tck1000 asks: "I currently maintain some legacy webservers, running Apache 1.3.x on Linux, on x86 hardware. Two separate daemons are used. One to serve SSL vhosts, and one to server non-SSL vhosts. Each of these servers also is compiled with PHP, mod_perl, and JServe, and also works with a Tomcat servlet engines. In the process of planning an upgrade path, I've thought about using a single daemon to serve both the SSL and Non-SSL vhosts. Is this a good idea?"

BigBlockMopar asks: "A friend of mine runs a web site which offers a very large archive of files. He wishes to continue to offer free and unrestricted access to his archive, but his bandwidth consumption has been through the roof because of people using wget (and similar) to download his entire site. Current traffic is around 200 gigabytes per month with over 50% of that being clients who are downloading every document on the site. The server space is donated by a hosting provider who is understandably starting to become impatient with the traffic. I've checked out mod_throttle and mod_bandwidth, neither appears to do exactly what is desired. Does anyone have any suggestions?"

A reader writes: " It appears that Ken Coar will be doing an IRC chat on Slashnet today. Ken's an Apache core developer and director, as well as author of The Apache Cookbook." It's worth noting that DevChannel is part of the sinister keiretsu. As pointed out, it'll be in #forum, at 2:00 PM EST today.

An anonymous reader writes "Robin 'Roblimo' Miller will be hosting an IRC interview with Ken Coar tomorrow. Registration for the discussion is required. This is your chance to interview Ken Coar directly." Coar sits on the Apache Foundation's board, and has written a few books on Apache besides. You might want to check out the Apache website to catch up on recent developments before taking part, too.

An anonymous reader writes "Embedded webserver specialist Mbedthis Software has released AppWeb, a new "mini-Apache" for embedded Linux focusing on high security and designed for 'embedding in applications and devices.' AppWeb can be configured with a memory footprint of only 110K, and targets web services, offline applications, and embedded device management, according to Mbedthis."

Roy_Fielding writes "The Apache Software Foundation has approved an update to the open source Apache License (Version 2.0) that will be mandated across all Apache projects starting on March 1st. I have been working on variations of this license for the past three years, trying to balance the many different goals of the revision. That includes making the license easier for non-ASF projects to use, improving compatibility with GPL-based software, allowing the license to be included by reference instead of listed in every file, clarifying the license on contributions, and requiring a patent license on contributions that necessarily infringe a contributor's own patents. The result is a license that is compatible with other open source licenses, such as the GPL, and yet still remains true to the original goals of the Apache Group and supportive of collaborative development across both nonprofit and commercial organizations." While it has yet to become OSI-certified, it will probably will be so Real Soon Now, and in the meantime it's fun to compare licenses.

honestpuck writes "While Apache is possibly the most popular and ubiquitous open source project it is certainly not the most simple. One module alone, mod_rewrite, causes me almost more problems and regex wrestling matches than all other products combined. The 'httpd.conf' file is a long and critical one. In these circumstances the Apache Cookbook from O'Reilly might be a godsend. It is certainly a well-written, well-researched volume. Ken Coar has spent many years working on Apache and Rich Bowen has long laboured on the Apache documentation. They both know their stuff -- and if this is an example, both know how to write." Read on for the rest of honestpuck's review.

John Chamberlain writes "Netcraft's numbers for the new year are in. The trend graphs tell a story: 2003 was the Year of Apache. If Time magazine had a server-of-the-year award the cover would be featuring a feather. Since October 2002 market share has grown from 53% to 64%, a 20% gain while Microsoft IIS, its nearest competitor has shrunk from 36% to 24%, a 33% decline. The change in server totals was even more dramatic. Apache HTTP Server increased from about 20 million to 32 million (+60%) while all other competitors remained flat."

kolchak writes "An article in The Age has an interesting analysis of the Netcraft Web Server Usage Reports. According to Port80 Software, Netcraft's surveys are biased towards domain name parkers and very small web sites, not taking into account how popular a site may be - there's some interesting results in the competing Port80 survey." However, it should be pointed out that Port80 "develops software products to enhance the security, performance and user experience of Microsoft's Internet Information Services (IIS) Web server."

Slashback tonight with more on whether Princeton really hates open source (hint: No.), the outcome of Australia's mp3s4free.net case, the Farscape-to-return saga, and other updates to recent and semi-recent Slashdot stories. Read on for the details.

Matt Will writes "The Official Samba 3 How-To and Reference Guide was written by John H. Terpstra and Jelmer Rinze Vernooij in collaboration with the core developers of the Samba-Team (www.samba.org) and expert end users. The book is written with special focus towards administrators of Microsoft Windows systems, giving them a first insight into the capabilities of Samba and a well guided step-by-step guide for migrating systems from a Microsoft solution to Samba." Read on for the rest of Will's review.

Kanagawa writes "This morning, Jim Jagielski, Exec. V.P. and Secretary of the Apache Software Foundation, announced on the geronimo-dev mailing list that 'the ASF received a letter from JBoss's lawyers regarding... the similarity of code between [J2EE implementation] Geronimo and JBoss.' The letter is available in PDF. According to the letter, similarities were noticed back in July, and haven't been fixed."

BSD Forums writes "The Apache Axis team is proud to announce the release of Apache Axis C++ v1.0 (Alpha). This implementation of a C++ SOAP engine provides a stable platform for developing Web services using C/C++ as well as a client side library for developing C/C++ client applications. New features include SOAP engine with both client and server support; partial support for both SOAP 1.1 and SOAP 1.2; WSDD based deployment with dynamic deployment tools and more. Both binary and source are available at Apache mirror sites."

Mr Bill writes "According to NetCraft the Apache web server now owns over 2/3rds of the web. The jump of 2.8% since last month is mostly due to a number of large domain parking sites switching back to Apache from IIS. 'During 2001 and the first half of 2002 several companies hosting very large numbers of hostnames including Webjump, Namezero, Homestead, register.com and Network Solutions migrated to Microsoft-IIS. Subsequently these businesses have either failed, significantly changed their business model, or reverted to their previous platform, and Microsoft-IIS share is now in line with its long term pre-summer 2001 level of around 20%.' See the full report here."

Gruturo writes "Busy week for the Apache software foundation: After 1.3.29, version 2 gets an update as well with 2.0.48, which mainly fixes these two security vulnerabilities. As usual, using a mirror is recommended." The official announcement lists several changes as well.

Dan writes "The Apache Software Foundation and The Apache HTTP Server Project are pleased to announce the release of version 1.3.29 of the Apache HTTP Server ("Apache"). This Announcement notes the significant changes in 1.3.29 as compared to 1.3.28. Release 1.3.29 addresses and fixes a potential security issue CAN-2003-0542 (cve.mitre.org): Fix buffer overflows in mod_alias and mod_rewrite which occurred if one configured a regular expression with more than 9 captures. You can download this release from one of your preferred mirror sites."

ivan.ristic writes "Mod_security 1.7 has been released. Mod_security is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding applications from attacks. The latest release adds output scanning to Apache 2.x; the ability to analyze cookies; functionality to change the identity of the web server; several new actions for rule grouping; new null-byte attack anti-evasion code."

SiliconEntity writes "On the heels of multiple OpenSSH vulnerabilities, the OpenSSL project is now reporting a number of security vulnerabilities of its own. OpenSSL is a standard cryptographic library used in a wide variety of security applications. The new vulnerabilities range from denial-of-service attacks to stack corruption, which imply the possibility of running malicious code. New versions of the software are released today which address the vulnerabilities."

honestpuck writes with the review below of O'Reilly's Practical mod_perl, which he describes as "a doorstop sized volume that provides more information on using mod_perl than you ever thought you needed." Read on for the rest of his review, and to see whether you actually do need to know what's in this book.

Dan writes "Apache.org's Joshua Slive says that ApacheCon, the official conference of the Apache Software Foundation (ASF), announced today the opening of registration for ApacheCon 2003, to be held November 16-20, 2003 in Las Vegas, Nevada. Apachecon kicks off with intensive full- and half-day tutorials that offer real world insight, techniques, and methodologies pivotal to the increasing demand for open source software. Agenda and sessions include topics such as Apache with XML and Java; All Things Apache; and Apache with Perl and PHP."