In this issue

The Apache community drew a collective sigh of relief this week as a new beta of 2.0, Apache 2.0.28, was finally released. Source downloads are available as usual; a special tarball has been made for Mac OS X (Darwin) to solve some libtool problems on that platform. Users of old 2.0 releases are strongly encouraged to upgrade.

Just over two hundred changes have been documented in the six months since the last beta: significantly, the majority of these changes are bug fixes, cleanups, and optimisations. With the continuing success running the 2.0 code on the live server at apache.org, this demonstrates that at least on FreeBSD, Apache 2 is becoming more reliable.

The major feature added since the 2.0.16 beta is the inclusion of mod_ssl in the distribution, eliminating the complicated procedure of building an SSL-enabled server endured by users of Apache 1.3. Two new MPMs are also included: a multi-worker, single listener MPM for Unix platforms, and a multi-process, multi-threaded MPM for OS/2. Bugs are fixed in many modules from mod_proxy to mod_include; and mod_mime and mod_negotiation have received an overhaul. Some extensive profiling has driven performance optimisation throughout the server.

See the complete timeline of the development of Apache 2.0

Back in February we ran a story about an Australian firm, Silicon Breeze Pty who were making metal BSD Daemon figures with detachable Apache feathers. Such was the demand, they've decided to make stand-alone versions of the Apache feather as a brooch, badge, or sticker. The Apache Software Foundation granted permission to use the feather logo, and a percentage of all proceeds go right back to the ASF. We can't think of a better way to show you are using Apache than to attach a metal cast of the Apache feather to the outside of your server box. We've even got a few to give away, check out our exclusive competition in this issue.

This week news.com ran the story Apache 2.0 to debut Monday -- partway implying from the tag line that a commercial organisation was releasing the long-awaited Apache 2.0 before the Apache Software Foundation. However, the details in the story are not entirely accurate: Covalent have actually released a product that includes an alpha version of Apache 2.0. This is the second commercial product to be released which is based on an Apache 2.0 alpha, following IBM who used Apache 2.0.18 in their iSeries web server product line as we reported in August.

Jim Zemlin of Covalent told Apache Week:

"...we do not intend our Enterprise Ready Server release to be billed as being based on either a non existent release version of Apache 2.0 - or suggest that it is based on some private in house version. The product simply contains a heavily QA-ed and tested [httpd] HEAD as as of a few weeks ago... Covalent will continue to allocate significant resources to the Apache 2.0 project"

In this section we highlight some of the articles on the web that are of interest to Apache users.

Moshe Bar pits FreeBSD against Linux again in "FreeBSD Versus Linux Revisited" to test the new VM engine in Linux. This benchmark consists of a series of tests, and for the web benchmarking, Apache 2.0.18 acts as the web server on both platforms. There is no clear winner as the results show that Linux tops the handling I/O cache category whereas FreeBSD excels at building up and tearing down processes.

PHPBuilder presents "Making PHP Applications Cache-Friendly" which provides us with some sample code for reducing bandwidth demands and server load by using the Last-Modified and If-Modified-Since headers as defined in HTTP/1.1. The PHP application in question is Phorum, a web-based forum which uses PostgreSQL. As the pages are dynamically generated, the two headers have to be handled manually by the application instead of automatically by Apache. A very simple approach is implemented where a zero-length file is updated whenever there is a change in the database and the file's modification time is then used as the Last-Modified value.

"On the Security of PHP, Part 2" wraps up this two-parter by showing us how to secure PHP scripts with a combination of safe programming practices and PHP settings. It talks about how to use PHP safe mode, how to avoid the risks posed by files with a .inc extension, how to filter user input, and how to prevent scripts from changing PHP configuration options.

If the idea of metal feather jewellery tickles your fancy you'll love this competition. We have ten Apache feather brooches to give away to lucky readers. For a chance to get your hands on this unique gift, just in time for the holiday season, answer the following question.

In the UK series of books the Mr Men, Mr Tickle was known for
A) impossibly long arms used for tickling people,
B) a nose that extends when he tells a lie, or
C) being grumpy

Send your answer (A, B, or C) to tickle@apacheweek.com to reach us no later than 25th November 2001. We read every message, so take the opportunity of mailing us to let us know how we're doing and if there are things you think we should change about Apache Week. Your e-mail address will not be used for anything other than to let you know if you won. Ten winners will be drawn at random from all correct entries submitted, we disqualify people who make more than one entry, no cash alternative, void where prohibited, items will be sent from Australia so the recipient may be liable for customs duty or VAT on import, winners will be asked to choose which feather they wish to receive from codes APAg, APAs, APAq, APAx, APSg, APSs, APSq, APSx. Editors' decision is final.