Apache is behind a huge percentage of the world's websites, and the Apache Software Foundation is the umbrella organization that provides licensing and stucture for open source projects ranging from the Apache Web server to Apache OpenOffice to small utilities that aren't household names but are often important to a surprising number of people and companies. Most of us never get to meet the people behind groups like the Apache Software Foundation -- except today we tag along with Tim Lord at OSCON and chat with Apache Software Foundation Executive Vice President Rich Bowen -- who is also Red Hat's OpenStack Community Liason. (Alternate Video Link) Update: 07/30 22:23 GMT by T: Note that Bowen formerly served as Slashdot sister site SourceForge's Community Manager, too.
The security implications of this are vast. Malicious actors could create a malicious mobile application with a digital identity certificate that claims to be issued by Adobe Systems. Once installed, vulnerable versions of Android will treat the application as if it was actually signed by Adobe and give it access to local resources, like the special webview plugin privilege, that can be used to sidestep security controls and virtual 'sandbox' environments that keep malicious programs from accessing sensitive data and other applications running on the Android device. The flaw appears to have been introduced to Android through an open source component, Apache Harmony. Google turned to Harmony as an alternative means of supporting Java in the absence of a deal with Oracle to license Java directly.
Work on Harmony was discontinued in November, 2011. However, Google has continued using native Android libraries that are based on Harmony code. The vulnerability concerning certificate validation in the package installer module persisted even as the two codebases diverged.
Trailrunner7 (1100399) writes "The Apache Software Foundation released an advisory warning that a patch issued in March for a zero-day vulnerability in Apache Struts did not fully patch the bug in question. Officials said a new patch is in development and will be released likely within the next 72 hours, said Rene Gielen of the Apache Struts team. On March 2, a patch was made available for a ClassLoader vulnerability in Struts up to version 188.8.131.52. An attacker would be able to manipulate the ClassLoader via request parameters. Apache said the fix was insufficient to repair the vulnerability."
We're thankfully long past the days when an emailed Word document was useless without a copy of Microsoft Word, and that's in large part thanks to the success of the OpenOffice family of word processors. "Family," because the OpenOffice name has been attached to several branches of a codebase that's gone through some serious evolution over the years, starting from its roots in closed-source StarOffice, acquired and open-sourced by Sun to become OpenOffice.org. The same software has led (via some hamfisted moves by Oracle after its acquisition of Sun) to the also-excellent LibreOffice. OpenOffice.org's direct descendant is Apache OpenOffice, and an anonymous reader writes with this excellent news from that project: "The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 170 Open Source projects and initiatives, announced today that Apache OpenOffice has been downloaded 100 million times. Over 100 million downloads, over 750 extensions, over 2,800 templates. But what does the community at Apache need to do to get the next 100 million?" If you want to play along, you can get the latest version of OpenOffice from SourceForge (Slashdot's corporate cousin). I wonder how many government offices -- the U.S. Federal government has long been Microsoft's biggest customer -- couldn't get along just fine with an open source word processor, even considering all the proprietary-format documents they're stuck with for now.
New submitter gitficionado (3600283) writes "The Apache Subversion project has begun migrating its source code from the ASF Subversion repo to git. Last week, the Subversion PMC (project management committee) voted to migrate, and the migration has already begun. Although there was strong opposition to the move from the older and more conservative SVN devs, and reportedly a lot of grumbling and ranting when the vote was tallied, a member of the PMC (who asked to remain anonymous) told the author that 'this [migration] will finally let us get rid of the current broken design to a decentralized source control model [and we'll get] merge and rename done right after all this time.'"Source for the new git backend.
rjmarvin writes "The Apache Software Foundation announced that Spark, the open-source cluster-computing framework for Big Data analysis has graduated from the Apache Incubator to a top-level project. A project management committee will guide the project's day-to-day operations, and Databricks cofounder Matei Zaharia will be appointed VP of Apache Spark. Spark runs programs 100x faster than Apache Hadoop MapReduce in memory, and it provides APIs that enable developers to rapidly develop applications in Java, Python or Scala, according to the ASF."
First time accepted submitter jcdr writes "February's 2014 Web Server Survey by Netcraft shows a massive increase [in the share of] Microsoft's web server since 2013. Microsoft's market share is now only 5.4 percentage points lower than Apache's, which is the closest it has ever been. If recent trends continue, Microsoft could overtake Apache within the next few months, ending Apache's 17+ year reign as the most common web server."
snydeq writes "Complaints of stricture over structure, signs of technical prowess on the wane — the best days of the Apache Software Foundation may be behind, writes InfoWorld's Serdar Yegalulp. 'Since its inception, the Apache Software Foundation has had a profound impact in shaping the open source movement and the tech industry at large. ... But tensions within the ASF and grumbling throughout the open source community have called into question whether the Apache Way is well suited to sponsoring the development of open source projects in today's software world. Changing attitudes toward open source licensing, conflicts with the GPL, concerns about technical innovation under the Way, fallout from the foundation's handling of specific projects in recent years — the ASF may soon find itself passed over by the kinds of projects that have helped make it such a central fixture in open source, thanks in some measure to the way the new wave of bootstrapped, decentralized projects on GitHub don't require a foundation-like atmosphere to keep them vibrant or relevant.' Meanwhile, Andrew C. Oliver offers a personal perspective on his work with Apache, why he left, and how the foundation can revamp itself in the coming years: 'I could never regret my time at Apache. I owe it my career to some degree. It isn't how I would choose to develop software again, because my interests and my role in the world have changed. That said, I think the long-term health of the organization requires it get back to its ideals, open up its private lists, and let sunshine disinfect the interests. My poorly articulated reasons for leaving a long time ago stemmed from my inability to effect that change.'"
darthcamaro writes "Apache has always dominated the web server landscape. But in August, its share has slipped below 50 percent for the first time in years. The winner isn't nginx either — it's Microsoft IIS that has picked up share. But don't worry, this isn't likely a repeat of the Netscape/IE battle of the late 90's, Apache is here to stay (right?)"
The dip is mostly the result of GoDaddy switching to IIS from Apache. Which is to say GoDaddy hosts a whole lot of sites.
An anonymous reader writes "Still the most popular open source office suite, Apache OpenOffice 4 has been released, with many new enhancements and a new sidebar, based on IBM Symphony's implementation but with many improvements. The code still has comments in German but as long as real new features keep coming and can be shared with other office suites no one is complaining." The sidebar mentioned brings frequently used controls down and beside the actual area of a word-processing doc, say, which makes some sense given how wide many displays have become. This release comes with some major improvements to graphics handling, too; anti-aliasing makes for smoother bitmaps. In conjunction with this release, SourceForge (also under the Slashdot Media umbrella) has announced the launch of an extensions collection for OO. Extensions mean that Open Office can gain capabilities from outside contributors, rather than being wrapped up in large, all-or-nothing updates. You can download the latest version of Apache OpenOffice here.
darthcamaro writes "Remember back in the day when we all used CVS? Then we moved to SVN (subversion) but in the last three yrs or so everyone and their brother seems to have moved to Git, right? Well truth is Subversion is still going strong and just released version 1.8. While Git is still faster for some things, Greg Stein, the former chair of the Apache Software Foundation, figures SVN is better than Git at lots of things. From the article: '"With Subversion, you can have a 1T repository and check out just a small portion of it, The developers don't need full copies," Stein explained. "Git shops typically have many, smaller repositories, while svn shops typically have a single repository, which eases administration, backup, etc."'"
Major new features of 1.8 include switching to a new metadata storage engine by default instead of using Berkeley DB, first-class renames (instead of the CVS-era holdover of deleting and recreating with a new name) which will make merges involving renamed files saner, and a slightly simplified branch merging interface.
psykocrime writes "The crazy kids at Fogbeam Labs have a new blog post positing that there is a trend towards advanced projects in NLP, Information Retrieval, Big Data and the Semantic Web moving to the Apache Software Foundation. Considering that Apache UIMA is a key component of IBM Watson, is it wrong to believe that the organization behind Hadoop, OpenNLP, Jena, Stanbol, Mahout and Lucene will ultimately be the home of a real 'Star Trek Computer'? Quoting: 'When we talk about how the Star Trek computer had “access to all the data in the known Universe”, what we really mean is that it had access to something like the Semantic Web and the Linked Data cloud. Jena provides a programmatic environment for RDF, RDFS and OWL, SPARQL and includes a rule-based inference engine. ... In addition to supporting the natural language interface with the system, OpenNLP is a powerful library for extracting meaning (semantics) from unstructured data - specifically textual data in an unstructured (or semi structured) format. An example of unstructured data would be the blog post, an article in the New York Times, or a Wikipedia article. OpenNLP combined with Jena and other technologies, allows “The computer” to “read” the Web, extracting meaningful data and saving valid assertions for later use.'"
Speaking of the Star Trek computer, I'm continually disappointed that neither Siri nor Google Now can talk to me in Majel Barrett's voice.
An anonymous reader writes with this quick bite from the H: "Just a few days after the one year anniversary of the release of the first version of OpenOffice from the Apache Foundation (Apache OpenOffice 3.4) on 8 May 2012, the project can now boast 50 million downloads of the Open Source office suite. 10 million of those downloads happened since the beginning of March. In contrast, LibreOffice claimed it had 15 million unique downloads of its office suite in all of 2012."
An anonymous reader writes "ESET researchers, together with web security firm Sucuri, have been analyzing a new threat affecting Apache webservers. The threat is a highly advanced and stealthy backdoor being used to drive traffic to malicious websites carrying Blackhole exploit packs. Researchers have named the backdoor Linux/Cdorked.A, and it is the most sophisticated Apache backdoor seen so far. The Linux/Cdorked.A backdoor does not leave traces on the hard-disk other than a modified 'httpd' file, the daemon (or service) used by Apache. All information related to the backdoor is stored in shared memory on the server, making detection difficult and hampering analysis."
twofishy writes "Struts 1, the venerable Java MVC Web framework, has reached End Of Life status, the Apache foundation has announced. In a sense, the move simply formalises what has already happened, as the Struts team have focused their efforts on version 2; the last release of Struts 1 was version 1.3.10 in December 2008. The change of status does mean however that, whilst the code and documentation will still be available, no further security patches or bug fixes will be issued."
ke4qqq writes with an excerpt from an ASF press release: "The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of nearly 150 Open Source projects and initiatives, today announced that Apache CloudStack has graduated from the Apache Incubator to become a Top-Level Project (TLP), signifying that the Project's community and products have been well-governed under the ASF's meritocratic process and principles."
rbowen of SourceForge writes with an interesting way to look at the value of certain free software options: "Apache OpenOffice 3.4.1 has averaged 138,928 downloads per day. That is an average value to the public of $21 million per day, as calculated by savings over buying the competing product. Or $7.61 billion (7.61 thousand million) per year." (That works out to about $150 per copy of MS Office. There are some holes in the argument, but it holds true for everyone who but for a free office suite would have paid that much for Microsoft's. The numbers are even bigger if you toss in LibreOffice, too.)
'Twas the night before Christmas,
and while not a creature was stirring (not even an optical mouse),
/.'ers were posting & moderating with squeals of delight.
When out on the Internet there arose such a clatter,
I sprang from my keyboard to see what was the matter.
I knew in a moment it must be Alek's Controllable Christmas Lights Webcam. But remembered in previous years it was a hoax - /. said damn.
And then, in a twinkling, I realize Alek has done it for real — W'OH!
With 20,000 lights plus giant inflatable Elmo, Frosty, Santa, SpongeBob, and Homer Simpson — D'OH!
The X10 controls and 3 live webcams provide such clarity,
that it has raised over $70,000 for Celiac charity.
'Merry Christmas to all, and to all a good night!'"