Apache HTTP Server Usage Survey Results

This post ran originally on blogs.apache.org/httpd.

Wouldn’t it be nice if you had an idea of how people use the software that you write? I wanted to have an idea how the Apache HTTP Server is being used, and which features users consider important. So, I set up a short online survey of eight questions and sent a link to it to the HTTP Server project user and developer mailing lists. Over the next week and a half, I got 134 responses. Here are the survey results in shiny pie charts with witty interpretation.
Continue reading

ApacheCon Meetup: Whither HTTPD?

ApacheCon North America 2010You can now suggest Meetup topics for the evenings of ApacheCon. I’m not sure what a Meetup is in this context: perhaps it’s a little like a BOF. Anyway, I went ahead and registered a Meetup with the following topic:

HTTP Server 3.0: Who Needs It? Who Wants It? Who will Write It?
Whither httpd? Does our User Community need a quantum shift that would require a major new version number? Does our Developer have this need and would/could/are they in a position to start major new development on the project? Will 2.x serve us until the end of time?

This topic is partially inspired by the Keynote session Roy Fielding presented in Amsterdam in 2008 on Apache 3.0: two-and-a-half years later seems like a good time to take stock. If you want to talk about this, come to ApacheCon and join the Meetup. Did I mention that rates go up after Friday, October 8?

ApacheCon NA 2010 HTTP Server Track Call for Participation

ApacheCon North America 2010 will be held 1-5 November 2010, at the Westin Peachtree in Atlanta, Georgia, USA.

The official conference, trainings and expo of the Apache Software Foundation (ASF) will run to Atlanta this November, with dozens of sessions on Servers, Cloud Computing, Search NoSQL, Incubating projects, innovations, emerging technologies, and more.

ApacheCon would not be complete without a track dedicated to the project that started it all, the Apache HTTP Server. The Project Management Committee (PMC) are currently planning our own technical track for ApacheCon. We are solliciting 50-minute presentations for our conference track, to fill one day at the conference.

Topics of interest include:

  • Case studies on deployment of the Apache HTTP Server within your organization
  • How-to sessions on working with certain aspects of the Apache HTTP Server technology
  • What’s New? sessions on new features of recent and upcoming versions of the Apache HTTP Server
  • Sessions discussing third-party extensions to the Apache HTTP Server
  • Security topics surrounding the Apache HTTP Server
  • Performance and scalability of Apache HTTP Server deployment
  • Cool things we all should know the Apache HTTP Server can do
  • How you solved particularly gnarly problems deploying the Apache HTTP Server

Submissions are open to anyone with relevant expertise: ASF affiliation is not required to present at, attend, or otherwise participate in ApacheCon.

Please keep in mind that whilst we are encourage submissions that the highlight the use of specific Apache solutions, we are unable to accept marketing/commercially-oriented presentations.

All accepted speakers (not co-presenters) qualify for general conference admission and a minimum of two nights lodging at the conference hotel. Additional hotel nights and travel assistance are possible, depending on the number of presentations given and type of assistance needed.

To submit a presentation proposal, please edit the Wiki page and add your proposal, including:

  1. Your full name, title and organization
  2. Contact information, including your e-mail address. Feel free to obfuscate if you think that this will make a difference in your SPAM load
  3. The name of your proposed session (keep your title simple and relevant to the topic)
  4. A 75-200 word overview of your presentation
  5. A 100-200 word speaker bio that includes prior conference speaking or related experience

You will find an empty table template at the bottom of the page. Please copy this and fill it in.

Please mail any quesions regarding proposal submissions to pmc at httpd.apache.org.

To be considered, proposals must be received by Sunday, April 4nd, 2010, at 23:59:59 Pacific Time. Following this time, the PMC will hold a vote and suggest the most interesting proposals to the ApacheCon Planning Committee for acceptance to the conference. Note that the Apache HTTP Server PMC does not itself accept session proposals: it merely makes recommendations to the Planning Committee.

Key Dates:

April 4, 2010: Call for Participation closes
May 17, 2010: Speaker Acceptance/Rejection notification
November 1-5, 2010: ApacheCon NA 2010

We look forward to seeing you in Atlanta!

My ApacheCon US 2009 Wishlist

  • Get Apache HTTP Server building again on Gump (which involves losing the dependency on the Apache Portable Runtime Utility library, which was folded into APR proper)
  • Get @pgollucci what he needs on clarus.apache.org, and work on the future of that box
  • Talk about Apache 2.4, and what is still needed to get that out the door. Then, maybe start talking about figuring out what 3.0 is going to be like
  • Prepare for the Keysigning — which may mean creating a new PGP key
  • Prepare for my presentation on Thursday
  • Do some httpd hacking. Perhaps pull in the ECC patch that has been sitting in Bugzilla

Web Hacking Incident Database Report

The The Web Hacking Incidents Database 2009: Bi-Annual Report is out. If I recall correctly, the first report Breach did, in 2007, did not mention any bi-annualness. Also, the eventual landing page has as HTML title “<title>The Web Hacking Incidents Database 2008: Annual Report</title>”. Is it possible that they simply didn’t get their act together last year and retroactively declared the report bi-annual?

I went in through the link above, gave up my e-mail, phone number and name of my first born, and downloaded the report. This will probably land me another copy of every marketing e-mail Breach sends out (guess how I learned of this report?), and a phone call from some poor guy in a cube who has to make 75 phone calls a day for a living. Oops, guess I put down a fax number. Sorry dude, hope your headset isn’t too loud.

Anyway, after you go though the lead generation form you land here and can follow a direct link to the PDF. This is fairly standard practice, but from a security company I would expect that they would make some more effort to not inadvertedly expose the goods.

ApacheCon US 2009I will give this report a read, and probably discuss it in my upcoming talk at ApacheCon US 2009. Oh, they just extended the early bird registration deadline… without changing their own website to tell you about it. Register now and experience the mayhem.

Security Roadmap for ApacheCon US 2008


ApacheCon US 2008
At the end of my conference presentations, I usually put a Conference Roadmap slide. This slide shows sessions at the conference that are related to mine, and that attendees may find worth while to check out. For my Hardening Enterprise Apache Installations session this coming Thursday, I would suggest the following related conference content:

Besides the training (which happened on Monday), this means that you can pretty much stay in the same room all Thursday and catch all the Security-related talks. In addition, of course, this track will be streamed live for a modest fee, so you can watch from the comfort of your own office if you find yourself unable to make it to ApacheCon this year.

Celebrating Obama Victory

This is the Next Generation Brass Band in New Orleans, celebrating Barack Obama’s presidential election victory on the corner of Bourbon Street in New Orleans.

This was more fun than all the Bourbon Street craziness combined.