The Final Release of Apache HTTP Server 1.3

Kyle Hamilton writes "The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 1.3.42 of the Apache HTTP Server ('Apache'). This release is intended as the final release of version 1.3 of the Apache HTTP Server, which has reached end of life status There will be no more full releases of Apache HTTP Server 1.3. However, critical security updates may be made available."

We already have. Right away from Apache, even.

Many of us have moved away from Apache altogether. I mean, with lighttpd and nginx available, there's really little need for Apache these days.

Re:We already have. Right away from Apache, even.

[xOneca]

Also Cherokee. I have used Apache for 4 years (I think last two were Apache 2.2). Now I'm thinking to move to Cherokee, since it's easy to configure.

Re:We already have. Right away from Apache, even.

[dgatwood]

Don't forget shell-script-based servers. It has a much smaller memory footprint than Apache, and it even runs PHP/Perl scripts. :-D

Re:We already have. Right away from Apache, even.

[dgatwood]

Interesting? Really? I was going for "Funny". If you actually use it, you'll discover that it's pretty darn impractical in a production environment. More of a demonstration of several advanced scripting techniques (simulating associative arrays, for example) than anything practical. Still a fun little piece of code.

Open Source

[Chris+Lawrence]

This is the beauty of open source. Apache 1.3 is still widely used, and many products are still based on it. If the Apache Foundation no longer wants to maintain it, others are free to pick it up and carry on. I wouldn't be surprised if this happened sooner rather than later.

Re:Open Source

Yes, the "beauty of open source" is that people waste time and energy on an obsolete product. Reminds me of Microsoft.

Re:Open Source

[Chris+Lawrence]

But it's their time to spend as they want. There are people working on a new port of Firefox to Mac OS 9 (Classilla). That's an operating system that hasn't been updated in 10 years. But if people are having fun doing this, that's great. If the product was closed source, there would simply be no option.

Re:Open Source

[Improv]

The thing is, it'd take someone with both considerable energy and a good name to manage it - when a product is declared dead, pretenders might pop up like weeds but, just like the French/Iranian/Prussian/Russian/Persian royal family, nobody takes them seriously.

Re:Open Source

[jellomizer]

So after a project dies it forks off into a slew a Legacy systems all needed independent modifications and changes. That is the Ugly side of Open Source to me. A more beauty side is if the tools that did need to work on 1.3 once apache stopped 1.3 support went and modified their apps to work on newer web browsers.

Forking code to keep your project going is not the way, it is just a bad idea.

Re:Open Source

[amRadioHed]

Wow, I can't believe there are people still using Mac OS 9. It was better than Windows 98, but that's about all it has going for it these days.

Re:Open Source

[vadim_t]

Why ugly? It's better than the project dying, period.

And one of those forks may become the new official version.

Re:Open Source

[AsmCoder8088]

Actually, Mac OS 9 is very secure. Even the US Army still uses it for secure web hosting.

Re:Open Source

[amRadioHed]

That's true, but its security comes from its limitations. Doesn't really explain why anyone would want to run Firefox on it though.

Re:Open Source

[Sir_Lewk]

Yeah, because a project dying and all the people that still use it being left out in the cold is really an attractive alternative.

Not.

Re:Open Source

[0100010001010011]

HTML5 Porn.

Re:Open Source

[Vellmont]

So after a project dies it forks off into a slew a Legacy systems all needed independent modifications and changes. That is the Ugly side of Open Source to me.

Unless all the owners of the legacy systems got together and formed some sort of.. foundation to maintain the old version. They could all share the code and benefit from the modifications. They could call it something like the Apache Software Foundation (oops, I guess that one's already taken).

Kidding aside, the "problem" you describe has nothing to do with "open source", and everything to do with the rest of the world moving on to something new. With open source at least the people dependent on the old version could maintain it if they wanted to/needed to. With closed source, it's upgrade or suffer.

Re:Open Source

[yuhong]

Not exactly, one fundamental advantage is that it used Pascal strings mostly, avoiding the problems of C strings. I once read a old Slashdot comment on the security advantages, and it made me even more sad about the failure of the Copland project, which would have been probably much more secure than Mac OS X ended up being.

Re:Open Source

[amRadioHed]

Good point, Pascal strings are more secure. But on the other hand the lack of protected memory and multiuser security model are less secure. I guess advantage may still be with the pascal strings, but I'm not sure.

The reason specifically mentioned in the article for Mac OS 9 being more secure was the lack of remote (or local) shell access which is what I was thinking of as a major liability for end users, at least for me.

Re:Open Source

[hardwarefreak]

Yes, the "beauty of open source" is that people waste time and energy on an obsolete product. Reminds me of Microsoft.

From Webster's, "obsolete": 1 a : no longer in use or no longer useful b : of a kind or style no longer current : old-fashioned

Whilst Apache 1.3 may very well fit the second definition, it certainly doesn't fit the first. It it still useful for a great many people, particularly those who serve static content for a single domain. They have no use for virtual directories and multiple domain hosting, or many of the Apache 2 features that have caused so much bloat and resource consumption.

I dare say that Lighttpd does everything Apache 1.3 does, and a whole lot more, and is superior to Apache 1.3 WRT to the features, footprint, etc that make Apache 1.3 still appealing to many. At one point Debian stopped offering Apache 1.3. I didn't want to install it from source or an RPM to deb conversion. I went searching and found Lighttpd, and I'm oh so glad I did. Lighttpd is a natural progression for those needing/wanting to migrate away from Apache 1.3 but who abhor the complexity and bloat of Apache2.

Re:Open Source

[yuhong]

But on the other hand the lack of protected memory and multiuser security model are less secure.

And Copland would have added support for this while preserving the security advantages that classic Mac OS had, which why it is sad that it filed

Re:Open Source

[Richard_at_work]

If it forces people to upgrade to a better alternative, then maybe it is. Think IE6 - would it be better to maintain that ongoing (considering that many of the things the Slashdot groupthink wants to fix with IE6 are the explicit reasons why some companies are keeping it around) or kill it dead and have people upgrade?

Re:Open Source

[kv9]

Whilst Apache 1.3 may very well fit the second definition, it certainly doesn't fit the first. It it still useful for a great many people, particularly those who serve static content for a single domain. They have no use for virtual directories and multiple domain hosting

I've been using vhosts and multiple domain hosting on 1.3 for the past 10 years or so.

Re:Open Source

[toddestan]

I would guess that 1.3.42 is probably pretty stable, given that no new features have been added for years, and is only a minor update to version 1.3.41 which is over 2 years old as it is. So I would guess anyone still using 1.3 can continue with 1.3.42 for the forseeable future without worries. And if something really bad did come up, apparently they left the option of issuing a security update open.

Re:Open Source

[r7]

Yes, the "beauty of open source" is that people waste time and energy on an obsolete product

That's not what "obsolete" means. Fact is that httpd 1.3 does more than everything we need in less memory than any 2.X version. It also has had less than half the security vulnerabilities of the 2.X branch. Over the past 8 years that secure code base has saved something like one engineer-month (~$10K) in upgrades alone. But then I'm lazy, and happy to have better things to do than upgrade software for no good reason.

Unfortunately, NIH syndrome is endemic to software engineering. As a result we get stuck with absolute crap like KDE4, bash and ksh scripts where sh would do (and be POSIX compliant), and bloatware like named and drupal which are nowhere near modular enough to build without unneeded features.

Too late

They should have stopped at version 1.3.37

Re:Too late

[KlomDark]

Until I "got" the joke, I was wondering why you didn't say "They should have stopped at version 1.3.41" :)

Re:Too late

[shutdown+-p+now]

1.3.37 is reserved for the OpenBSD fork.

Re:Too late

[mebrahim]

, but their fate chose 42 for them.

web servers to app servers

[Lord+Ender]

It seems that basic web sites made by uploading html and other files are going extinct, in favor of web apps like CMSs and blogs. As a result, the majority of the functionality provided by web servers like Apache is becoming unnecessary.

As an example, any web app which interfaces with Apache via Rackmiddleware needs only the enabling of mod_rack. Other than that, you don't need to touch apache2.conf. Apache basically just handles the sockets; the rest of its functionality goes unused.

Re:web servers to app servers

[h4rr4r]

Just wait, it will come back. The wheel of computing just goes around and around, now we are reinventing thin clients via netbooks used only to use webapps. In another 5-10 years people will want thick clients again and websites that are actually usable and informative.

Re:web servers to app servers

[jgreco]

The day of the static web page is indeed drawing to a close. With Facebook rewriting PHP into HipHop, other middleware products becoming capable of also serving content, and the general transition to "Web 2.0", the largely static Web of the '90's is nearer than ever to its eventual end. Apache 1 has been an absolutely fantastic tool over the years, and even though it's well past its "sell-by" date, the fact that many have continued to use it says a lot about the overall quality and robustness. Thanks to every Apache author, contributor, bug-fixer, administrator, and even user who has made this one rockin' Web server. It's been amazing to watch, NCSA httpd becoming Apache, and constantly evolving... i

Re:web servers to app servers

[mirix]

They can take my static web page from my cold dead hands.

Re:web servers to app servers

What you're heralding is nothing short of the eradication of a publicly accessible information pool. The registered-users-only part of Web 2.0 is basically opaque to external search engines. Links are nondescript blobs - short, short-lived and with at least one redirection through a slow third party server. If Web 1.0 was a library, Web 2.0 is a shopping mall. Banter and business, but hardly any real information.

I've recently shown a friend how to set up a web page the old fashioned way, i.e. write HTML with a text editor, edit, resize and prune images locally, upload through (S)FTP. He wouldn't have it any other way now. I know because I've tried integrating a common ad content management system. It was just too complicated: In the end, a multi-megabyte online script and database system was replaced with a handful of static files. The whole site is lightning fast, has absolutely no attack surface, is trivially easy to backup, works unmodified with every web space and doesn't overload the server, not even when the site is featured on high-traffic aggregators (i.e. slashdotted).

I think the advantages of static files are lost on people because they simply don't know any other way but online content management systems. When you "buy" web space nowadays, the feature list is full of pre-installed this, pre-installed that. In the end, most web pages are completely static and the servers are pointlessly creating a "dynamic" page from a static menu and static content on every page view. Nothing gained but a hard to maintain, always online content management system, which has poorly thought out security and a worse implementation. To call Web 2.0 the Windows of the web would be an insult to Windows.

Re:web servers to app servers

[ZERO1ZERO]

The wheel of computing - I 've seen this idea referred to here many a time - but when I google the term or similar like 'wheel of reinvention' etc I can't find any definitive article with examples.

I was explaining this to a colleague the other day in terms of how graphics processors keep chopping and changing what they do integrated, not integrated, now we are using the GPU as a massive co-processor, and give it time and it will be rolled back into the main CPU.

Anyway can someone point to a researched article on this phenomenon, I cant even find anything on wiki, or is it just a slashdot thing?

Re:web servers to app servers

[SEE]

"Wheel of reincarnation" is the entry in the Jargon File; term "coined in a paper by T.H. Myer and I.E. Sutherland On the Design of Display Processors, Comm. ACM, Vol. 11, no. 6, June 1968"

Re:web servers to app servers

Yea who cares about:
- redirects
- URL remapping
- mod_php
- mod_perl
- mod_svn
- web dav
- https

Re:web servers to app servers

[Voyager529]

Since you imply that you still have one, I'm assuming that it's not being hosted on Geocities.

Re:web servers to app servers

[Lord+Ender]

Third party mods are not part of Apache proper. The other stuff really should be done by the app, where it can be altered without HUPing any processes.

Re:web servers to app servers

[Lord+Ender]

What? Using passwords is not new to web apps. Apache itself supports passwords.

And using a CMS does not mean breaking linkability. Any RESTful CMS (like wikipedia) will provide links to data. Static pages have no monopoly on this.

Re:web servers to app servers

[Eil]

It seems that basic web sites made by uploading html and other files are going extinct, in favor of web apps like CMSs and blogs. As a result, the majority of the functionality provided by web servers like Apache is becoming unnecessary.

Not so. Apache is a general-purpose HTTP server. It has a lot more power and capability than what 99% of websites use it for, which is serving static content and CGI script output. There are loads of web servers that are capable of these menial tasks and they use a fraction of the resources that Apache does. Apache is only as popular as it is because it's what most web hosting companies, documentation, and sysadmins default to.

The reason you see CMSs and blogs adopting alternative HTTP daemons is because they want to reduce the complexity of their software stack and configuration. Apache is big and somewhat unwieldy. It's like using a 30-volt industrial electric screwdriver change a video card.

Apache's popularity might wane as lighter, more application-focused HTTP daemons become more common but it will never go away until HTTP does. It's just too darn flexible, even if it can't (usually) scale to millions of hits per second like newer servers can.

Re:web servers to app servers

[Bill,+Shooter+of+Bul]

People want websites that are actually usable and informative today. I'm not sure what that has to do with thin or fat clients through. Could you elaborate?

Re:web servers to app servers

[colinrichardday]

The day of the static web page is indeed drawing to a close. With Facebook rewriting PHP into HipHop, other middleware products becoming capable of also serving content, and the general transition to "Web 2.0", the largely static Web of the '90's is nearer than ever to its eventual end.

But some content may well be better static, such as a web version of a textbook.

Re:web servers to app servers

[mirix]

It's on an old PIII board, sitting in the closet, running Apache 1.3, oddly enough ;)

Re:web servers to app servers

[Annymouse+Cowherd]

The PIII means you set it up recently enough that you could've had it running 2.0. Why do you do these things...

Re:web servers to app servers

[Mad+Merlin]

I'm hoping the wheel of computing will do away with shortscreen monitors sooner rather than later and we can go back to using real monitors...

Re:web servers to app servers

[mirix]

OpenBSD shipped with 1.x when I installed it (still does, I think), and that's what I'm running.

Re:web servers to app servers

[Trepidity]

Wikipedia is the moral equivalent of an old-school hyperlinked body of text, though, not really a dynamic website. It happens to be served dynamically, and can be edited by users, but at any instant in time there is a static snapshot of hypertext. In fact, it could've been implemented that way--- as a bunch of static HTML files that get edited. That's in contrast to AJAXy webapps, which don't really make sense to think of as hypertext.

Re:web servers to app servers

[tarius8105]

Apache's popularity is due to it being the swiss army knife of HTTP servers in that you can do almost anything with it. In an enterprise environment you have cookie cutter applications and then there are applications shoved down your throat that just apache handles much better. Every time I went to Apache Con I would attend the mod_rewrite lectures because its interesting to see how you can handle different unique situations with just that module.

Re:web servers to app servers

[Lord+Ender]

Wikipedia is a web app. This disproves your claim that web apps can't be linked.

Q to the E to the D.

Re:web servers to app servers

[Trepidity]

It isn't, though. It's just a bunch of hypertext plus a text editor.

Misleading Summary

[RoFLKOPTr]

A lot of commentors seem to think that this is the final release of Apache. It is not. This is the final release of Apache 1.3... Apache HTTP Servers 2.0 and 2.2 are still being maintained.

(As an aside, can somebody explain to me how I ended up with 15 mod points? I've never seen this before)

Re:Misleading Summary

[philgross]

I got 10 or 15 mod points a few times. I have no idea how or why. Since the last site update, I'm getting mod points much less frequently as well, although I think my karma is the same.

Re:Misleading Summary

[jopsen]

(As an aside, can somebody explain to me how I ended up with 15 mod points? I've never seen this before)

You probably deserve them for being as kind as to point out that the apache HTTP server isn't finished... :)

Re:Misleading Summary

[b4dc0d3r]

I regularly get either 5 or 15, usually 15.

I think it's because I tend to comment in bursts - nothing for a week, then 2 or 3 at a time, and then only when I have something useful to say. Except for the odd sarcastic or joking comment, or if I'm heavily medicated.

Plus I don't log in all that much, so when I do I have like 3 comments all at +5, or something like that, and bingo 15 mods.

Posting anon, but if you want to look for patterns in my comments my username is b4dc0d3r. I tend to get in to conversations late so most are un-moderated (+1 for logged in, with karma bonus). So it only takes 3 people willing to waste points on me to get +5.

Re:Misleading Summary

[Yossarian45793]

Nice try posting anon.

Re:Misleading Summary

[Gordonjcp]

I have (briefly) had 25 mod points, but after using a couple they dropped back to 15.

Re:Misleading Summary

[Eil]

(As an aside, can somebody explain to me how I ended up with 15 mod points? I've never seen this before)

Those are to be used for moderating all of my last month's comments +1 Insightful. CmdrTaco told me himself, so you can trust me.

Re:Misleading Summary

[QuoteMstr]

My karma is stratospheric, but I receive mod points infrequently, and in bunches of five.

Re:Misleading Summary

[Bacon+Bits]

For quite awhile I was getting 10 and 15 points, but after burning some karma defending things the SlashDot hivemind dislikes, I'm back to getting only 5. I'm glad. Now I don't feel like I'm wasting so many points all the time as even now I usually have 1-2 expire.

Will Slashdot Upgrade?

[swajr]

I wonder if slashdot is actually going to upgrade now...

Re:Will Slashdot Upgrade?

[Nimey]

Dear god, I hoped you were joking.

Slashdot's running on 1.3.41.

Re:Will Slashdot Upgrade?

[joe_bruin]

Dear god, I hoped you were joking.

Slashdot's running on 1.3.41.

This was obviously a joke. Slashdot is still run by a mess of perl scripts. They've yet to drag themselves into early last decade.

Re:Will Slashdot Upgrade?

What's wrong with that? The 2.x series started off badly with security vulns every other day. Even now, there's no compelling business case for sites running stable software like apache 1.3 to upgrade.

Furthermore, the sensible upgrade path is to dedicated app servers behind a light weight reverse proxy (varnish, nginx etc).

Re:Will Slashdot Upgrade?

[hardwarefreak]

Dear god, I hoped you were joking.

Slashdot's running on 1.3.41.

This was obviously a joke. Slashdot is still run by a mess of perl scripts. They've yet to drag themselves into early last decade.

It seems you are both correct, slashdot is hosted by Apache 1.3.41 and perl:

[12:33:43][me@me]/$ telnet www.slashdot.org 80
Trying 216.34.181.48...
Connected to www.slashdot.org.
Escape character is '^]'.
HEAD / HTTP/1.0

HTTP/1.1 301 Moved Permanently
Server: Apache/1.3.41 (Unix) mod_perl/1.31-rc4
Location: http://slashdot.org/
Content-Type: text/html; charset=iso-8859-1
Content-Length: 297
Date: Thu, 04 Feb 2010 06:35:42 GMT
X-Varnish: 785915486 785915484
Age: 0
Connection: close

Re:Will Slashdot Upgrade?

[FreakyGreenLeaky]

You mean, as opposed to a mess of ruby or python?

Re:Will Slashdot Upgrade?

Content-Type: text/html; charset=iso-8859-1

can't be more disturbing than this.

Re:Will Slashdot Upgrade?

[icebraining]

No, as opposed to PHP! /fear

Re:Amazingly OLD news

Since the next-oldest news item at the bottom of httpd.apache.org is also dated 2008-01-19, one can easily deduce that the news entry was back-dated so it doesn't draw attention to a branch that has been superseded twice. And reading TFA would show that it fixes a CVE-2010 issue, so it would be even sillier to insist that this is 2008 news.

Finished???

[KlomDark]

I thought the whole point of a patchy web server was that it was never done. ;)

err, not dead yet?

[goga_russian]

Apache: releasing last version, 1.3 on death bed.
Nginx: whats apache?

Farewell

[StrifeJester]

In my early days of running servers at home I used 1.x Apache a lot, it will be missed but I must say I love 2.x releases these days and haven't seen much 1.x out there lately.

But.....

[ducomputergeek]

the real question is: Has Netcraft confirmed it?

1.3

[jjohn]

For my money, apache 1.3 is the only apache. It's extremely stable and most of the security issues have been patched. Solid, solid code and a breeze to compile.

But remember: I am a grumpy old man.

Re:1.3

[triflemenot]

I am a grumpy old man.

I don't like new software. They haven't made anything good since about 1990.

Re:1.3

[jrexilius]

Agreed. I have been working on upgrading for quite a while but there is one issue I haven't figured out yet:

lingerd in apache 2.2 _with_ mod_php in pref_fork (as many linux source libs used in PHP not thread-safe).

As soon as the question comes up about linger_close people say "it doesn't matter in cuz its so multi-thredded coolz" but that does no good in a PHP app server model.

Anyone know if lingerd is still needed in 2.2-pre-fork mode? Cuz I know the module has not been updated for 2 family..

Re:1.3

[Sunnz]

I would have been in the same boat if I didn't want to use SNI with Apache 2.

Or does Apache 1.3 actually support SNI now?

Re:How could they!

[suso]

I know you're joking, but actually Apache 2.0 was released 10 years ago next month. I remember sitting in the audience at ApacheCon 2000 when they released it. Anyone who is still on 1.3 has been sitting on it for far too long.

Re:How could they!

[coolgeek]

Not really, when you consider they only got mod_perl for 2.x into a production release about 2-3 years ago.

Re:How could they!

[cerberusss]

Anyone who is still on 1.3 has been sitting on it for far too long.

Hey, somebody has to keep the corpse warm!

Re:Amazingly OLD news

[wolrahnaes]

This does appear to be the case. It looks like the Apache crew have decided to just update their old posts for 1.3 and 2.0 related changes rather than add new posts, thus causing a misleading date.