With a series of messages on the Apache httpd developer mailinglist, Paul Querna has kicked off the discussion on what the next version of Apache will look like. There is now a development sandbox code named Amsterdam?because immediately hanging a version number on the effort would constrain the discussion too much. It is to be expected that The Amsterdam Project will be the subject of much hallway discussion at the upcoming ApacheCon Europe, coincidentally held in Amsterdam. Have I mentioned registration is open, and the Early Bird discount is not going to last forever?

If you would like to contribute to the next version of the most popular server on the web, or just want to follow the discussion, hop on the mailinglist. Now is the time.

Registration is now open for ApacheCon Europe 2007, May 1-4 in Amsterdam. I will be presenting three sessions this time. The sessions on scalability and performance tuning are being updated and revamped. The third session is a half-day training on Practical SSL Implementation with Apache.

The training session will be an intensive roller-coaster ride covering many aspects of the SSL and TLS protocols. We will talk about the protocol principles and their practical implementation and configuration on Apache. We will also discuss certificate authentication and management, integrating SSL with your applications and many security aspects and implications of using SSL. If you are considering using SSL for your web site or application, and want to learn how to safely and successfully implement it, you should sign up!

Both Jim and Nick note the latest Netcraft Web Server Survey, where Apache seems to slip below 60% marketshare for the first time in a long time. Besides the visceral reaction “Boooo! Microsoft bad! Open Source good!”?or the other way around if you are so inclined?there are several remarks that can be made about numbers like this.

First and foremost, we should discuss the vast difference in culture between the organizations behind Apache and IIS. On the one hand we have Microsoft, one of the largest and most successful software companies, with a vested interest in increasing their market share. They have a large and hungry sales force, and have an obligation to their shareholders to maximize revenue to the benefit of their stock price. On the other hand, we have the Apache Software Foundation, a non-profit charity that exists to give developers a legal umbrella under which to develop software and release that for free under the Apache license. We don’t have a marketing department at Apache, and no strategic initiatives to increase our market share. While many large corporations incorporate Apache software into their products, the foundation itself does not really promote the adoption of its offerings.

As noted by Netcraft itself, Microsoft actively seeks to migrate domain parking companies like GoDaddy to the Windows platform. Winning over a single domain parking registrar can cause a notable shift in market share which causes the graphs to spike. Such a shift is absolutely meaningless except Microsoft can use it as a sales tool, and use it to win over potential customers: “See? We’re winning! We must be good!” Any hosting company, whether domain parker or otherwise, will make a software platform decision to serve their own bottom line: if a Linux + Apache solution serves them better, cheaper, they will go with that. If a Microsoft rep shows up and does what it takes to win their business, they just might make the decision to go with that. The software is Microsoft’s to sell, and they can discount as deeply as they like, throw in professional services to make the transition, etc., whatever it takes to make the sale. The Apache community has little to bring to bear against such an onslaught: it’s hard to discount software that is already free, and there is no company behind the project that has an ulterior motive to make a loss-leader sale so professional services, or personnel to manage and integrate the software, will generally have to be paid for.

Most contributors to the Apache software projects (webserver or others) have their own motives to make contributions. Some are paid to work on the software, others find it a fun and challenging project to work on in their own time. Most use the software as a means to their own ends, and their contributions extend so far as those ends coincide with Apache’s own goals. While many help out based on altruistic motives, hardly anyone is specifically concerned with growing Apache’s perceived market share, especially where highly artificial numbers like the Netcraft survey are concerned. Contributors tend to be more interested in how individual users are utilizing the software, and improving their experience, than in raw numbers.

However, there is another side to this. Users don’t live in a vacuum, and the decision, or permission, to use Apache or any open source software may well be influenced by those very Netcraft numbers. If your CIO has a Microsoft rep waving those numbers in her face and going “See? We are so good hosting millions of parked domains and their single page full of Google ads, we must be the best choice for your situation!”, she might be influenced to lean that way, especially in the absence of an opposing viewpoint. Fighting back against this inflationary market share boosting strategy might make it easier for some users to adopt Apache.

The choice of web server platform is not as important as it was several years ago. Most web sites beyond the domain squatting level use some form of dynamic content, and the real fight is over the platform used to generate these sites. Microsoft doesn’t sell IIS, they sell Windows Server 2003 running ASP.NET and its associated back-end technologies. As Jim correctly notes: every server that runs IIS is guaranteed to be running Windows, while Apache runs on any platform including Windows. With mod_aspdotnet, Apache on Windows can serve ASP.NET content. For users that prefer the LAMP (Linux, Apache, MySQL, PHP) stack, PHP runs on Windows and can run under IIS… Windows, IIS, MSSQL, PHP just gets a less sexy acronym. With mod_proxy and mod_security, Apache can function as Application Router and Application Firewall, serving static pages from the file system, scripts written in a large number of languages, Java through mod_proxy_ajp, and arbitrary content from any back-end server. And if that back-end server is running IIS on Windows, Apache will faithfully serve its Server: header to the client, which may skew the Netcraft picture even more.

Finally, as Nick notes, Netcraft bases its surveys on indexing the contents of the Server: HTTP header transmitted by the sites under consideration. Changing the Server: header passed out by Apache is a trivial patch, and mod_security even allows you to make that change (although its approach is kind of an ugly hack). Many sites obfuscate the Server: header, or omit it altogether. I don’t know that Microsoft lets you do that for IIS, so any site that doesn’t advertise a Server: header is likely to be running an Open Source alternative. Likewise, sites that advertise IIS may actually be running Apache, whether through obfuscation or because they proxy content from an IIS back-end. Open Source software allows you the freedom to make changes like this, which is probably one of its strongest selling points.

Like any market, the web server space benefits from diversity. Diversity offers choice to consumers, and forces producers to compete and innovate. With only two major players, diversity is already low in the web server marketplace, and Microsoft does not have a track record of tolerating diversity in its marketplace. Having the main competitor be a freely available, open source alternative is enormously important.