One commonly quoted reason for the resistance of commercial companies towards open source technology, such as Linux or Apache, is the lack of support. Unless there is a mortar-and-brick establishment behind the product, it's said, companies will not use open source.
Of course, this ignores the fact that there are companies out there whose business model is to provide just that kind of support. There's a short article in the Nov 9 issue of Computer Current Magazine that mentions just two.

IBM, Sun and others are helping the Apache Group create Open Source XML ^[?] tools for use with Apache. Some companies including Lotus are giving away their XSL ^[?] technology to the project.

Bryan Crowl writes "Only yesterday all australians got to have their say in the historic referendum on becoming a republic. The Australian Electoral Commission have been using a Virtual tallyroom to allow people from all around the world to view statistics. Last night they posted some statistics about the amount of visitors , 6 million in the first 3 hours, or about 556 a second. And what was this server running to handle this sort of load, Linux(Redhat) and Apache(1.3.6) Check it out @ link "
You can also check it out for yourself by using the Netscape Poke. As we've always said, it's real world benchmarks that mean the most :) .

Continuing our Q&A into Apache and SSL, we received the below. I'm sure people have ideas and comments. After all, Amazon can do it :):
conraduno writes "I am a professional web developer and I was recently approached to develop an e-commerce based commercial site. I have never dealt with e-commerce before, and while I have extensive knowledge of order entry systems I have never before dealt with online credit card entry. My question is this: What do I need to develop secure, online credit card based order form, that is scaleable but at the exact same time simple. I have done a little research on SSL, and I am wondering if there are any other viable alternatives, and if not, what do I need to set up an SSL based transaction? "

This week's ApacheWeek has the news that Amazon.com has switched from using Netscape's server to C2Net's Stronghold, an Apache-based commercial server (Stronghold is mostly known for it's SSL capability). Check out the Netcraft poke to see the setup Amazon is running.

The latest Netcraft Survey is out, covering through October 1999. Apache continues to lead the pack, but Microsoft's IIS showed a significant increase due to, basically, the influence of one web hosting company, Webjump.
Is the Netcraft survey still relevant? A cursory glance might lead some to believe that Apache decreased in the number of sites hosted, which is definitely not the case. Are there maybe better ways to display the numbers to give a more complete picture?

dschuetz writes "I'm setting up a system that uses Samba for filesystem support, a MySQL database for modifying/editing data, and Apache/PHP for parsing/displaying the data. All three require authentication. All three currently have "group" accounts.

I want to get to one-user accounts, but don't want to have to deal with updating three or four different places whenever someone comes on or changes their password. Is there any solution available that will allow me to point all those services to a single authentication system? I've heard a little about PAM, but don't know much about it (and I don't think it'll work with MySQL, either). "

jedinite writes "I'm currently heavily involved in a project to develop a specialized online community. We've hit a serious debate among the team regarding whether or not we implement the site using SSL.

Basically, there are two schools of thought here: My side, that privacy and security are the most important, and we're willing to take the performance hit, and the Other side: that the use of SSL will "devastate web server performance" - that the trade off of security for speed is necessary. My question to the assembled masses: What are the potential upsides and downsides of using SSL on a (relatively) high-traffic site? Anyone have any better metrics on the real difference between unencrypted and SSL traffic? Can anyone here help me convince my team that we need to use SSL -- or convince me that we don't?

More info on our situation, if it helps:

We're running a four-way Sun E450 with 2gig of RAM. Big, big box.

We're running Stronghold/2.1.1 Apache/1.2.4 mod_perl/1.11

We're anticipating approximately 50k-60k "hits" and about 5k-6k page views on the community daily.

The box handles about 3 times that traffic total (other sites on same box). "

Another "solution," other than the all or nothing approach, would be to use a "shopping-cart" type setup. You know, the bulk of the site is non-SSL and the switch to SSL is only when there are items to be protected. Other suggestions and comments?

There's an interesting (but somewhat old) article by Network Computing which supposedly helps webmaster's pick their "best bet" for web development systems. They compare Netscape's Enterprise Server, Microsoft's IIS and the ASF's Apache. Despite Apache and PHP being their "clear favorite" they somehow give the Editor's Choice to Netscape. Confusing, but still a pretty good read.

The Apache section of Slashdot is also a good place to ask questions regarding Apache and web servers in general (rather than Ask Slashdot). To start us off, here is a question concerning the "cheapest" way of implementing a SSL-capable version of Apache. Of course, you should also consider the legal aspects as well, which is why the commercial products are so attractive for US users:

jballagh writes "I use apache and need SSL for a potential customer's site. What is the cheapest way of doing this in the US? I have looked at Apache-SSL, mod-ssl, and some commercial packages. If possible I would like to license the appropriate RSA algorithms for use with Apache-SSL, or mod-ssl. Has anyone done this? Is it worth the bother compared to buying a commercial package? "

jimz writes "Tomcat, the JSP and Servlet engine, after about a year of waiting, was just released by Sun and given to the Apache group. You can get more info at Apache's Jakarta page. " FYI: "Tomcat, is a world-class implementation of the Java Servlet 2.2 and JavaServer Pages 1.1 Specifications," for those not in know. The download page is online as well - release will be up there muy pronto.

ApacheCon 2000 has been announced for the days of March 8, 9 and 10th, 2000, in Orlando, FLA. The last ApacheCon was over a year ago, so it's about time.

The Call For Papers is open until October 22, 1999, so if you have an idea for a presentation (from 90minutes to 3 hours), send it in soon.

Word is that a site redesign is in the works and should be available soon.

It's nice that "the media" and the outside world in general have finally noticed Open Source. Trouble is, unless you mention Linux, their eyes glaze over like yesterday's halibut. Open Source has a lot of successes, especially Apache . So how come you never see that rainbow feather on the news? Read on.

As with YRO, Apache and BSD are areas that we get many submissions for, but have to choose carefully from for stories that might appear on the homepage. When you have to pick a dozen, that Apache story (while totally relevant) may not make the grade against something of more general interest. Thats why we're happy to announce the new Apache Section manned by Jim Jagielski. As a core member of the Apache Group, I think he's more than qualified. The BSD Section (which actually started on monday 'cuz we had some timely stories that needed to up) is manned by Nik Clayton is a BSD developer and coordinator for the FreeBSD Documentation Project. If you have stories relevant to these new subjects, feel free to submit them to The submissions Form and flag them for the appropriate section.