Mark J Cox, mark@awe.com  
   
mark :: blog :: apacheweek

[ 1 ]



We've not really given Apache Week any priority in the last few months -- in fact we've not posted a new issue since October 2004. So I'm glad we didn't rename it Apache Month. Time to register apachewhenthereissomethinginteresting.com.

Anyway, the most useful thing that I've kept up to date in Apache Week is the database of vulnerabilities that affects the Apache Web server v1.3 and v2.0. This list was even being linked to directly by httpd.apache.org so I made good on a promise I made a year ago and moved the database to the official site. Apache Week uses xslt for transforming the database, but the Apache site used velocity for page markup, but no one seemed to mind me adding ant-trax.jar to the site so the database gets converted from xslt to the page format that gets marked up by velocity. The end result is a couple of nice HTML pages on the official Apache site that list all the vulnerabilities that is easy for us to keep up to date.



As I was commiting the template for this weeks issue of Apache Week I noticed that it has now been exactly eight years since I wrote the first issue. Back then Apache wasn't so popular and the documentation was lacking. Apache Week was designed specifically to give administrators the confidence to try the Apache web server on their machines without having to parse the hundreds of messages each week on the developer mailing list. That first issue was written over a 64k ISDN dial-up line from a computer perched on stark IKEA tabletop. Friday afternoons were spent writing up what had happened during the week. Not much has changed. Actually, I think that IKEA tabletop is still sitting in storage somewhere at Red Hat in Guildford. I wish I'd kept hold of it, it would have been useful for my girlfriends sons train layout.

Over the years there have been many times when we've thought about stopping production, usually when a competitor announced some other Apache magazine that we thought would do a better job than we do. But most of them gave up. They probably realised that there wasn't any money to be made from an Apache httpd journal.

UK Web became C2Net which became Red Hat, and Apache Week is still going strong. We'll have to think of something exciting to do for our tenth birthday.



Had an interesting week wading through vulnerability details and the various advisories which never really seem to match the facts. Take one Linux vendor for example who got confused about the Oracle mod_dav vulnerability and, even though they were not affected by the vulnerability, released new Apache mod_dav packages. To add to the confusion their newly released errata packages had actually added a patch which added in the vulnerability. So they started out not vulnerable, but then released a patch which was meant to remove the vulnerability but actually really made them vulnerable. No wonder folks are confused. Wrote a bit of a rant about it in Apache Week this week.



Ploughed through the cvs commits and created a plausible Announcement file for Apache 1.3.22. Held off releasing Apache Week until the mirrors caught up, but /. found the tarballs so released it a little early. Took some time to write some scripts to tidy up the past 265 issues for bad tags, all modules and directives are marked as such

CVE Worked with the Mitre guys so that the Apache vulnerabilities in 1.3.20 get described correctly, all went rather smoothly.



Spent half a day debugging XSL stylesheets that worked fine with libxml/libxslt but didn't work at all in Microsoft IE. Turns out we had some errors in the XSL that libxslt didn't care about. The outcome is if you're using IE6 try this link:

http://www.apacheweek.com/issues/01-08-31.xml

It really will load the XML for the issue, load the stylesheets and the navigation bar, then parse them to create the HTML output. Do "view source" if you don't believe me!

Now that my builder has run CAT-5 through my new house (yeah, I have wireless but I want to run secure links and s- video over CAT-5) I wish I'd got them to run all the lighting cables separately too so I could X10 them without having to have the horrible UK X10 replacement lightswitches.



Another week, mostly spent trying to find somewhere to live in Glasgow. I've found my ideal house, it looks rather like the Stronghold castle logo which is slightly worrying. More fun creating various XSLT files to convert Apache Week bits and bobs into the right formats; the current issue is all XML built now, as anyone who received the text version full of &#A0; codes instead of spaces will attest.

Larry Wall last week was commenting on debuggers and said "I don't use them; I'm more of an insert-print- statements guy". Now I have an excuse :)



It's exactly a year ago that I got to visit Monterery California to report on the 4th O'Reilly Open Source software convention (Apache Week issue #208) When I managed to get invited back to San Diego for this week I thought I'd been given the ideal assignment; getting to fly to California in July, avoiding the British rain, and spending a week right on the West Coast with nearly 2000 other open source advocates. So with only one direct flight a day from England I was unsuprised to find a large number of delegates on the plane; wearing Penguin badges and snapping pictures of the clear views over Greenland with a variety of digital cameras.

San Diego has great weather, and it's easy to forget that coming from England, so I managed to get sunburnt. If you're at the conference this week look out for the pasty english guys with sunburn. Wireless lans are great; I'm currently typing this listening to Brian Behlendorf talking about Apache to a group of people including Larry Wall, sitting just in front of me.



So I keep finding web logs mentioning Douglas Adams who died at the weekend aged only 49. I'll add my story:

I'm a huge fan of Douglas Adams (was in the fanclub ZZ9-plural-Z-alpha as a teenager) and at ApacheCon in London last October got into line to get my book signed by him (photo). The second time around when things had become more quiet I approached him again to get a book signed for Apache Week to give away. Instead of idle chit-chat I asked him about the film. This peaked his interest and he launched into telling me all about it and the problems and was really animated. He seemed pleased that someone was interested in it and was happy to talk to me for a few minutes until I thought I'd held up the line long enough. Or maybe he'd realised that the more he talked to me the less books he had to sign.

The signature in the two books were far from identical, but it read "Bop Ad" just like I expected.



I can't believe I wrote the first issue of Apache Week five years ago today. Happy Birthday! It's interesting looking through the past issues to see when we expected a 2.0 beta release; one year ago we were expecting it "inside a month". We're currently expecting it "inside a month".

[ 1 ]

       


Hi! I'm Mark Cox. This blog gives my thoughts and opinions on my security work, open source, fedora, home automation, and other topics.

pics from my twitter:


popular tags: [all], apache, apacheweek, cve, cvss, fedora, ha, metrics, microsoft, redhat, security, trips


Subscribe to RSS feed