In this issue
ApacheCon
2001 was held in Santa Clara, California from April 4th
to April 6th. As promised, Apache Week was there to cover the
conference.
The first day didn't get off to a good start as there were no
signs in the hotel explaining where the conference
registration was, [photo:
"registration", 77K jpeg] so we ended up eating a
breakfast provided for a different conference in the hotel.
This turned out to be a good plan, as the ApacheCon breakfast
wasn't nearly as good. Registration was quick and painless
but even though conference proceedings were available on a
CDROM, the registration bag contained hard copies of all the
papers, running to three thick volumes well over 600 pages.
Unlike the last ApacheCon there were no free goodies in the
bag; last time we got a t-shirt and a pen, this time we just
got marketing leaflets from companies sponsoring the event.
Opening Plenary
The
schedule showed that ApacheCon had packed over 24 classes
into the first day, running from 9am through to after 9pm.
First up was the opening plenary presented by Ken Coar, and
over 180 people packed the theatre [photo:
"ken coar", 59K jpeg], [photo:
"packed theatre", 169K jpeg] Ken gave a welcoming speech,
details of changes to the schedule, and where to find lunch.
Just under 200 proposals for sessions were received for this
conference from which just 89 were picked. Sadly attendees we
talked to afterwards said the session came across as
unplanned and unprofessional for a conference of this type.
This would have been a good opportunity to introduce the
Apache Software Foundation or give a brief overview of the
major events since the last conference.
Morning talks
We made use of the wireless Internet access available
throughout the conference area to catch up on some work
before attending the "birds of a feather" (BOF) session on
clustered Apache services [photo:
"BOF audience", 63K jpeg]. The group behind the Spread toolkit explained
how to create reliable distributed clustering systems and
showed examples of how Spread can be used within Apache. Apache-SSL has code
that makes use of Spread to facilitate a shared session key
server, although the toolkit can be used for much more
complex tasks such as database replication.
Next, Harrie Hazewinkel gave a short but interesting talk on
quality of service measurement, using SNMP to monitor and
manage Apache. Harrie is the author of the Apache SNMP
module, mod_snmp.
Keynote
After the provided lunch, Jon "maddog" Hall from Linux
International enlightened us with an entertaining and
animated keynote speech [photo:
"maddog", 64K jpeg]. He touched on trademark issues where
people take advantage of the Linux name to create, for
example "Linux University". These issues are of particular
interest to Apache, and the ASF take care to protect the
Apache name.
With the recent downturn in the technical sector he explained
his business plan which involves combining microcomputing and
microbrewing. "When the computer industry is at a low, beer
drinking is at a high." he said. By combining both industries
into a single course you can make sure you always have a job.
The keynote touched on issues to do with classification of
machines, the accuracy of his predictions applied to the
Internet, and look at Star Trek technology including
communication badges, personal log computers, and female
Borg.
Apache Cocoon 2.0
Next we had intended to visit the talk on WebDAV and Apache
with Greg Stein, but the small presentation room was
overflowing with people, so much so that the talk was
repeated later in the week for those that could not fit in
the first time. Instead we went to see Giacomo Pati and his
talk on Cocoon.
When we started developing Apache Week back in 1995 we looked
at content-independent ways to store the issues. We actually
wrote our own format, in a style similar to the Ventura
publisher markup language. If we were to start again we'd
definitely be using XML, in fact we already use XML for parts
of Apache Week as well as the "In the news" section of the
main apache.org site. We were interested in finding out more
information about some of the XML publishing systems
available, and this is the goal of the Apache Cocoon project.
Doug Tidwell spent some time explaining Cocoon 2.0 and
focussed on serving up XML documents. The basic idea is that
you write a XML representation of the resource you wish to
serve together with an XSL stylesheet that shows how the XML
is to be translated. The XSLT process is normally left to the
server and is usually cached as the translation may take a
significant time. In the future, browsers will be able to do
this transformation themselves with the server just providing
the XML and XSL files directly. Some browsers attempt to do
this now, but support is still limited. Cocoon is able to
pick which XSL stylesheet to use to render a page based on
things such as the user-agent field.
Once you have an XML representation of your data you are not
limited to just providing a translation to HTML, and we were
shown tools that could convert the XML into other
presentation types such as JPG and even the creation of
dynamic PDF.
PKI with OpenSSL
For the remainder of the day we decided to attend the talks
on security. The first, "PKI with OpenSSL", aimed to show
the applications for which OpenSSL can be used. OpenSSL is an
open-source toolkit that implements SSL as well as many other
cryptography and public key protocols. Before September last
year the RSA patent prohibited the use of OpenSSL inside the
USA.
Rodney Thayer explained that OpenSSL can do much more than
act as the SSL layer for a secure web server as he went
through the various standards as well as commands for general
cryptography, certificate processing, and key storage.
OpenSSL is now used in a large number of applications and is
a product-grade general purpose cryptography tool.
SSL solutions
The last class of the first day was a highly entertaining and
animated talk by Ralf S. Engelschall, author of
mod_ssl, mod_rewrite, and much more. The talk, "Security
Solutions with SSL", covered the evolution of mod_ssl,
described its features, and gave useful configuration
examples. Each of the beautifully presented slides included
an amusing quote to lighten up the atmosphere of this heavy
subject.
The future of mod_ssl was discussed including the work
currently going on to port it to Apache 2.0, add LDAP CRL
handling, and a distributed session cache. mod_ssl will not
need EAPI hooks for Apache 2.0, but other EAPI functions may
be useful. It is not certain how this effort will fit into
the work being done in Apache 2.0 on mod_tls and if we will
end up with two SSL solutions like we have with Apache 1.3.
When asked about support for Win32 Ralf replied "if you
really think that you can run a secure web server on Windows
you've not understood security".
Apache for multi-protocol usage
The second conference day was almost as packed as the first,
with 25 talks and additional BOF sessions spanning from 9am
until after 8pm. After the free breakfast doughnuts I decided
to attend the BOF sessions on using Apache for serving
multiple protocols. One of the aims for Apache 2.0 is that
the HTTP engine is abstracted, and in particular APR is
designed to be a portable layer that can sit beneath all
sorts of applications.
The BOF gave a list of the protocols that have been examined
so far including HTTP, FTP, POP, IMAP, IDENTD, and SNMP. It
then looked at why you'd want to use Apache to do this when
good applications for each of these protocols already exist.
The main advantage is that you get a common infrastructure
for all your applications so you can use one standard
configuration format, one standard way of doing
authentication and so on. You can also make use of the
extensive tools such as the Rewrite module and SSL across all
protocols.
The biggest requirement for the project is that the
performance for serving HTTP requests should not be affected
if you don't use Apache to serve any other protocols.
Once discussion moved to POP and IMAP support I was reminded
of Jamie Zawinski's law
of software envelopment: "Every program attempts to
expand until it can read mail. Those programs which cannot so
expand are replaced by ones which can."
OpenSSL and Hardware support BOF
Each time a secure web server receives a connection from a
new client it has to establish a new SSL session. This
negotiation requires the server to perform a private key
operation, usually with a 1024 bit RSA key. This operation is
mathematically complex and is therefore time consuming.
Hardware accelerators are designed to offload the most
complex parts of this operation allowing more new connections
to be established every second. Existing hardware units
handle anywhere between 75 and 300 of these operations per
second using a number of internal processors, and can cost up
to US$15,000.
The OpenSSL project has recently been incorporating support
for various hardware cryptographic accelerator cards. Until
recently these accelerators were only supported by commercial
secure servers. A number of these hardware vendors were
invited along to a special BOF to discuss OpenSSL support and
their units.
Representatives of nCipher, Rainbow, and GIGI attended and
gave short talks about the capabilities of their hardware and
how it was supported. nCipher stressed that the ability to
keep your servers private keys on an external device, and
scalability was more important than performance. Rainbow said
that they concentrated on acceleration, having the fastest
boards available.
IBM Keynote
Dr Lee Nackman of IBM gave a keynote entitled "Open Source
and the Corporation". He said that IBM had an "open source
zeal" and had developed internal processes that made working
with open source projects less painful. Of course IBM wants
to see a return from their investment, and in the case of
their substantial contributions to Apache-XML they saw that
it would open up new business models for IBM. They see
themselves supporting the customer demand for Linux and being
able to exploit the emerging technologies.
Looking to the future, he predicted an increase in web
services and service-orientated web applications such as
stock quotes, news, and increased integration with business
processes.
Exhibition
Soon it was lunchtime, and at this conference the ApacheCon
planners had decided not to schedule sessions overlapping
with lunch. Instead lunch coincided with the opening of the
exhibition hall [photo:
"lunch queue", 80K jpeg] The turn out of exhibitors was
disappointing, under half the number at the last ApacheCon,
and a distinct lack of giveaways. I failed to find which
company was giving away inflatable camels (or in fact why
they were doing so) [photo:
"apacheweek sign", 61K jpeg], [photo:
"exhibitors hall", 98K jpeg], [photo:
"exhibitors hall", 97K jpeg].
I skipped most of the afternoon sessions in order to finish
off the Apache Week guide to the history of
Apache 2.0 and catch up with some sleep.
Apache and LDAP
Friday marked the last day of the conference, but the
schedule was still packed with exciting talks and keynotes.
For the first talk of the day we visited Mark Wilcox who was
presenting "Apache and LDAP". The talk outlined the role that
LDAP can play with Apache, looking at what directory services
are, and how to make use of LDAP with Apache and Perl.
Mark explained that the aim of a directory service is to
provide quick access to hierarchical information in a way
that can be distributed and replicated. These services can be
useful to Apache for authentication, authorisation, and
perhaps even configuration. The HTTP protocol is stateless so
user authentication needs to happen on every request. Rather
than have every page request do a new database lookup, LDAP
services are usually combined with some other system, such as
cookies.
The Perl::LDAP module provides an easy way to
interface to directory services from within Apache.
mod_autoindex meets XML
Jon Tigue gave an
interesting presentation on extending directory indexes
provided by mod_autoindex. By cleaning up the
HTML produced by the module with a simple patch, the output
from the module can be sent through an XML parser. When used
in conjunction with clients that can parse XML this allows
things such as the column sorting in the
FancyIndexing without any server interaction.
Win32 in the round
After lunch a panel discussion took place about Apache on
Windows. Ryan Bloom, William Rowe, Jeff Trawick, and Rich
Bowen formed the panel but were greeted by only 20 attendees
[photo:
"win32 round", 77K jpeg].
The discussion formed around APR and how the implementation
of this layer makes Apache 2.0 think that Windows is just
another Unix. Even though Apache for Windows is designed to
run best on NT (and hence Windows 2000), a substantial
proportion of the audience wanted to keep support for Windows
95 and 98 for testing purposes.
Wrap-Up Plenary
The closing session hosted by Ken Coar saw only a
fraction of the attendance of the opening plenary, but it was
getting late on a Friday evening. With a panel of ASF members
on stage [photo:
"some ASF members", 52K jpeg], it was time for comments
about the conference. The overall feedback was positive. Some
complaints were there was poor Internet access, this was true
if you relied on the computers provided but I found the
wireless coverage to be excellent. One suggestion was that
there should be less sessions in the evenings, leaving them
free for more social interaction or BOF sessions. Another
suggestion was to have talks that explained (probably in an
unbiased way) the commercial products available that
interfaced with or were based on Apache.
Impressions
Overall I was very impressed with the conference. A lot of
the problems from previous ApacheCon conferences had been
addressed and the quality of the presenters was high. It was
a shame that more exhibitors had not taken part as it seemed
that a number of corners had been cut to save money. The only
negative impressions were fairly minor; the food choices were
limited (on Friday all the meal choices involved cheese
making it difficult for Vegans to find things to eat), the
conference was a long way from any other facilities (having a
car was essential), and there were no fancy parties.
Wireless internet access was available throughout the
conference rooms and I found it difficult sometimes to stay
focussed on the speaker, missing parts of presentations
whilst catching up on email without realising it.
With so many interesting talks I couldn't attend all of them
and this report gives only a snapshot of the ones I thought
would be interesting to me. ApacheCon has a variety of talks
aimed at all technical levels, so you should definitely
consider attending if you've not been to one before. With
that, I end my report and hope to see you all at the next
ApacheCon later this year!
|