactly? combined with the .NET framework it's like Java done right.
If you only have to write for Windows or are happy with the current Mono implementation, C# is one of the best languages out there for application development. It's a modern language, it takes what other older languages did right and fixes many of the things they did wrong.
The .NET framework is easily one of the best frameworks out there also, it's not like stuff running on the CLR is even slow, it's also a pretty efficient language in that respect also.
C# and .NET let you write some very good apps in a lot less code and hence in a much cleaner, tidier way than the vast majority of other languages out there, at least for the Windows platform that is.
ASP may not be enabled by default, but I highly doubt many people are going to use IIS to serve static pages.
I bet the first thing most IIS administrators do with a new server is to enable ASP.
Yes, it's just a hunch on my part, which may be completely wrong, as I've never worked at a MS-only shop, but it just seems weird to me.
"City hall" in German is "Rathaus" Kinda explains a few things......
A lot of us like permissions better than "Read, Write, Execute". Also, ACLs without dynamic inheritance are a nightmare waiting to happen. And lastly, userspace support for ACLs is still woeful on *nix - while getfacl/setfacl work well enough, GUI support is poor, archiver support is thin at best and many end-user apps still think it's OK to meddle with your permissions and inevitably screw it up because they only copy your permissions, not your ACLs (this happens more than you might expect, even word processors do it).
I strongly advise not using ACLs on Linux unless you're really sure they're the only option you have to get the results you want (and then make sure your intended results are worth the penalty). On Windows, use them as much as possible because runas is a piss-poor substitute for su/sudo.
Incidentally, this is the same reason you shouldn't use symlinks (junctions) on Windows unless you're really sure. While it's technically supported at the low level, the upper levels are basically oblivious and will carry on as though they were normal files and therefore fuck your system up one way or another (such as getting lost in a loop, backing up the same files multiple times, crossing filesystems, etc.).
Opportunity knocks. Karma hunts you down.
yeah right, because metabase editing and web.config editing is SOOO much better than httpd.conf, and chmod is obviously deficient compared to clicking on like ACL boxes, right?
What's the MPG of the second car? What's the top speed of the first car?
I suppose that because the second car cost 100k then it must be able to go at something like 400 MPG but that is only in the 30 MPH zone where as at 35 MPH it goes at 100 MPG.
Apache is dying. Seriously, I'm considering dumping Apache in the future. It's a matter about trust. I simply cannot trust MS.
Some of us put things like customer service and social responsibility above profit.
I'll give you social responsibility, but the majority of the time, companies only care about customer service because it's good for business, meaning more profit. Only locally owned and operated stores frequently break that rule.
Some might say that social responsibility is only for good public image, but I have enough faith in humanity to assume that there's a large number of corporations run by good people.
I think your research must be extremely selective because their have been several from various vendors and several that they don't acknowledge. And Apache hasn't had CRITICAL vulnerabilities while IIS has. And their patch time is averages about 1 week whereas IIS averages 6 months.
Again... not a stellar security track record.
This is my sig. There are many like it but this one is mine.
Assuming the IIS administrator lives in 1998? Sure.
The first thing they'd do these days in an MS shop is enable ASP.NET. Similar name, different beast altogether.
That's not all that makes him look like a moron. There's also citing boycottnovell. Most of the stories on that site are not verifiable--the references usually just link to other boycottnovell stories, which link to still other stories at the site. When you finally find one that links off, it usually doesn't support the claim the site is citing it for.
You wouldn't blame a php flaw on Apache so why blame an ASP flaw on IIS?
Windows XP Pro Corporate
No, no you can't. Not that this negates anything you said but, really... You can't even buy "Windows XP Pro Corporate" and never could. The "corporate" versions got wrapped into the VLK SKUs after (I think) 2k.
"So long and thanks for all the fish."
This whole "M$" thing got old 10 years ago.
It's not only dated, it's just childish.
Scott
©20014 angrykeyboarder & Elmer Fudd. All Wights Wesewved
There is a difference between critical security vulnerabilities, and critical security vulnerabilities made public.
Now for another car analogy:
Suppose I drive by you at 30mph and throw an egg at your face. This egg represents apache. Now, because it splatters open all over your face, you are not yet dead, and you realise something has happened. Now suppose I do a U-turn and come back the other way as you're running up the street yelling at me. This time I hurl an equally-sized rock at your face. This rock represents IIS. Now unfortunately the rock does not yield its contents upon contact with your eyes, so you are left unconscious on the ground in a pool of blood and egg yolk. If you're _very_ lucky someone might tell you what happened when you wake up. More likely than not though you'll just smell funny and be left with brain damage after coming into contact with IIS.
ASP is not use that much anymore, ASP != ASP.NET. The flaw was in classic ASP.
If you need web hosting, you could do worse than here
Uhh.. what?
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747
"allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules."
That seems critical to me. Also, while a patch may appear in CVS/SVN within a week, it typically doesn't make it out to the distro users for several weeks afterwards. For instance, this flaw was published on July 6th, but it didn't make it to (for example) Debian until August 1st. http://www.debian.org/security/2006/dsa-1131
I don't really trust the way that apache categorizes their vulnerabilities as they list a DoS attack as critical, but a remote arbitrary code execution flaw as "important". So who knows.
If you need web hosting, you could do worse than here
Is PHP made by the Apache foundation? Does Apache automatically come BUNDLED with PHP support? Figure those out and you've got your answer to why people blame IIS and not Apache.
This is my sig. There are many like it but this one is mine.