In this issue

It is exactly a year ago that we had the pleasure of visiting Monterey California to report on the 4th O'Reilly Open Source software convention (Apache Week issue #208). When we managed to get invited back to San Diego in July 2001 we thought we'd been given the ideal assignment; we get to fly to California in July, avoiding the British rain, and spend a week right on the West Coast with other open source gurus and advocates. In fact with only one direct flight a day from England we were unsuprised to find a large number of delegates on the plane; wearing Penguin badges and snapping pictures of the clear views over Greenland with a variety of digital cameras.

To accommodate feeding over a thousand delegates, the conference had erected a huge tent outside the hotel with views overlooking the harbour. It was there we started off Monday morning with the complimentary breakfast. The conference was split over two buildings, with a 10-15 minute walk between the two. With 16 simultaneous tutorial sessions on the first day and with only two Apache Week staff we found it really hard to choose between the talks. We spoke to other delegates who had been similarly overwhelmed by the choice.

Apache Week has reported on the ApacheCon and O'Reilly conferences over the last few years, so this time we wanted to avoid the talks that were copies of ones we've already covered. We decided to mix Apache talks with others that seemed new or interesting.

Matt Sergeant gave the first tutorial we visited on his XML application server for Apache, AxKit. AxKit performs a similar function to the Apache Cocoon project, but is written in Perl and C rather than Java. Matt even describes AxKit as "the C version of Cocoon". AxKit was born to as a way of collecting together the various Perl XML technologies and using them to deliver the same XML data in different formats. The use of XML allows for the separation of content, presentation, and logical site management.

The tutorial focussed on the various Perl XML tools available, the evolution of AxKit, and ways to use the result to power both static and dynamic sites. Matt highlighted some exciting and powerful features of AxKit: the intelligent compression of pages being returned to the client (gzip), the ability to parse and serve OpenOffice files on the fly, and AxPoint which powered his presentation by converting an XML outline to PDF.

AxKit allows any number of ways to process the XML for output; from the well known (but steep learning curve of) XSLT to XPathScript which has been designed to allow easy dynamic functionality and is also found within Cocoon.

Future plans for AxKit were covered, these included a port to Apache 2.0 and a complete Content Management System.

After the provided lunch we headed over to the Perl for System Administrators talk. The presenter, David Blank-Edelman, played music and danced around the hall to get into the mood for the tutorial. The talk had a heavy bias towards security, giving reasons why administrators should be paranoid and numerous stories and anecdotes about hacks and security vulnerabilities. David suggested some best practices that can help protect your scripts; for example there is no need to run a log analysis script as root. Other areas where users can overlook potential security problems are when appending to files, or creating temporary files in Perl. Although this talk was primarily about Perl, David made the important point that "a cutting sysadmin is platform agnostic", and his tips applied as much to sysadmin scripts as to CGI programs.

Also that afternoon, Jim Whitehead presented a tutorial on WebDAV and Apache. Jim, the chair of the IETF's WebDAV working group, began by giving a brief overview of authoring over HTTP, and gave examples of how collaborative web authoring can take place using WebDAV. The current state of client and server support was described, and an insight into some of the future extensions of the DAV protocol was given (including versioning, searching and access control). The talk continued giving a detailed description of the DAV protocol, explaining the support for properties, and the overwrite prevention mechanisms.

The tutorial finished up with a guide to setting up the WebDAV module for Apache, mod_dav, covering the basic operation of the module and the usual configuration issues. Jim noted that Apache 2.0 bundles mod_dav inside the source tree, making it easier to set up than Apache 1.3, where mod_dav must be compiled as an external module.

In the evening we took a coach to a local multiplex cinema for the west coast premier of the film "Revolution OS" by director J.T.S. Moore. The aim of the film was to document the history of the open source movement from Richard Stallman's founding of the GNU project, through the VA Linux IPO, to events taking place today. The film focussed on the key people responsible for a few of the historical turning points in the movement.

Early into the film, Eric Raymond said that "Apache was the killer app[lication]" and was responsible for the mass adoption of the Linux operating system. A number of other key people were interviewed including Brian Behlendorf from the Apache Project and Michael Tiemann from Red Hat.

We were impressed at the balance and accuracy of the film, especially the positive way the people interviewed were portrayed. The film would be interesting to engineers as well as outsiders.

At the end of the film the director took questions from the audience aided by Eric Raymond and Bruce Perens. They explained that the film took two years to make and was planned to be shown in the future at film festivals and other conferences.

We kicked off the second day much as the first, spending our breakfast trying to decide amongst the 17 simultaneous tutorials. Amongst the sessions we didn't get to see was Ryan Bloom's "Writing an Apache 2.0 Filter" which was given to a small, but enthusiastic group of developers.

We hear a lot of positive comments from people using the python-based Zope application server so decided to attend the tutorial "Introduction to Zope" given by Mike Homyack. Mike ran through what Zope is, and its architecture, telling us that "Zope is full Object-Orientated" and "really good at dynamic stuff". Zope has a built in server, z-server, that handles access to the internal content via a number of mechanisms including HTTP, FTP, and DAV. It is usual to let Zope handle all your web site content, but in most situations another server such as Apache or a reverse proxy such as Squid is placed in front in order to accelerate any static content. The main zope.org site itself uses Zope together with Apache; using Rewrite rules to proxy and cache requests to a Zope backend.

Zope currently has its own license but we were told that there was "motivation to give Zope some license like Python" to make it GPL compatible. Zope is in production use by some major companies including CBS New York.

At the same time as the Zope tutorial, Bruce Momjian gave an introductory tutorial on the PostgresSQL database. Attendees received a complimentary copy of Bruce's book, which the tutorial was based upon. Only a small amount of database expertise was presumed so this talk was very open to beginners. The half-day session allowed many chapters of the book to be covered in reasonable detail, starting with the basic architecture of a database, how to input data, modify data, and make simple queries. The talk then progressed to describe the construction of more complex queries, joins, and how to utilize the relational database capabilities of PostgresSQL. Bruce also presented a follow-up tutorial in the afternoon, covering some of the more advanced features.

In the afternoon we visited a talk on "Secure Internet Servers and Firewalls with OpenBSD". Although not directly related to Apache, it was interested to see how much security had been added into the OpenBSD system by default. OpenBSD ships with an SSL-enabled version of Apache by default.

We were also lucky to catch the second of a pair of tutorials by Mark-Jason Dominus, entitled "Stolen Secrets of the Wizards of the Ivory Tower". In an enigmatic talk, a set of Perl programming techniques were described including Memoization, the use of iterators, and drew particular attention to closures and anonymous subroutines. The obscure title alludes to the LISP heritage of many of these ideas.

In the evening Larry Wall gave an entertaining and lightning talk on the new features in Perl 6. Larry's talk didn't touch on anything Apache related, so if you are interested read all about it in "The State of the Onion 5" at perl.com.

In the next edition we will cover events of the last three days of the conference, when the main sessions, keynotes, and exhibition took place. We'll also dig out the photos we took, and will hopefully have recovered from the jetlag. Find out who said that the BSD license provides "the best balance between freedom and the right to make money", what is the Apache 2.0 "Holy Grail", and which was our favourite free T-Shirt.