Tag Archives: apache

Apache httpd at ApacheCon Budapest

tl;dr – There will be a full day of Apache httpd content at ApacheCon Europe, in Budapest, November 17th – apacheconeu2014.sched.org/type/httpd

Links:

* ApacheCon website – http://apachecon.eu
* ApacheCon Schedule – http://apacheconeu2014.sched.org/
* Register – http://events.linuxfoundation.org//events/apachecon-europe/attend/register
* Apache httpd – http://httpd.apache.org/

I’ll be giving two talks about the Apache http server at ApacheCon.eu in a little over 2 months.

On Monday morning (November 17th) I’ll be speaking about Configurable Configuration in httpd. New in Apache httpd 2.4 is the ability to put conditional statements in your configuration file which are evaluated at request time rather than at server startup time. This means that you can have the configuration adapt to the specifics of the request – like, where in the world it came from, what time of day it is, what browser they’re using, and so on. With the new If/ElseIf/Else syntax, you can embed this logic directly in your configuration.

2.4 also includes mod_macro, and a new expression evaluation engine, which further enhance httpd’s ability to have a truly flexible configuration language.

Later in the day, I’ll be speaking about mod_rewrite, the module that lets you manipulate requests using regular expressions and other logic, also at request time. Most people who have some kind of website are forced to use mod_rewrite now and then, and there’s a lot of terrible advice online about ways to use it. In this session, you’ll learn learn the basics of regular expression syntax, and how to correctly craft rewrite expressions.

There’s other httpd content throughout the day, and the people who created this technology will be on hand to answer your questions, and teach you all of the details of using the server. We’ll also have a hackathon running the entire length of the conference, where people will be working on various aspects of the server. In particular, I’ll be working on the documentation. If you’re interested in participating in the httpd docs, this is a great time to learn how to do that, and dive into submitting your first patch.

See you there!

Blocking comment spam with mod_security

I’ve mentioned before that I use mod_security to (partially) prevent comment spam on this site. The trouble with spam is that it evolves, so it’s a constant arms race.

I’ve noticed in the last few months that the spam on this site typically has a URL as the comment name. There’s also a URL field in the comment form, with a note on it that you shouldn’t fill it out. Then, in httpd.conf, I have the following.

SecDataDir /tmp
SecTmpDir /tmp
SecRequestBodyAccess On
SecDefaultAction log,deny,status:406,capture,phase:2,t:lowercase

# Reject comments where the name contains a URL
SecRule ARGS:comment_name “https?://”

# Also, reject comments where the url field contains a URL
SecRule ARGS:comment_url “https?://”

Note that that config is specific to the Habari blogging platform. You’d need to tweak the names of the fields (comment_name and comment_url) for whatever blogging platform you’re using.

I haven’t had any spam since putting this in place, but I’ve had several legitimate comments that, ordinarily, would probably have gotten lost in the noise of moderating hundreds of spam messages.

I don’t believe for a moment that this is a permanent solution, but it at least stems the flood for a moment so I can catch my breath.

I also have a bunch of legacy rules, like:

SecRule ARGS “(zoloft|acyclovir|zithromax)” “msg:’Pharm spam'”

(which, ironically, prevented me publishing this article until I disabled it!) but those require constant maintenance as the spam trends shift from week to week.

ApacheCon NA 2014 Keynotes

This year at ApacheCon, I had the unenviable task of selecting the keynotes. This is always difficult, because you want to pick people who are inspirational, exciting speakers, but people who haven’t already been heard by everyone at the event. You also need to give some of your sponsors the stage for a bit, and hope that they don’t take the opportunity to bore the audience with a sales pitch.

I got lucky.

(By the way, videos of all of these talks will be on the Apache YouTube channel very soon – https://www.youtube.com/user/TheApacheFoundation)

We had a great lineup, covering a wide range of topics.

Day One:

0022_ApacheCon

We started with Hillary Mason, talking about Big Data. Unlike a lot of droney Big Data talks, she defined Big Data in terms of using huge quantities of data to solve actual human problems, and gave a historical view of Big Data going back to the first US Census. Good stuff.

0084_ApacheCon

Next, Samisa Abeysinghe talked about Apache Stratos, and the services and products that WSO2 is building on top of them. Although he had the opportunity to do nothing more than promote his (admittedly awesome) company, Samisa talked more about the Stratos project and the great things that it’s doing in the Platform As A Service space. We love WSO2.

0127_ApacheCon

And to round out the first day of keynotes, James Watters from Pivotal talked about the CloudFoundry foundation that he’s set up, and why he chose to do that rather than going with an existing foundation. Among other things. I had talked some with James prior to the conference about his talk, and he came through with a really great talk.

Day Two:

0602.ApacheCon

Day Two started with something a little different. Upayavira talked about the tool that geeks seldom mention – their minds – and how to take care of it. He talked about mindfullness – the art of being where you are when you are, and noticing what is going on around you. He then led us through several minutes of quiet contemplation and focusing of our minds. While some people thought this was a little weird, most people I talked with appreciated this calm centering way to start the morning.

0635.ApacheCon

Mark Hinkle, from Citrix, talked about community and code, and made a specific call to the foundation to revise its sponsorship rules to permit companies like Citrix to give us more money in a per-project targeted fashion.

0772.ApacheCon

And Jim Zemlin rounded out the day two keynotes by talking about what he does at the Linux Foundation, and how different foundations fill different niches in the Open Source software ecosystem. This is a talk I personally asked him to do, so I was very pleased with how it turned out. Different foundations do things differently, and I wanted him to talk some about why, and why some projects may fit better in one or another.

At the end of day three, we had two closing keynotes. We’ve done closing keynotes before with mixed results – a lot of people leave before. But we figured that with more content on the days after that, people would stay around. So it was disappointing to see how empty the rooms were. But the talks were great.

1052_ApacheCon

Allison Randal, a self-proclaimed Unix Graybeard (no, really!) talked about the cloud, and how it’s just the latest incarnation of a steady series of small innovations over the last 50 years or so, and what we can look for in the coming decade. She spoke glowingly about Apache and its leadership role in that space.

1105_ApacheCon

Then Jason Hibbets finished up by talking about his work in Open Source Cities, and how Open Source methodologies can work in real-world collaboration to make your home town so much better. I’d heard this presentation before, but it was still great to hear the things that he’s been doing in his town, and how they can be done in other places using the same model.

So, check the Apache YouTube channel in a week or so – https://www.youtube.com/user/TheApacheFoundation – and make some time to watch these presentations. I was especially pleased with Hillary and Upayavira’s talks, and recommend you watch those if you are short on time and want to pick just a few.

ApacheCon North America 2014

Last week I had the honor of chairing ApacheCon North America 2014 in Denver Colorado. I could hardly be any prouder of what we were able to do on such an incredibly short timeline. Most of the credit goes to Angela Brown and her amazing team at the Linux Foundation who handled the logistics of the event.

My report to the Apache Software Foundation board follows:

ApacheCon North America 2014 was held April 7-9 in Denver, Colorado, USA. Despite the very late start, we had higher attendance than last year, and almost everyone that I have spoken with has declared it an enormous success. Attendees, speakers and sponsors have all expressed approval of the job that Angela and the Linux Foundation did in the production of the event. Speaking personally, it was the most stress-free ApacheCon I have ever had.

Several projects had dedicated hackathon spaces, while the main hackathon room was unfortunately well off of the beaten path, and went unnoticed by many attendees. We plan to have the main hackathon space much more prominently located in a main traffic area, where it cannot be missed, in Budapest, as I feel that the hackathon should remain a central part of the event, for its community-building opportunities.

Speaking of Budapest, on the first day of the event, we announced ApacheCon Europe, which will be held November 17-21 2014 in Budapest. The website for that is up at http://apachecon.eu/ and the CFP is open, and will close June 25, 2014. We plan to announce the schedule on July 28, 2014, giving us nearly 4 months lead time before the conference. We have already received talk submissions, and a few conference registrations. I will try to provide statistics each month between now and the conference.

As with ApacheCon NA, there will be a CloudStack Collaboration Conference co-located with ApacheCon. We are also discussing the possibility of a co-located Apache OpenOffice user-focused event on the 20th and 21st, or possibly just one day.

We eagerly welcome proposals from other projects which wish to have similar co-located events, or other more developer- or PMC-focused events like the Traffic Server Summit, which was held in Denver.

Discussion has begun regarding a venue for ApacheCon North America 2015, with Austin and Las Vegas early favorites, but several other cities being considered.

I’ll be posting several more things abut it, because they deserve individual attention. Also, we’ll be posting video and audio from the event on the ApacheCon website in the very near future.

ApacheCon welcomes SourceForge back for another year

The following guest post appears on the SourceForge blog today. I’m personally very pleased to welcome SourceForge back to ApacheCon for another year.

————-

The Apache Software Foundation is pleased to announce ApacheCon US 2014, which we’re presenting in conjunction with the Linux Foundation. The conference will be held in Denver, Colorado, and features three days, ten tracks of content on more than 70 of the Apache Software Foundation’s Open Source projects, including Apache OpenOffice, Apache Hadoop, Apache Lucene, and many others.

We’re especially pleased to welcome SourceForge as a media partner for this event.

See http://na.apachecon.com/ for the full schedule, as well as the evening events, BOFs, Lightning Talks, and project summits.

Co-located with the event is the Cloudstack Collaboration Conference – http://events.linuxfoundation.org/events/cloudstack-collaboration-conference-north-america – the best place to learn about Apache CloudStack.

Apache OpenOffice – http://openoffice.apache.org/ – has an entire day of content, including both technical and community talks.

Hadoop, and its ecosystem of Big Data projects, has more than five full days of content (two tracks on two days, one track on the other).

Other projects, such as Cordova, Tomcat, and the Apache http server, have a fully day, or two, of content.

If you want to learn more about Apache Allura (Incubating), an Open Source software forge (and also the code that runs SourceForge) we’ll have two presentations about Allura, by two of the engineers who work on that code: Dave Brondsema and Wayne Witzel. Learn how to use Allura to develop your own projects, and join the community to make the platform even better.

This is the place to come if you rely on any of the projects of the Apache Software Foundation, and if you want to hang out with the men and women who develop them. We’ve been doing this event since 1998, and this promises to be the best one yet, with more content than we’ve ever presented before.

Come see me at ApacheCon NA 2014

In April I will be speaking at ApacheCon North America in Denver, Colorado. I’ve had two talks accepted:

Configurable Configuration is a talk about some of the new shiny configuration syntax available in Apache httpd 2.4 – stuff like the If/ElseIf/Else syntax in configuration files, the new expression evaluation engine, and mod_macro for scriptable configuration blocks, for starters.

Demystifying mod_rewrite will drag you kicking and screaming from being a mod_rewrite newbie to being a mod_rewrite expert. You don’t dare miss it.

We’re also presenting two whole days of Apache http server content – code-named “httpd.conf” – get it?

And there’s ten tracks of amazing content across more than 70 projects from the Apache Software Foundation.

Register at na.apachecon.com by March 14 to get the early rate.

ApacheCon EU

ApacheCon EU starts tomorrow, and, for the first time ever, I won’t be there.

In fact, today is my very last chance to say this – I’ve been to every (official) ApacheCon. In fact, if you don’t count 1998, I’m the only person who has been to every ApacheCon.

In 1998, there was an event called ApacheCon, in San Francisco, hosted by CNet, but that was before the Apache Software Foundation was formed. So I choose not to count that one.

Then, in 2000, I spoke at ApacheCon 2000 in Orlando. Then there was London 2000 with Douglas Adams keynoting. Since then, we’ve been a lot of places, including Santa Clara, San Diego, Las Vegas, Atlanta, New Orleans, Amsterdam, Dublin, Vancouver (Canada) and Stuttgart – not in that order.And Colombo, Sri Lanka, where I met Arthur C. Clarke. In fact, it’s the Sri Lanka one that lets me claim the honor of being the only person to go to every one, because the only ASF members there were me, Ken Coar, and Danese Cooper.

But, tomorrow, ApacheCon EU starts, in Sinsheim Germany, and I won’t be there. Already many of my friends have gathered there, and are having dinner there right now. I wish I could be there with them, and not just because it would keep my record intact. I love ApacheCon. I love giving and attending the talks. I love spending time with old friends and meeting new ones. I love the passion of the community, and learning about the new sub-communities that are joining the larger Apache family.

And I sincerely hope that the is the last one I’ll miss.

Looking forward to ApacheCon North America 2013 in Portland. I plan to be at that one. You should come, too.

SourceForge Allura submitted to the Apache Incubator!

Today we submitted Allura to be considered for the Apache Software Foundation Incubator program.

Allura is the software that powers SourceForge’s developer experience. It offers source code hosting, discussion forums, issue ticket tracking, wiki, mailing lists, and much more. It’s been Open Source from day one under the Apache License, and we’ve decided that we want so much more.

By submitting Allura to the Apache Incubator, we hope to draw an even wider community of developers who can advance the feature set and tailor the framework to their needs. With the flexibility and extensibility Allura allows, developers are free to use any number of the popular source code management tools, including: Git, SVN, or Mercurial. We are indeed willing to turn our own open source platform in a tool that everyone can use and extend, and we believe Apache is the best place to steward the process.

The Apache Software Foundation is a non-profit that provides the legal and technical environment for Open Source projects to flourish. The Incubator is the mechanism for accepting new projects into the foundation. Today we’ve submitted our proposal to the Incubator, and over the coming weeks and months, will continue building a larger community around Allura.

We’re very excited about this step and think that it’s going to be a big turning point in the history of SourceForge. Many of us are thrilled because we have been huge Apache fans for more than a decade, and have been actively working to support the Apache OpenOffice podling. We look forward to collaborating with some of the brightest people in the world, and benefiting the thousands of Open Source projects that are hosted at SourceForge. It’s clearly the best of all possible worlds.

You can read more about Allura features, and you can read more about the Apache Incubator. We hope to be joining a truly stellar group of projects in the Incubator.

If you want to participate in the Allura development, there are many ways for you to get involved. There’s the source code, documentation, UI/UX, and just using it and telling us what you like or don’t like. We’d love to have you as part of the Allura development community.

Be careful what you start

I’ve committed a few patches over the last few weeks from a possible new contributor to the Apache HTTP Server documentation effort. Today I warned him that if he keeps it up, there’s a chance that someone will propose that he be given commit access, and you never know where that can lead.

It reminded me of a day just a short time ago (ok, 12 years … ) when someone committed a few initial patches from me. And look where it took me.

“It’s a dangerous business, Frodo, going out your door. You step onto the road, and if you don’t keep your feet, there’s no knowing where you might be swept off to.”

Joshua Slive

In September of 2000, I made my first commit to the Apache HTTP Server documentation. To be exact, it was on September 12th.

On September 8th, four days earlier, Joshua Slive made his first commit, and from that point went on to completely change the way that we did documentation. We had been editing HTML files. He converted everything to XML, and built a transformation process to convert them to XHTML, as well as a variety of other formats. This made the documentation more useful, but also much easier to write. And it made the translation process much easier. (No, it certainly wasn’t only Joshua that did this, but he took the helm at this time and made it happen, with the help of many others.)

Then, when he went to grad school, Joshua stopped being quite so active. His last commit was on March 12, 2008, nearly four years ago.

I mention all of this today because last night, according to Ohloh, four years to the week after Joshua stopped committing, I *finally* passed him, in total commits.

ohloh

Joshua, thanks for the work that you did. Any time you want to come back and pick up where you left off, we’d be delighted to have you.