Interview: Brian Behlendorf, co-founder of Apache

Brian Behlendorf co-founded the Apache Web Server Project and was the first Chief Engineer at Wired Magazine. He also co-founded the web design firm Organic Online and CollabNet, where Behlendorf now serves as CTO. He talks to Rich Miller about Apache's growth, the SCO case's unexpected benefits for open source, and changing the world through software.

Q. It's been a year of big gains for Apache, which now runs more than two-thirds of the sites on the Web, according to the Netcraft Web Server Survey, erasing inroads by Microsoft during 2001. What's your take on Apache's continuing gains?

A. I could speculate all day long as to why it's continued to grow, and I'd love to see a real survey done on it. Anecdotally, my take is that I imagine most of the growth continues to be either with the small mom-n-pop companies, or web hosting ISPs, or internationally - all places where price sensitivity is high, where the economic downturn is still causing budgets to be hurt, and there's willingness to consider an Open Source approach to solving a given problem. No doubt the security holes in IIS have continued to plague its reputation, and while there have been some noticed recently (and fixed) in Apache, they have been much less serious. Finally, I imagine the rise of related Apache projects, like the continued rise in use of mod_perl and Tomcat and our friends over at PHP, have only increased the confidence in using the web server for mission-critical situations.

Q. What's your take on the long-term impact of the SCO lawsuits? What changes - positive and negative - do you see it producing for Linux and the open source community?

A. I'm assuming that thanks to the BayStar callback that this lawsuit is nearly dead. Of course SCO, could sue their own financial backers and prolong this further, but it feels like we're seeing the beginning of the end. But while it was alive, it did a lot for Open Source in some unexpected ways. The community at large had taken a largely see-no-evil, hear-no-evil approach to issues around IP ownership, clearance of rights, that sort of thing, except for a few organizations like the FSF and the Apache Software Foundation who actually put effort into collecting license agreements from contributors. Now, developers are more aware than ever that getting a clean history for code matters a great deal.

Continue reading

Sasser, Phatbot May Make LSASS Flaw An Enduring Headache

The malware community's refinements of the Sasser worm and Phatbot trojan may make the Windows LSASS security hole a more enduring security headache, with new Sasser variants appearing while Phatbot expands "botnets" to launch Spam and denial of service attacks.

Four days after Sasser's release, it appears the limited effectiveness of the inital version was likely due to its coding, rather than improved patching of Windows products. Infections grew as new variants were released Sunday and Monday. With Sasser now at version D, media have identified numerous organizations reporting compromised systems, including American Express, Goldman Sachs, Australia's Westpac Bank, Finnish financial company Sampo and British Coast Guard stations. Microsoft reports that 1.5 million users downloaded its cleanup tool via Windows Update, explaining that site's slow performance Monday.

Continue reading

Most Reliable Hosting Providers during April

Ranking by Failed Requests and Connection time,
April 1st - 30th 2004


During April, Jumpline, a hosting company which specialises in Virtual Private Server [VPS] solutions, was the most reliable of the hosting company sites we monitor. Second placed was Energis, the UK telco and high end hosting provider, and third was Komplex, the German hosting company which was top during March.

Notably, this month five of the top ten sites were running Linux. This is first time since the performance analysis of hosting company sites started that Linux has been the leading operating system for site reliability. Until now FreeBSD had without exception been the most common operating system amongst the top ten each month. However, this month, the top ten comprises five sites running Linux, three running FreeBSD and one each running OpenBSD and Windows, with Energis running Windows and Secure Dog running OpenBSD.

Continue reading

The Phisher Kings

The rise of phishing has followed a trajectory that is remarkably similar to that of spam. Just as spam originally referred to flooding Usenet newsgroups, rather than email inboxes, so the practice of phishing seems to have started on AOL's online service, rather than on the Internet. Like spam, phishing in the early days was a relatively rare annoyance, but has recently begun growing to epidemic proportions: phishing attacks jumped 43 percent in March 2004, with over 400 unique scams.

Top Ten Phishing Countries
Country % of phishing sites
 hosted in country 
US 42.4%  
Korea 16.1%  
China 9.7%  
Japan 5.5%  
Canada 5.1%  
Russia 3.8%  
Taiwan 3.4%  
Germany 2.5%  
Romania 2.5%  
UK 1.3%  

Spam makes only the flimsiest attempts to deceive, generally in the Subject line. Once opened, it is usually obvious that the message is a sales pitch. Spam's success is simply a question of mathematics: even if the vast majority of recipients block or delete the message, the huge volume of spam ensures that the absolute numbers of replies are sufficient to warrant the small expense of the spamming.

Phishing, by contrast, is all about subterfuge. Typically, the email purports to be from a well- known organisation: according to the Anti- Phishing Working Group, eBay is the current favourite, with Citibank and PayPal the next most popular choices. To succeed, the phishing email must be as plausible as possible, in order to trick the recipient to move on to the next part of the scam by clicking on an enclosed URL. As a result, phishing email messages have been largely a question of social engineering.

Continue reading

Windows Update Site Experiences Slowdowns

The Windows Update web site has been experiencing performance problems again today, with our monitoring showing lengthy response times and brief outages.

Windows Update site was slowed by heavy traffic last month following the release of four Microsoft security updates fixing critical holes in Windows software. Saturday's Sasser worm used one of those flaws, a buffer overflow in the LSASS Windows networking service, to compromise unpatched machines. It's not yet clear whether today's delays are due to increased patching by tardy network administrators, or some other cause. Microsoft said it addressed last month's performance problems by "adding resources to support Windows Update."

Windows Update site performance

Dynamically updating performance charts for Windows Update are available here.

May 2004 Web Server Survey Finds 50 Million Sites

We now find more than 50 million web sites on the Internet, as the May 2004 survey received http responses from 50,550,965 sites. The milestone caps a period of revived growth for the Internet, coming just 13 months after the survey crossed the 40-million mark in April, 2003. By comparison, it took 21 months for the Web to expand from 30 million to 40 million sites.

May was the 16th consecutive month of growth for the Web after a two-year shakeout to absorb the collapse of the dot-com and telecom industries. The upward trend resumed in February 2003, when we detected 35.8 million sites; about the same number as the Dec. 2001 survey.

The rebound in total sites tracks the recovery of the larger Internet economy, as viable companies and business models have emerged from the wreckage of the Internet bubble. Common to the Internet Economy 2.0 is a focus on efficiency and cost management that was largely absent during the boom years of 1998-2000. Recent months have seen reports of strong growth for online ad spending, paid subscription sites, online retail spending, and even modest revivals in venture capital investment and dot-com hiring. On the M&A front, TechDealmaker reported 35 Internet-related acquisitions for the week of April 22-28, valued at $1.5 billion. And, on Thursday Google announced its long-awaited stock offering, leading a pack of web companies readying IPOs.

The first Netcraft survey in August 1995 found 18,957 hosts. Previous milestones in the survey were reached in April 1997 (1 million sites), February 2000 (10 million), September 2000 (20 million) and July 2001 (30 million).

Graph of market share for top servers across all domains, August 1995 - May 2004

Top Developers
Developer April 2004Percent May 2004Percent Change

Continue reading