The Apache HTTP server ships with a| /dev/posts/
Confluent 是一家著名的 Apache Kafka 提供商,其创始人在 LinkedIn 工作期间创造了 Kafka 项目,并将其贡献给了 Apache 基金会。这一模式后来也在 Apache 软件基金会(ASF)内被多次复制,即依托于 Apache 顶级项目打造商业产品,对应的商业公司核心成员是该开源项目的维护者或原始作者。 在《应当尊重和保护开源项目的知识产权》一文中,我介绍了 ASF 的商标品牌政策。在 Confluent 创...| 夜天之书
2019 年,当时的 Baidu Security X-Lab 团队将自己研发的安全计算框架 MesaTEE 捐赠到 Apache 孵化器,并更名为 Apache Teaclave 开始孵化。 时过境迁,当时的 X-Lab 早已不复存在,其孵化提案中引用的 MesaTEE 网站也被其他实体申请占用。甚至,初始成员大多已经离开百度公司,前往新的团队开发新的安全软件。 很长一段时间里,Teaclave 都是所谓“源自中国”的 Apache 孵化项目当中孵化时...| 夜天之书
下周五到周日,也就是 7 月 25 日到 27 日,一年一度的 Apache 社群峰会(CommunityOverCode Asia 2025)将在北京海淀举行。 峰会的最后一天,我和 Rust 社群的伙伴们组织了 Rust 分论坛,讨论开源生态以及 Apache 项目中 Rust 的发展和应用。同样在 27 日的早晨,我会做一个题为《七年之痒:我的 Apache 故事》的主题演讲,介绍 Apache 软件基金会如何深刻地影响了我的开源之路,以及每一...| 夜天之书
近期若干开源组织进行换届选举。在此期间,拥有投票权的成员往往会热烈讨论,提名新成员候选人和治理团队的候选人。虽然讨论是容易进行的,但是实际的投票流程和运作方式,在一个成员众多的组织中,可能会有不少成员并不清楚。 本文以 Apache 软件基金会(Apache Software Foundation, ASF)为例,介绍 ASF 所采用的投票方式。| 夜天之书
『太长不看版』 Apache Kvrocks 作为 Redis 的开源替代,近期支持了以下查询语法: 欢迎试用或跳转文末到完整示例段落查看具体步骤的含义。 原文作者 twice 发表于 Apache Kvrocks 官方博客。本文是取得原文作者许可的中文译文,翻译过程中间略有措辞顺序调整和演绎。| 夜天之书
Apache OpenDAL 简介 Apache OpenDAL 是一个以软件库形式提供的数据访问层。它允许用户通过统一的 API 简单且高效地访问不同存储服务上的数据。你可以把它当作是一个更好的 S3 SDK 实现,也可以通过统一的 OpenDAL API 来简化配置访问不同的数据存储服务的工作(例如 S3 / HDFS / GCS / AliyunOSS 等)。 OpenDAL 以库形式提供,因此使用 OpenDAL 无需部署额外的服务。OpenDAL 的核心代码用 Rust 写...| 夜天之书
近几年,国内开源项目捐赠到 Apache 软件基金会(ASF)的案例很有一些。几乎每个在进入孵化器和从孵化器当中毕业时发通稿的项目,都会选择在标题中加入“全票通过”的字样。 诚然,大部分项目在 ASF 孵化器中茁壮成长,实际上投票结果也是没有反对票,使用这一标题无可非议。然而,对于把同侪社群(Community of Peers)作为社群核心价值之一的 ASF 来说,追求全票通过并...| 夜天之书
《程序员修炼之道》讲了一个有趣的“石头汤”寓言。这个寓言里,饿着肚子的外来人在村子里烧了一锅水,放了三块石头,开始煮“石头汤”。这样的行为引来好奇的村民围观,外来人顺势在“石头汤”的基础上引导村民们添加食材以改善这锅料理。最后,村民和外来人一起煮出了一锅靓汤,外来人于是把石头从汤里扔掉,所有人分享了这顿美餐。 开源协同的工作方式与...| 夜天之书
I have some old stuff transcoded to Real Audio, because why not? It’s like a magical hidden file-format from years past. Granted the streaming software is so old, it breaks with NAT, but there was an older playable RAM / … Continue reading →| Virtually Fun
A low-severity security issue in Apache DolphinScheduler has been addressed in the latest release. Identified as CVE-2024-43166 and classified under CWE-276: Incorrect Default Permissions, this vulnerability affects all DolphinScheduler versions prior to 3.2.2. Users are strongly advised to upgrade to version 3.3.1 as soon as possible to mitigate potential risks. Apache DolphinScheduler is an open-source, […] The post Apache DolphinScheduler Vulnerability Patched — Update Immediately appe...| GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Configuring Apache with mod_qos to block AI scrapers and other bad bots and scanners from crawling your website.| Frederik Himpe
... Read more The post Critical CVE-2025-48964 Vulnerability in iputils: A Major Concern for Linux Administrators appeared first on LinuxConfig.| LinuxConfig
本文永久链接 - https://tonybai.com/2025/08/06/go-new-engine-of-old-languages 大家好,我是Tony Bai。 我先来描述一种编程语言生态,请你猜猜它是谁: 它诞生于 1995 年,旨在为当时一个叫“万维网”的新| tonybai.com
The Open Source Technology Improvement Fund is proud to share the results of our security audits of Apache Log4Net and Log4CXX. Log4CXX is an open source logging framework library for C++, and Log4Net is a library to output log statements to various targets. With the help of Ada Logics and Sovereign Tech Agency, these projects […]| OSTIF.org
Despite comments on my ikiwiki blog being fully moderated, spammers have| Feeding the Cloud
Highlighting the impactful journey of Jan Friedrich with Apache Logging Services since 2020, and his notable contributions to Log4net.| Apache Software Foundation - Logging Services
Instructions to upgrade application to Apache Commons Logging 1.3.0.| Apache Software Foundation - Logging Services
Highlighting the impactful journey of Stephen Webb with Apache Logging Services since 2020, and his notable contributions to Log4cxx.| Apache Software Foundation - Logging Services
This article demonstrates how to implement motor control and speed sensing on an ESP32-C6 using NuttX RTOS. It covers setting up MCPWM for motor control, ADC for potentiometer reading, and quadrature encoder for speed measurement. The implementation showcases NuttX’s real-time capabilities through a practical example using common peripherals and sensors.| Developer Portal
KEY POINTS Khalda Petroleum, in partnership with Apache, has discovered three new oil and gas fields in Egypt’s Western Desert, expected to add 12 mill| Energy News Africa Plus
How to mitigate security vulnerability CVE-2025-29927 in Next.js with Modsecurity web application firewall.| Frederik Himpe
Vielleicht hab ihr auch eine Website, die eine „Premium-Schriftart“ verwendet. Das Laden von einem CDN, vielleicht sogar mit externem JavaScript, ist für die Performance und den Datenschutz dabei oft nicht ideal. Deshalb möchtet ihr die Schriftarten wahrscheinlich auf eurem Server … Weiterlesen →| Kau-Boys
Configuration guide explaining how to set up Foomuuri firewall and how to tune Apache and configure mod_qos to mitigate DDoS attacks.| Frederik Himpe
Follow us on Twitter (X) @Hackread - Facebook @ /Hackread| Hackread - Latest Cybersecurity, Tech, Crypto & Hacking News
近几年,国内开源项目捐赠到 Apache 软件基金会(ASF)的案例很有一些。几乎每个在进入孵化器和从孵化器当中毕业时发通稿的项目,都会选择在标题中加入“全票通过”的字样。 诚然,大部分项目在 ASF 孵化器中茁壮成长,实际上投票结果也是没有反对票,使用这一标题无可非议。然而,对于把同侪社群(Community of Peers)作为社群核心价值之一的 ASF 来说,追求全票通过并...| 夜天之书
This post describes how to mitigate against CVE-2021-44228: In Apache Log4j2 2.0-beta9 through 2.14.1, the JNDI features used in configurations, log messages, and parameters do not protect against an attacker-controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers […]| Gary Gregory
As a maintainer of the free and open source software project Apache Commons, I review pull requests on GitHub. Since the libraries we produce in components like Commons Lang, Commons IO, and Commons VFS are used directly and transitively in countless applications, open and closed source alike, we want to be careful when releasing new […]| Gary Gregory
This post is a follow up to Using ShiftLeft in Open Source, where I was looking to see if I could apply the principle of shift left testing to security. Now that ShiftLeft has a user interface, I want to come back to it and revisit looking at results from the UI instead of pouring […]| Gary Gregory
Applying shift left testing to security with ShiftLeft.io| Gary Gregory
I've recently been using the powerful mod_rewrite to modify the URL's on a client's website. mod_rewrite is a powerful tool that lets you turn "ugly" URL's like| Ops Monkey
The following is a patch against apache 2.0.54 (Probably applies clean to other versions, I've applied it to 2.0.55 also). It's built for debian linux, it's possible that some hacking may be necessary to get it to apply to a vanilla version of httpd but I doubt it. Copy the attached patch to a file called for example, 000_ProxyMultiSource.| Ops Monkey
Fixing an Apache pthread error| boston.conman.org
To protect web resources with Kerberos you may use Apache HTTPD with mod_auth_gssapi — however, all web scripts (e.g., PHP) run under Apache will have access to the Kerberos long-term symmetric secret credential (keytab). If someone can get it, they Continue reading Privilege separation of GSS-API credentials for Apache→| Simon Josefsson's blog
As many others, I have been following the launch of Let’s Encrypt. Let’s Encrypt is a new zero-cost X.509 Certificate Authority that supports the Automated Certificate Management Environment (ACME) protocol. ACME allow you to automate creation and retrieval of HTTPS Continue reading Let’s Encrypt Clients→| Simon Josefsson's blog
Create a robust vulnerability disclosure policy with this ultimate guide. Learn best practices to protect your environment from cyber risk.| Vulcan Cyber
| The Grumpy Troll: The Grumpy Troll
The bookworm-frehi Debian package repository contains newer packages for AppArmor and libapache2-mod-qos fixing some bugs in Debian 12 Bookworm.| Frederik Himpe
Apache Spark is a cluster computing engine, essentially an alternative computation model to MapReduce for executing jobs across large clusters. Spark’s scheduler stores pending work on a number of arrays, to keep track of which work is available to be executed where in the cluster. In Spark 1.6, a bug was introduced, that meant that any time Spark added a new task to one of these arrays, it would first exhaustively search the array to ensure it wasn’t re-adding a duplicate. Since the arra...| Accidentally Quadratic
Here’s a quick roundup of distributed deep learning efforts running on Apache Spark. This will only list active(-ish) projects rather than academic experiments (of which there are too many to list) There’s roughly two approaches:| François Garillot
Apache lanza una actualización de seguridad que corrige una vulnerabilidad que permitiría a un atacante ejecutar comandos en forma remota. (CVE-2020-17530) Producto afectado: Apache Struts, versión 2.5.30. Se puede realizar una doble evaluación si el desarrollador fuerza una evaluación Object Graph Navigation Library (OGNL) usando la sintaxis: “ %{. . .} ”. Hacer una evaluación […]| LACNIC CSIRT
Apple has given us notice of an upcoming codesigning requirement in their bundled apache webserver. I worked out how to make things work once it is in place.| Phusion Blog
Guide to profiling Wordpress with tideways XHProf PHP profiler to debug and optimize slow web server page load speed| Michael Altfield's Tech Blog
From zero to fully working web server in 2 configuration files, including smart HTTP, ssl, authentication, and cgit or gitweb.| Git Cookbook
I recently switched my LAMP virtual server to a different VPS provider. The LAMP server that is serving you this site. So the migration worked! Here are the steps, for future reference. Mostly for myself, but maybe you — someone who came here from Google — can use this too. This should work on any… Read More »| Jan van den Berg
Remember the good old days of PHP? Mastering a redirect was nearly impossible without complicated PHP code or writing a server instruction (`.htaccess`). Let's take a minute to examine the past and present, and then compare and contrast some of the advantages and disadvantages of each.| Seth Vargo