Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Apache 2.0.44 Released

chrisd posted more than 11 years ago | from the apache-even-more-ready dept.

Apache 198

rbowen writes "The Apache Software Foundation is pleased to announce the release of Apache 2.0.44, which addresses a number of security issues. Download it from your favorite mirror." Rich notes that it fixes some important security problems (under Windows) for the Windows version. Also interesting is that now there truly is a split between a development and regular releases, adopting the Linux kernel model, with 2.1 being the dev Apache tree and 2.0 being the release tree.

cancel ×

198 comments

Sorry! There are no comments related to the filter you selected.

this fp is dedicated to httpd (-1, Funny)

Anonymous Coward | more than 11 years ago | (#5132322)

Keep on truckin'!

Re:this fp is dedicated to httpd (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5132327)

2nd P!!! YOU FAIL IT!!!!!

bo (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5132325)

elfirsto postomatico

YOU FAIL IT! (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5132429)

Hey Pedro. You fail first post because you were busy having a siesta.

YOU FAIL IT!

YOU ARE SO FIRED! (-1)

YOU ARE SO FIRED! (635925) | more than 11 years ago | (#5132694)

Even your fancy foreign languages can't keep the truth that you've been outperformed in your job to get the first post. Come on, buddy. Pack it up. You're fired.

IIS and .Net are still better (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5132328)

:P

Re:IIS and .Net are still better (5, Funny)

frankthechicken (607647) | more than 11 years ago | (#5132375)

Better than a poke in the eye? Two in the bush? Using a bloke manually replying to all server requests?

Better for script kiddies (0)

Anonymous Coward | more than 11 years ago | (#5132441)

Without M$, think of all the trouble prepubescent twerps would get into. They might actually do something like go outside and be - get this - athletic!

Re:Better for script kiddies (0)

Anonymous Coward | more than 11 years ago | (#5132672)

Well, I would have said gotten laid, but these are kids we're talking about.

Re:Better for script kiddies (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#5132693)

Well, I would have said gotten laid, but these are kids we're talking about.

Damn man, you be one sick fuck, you and your Mexican mate Pedo Townsend.

Anyone else wish they had a fat people fetish?

First /. Apache article since Dec 2 (2, Insightful)

rjamestaylor (117847) | more than 11 years ago | (#5132329)

I've been noticing that Apache doesn't make news anymore--at least on Slashdot, but to be fair I think it's because Apache is so stable (in the 1.3.x series, especially) people don't even think about it anymore. Good job, Apache Foundation!

Re:First /. Apache article since Dec 2 (-1)

GhostseTroll (582659) | more than 11 years ago | (#5132390)

A professor at the University of Mississippi is giving a
lecture on the supernatural. To get a feel for his
audience, he asks: "How many people here believe in
ghostses?" About 90 students raise their hands.

"Well, that's a good start. Out of those of you who
believe in ghostses, do any of you think you've ever seen
a ghostse?" About 40 students raise their hands.

"That's really good. Has anyone here ever talked to a
ghostse?" 15 students raise their hands.

"That's great. Has anyone here ever touched a ghostse?" 3
students raise their hands.

"That's fantastic. But let me ask you one question
further... Have any of you ever made love to a ghostse?"
One student way in the back raises his hand.

The professor is astonished and says, "Son, in all the
years I've been giving this lecture, no one has ever
claimed to have slept with a ghostse. You've got to come
up here and tell us about your experience."

The redneck student replies with a nod and a grin, and
begins to make his way up to the podium. The professor
says, "Well, tell us what it's like to have sex with a
ghostse."

The student replies, "Ghostse?!? From ah-way back there ah
thought yuh said "goatse." [goatse.cx]

Re:First /. Apache article since Dec 2 (2, Insightful)

Anonvmous Coward (589068) | more than 11 years ago | (#5132488)

"I've been noticing that Apache doesn't make news anymore--at least on Slashdot..."

That's because it hasn't had a minute version change!

Stuff (-1, Troll)

rammadon (305230) | more than 11 years ago | (#5132330)

Apache?!? Who needs that? Microsoft works fine!

Security problems under windows (2, Flamebait)

Jason1729 (561790) | more than 11 years ago | (#5132331)

The biggest security problem with running apache on Windows is Windows. Anyone who uses windows for a server deserves what happens to their server.

Jason
ProfQuotes [profquotes.com]

Re:Security problems under windows (2, Interesting)

devleopard (317515) | more than 11 years ago | (#5132394)

Haha.. as if someone running a unpatched Linux box who gets hacked doesn't deserve it. :-)

Re:Security problems under windows (5, Funny)

Anonymous Coward | more than 11 years ago | (#5132417)

Try to crack mine then.

The IP is 207.46.248.109

Re:Security problems under windows (0)

Anonymous Coward | more than 11 years ago | (#5132446)

hahahaha...!

Go on - someone do it...

Re:Security problems under windows (0)

Anonymous Coward | more than 11 years ago | (#5132599)

Yeah I've cracked it, you son of a bitch. Man I put up some shit that's worse than your tedious goatse or tubgirl. I am the l33735T M0f0.

Re:Security problems under windows (4, Funny)

GreyPoopon (411036) | more than 11 years ago | (#5132464)

Try to crack mine then.

The IP is 207.46.248.109

I was going to mod this up as +1 Funny, but I was afraid that nobody would "get it." So, here's the reverse dns lookup so everybody understands.

Non-authoritative answer:
109.248.46.207.in-addr.arpa name = msdn.com

Re:Security problems under windows (0)

Anonymous Coward | more than 11 years ago | (#5132823)

I already have... I've been on it for days.... :-)

Re:Security problems under windows (2, Funny)

Anonvmous Coward (589068) | more than 11 years ago | (#5132503)

"The biggest security problem with running apache on Windows is Windows. Anyone who uses windows for a server deserves what happens to their server."

Everybody who generalizes sucks.

this sight has a lot of info on the new version (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5132333)

Check it out all you apacheites:

http://www.outwar.com/page.php?x=267317

Re:this sight has a lot of info on the new version (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5132396)

i most certainly am not your thug, you dipshit.

Giant Beaver Sighted! (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5132334)

First fuck Palestine post! Islam shall soon be stricken from the Earth!

Re:Giant Beaver Sighted! (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5132348)

Fuck israel, too. They are just as bad. Let them duke it out, we need to get outta there pronto, but we have to kick the shit outta people who threaten us first, so they dont come after us.

What exactly are the differences... (-1, Interesting)

xchino (591175) | more than 11 years ago | (#5132335)

between 1.x and 2.x? Could someone fill me in?

Re:What exactly are the differences... (1)

frankthechicken (607647) | more than 11 years ago | (#5132347)

Indeed why do we need to have split releases? Why do we need a dev and a release version?

Re:What exactly are the differences... (2, Informative)

sporty (27564) | more than 11 years ago | (#5132731)

Because...

Production releases are more
- fully qa'd
- apache is more accountable if something goes wrong
- steady documentation

Dev versions are more
- unstable, they can have serious errors
- experimental, and have features that might be thrown away
- not fully documented, so using the greatest might be hard
- use at your own risk, it is a sandbox for development, not production quality

Re:What exactly are the differences... (0)

Anonymous Coward | more than 11 years ago | (#5132779)

True, but I would have thought having dev versions make more sense for an OS for a home box, whre you can play about with it, poke it in a few directions and see what happens.

Whereas Apache is only really useful when its thrown out into the wild. I don't know it just seems to make more sense for Linux than Apache.

Re:What exactly are the differences... (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#5132352)

The difference is 1.x

And you call yourself a geek.

Re:What exactly are the differences... (-1)

Anonymous Coward | more than 11 years ago | (#5132507)

The difference is 1.x

Surely it would be 2?

Re:What exactly are the differences... (-1)

Anonymous Coward | more than 11 years ago | (#5132521)

I don't follow.

The difference between 2.x and 1.x is 1.x.

Your fancy math (3, Funny)

xant (99438) | more than 11 years ago | (#5132529)


2.x
- 1.x
-----
1.0


Duh.

Re:What exactly are the differences... (1)

Anonymous Coward | more than 11 years ago | (#5132388)

2.x is "better" but no one uses it because the whole internet and its associated apps and modules run on 1.x. Basically 2.x is in a chicken and the egg situation. 2.x IMO is better than 1.x, expecially on windows, but its going to be a long long time till 2.x installs outpace 1.x installs.

Re:What exactly are the differences... (1)

JebusIsLord (566856) | more than 11 years ago | (#5132556)

i recently made the switch when php 4.3.0 was released. no problems as far as i've seen running 2.0.43 with php as long as its built using the default unthreaded model (ie same as 1.3)

Here are some major differences (4, Informative)

BoomerSooner (308737) | more than 11 years ago | (#5132391)

Charts showing the differences between apache 1.x and 2.x [aceshardware.com] .

Actually a great article as a whole [aceshardware.com]

Re:Here are some major differences (2, Interesting)

AKnightCowboy (608632) | more than 11 years ago | (#5132674)

So basically, according to the performance graphs, Apache 2.0 is slower than 1.3 and doesn't support running PHP. Oooh, where can I sign up? ;-) I think I'll stick with 1.3.27 for quite some time until nobody updates it anymore and all my favorite mods are ported to Apache 2.0.

VOTE THIS DOWN (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5132688)

This article is offtopic since it's NOT about Apache in any way.

BTW, if you're metamoderating the parent be sure to vote unfair for +1 moderations.

Re:What exactly are the differences... (5, Informative)

SweetAndSourJesus (555410) | more than 11 years ago | (#5132416)

new features [apache.org]

Apache (2, Interesting)

ObviousGuy (578567) | more than 11 years ago | (#5132338)

They both have to do with running the server on 9x or ME.

Is Apache's security really the problem here?

Here comes the onslaught... (4, Funny)

Anonymous Coward | more than 11 years ago | (#5132341)

- Use the mirrors!
- Why do you guys post every single minor release?
- Damn, I just loaded 2.0.x! Stop updating the software so fast!
- I'm still using 1.9.x.
- I just downloaded it. Now what?

Ad nauseum.

Re:Here comes the onslaught... (1)

Tyler Eaves (344284) | more than 11 years ago | (#5132412)

1.9.x? Damn, where can I get that?

Re:Here comes the onslaught... (0)

Anonymous Coward | more than 11 years ago | (#5132656)

how about...

even minor numbers DON'T mean stable!

hi. (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5132342)

i have a penis

hi. (0, Offtopic)

SweetAndSourJesus (555410) | more than 11 years ago | (#5132440)

me too.

small world, eh?

hello. (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5132496)

"small world, eh?"

Not for me, buddy. Tough luck.

Re:hello. (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5132514)

he has hot nuts though

HOT NUTS

FO SHEEZY

Re:hello. (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5132699)

If you saw one of those hot nut machines in real life, would you fall to the floor laughing?

I know I would.

Re:hello. (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5132736)

GET YOUR HOT NUTS HEEERE, and wash it down with some WARM BAWLS

Re:hello. (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5132790)

Those nuts are so hot that the word "hot" is actually on fire [hotnutmachines.com] .

Those must be some really hot nuts.

wow (0)

Anonymous Coward | more than 11 years ago | (#5132849)

Some moderator blew their whole load on this thread, which was already at 0.

0 is the new -1, you know.

Re:hi. (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5132610)

But isn't it awfully nice to have a penis?

Under Windows? (5, Funny)

aspjunkie (265714) | more than 11 years ago | (#5132360)

"Rich notes that it fixes some important security problems (under Windows) for the Windows version"

I fixed that server security problem a long time ago...I just moved my Windows server from underneath the window to the rack beside the window.

I installed RH (0)

Anonymous Coward | more than 11 years ago | (#5132423)

No more BSOD or Code Red worries, and I don't have to ship $$$ to Billy G. so he can buy a bigger yacht than that whacko from Oracle...

Re:Under Windows? (0)

Anonymous Coward | more than 11 years ago | (#5132497)

From the article: "it fixes some important security problems (under Windows) for the Windows version".

It's a shame that they can't add those features to the Unix version.

-1 Redundant in one sentence.

Re:Under Windows? (0, Flamebait)

ArchieBunker (132337) | more than 11 years ago | (#5132570)

Please explain how a windows box with minimal services and the latest updates is any less secure than your average redhat box? I'm waiting.

Wookie Love! (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5132365)

Wookie LOVE!! [wookielove.net]

Who wouldn't want to make love to Chewbacca?

Re:Wookie Love! (0, Funny)

Anonymous Coward | more than 11 years ago | (#5132376)

What scares me most about that site is that the content didn't freak me out like it used to.

Re:Wookie Love! (0)

Anonymous Coward | more than 11 years ago | (#5132398)

But think about how fun it could be if:

* The computer is in a public place (such as a school library)
* And that JavaScript functions work, like they usually do in school libraries.

Set it up and walk away... then watch the love begin!

Re:Wookie Love! (0)

Anonymous Coward | more than 11 years ago | (#5132409)

I guess without a task manager or "piled" windows on the taskbar, this could be a pretty fun site.

Re:Wookie Love! (0)

Anonymous Coward | more than 11 years ago | (#5132573)

err, ive got this "friend" who works at a college library and they have heaps of javascript enabled thin client terminals without a taskbar or task manager accessible from the machines, and he just told me he's gonna give that a shot when he closes up tonight to, you know, give the co-workers a surprise when they switch on the monitors in the morning.

Re:Wookie Love! (0)

Anonymous Coward | more than 11 years ago | (#5132623)

We did that to our manager's laptop at work once. Pulled it up and closed the cover. The funny thing is, his boss borrowed the laptop before he got to work.

Outsider Perspective (2, Insightful)

webword (82711) | more than 11 years ago | (#5132382)

I don't deal much with Apache. But, I decided to take a look at the download page to get a feel for its usability. What struck me the most was that there seem to be two important versions:

1. "Apache 2.0.44 is the best available version"
2. "Apache 1.3.27 is also available"

Now, don't get me wrong. I know enough to know that keeping around previous versions can be a Good Thing. However, as an outsider, this is confusing. Also, if you care to know, the entire section on verifying the integrity of the files was confusing.

Yes, I understand, I'm not the target audience. But, it still makes me frustrated to know that the Apache download site is mysterious. Just for giggles, take a look at the Windows NT Server download page [microsoft.com] . It ain't perfect, but at least you don't have to work about file integrity...

Compatibilty issues... (4, Interesting)

rollthelosindice (635783) | more than 11 years ago | (#5132449)

The 2.x and 1.x releases are VERY DIFFERENT. and mod_perl, for 1, hasn't released a stable release for the 2.x tree, so using the good old 1.3.27 is what you need to do.

This may be an issue of not being able to see the forest from the trees, and everyone that knows apache, knows what version they need for their server, so may not be the best bet for noobs.

But then again they may want all noobs to download the 2.x version, so the use of "best available" might be their marketing.

Re:Compatibilty issues... (1)

numark (577503) | more than 11 years ago | (#5132654)

Indeed...if you're a newbie to web server administration, you don't want to learn by just going out there and downloading the software and installing it. That's where we get incorrectly configured sites and security holes. The best way to learn is to get a feel for the software hands-on using a server that you can mess around with under the eye of a trained administrator. Once you've figured out the basics of security and efficiency, then you can be ready to install the software on your own, and you'll know which one meets your needs the most.

Re:Outsider Perspective (4, Informative)

MoThugz (560556) | more than 11 years ago | (#5132454)

All this is answered here [apache.org] ...

Apache 2.0... has new features built into it, however, it is still relatively new. And some bugs are still lying around here and there. I reverted to 1.3 because of serious bugs in the PHP module (in version 2.0.1x, .14? .15?, can't remember exactly).

Apache 1.3... is "old", but has built a solid userbase because of this age factor. It is also proven reliable and stable code.

Re:Outsider Perspective (3, Informative)

JebusIsLord (566856) | more than 11 years ago | (#5132572)

php 4.3.0 is running slick on my 2.0.43 apache install.

Re:Outsider Perspective (4, Informative)

PacketMaster (65250) | more than 11 years ago | (#5132630)

Apache 2.0... has new features built into it, however, it is still relatively new. And some bugs are still lying around here and there. I reverted to 1.3 because of serious bugs in the PHP module (in version 2.0.1x, .14? .15?, can't remember exactly).


I was quite excited with 2.0.43 but ended up back at 1.3.27 because PHP 4.2.3 (haven't tried 4.3.0 yet) made Apache unstable, specifically when calling an 'apachectl restart' which made my pager go off due to the server segfaulting at 4am during logrotate. In my testing, it was PHP that caused this instability.

Also, with 2.0.43 I couldn't get it to build with anything but the OpenSSL package, which on my box was 0.9.6b (hole!) but I couldn't get it for the life of me to look at an alternate install of 0.9.6h.

2.0.44 will perhaps fix these problems.

Who's using Apache 2? (1)

CoughDropAddict (40792) | more than 11 years ago | (#5132385)

...and how have your experiences with it been?

No one I know has found a compelling reason to switch from Apache 1.

Re:Who's using Apache 2? (5, Insightful)

Sir Spank-o-tron (18193) | more than 11 years ago | (#5132427)

Heck, we'd use it....
If mod_perl 2.0 was released....

Re:Who's using Apache 2? (1)

zerocool^ (112121) | more than 11 years ago | (#5132819)

Agreed. Here at netmar, we can't justify moving to Apache 2 until mod_perl is released in a configuration that works with apache2. Preferably without hours of trying to compile with various options against various gcc's.
It would be nice if tomcat didn't require a priest, a monk, and a shaman to install, too.

Re:Who's using Apache 2? (4, Informative)

jonabbey (2498) | more than 11 years ago | (#5132450)

We do on several of our servers. The main reason is that it's much, much easier to build an Apache server with SSL support on Apache 2 than it is on Apache 1.x, particularly if you're adding additional modules on top.

Re:Who's using Apache 2? (1)

Indy1 (99447) | more than 11 years ago | (#5132517)

we built and maintain www.babiesfirstchoice.com

Ssl works fine on it too : )

More than that... (1)

djupedal (584558) | more than 11 years ago | (#5132661)

I tried and failed to install Apache 2.x over 1.3 on my Mandrake 9.0 box. Am I that stupid, or is this really that hard?

First one to tell me to go to the Apache forum sites gets a swift kick...that's like going to the dump to look for an old magazine. Far too much material to wade thru...I've tried, so don't get smart :)

Re:More than that... (0)

z0om (115345) | more than 11 years ago | (#5132782)

Works for me every new release:

from apache source

# ./configure --prefix=/usr/local/apache2 \
--with-ssl=/usr/local/ssl \
--enable-so \
--enable-cache \
--enable-disk-cache \
--enable-file-cache \
--enable-ssl \
--enable-ext-filter \
--enable-case-filter \
--enable-case-filter-in \
--enable-mime-magic \
--enable-headers \
--enable-unique-id \
--enable-http \
--enable-info \
--enable-suexec \
--enable-cgi \
--enable-cgid \
--enable-speling

# make && make install

then i like php, so from php source

# ./configure --with-apxs2=/usr/local/apache2/bin/apxs
# make && make install

# /usr/local/apache2/bin/apachectl start

A bit simpler than 1.3.x i think ;)

Hrmph. (1, Redundant)

cjpez (148000) | more than 11 years ago | (#5132393)

I really dislike that version numbering system. I know it makes development version numbering much easier, etc, but damn. I don't know. To me, a 2.5.35 release should be *better* than a 2.4.20 release (speaking in terms of kernel development now), as opposed to being a bunch of ones and zeroes that don't even include a working IDE driver (to be fair, I'm not sure when in the 2.5 series IDE finally stabilized; I just pulled a number out of the air). But whatever. Just picking some nits...

Re:Hrmph. (2, Insightful)

DetrimentalFiend (233753) | more than 11 years ago | (#5132822)

I think you're getting feature-rich and better confused. Normally newer releases have more in them, but this does not always equal better. For something to be better, stability, ease of use, speed, and so on are also factors. If version numbers told you which release was better, then they would likely change and be much more confusing in general.

Perhaps what you were thinking of is the fact that the last number in the version is generally a statement of which release is better. This is generally true, since the last number is the revision number and is usually only incremented for bug fixes.

first apache news on Slashdot in over a month... (1)

rollthelosindice (635783) | more than 11 years ago | (#5132406)

Long Overdue. Hopefully more news to come.

Apache 2.x and PHP (1)

venom600 (527627) | more than 11 years ago | (#5132422)

Anybody out there been using Apache 2.x and PHP enough to call it stable in their environment?

Other than huge threading improvements, are there any compelling reasons to switch from 1.3.x to 2.x right now?

Re:Apache 2.x and PHP (1)

handsomepete (561396) | more than 11 years ago | (#5132472)

I'm using Apache 2.x w/ PHP and MySQL in an intranet work environment for a medium scale documentation creation/archiving service. No problems yet (after a mere 6 months of decent usage), but no real compelling reasons to upgrade if you don't need to.

What I want to know is what exactly are the current showstoppers that are keeping everyone away from 2.x? Does everyone know something I don't?

Re:Apache 2.x and PHP (0)

Anonymous Coward | more than 11 years ago | (#5132515)

To add versions:
Server Version: Apache/2.0.43 (Unix) PHP/4.2.3
MySQL: mysql Ver 11.18 Distrib 3.23.52, for pc-linux-gnu (i686)

Re:Apache 2.x and PHP (1)

Cheeze (12756) | more than 11 years ago | (#5132509)

i was using it for a while on a, ahem, "heavily loaded server" with limited ram, and it choked (load of ~50, all 64 megs of ram used, around 256megs of swap used). at the time, about a month ago, i had the newest php with the newest apache. The 64 megs of ram could have been the problem, but when i downgraded to the newest apache version 1 i didn't have a problem. the load problem disappeared, and the swap was almost unused. I eventually got more ram and all is well now, however with apache 1.

I would stick with version 1 unless there's something in apache2 that you absolutely need.

Re:Apache 2.x and PHP (2, Insightful)

venom600 (527627) | more than 11 years ago | (#5132513)

For me it is merely a case of "if it ain't broke, don't fix it". I just haven't found a good reason to switch yet. Bug fixes and security patches keep on coming out for 1.3.x, and performance hasn't been an issue for me yet. (not that 2.x is supposed to fix everyone's performance woes)

Re:Apache 2.x and PHP (1)

jaaron (551839) | more than 11 years ago | (#5132590)

I was just talking to another sysadmin today who has 4 sites running apache 2.x and PHP. From what I could gather, everything was running perfectly (at least for his needs). Granted it's second hand information, but I was surprised myself. So I guess there are quite a few people using it.

Apache 2.x and PHP and mini-howto (4, Informative)

dananderson (1880) | more than 11 years ago | (#5132834)

I have a mini-howto on Apache 2.x and PHP 4 at http://dan.drydog.com/apache2php.html [drydog.com] As for the new 2.0.x stable series--that's great news. What it means is "no more recompiling modules between minor releases."

is it trojaned? (0, Offtopic)

Anonymous Coward | more than 11 years ago | (#5132428)

how do we know it wasnt trojaned via that CVS exploit?

Same goes for the linux kernel and openssh as well.

-Johan

The same way we know XP has no back door (0)

Anonymous Coward | more than 11 years ago | (#5132465)

Oh wait, we don't know that, now do we? M$ code has to be kept secret for reasons of national security (well, that was only said under oath in a court of law, so it might have been wrong...)

XP has no back door, except for the dotgov (0)

Anonymous Coward | more than 11 years ago | (#5132576)

--honest, who doesn't think part of the "monopoly" settlement was uncledotUSsam didn't get to slip in a few zingers? And the code "released" to rooshia ain't the same? It's too juicy a way for the totally invasive association TIA to have ignored.

Linux CVS? Bitkeeper (0, Offtopic)

MrBlack (104657) | more than 11 years ago | (#5132586)

Hasn't one of the recent controversies on /. been that the Linux kernel does not use Open Source tools (like CVS) for version control, but rather uses BitKeeper instead?

Still no SSL for Windows (2, Insightful)

kruetz (642175) | more than 11 years ago | (#5132433)

Unfortunately, they still haven't been able to solve the issues with SSL under windows, so the windows release comes without SSL. The effect of this can range from none (lots of sites don't use SSL) to the typical IT-Manager complaint "but we NEED SSL". Unfortunately, what they don't realise is that staying with IIS is not the solution.

However, I do know of one company (whom my friend's father works for) that decided not to use Apache because they wanted 2.0.?? (because it was the latest release, so there was no way they would consider 1.x) but couldn't live without SSL. Of course they're using IIS on an unpatched WinNT4 box ...

What Apache needs to become the server of choice in companies like this is an education campaign. If you work at such a company, please tell the people in charge of this stuff about Apache, IIS and general security/stability issues under Windows. Mind you, Apache is still the #1 server around, so it is debatable whether this is a necessary step. But for the sake of secure, stable websites that don't leave your site open wider than a $2 hooker (ie, as wide open as the RIAA) please spread the word about Apache.

And Apache/SSL guys, I'm sure you're working on the issue, so best of luck solving it!

Re:Still no SSL for Windows (1)

f00zbll (526151) | more than 11 years ago | (#5132462)

I don't know about anyone else, but when ever the topic of SSL comes up, I recommend hardware acceleration. Software SSL creates too much load and stress and impacts stability. People should realize the best performance for SSL is hardware acceleration.

Re:Still no SSL for Windows (1)

kitsook (516402) | more than 11 years ago | (#5132700)

But can you provide any info/benchmark that suggests hardware SSL acceleration actaully worth the money? Recently, some of my colleagues evaluated several accelerator boards and they are all expensive and disappointing (in performance).

In fact, as reported in an ApacheCon 2000 paper [geoffthorpe.net] , an Athlon 600 can outperform most of the SSL accelerator boards. And that is with 1/3 of the cost. So, I usually recommend my friends/colleagues to set up a seperate Apache box to do the SSL and then reverse-proxy requests to the real web server.

But SSL accelerator boards do have an advantage when considering key management.

"Education" my ass! Root-kit the IIS idiots! (0)

Anonymous Coward | more than 11 years ago | (#5132483)

Then post everyone's salary to FuckedCompany.com.

Do it every week until their dumbass MCSE's figure out what's going on...

no offence (0)

Anonymous Coward | more than 11 years ago | (#5132625)

but fuck me your sig is lame.

There are other non-free good solutions (4, Funny)

Kenneth Stephen (1950) | more than 11 years ago | (#5132708)

If you are willing to use a non-free solution like IIS, then a non-free product based upon Apache that provides SSL should be attractive to you. I am referring to IHS (IBM HTTP Server) which is a value added (to Apache) product from IBM.

Interesting... (1)

carlmenezes (204187) | more than 11 years ago | (#5132494)

...that Mandrake Linux ships with Apache 1.3.27 and that RedHat ships with Apache 2.0.something. However, RedHat users have reported PHP compatiility problems, especially PHP 4. There have also been issues with SQL and Apache 2.0. I wonder if 2.0.44 fixes these issues.

still unsure (4, Insightful)

carpe_noctem (457178) | more than 11 years ago | (#5132510)

I've used apache 2.0, and it's great and all, but I ain't switching over until the PHP folks say that the PHP-apache-2 module is good to go.

slightly OT (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5132614)

Can anyone comment on the relative usefulness of mod_gzip vs mod_deflate for apache?

hmmm, this is great! (4, Funny)

the_real_tigga (568488) | more than 11 years ago | (#5132730)

from the post: it fixes some important security problems (under Windows) for the Windows version.

I wonder... does this mean there are some security problems left in the Windows Version under OSes other than Windows?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>