mark :: blog :: apacheweek
We've not really given Apache Week any priority in the last few months -- in fact we've not posted a new issue since October 2004. So I'm glad we didn't rename it Apache Month. Time to register apachewhenthereissomethinginteresting.com.
Anyway, the most useful thing that I've kept up to date in Apache Week is the database of vulnerabilities that affects the Apache Web server v1.3 and v2.0. This list was even being linked to directly by httpd.apache.org so I made good on a promise I made a year ago and moved the database to the official site. Apache Week uses xslt for transforming the database, but the Apache site used velocity for page markup, but no one seemed to mind me adding ant-trax.jar to the site so the database gets converted from xslt to the page format that gets marked up by velocity. The end result is
a couple of nice HTML pages on the official Apache site that list all the vulnerabilities that is easy for us to keep up to date.
As I was commiting the template for this weeks issue of Apache Week I noticed that it has now been exactly eight years since I wrote the first issue. Back then Apache wasn't so popular and the documentation was lacking. Apache Week was designed specifically to give administrators the confidence to try the Apache web server on their machines without having to parse the hundreds of messages each week on the developer mailing list. That first issue was written over a 64k ISDN dial-up line from a computer perched on stark IKEA tabletop. Friday afternoons were spent writing up what had happened during the week. Not much has changed. Actually, I think that IKEA tabletop is still sitting in storage somewhere at Red Hat in Guildford. I wish I'd kept hold of it, it would have been useful for my girlfriends sons train layout.
Over the years there have been many times when we've thought about stopping production, usually when a competitor announced some other Apache magazine that we thought would do a better job than we do. But most of them gave up. They probably realised that there wasn't any money to be made from an Apache httpd journal.
UK Web became C2Net which became Red Hat, and Apache Week is still going strong. We'll have to think of something exciting to do for our tenth birthday.
Had an interesting week wading through vulnerability details and the various advisories which never really seem to match the facts. Take one Linux vendor for example who got confused about the Oracle mod_dav vulnerability and, even though they were not affected by the vulnerability, released new Apache mod_dav packages. To add to the confusion their newly released errata packages had actually added a patch which added in the vulnerability. So they started out not vulnerable, but then released a patch which was meant to remove the vulnerability but actually really made them vulnerable. No wonder folks are confused. Wrote a bit of a rant about it in Apache Week this week.
Ploughed through the cvs commits and created a
plausible Announcement file for Apache 1.3.22. Held off
releasing Apache Week until the mirrors caught up, but /.
found the tarballs so released it a little early. Took some
time to write some scripts to tidy up the past 265 issues
for bad tags, all modules and directives are marked as such
CVE Worked with the Mitre guys so that the Apache
vulnerabilities in 1.3.20 get described correctly, all went
Spent half a day debugging XSL stylesheets that worked fine
with libxml/libxslt but didn't work at all in Microsoft
IE. Turns out we had some errors in the XSL that libxslt
didn't care about.
The outcome is if you're using IE6 try this link:
It really will load the XML for the issue, load the
stylesheets and the navigation bar, then parse them to
create the HTML output. Do "view source" if you don't
Now that my builder has run CAT-5 through my new house
(yeah, I have wireless but I want to run secure links and s-
video over CAT-5) I wish I'd got them to run all the
lighting cables separately too so I could X10 them without
having to have the horrible UK X10 replacement
Another week, mostly spent trying to find somewhere to live
in Glasgow. I've found my ideal house, it looks rather
like the Stronghold castle logo which is slightly
worrying. More fun creating various XSLT files to convert
Apache Week bits and bobs into the right formats; the current
issue is all XML built now, as anyone who received the
text version full of &#A0; codes instead of spaces will
Larry Wall last week was commenting on debuggers and
said "I don't use them; I'm more of an insert-print-
statements guy". Now I have an excuse :)
It's exactly a year ago that I got to visit Monterery
California to report on the 4th O'Reilly Open Source
software convention (Apache Week
issue #208) When I managed to get invited back to San
Diego for this week I thought I'd been given the ideal
assignment; getting to fly to California in July, avoiding
the British rain, and spending a week right on the West
Coast with nearly 2000 other open source advocates. So with
only one direct flight a day from England I was unsuprised
to find a large number of delegates on the plane; wearing
Penguin badges and snapping pictures of the clear views over
Greenland with a variety of digital cameras.
San Diego has great weather, and it's easy to forget that
coming from England, so I managed to get sunburnt. If
you're at the conference this week look out for the pasty
english guys with sunburn. Wireless lans are great; I'm
currently typing this listening to Brian Behlendorf talking
about Apache to a group of people including Larry Wall,
sitting just in front of me.
So I keep finding web logs mentioning Douglas Adams who
died at the weekend aged only 49. I'll add my story:
I'm a huge fan of Douglas Adams (was in the fanclub
ZZ9-plural-Z-alpha as a teenager) and at ApacheCon in
London last October got into line to get my book signed by
(photo). The second time around when things had become
more quiet I approached him again to get a book signed for
Apache Week to give away. Instead of idle chit-chat I
asked him about the film. This peaked his interest and he
launched into telling me all about it and the problems and
was really animated. He seemed pleased that someone was
interested in it and was happy to talk to me for a few
minutes until I thought I'd held up the line long enough.
Or maybe he'd realised that the more he talked to me the
less books he had to sign.
The signature in the two books were far from identical, but
it read "Bop Ad" just like I expected.
I can't believe I wrote the first issue
of Apache Week five years ago today. Happy Birthday! It's
interesting looking through the past issues to see when we
expected a 2.0 beta release; one year ago we were expecting
it "inside a month". We're currently expecting it "inside
Hi! I'm Mark Cox. This blog gives my
thoughts and opinions on my security
work, open source, fedora, home automation,
and other topics.