×
Java

Apache Launches a J2EE Project 40

Posted by michael from the one-lump-or-two dept.
gstein writes "The ASF has announced the launch of the "Geronimo" project. Geronimo will be an Apache-licensed implementation of the Java J2EE specification; further, the ASF is committed to getting it certified as J2EE-compliant. The project is looking for developers interested in helping to carry this ambitious effort forward. See the original invitation that was sent out to many J2EE communities."
Microsoft

Microsoft Deploys Linux, Open Software in Test Lab 595

Posted by CowboyNeal from the keeping-enemies-closer dept.
securitas writes "Microsoft has deployed Linux and other open-source software in test labs used by business customers to experiment with Microsoft's products. The products include Linux, Apache, MySQL and Open LDAP directory-access software on Intel-based computers, according to Martin Taylor, who is in charge of Microsoft's Linux competitive strategy. He said the goal was to learn 'what can you do and how can you do it' using open-source software in a competitive analysis. This step comes after Microsoft's recent admission that Linux is Microsoft's biggest threat after economic conditions. Mirrors at CMPnetAsia and InternetWeek." It'd be cool to see some patches come from Redmond, but that's probably wishful thinking.
Apache

Implementing True WebDAV Homedirs? 47

Posted by Cliff from the my-$HOME-is-on-the-d.a.v dept.
Vito asks: "I'd like to use WebDAV over SSL (with [preferably digest] authentication against Unix accounts) to provide a few hundred Windows users with secure, easy, and free access to their Linux home directories. WebDAV is supported as Web Folders in Windows, meaning there is no need to download and install SFTP, SCP, FTPS, and other clients. It's also supported natively in Mac OS X, and Linux users can install davfs. But this setup doesn't seem to be possible (safely) using Apache. Do I have alternatives?"
Apache

Apache HTTP Server 1.3.28 Released 25

Posted by michael from the behind-the-times dept.
Kyle Hamilton writes "Apache HTTP Server 1.3.28 Released - The Apache Software Foundation and The Apache Server Project are pleased to announce the release of version 1.3.28 of the Apache HTTP Server ("Apache"). This Announcement notes the significant changes in 1.3.28 as compared to 1.3.27. This version of Apache is principally a bug and security fix release."
Java

Struts 1.1 Released 23

Posted by Hemos from the building-it-better dept.
Evil Grinn writes "The long-awaited release of Struts 1.1 has finally happened. See the release notes for all of the changes since the last Release Candidate and also since Struts 1.0.2. Many new features are available in a stable production release for the first time today. Congratulations to the entire Struts team."
Apache

Apache Wins Webby 34

Posted by michael from the deserving dept.
jorr writes "'Presented by The International Academy of Digital Arts and Sciences, The Webby Awards is the leading international honor for the worlds best web sites. The Academy is proud to present The 7th Annual Webby Awards Winners.' Winners listed on this page. Apache won Technical Achievement award."
PHP

PHP 4.3.2 Released 49

Posted by michael from the silly-tagline-goes-here dept.
seldo writes "Everyone's favourite scripting language ;-) has released an update. From their site: 'The PHP developers are proud to announce the immediate availability of PHP 4.3.2. This release contains a huge number of bug fixes and is a strongly recommended update for all users of PHP. Full list of fixes can be found in the NEWS file.' This incremental release also has useful additions, such as updating to support GD 2.0.12."
Security

Apache 2.0.46 Released 19

Posted by krow from the as-seen-on-TV dept.
The Apache HTTP Server Project writes "Apache 2.0.46 has been released. It's an important security-fix release, fixing both a crash bug [CAN-2003-0245] and a DoS [CAN-2003-0189], so everybody using prior versions of Apache 2.0 should grab a copy from the nearest mirror and upgrade!"
Apache

Is Apache 2.x Ready for General Use? 41

Posted by Cliff from the peeking-into-the-oven dept.
Above asks: "In this article we see apache 2.0.45 has been released. Well, I plan on rebuilding my webserver soon, which means installing the "latest" version. However, I'm still on the 1.x train, which is still going strong. As someone who hasn't used 2.x, and hasn't followed the development is it ready for the masses or should I stick with 1.x and be happy? Are mod_perl and ssl (my two requirements) stable? What about all the other things (php et all)? I don't do anything fancy with my web sites, but having them "just work" and not having to upgrade every other day are both strong concerns. What are your experiences?"
Programming

Open Source Web Development With LAMP 104

Posted by timothy from the shedding-light dept.
Alan Eibner submitted this review of Addison-Wesley's Open Source Web Development With LAMP. He writes "The number of books about Web development technologies is astounding. Some claim you can learn everything you need to know in 24 hours. Others require several complementary volumes in order to learn the subject. Why another web development book? And what sets this one apart from the rest?" Read on for the rest of Alan's chapter-by-chapter review. Update: 04/11 18:22 GMT by T : I'd called this an O'Reilly book rather than Addison-Wesley; sorry, now fixed.
Operating Systems

Using OpenBSD's chrooted Apache 101

Posted by Hemos from the learning-what-to-do dept.
BSD Forums writes "OpenBSD recently changed the mode of operation for the Apache webserver from the normal non-chrooted operation to chrooted operation. This enhances the security of the server on which Apache is run but it imposes a few challenges to the system administrator. In this article Marc Balmer discusses selected aspects of running a chrooted HTTP daemon and present strategies on how to set up a chrooted environment for more complex applications like database access or using CGI-scripts."
Apache

Apache 2.0.45 Released 35

Posted by michael from the better-than-okra dept.
thx2001r writes "Well, it's no longer April 1st across the contiguous United States, so the coast is clear to say Apache 2.0.45 is released. This version contains two important security fixes and a number of bug fixes. The security fixes affect all platforms and versions of Apache 2.0.x up until this update with some special caveats for the 2.0.45 OS/2 release. It looks like the first security vulnerability addressed in this eighth public release of the Apache 2.0.x series is having its details witheld until April 8th. This is being called "a significant Denial of Service vulnerability" for Apache 2.0.x by the ASF."
Apache

Gzip on a PCI card 141

Posted by michael from the what-will-they-think-of-next dept.
steve writes "The German tech news site heise.de is reporting here (in German, of course) about a PCI card developed by the Universiy of Wuppertal and Vigos AG being shown at CeBIT, which does Gzip compression in hardware, thus freeing the CPU to do other tasks. The PCI card can compress 32MB/sec, which is more than enough to compress a 100Mbit LAN in realtime. A future version will do 64MB/sec. The article mentions that this will be of particular interest for web servers. The card should be on sale by the end of the year."
Security

Security-Fix Samba 2.2.8 Available For Download 13

Posted by timothy from the getcher-dukes-up dept.
Jeremy Allison, Samba Team. writes "I just wanted to give you a heads-up on a security release, Samba 2.2.8. The release notes may be found here: http://samba.org/samba/whatsnew/samba-2.2.8.html It is important that Samba users upgrade or take the security steps outlined in the release notes. We have a report an exploit has been developed by the black-hat community. Regards, Jeremy"
Security

Professional Apache Security 115

Posted by timothy from the patchy dept.
Gianluca writes "Web sites get defaced every day -- that's routine practice for aspiring crackers who want to gain popularity by proving their bravery. Too often their attacks are aimed at unprepared, defenceless servers which were improperly secured by clumsy administrators. Just reading a book won't save you from the next cracker attack. However, having a solid knowledge of the basics of web security and a list of effective checkpoints for configuring your server, will definitely help you to prevent at least the most trivial mistakes." Gianluca reviews here Wrox Press' Professional Apache Security to see how well it can provide that kind of knowledge -- read on below.
Apache

Virgin Apache is Hard to Find 49

Posted by michael from the yow dept.
markcox writes "Apache Week had written an article examining the Apache packages distributed by 10 popuplar Linux vendors. The survey found that all the vendors added some patches to virgin Apache including build patches, backported security patches, changing the product name through to dubious patches, and missed security fixes."
PHP

Security Hole Found in 4.3.0 34

Posted by krow from the let's-all-sing-the-doom-song dept.
Saint Aardvark writes "The good folks at PHP.net have warned of a serious vulnerability in PHP 4.3.0: 'Anyone with access to websites hosted on a web server which employs the CGI module may exploit this vulnerability to gain access to any file readable by the user under which the webserver runs. A remote attacker could also trick PHP into executing arbitrary PHP code if attacker is able to inject the code into files accessible by the CGI. This could be for example the web server access-logs.' It's recommend that you upgrade to 4.3.1 right away."

Slashdot Top Deals