Yep, we’re doing it again. Wednesday night May 2 at ApacheCon Europe, we’ll be having a PGP KeySigning. All Apache committers and all conference attendees are invited to participate.
Why do we have a PGP Keysigning session at ApacheCon? At the Apache Software Foundation, we sign our releases with PGP. Every release archive is accompanied by a signature file (name ends in .asc) and a hash file (name ends in .md5) that you can use to verify the integrity of the release.
In just over two weeks, ApacheCon Europe kicks off in Amsterdam. My SSL Training session has unfortunately been canceled due to lack of interest: only two people had signed up and that is just not a sufficient number to justify putting on a half-day training. However, that just gives me more opportunity to concentrate on the sessions I will be presenting.
Courtesy of Google Maps, here are your driving instructions to get from the last ApacheCon to this one. Be sure to leave in time, and note step 28. Perhaps one of these can be of some help.
A PCWorld article proclaimed ?Fancy Phones Sell, but Services Lag?. It discussed the fact that we, the consumers, are all getting the super duper advanced thin phones, but we are not spending our money on the added services offered by the cell phone company, such as ringtones, wallpaper, songs, Internet access and games. So, we’re cheap, and given that we all got those fancy phones for free (with two year subscription) in the first place, perhaps that should not come as too big a surprise.
I had a firsthand experience with this phenomenon today: a couple of times a year, I get to spend some time sitting outside a fitting room in a department store, and what better way to while away the time than to play a little game on my fancy cellphone ($49.99 after rebate)? On the phone, I find a demo version of a game called Bejeweled: swap out adjacent colored jewels, and get points for creating columns or rows of three identicals. Very cute, great replayability. The demo lets you play one level, then presents you with an Exit or Purchase choice. The cheap choice has you back in the game after about four clicks.
So, after a couple of go-arounds I think what the heck, this is cute, let’s spend the money. So I click Purchase. It’s $5.99, which is fine for something with this replayability value. But then I hit the next screen: the purchase expires after 60 days. Fortunately there is a Cancel link. If that $6 had bought me unlimited access, or even just until the phone is replaced, we would have had a sale. A 60 day expiration would not take me to the next shopping expedition, so rather than spending $6 now, and $6 the next time around I remain, a somewhat sad, disappointed consumer with that money still in my pocket. Services lag, indeed.
So, as I passed slowly through security at Boston Logan yesterday, a TSA person took the stick of deodorant from my little Ziploc bag and confiscated it because it was over the regulation maximum of 3.4 ounces. True, it was four ounces, and a gel which is apparently bad. It was also three quarters empty. One ounce left, well, perhaps 1.5 ounces if you count the dregs that hold the deodorant in the dispenser. The contact lens fluid in the same Ziploc bag was also four ounces, full, and an opaque bottle, but it was not questioned.
Perhaps the TSA person thought that her colleagues could use some deodorant, and mine was of a preferred brand. And what could I do? Make a stink about it? That would be impossible: I had used the product myself that day and it would take several hours to wear off. I flew home instead.
With a series of messages on the Apache httpd developer mailinglist, Paul Querna has kicked off the discussion on what the next version of Apache will look like. There is now a development sandbox code named Amsterdam?because immediately hanging a version number on the effort would constrain the discussion too much. It is to be expected that The Amsterdam Project will be the subject of much hallway discussion at the upcoming ApacheCon Europe, coincidentally held in Amsterdam. Have I mentioned registration is open, and the Early Bird discount is not going to last forever?
If you would like to contribute to the next version of the most popular server on the web, or just want to follow the discussion, hop on the mailinglist. Now is the time.
Registration is now open for ApacheCon Europe 2007, May 1-4 in Amsterdam. I will be presenting three sessions this time. The sessions on scalability and performance tuning are being updated and revamped. The third session is a half-day training on Practical SSL Implementation with Apache.
The training session will be an intensive roller-coaster ride covering many aspects of the SSL and TLS protocols. We will talk about the protocol principles and their practical implementation and configuration on Apache. We will also discuss certificate authentication and management, integrating SSL with your applications and many security aspects and implications of using SSL. If you are considering using SSL for your web site or application, and want to learn how to safely and successfully implement it, you should sign up!
Both Jim and Nick note the latest Netcraft Web Server Survey, where Apache seems to slip below 60% marketshare for the first time in a long time. Besides the visceral reaction “Boooo! Microsoft bad! Open Source good!”?or the other way around if you are so inclined?there are several remarks that can be made about numbers like this.
First and foremost, we should discuss the vast difference in culture between the organizations behind Apache and IIS. On the one hand we have Microsoft, one of the largest and most successful software companies, with a vested interest in increasing their market share. They have a large and hungry sales force, and have an obligation to their shareholders to maximize revenue to the benefit of their stock price. On the other hand, we have the Apache Software Foundation, a non-profit charity that exists to give developers a legal umbrella under which to develop software and release that for free under the Apache license. We don’t have a marketing department at Apache, and no strategic initiatives to increase our market share. While many large corporations incorporate Apache software into their products, the foundation itself does not really promote the adoption of its offerings.
As noted by Netcraft itself, Microsoft actively seeks to migrate domain parking companies like GoDaddy to the Windows platform. Winning over a single domain parking registrar can cause a notable shift in market share which causes the graphs to spike. Such a shift is absolutely meaningless except Microsoft can use it as a sales tool, and use it to win over potential customers: “See? We’re winning! We must be good!” Any hosting company, whether domain parker or otherwise, will make a software platform decision to serve their own bottom line: if a Linux + Apache solution serves them better, cheaper, they will go with that. If a Microsoft rep shows up and does what it takes to win their business, they just might make the decision to go with that. The software is Microsoft’s to sell, and they can discount as deeply as they like, throw in professional services to make the transition, etc., whatever it takes to make the sale. The Apache community has little to bring to bear against such an onslaught: it’s hard to discount software that is already free, and there is no company behind the project that has an ulterior motive to make a loss-leader sale so professional services, or personnel to manage and integrate the software, will generally have to be paid for.
Most contributors to the Apache software projects (webserver or others) have their own motives to make contributions. Some are paid to work on the software, others find it a fun and challenging project to work on in their own time. Most use the software as a means to their own ends, and their contributions extend so far as those ends coincide with Apache’s own goals. While many help out based on altruistic motives, hardly anyone is specifically concerned with growing Apache’s perceived market share, especially where highly artificial numbers like the Netcraft survey are concerned. Contributors tend to be more interested in how individual users are utilizing the software, and improving their experience, than in raw numbers.
However, there is another side to this. Users don’t live in a vacuum, and the decision, or permission, to use Apache or any open source software may well be influenced by those very Netcraft numbers. If your CIO has a Microsoft rep waving those numbers in her face and going “See? We are so good hosting millions of parked domains and their single page full of Google ads, we must be the best choice for your situation!”, she might be influenced to lean that way, especially in the absence of an opposing viewpoint. Fighting back against this inflationary market share boosting strategy might make it easier for some users to adopt Apache.
The choice of web server platform is not as important as it was several years ago. Most web sites beyond the domain squatting level use some form of dynamic content, and the real fight is over the platform used to generate these sites. Microsoft doesn’t sell IIS, they sell Windows Server 2003 running ASP.NET and its associated back-end technologies. As Jim correctly notes: every server that runs IIS is guaranteed to be running Windows, while Apache runs on any platform including Windows. With mod_aspdotnet, Apache on Windows can serve ASP.NET content. For users that prefer the LAMP (Linux, Apache, MySQL, PHP) stack, PHP runs on Windows and can run under IIS… Windows, IIS, MSSQL, PHP just gets a less sexy acronym. With mod_proxy and mod_security, Apache can function as Application Router and Application Firewall, serving static pages from the file system, scripts written in a large number of languages, Java through mod_proxy_ajp, and arbitrary content from any back-end server. And if that back-end server is running IIS on Windows, Apache will faithfully serve its Server: header to the client, which may skew the Netcraft picture even more.
Finally, as Nick notes, Netcraft bases its surveys on indexing the contents of the Server: HTTP header transmitted by the sites under consideration. Changing the Server: header passed out by Apache is a trivial patch, and mod_security even allows you to make that change (although its approach is kind of an ugly hack). Many sites obfuscate the Server: header, or omit it altogether. I don’t know that Microsoft lets you do that for IIS, so any site that doesn’t advertise a Server: header is likely to be running an Open Source alternative. Likewise, sites that advertise IIS may actually be running Apache, whether through obfuscation or because they proxy content from an IIS back-end. Open Source software allows you the freedom to make changes like this, which is probably one of its strongest selling points.
Like any market, the web server space benefits from diversity. Diversity offers choice to consumers, and forces producers to compete and innovate. With only two major players, diversity is already low in the web server marketplace, and Microsoft does not have a track record of tolerating diversity in its marketplace. Having the main competitor be a freely available, open source alternative is enormously important.
In the past month we have seen the annual Macworld trade show. I spent a day on the show floor, and it is kind of devolving into iPodworld. The big news of course was the iPhone, revealed well ahead of schedule and not universally well received. I want one, but critics point out that the marketplace is very crowded, the technology moves very fast and while the iPhone looks very glam and sexy in the US marketplace, other regions like Japan are already way ahead of where Apple will be six months from now. I think there is a big difference between the phone market and the PC market, where Apple has operated so far. In the PC marketplace, there is virtually no competition. There is one monopolist, Microsoft, who has the marketplace locked up and dictates progress or lack thereof. Then there is Apple, which is trying to carve out a niche for itself in this Microsoft-owned arena, and does so with some success by creating compelling products that play strongly in some areas (media, the home) which allows them to largely ignore the areas where Microsoft is most deeply entrenched (cubicle land, etc.).
In mobile phones, the situation is entirely different. There is no market incumbent that stifles innovation, but a host of players who compete on a fairly level playing field. There’s Motorola, Sony Ericsson, Nokia, LG, Samsung, Siemens, Pantech, Sagem, RIM, Palm, … and those are just the players operating in North America. They are responsible for an incessant cavalcade of flip phones, smart phones, camera phones, music phones, even phones on which you can make and receive calls. The existence of several local markets across the world?the USA, Japan, every European country?with their own culture, requirements and local phone companies allows for a regional variation in phone features, so technologies can mature on a relatively small scale. There is actual competition in this market, which fosters actual choice for the consumer and makes it much more interesting to watch than the PC market. Seeing Apple enter this melee is even more interesting.
Bill Gates flew off the handle, and no one was there to stop him. Many bits have been spilled over the utterly uncritical interview in Newsweek, and it has been soundly refuted. ‘Nuff said.
Apple’s new I’m a Mac, I’m a PC ad pokes fun at what is supposed to be a Security feature in Vista: the fact you have to approve certain actions taken by programs running on Vista that could change or reconfigure your PC. I haven’t used Vista myself but, as John Welch noted in Information Week, Vista doesn’t actually tell you what it is trying to have you approve, and approving doesn’t require anything in the way of authentication. It’s just an ‘Allow, Cancel’ dialog box that anyone who walks up to your PC could click. Any other OS at least requires you to enter your password when authenticating for potentially PC-altering stuff. The ad is the best one yet in the Mac vs. PC series.
The band Maldroid has rapidly attracted attention with their innovative videos and catchy songs. This is my favorite:
The other day, we spent a long weekend in Reno for La’s birthday. It was cold but quite nice: great food, didn’t lose too much money, decent hotel, nice little getaway to take our mind off things.
On the way back, Martin Luther King Day weekend traffic turned a four hour drive into six hours. In and of itself this was not unexpected: lots of people were going home that afternoon, one expects to have to allow some extra time. The scary thing was how badly people were driving. We passed several rear-end accidents and their associated backups. People were tailgating at 75Mph, overtaking on the right, the works. The worst offenders were, of course, the SUVs with snowboards on the roof. Their drivers must have thought they were still on the slopes, shredding.
My personal favorites: coming down the Sierra foothills, we drive into stopped traffic around a blind curve. The culprit is the setting sun, which hovers immediately above the road and makes it impossible to see anything but a flaming fireball that burns into your retinas. Around us, traffic screeches to a halt and in the rear view mirror I see a BMW spin out and hit the central divider. I hope no one got hurt, and judging by the level of traffic that appeared behind us no serious road closures occurred because of this.
Between Davis and Vacaville, several cars seem to be engaged in a race. This is at an interchange, but I forget which one. I see one coming a hundred yards behind, so I get in the far right lane so it can overtake me on the left. Instead, it veers to the right, gets on the onramp and blasts past us, driving on the shoulder before jerking back into the right lane. A late model Nissan Z that doesn’t even have its license plates, so I can’t write him up on Platewire.