A serious security hole has been discovered in TWiki, the popular open source collaboration software. The vulnerability allows remote attackers to execute shell commands on affected systems, and is already being actively exploited, with some analysts warning that a worm could soon follow. A hotfix is available from the TWiki web site.
TWiki is an enterprise collaboration platform typically used on development projects. It is used for internal communications at companies including IBM, Yahoo, Circuit City, Reuters, Boeing, General Electric, Wachovia and ZoneLabs. Some large companies use it to run web-facing Wikis, such as British Telecom's UK Telco B2B Forum.
The Apache Project
has rejected the Sender ID proposal for e-mail user authentication, saying the terms of Microsoft's license for the underlying technology makes it incompatible with open source software. The decision illustrates how anti-spam efforts have become the latest battleground between the open source community and Microsoft
Apache's decision, outlined in a letter to the Internet Engineering Task Force (IETF), culminates weeks of discussion among the IETF, Microsoft and open source advocates over whether Sender ID could work as a standard framework for anti-spam measures.
"The current Microsoft Royalty-Free Sender ID Patent License Agreement terms are a barrier to any (Apache) project which wants to implement Sender ID," Apache chairman Greg Stein said in the letter. "We believe the current license is generally incompatible with open source,
contrary to the practice of open Internet standards, and specifically incompatible with the Apache License 2.0. Therefore, we will not implement or deploy Sender ID under the current license terms."
Our site was inaccessible for about 9 hours yesterday between 5pm and 1:30am BST [9am - 5:30pm Pacific]. We are informed that this was caused by a serious fibre break on the Energis
PC Magazine has awarded Netcraft a place in its 2003 Top 100 Classic Web Sites
. Classic sites are defined as "perennial favorite, category leading sites", which one would most miss if stranded on a desert island.
PC Magazine is one of the world's leading computer publications with 6 million readers.
A couple of months ago we highlighted the low numbers of sites migrating to Apache/2.0, and contrasted it with the speed at which site administrators adopted Apache/1.3.26 which contained a fix for a potential buffer overflow problem.
If anything more surprising is the slow adoption of new versions of Sun's Solaris operating system. Solaris 9, released in May this year, is running on fewer than 1000 web site ip addresses found by the September survey, and there are roughly twice as many sites running Solaris 2 & Solaris 7 as are running Solaris 8, released in March 2000.
| Solaris 2/7 ||165,527|
| Solaris 8||81,730|
| Solaris 9||987|| |
Historically, slowness to gather upgrade revenue has usually been a portent of trouble to come for web technology vendors, and the figures coincide with Sun's difficulties generating revenue and profits over the last eighteen months. By contrast, Windows .Net Server, which is not yet scheduled for release, has almost as many as ip addresses as Solaris 9, including some impressive, high volume sites, such as Nasdaq.
Sun would reasonably point out that their boxes typically cost a lot more, and the upgrade cycle for more expensive kit could be expected to be slower.