Re: ApacheCon Austin, httpd track
On 11/26/2014 12:43 PM, Rich Bowen wrote: As I mentioned a few months ago, ApacheCon Austin will be the 20th anniversary of the first release of the Apache HTTP server. The plan is to make a big deal of this at the conference, and I'm hoping that we can have a strong httpd track to go along with this. For ApacheCon Europe, several projects (notably, OFBiz) put together what they thought would be an ideal track, and then solicited speakers for individual talks in that track, and that worked really well. I'm hoping we can do a similar thing for Austin, and, in particular, I'm hoping that I don't end up giving half the talks in the track. :-) I've started an doc at https://docs.google.com/document/d/11oh1CQEwgxvV_xM92kQyRP8HuI92VHuN5znNz-5-Qwg/edit?usp=sharing and I'm hoping that we can collaborate on what talks need to be in a comprehensive httpd track, what order they should be in, and then hunt down the people that should be giving those talks. Thanks for any help you can give towards this. So, we're down to the last month of the CFP, and I've yet to see most of this content appear in the proposed papers. I wonder if folks can take a look back over this conversation, and either submit the talks that you've suggested, or bug someone who might be able/willing to give the talk in Austin. The above Google doc is still open for suggestions and edits, as well as for listing the URL of the talk(s) you have proposed. I'd really like to have two days of content (that's either 12 or 11 talks, depending on which days we go with) and I'm confident that there's that much content out there, but getting people to present it is harder than it once was. I could really use your help. --Rich -- Rich Bowen - rbo...@rcbowen.com - @rbowen http://apachecon.com/ - @apachecon
Re: ApacheCon Austin, httpd track
On 12/04/2014 10:23 AM, Jeff Trawick wrote: Besides searching through Bugzilla and summarizing each mod_proxy_fcgi bug and ranking by apparent severity, number of users involved in the bug discussion, etc., what else should I put on a Wiki page? E.g., do you have an idea of what needs to be improved in the doc? Some howto kinds of docs on setting up various important things (php, python) to run under the various flavors of fcgi would be awesome. It's all a bit word of mouth at the moment. -- Rich Bowen - rbo...@rcbowen.com - @rbowen http://apachecon.com/ - @apachecon
Re: ApacheCon Austin, httpd track
On Tue, Dec 2, 2014 at 4:14 PM, Jim Riggs apache-li...@riggs.me wrote: P.S. mod_proxy_balancer - mod_proxy_fcgi - php-fpm is really fun and interesting too! ;-) mod_proxy_fcgi seems to need a bit of work from what I have been seeing in bugzilla and IRC. I hope to spend a little time on the code and doc, but not being an actual user of it I don't know how far I will really get before being distracted.
Re: ApacheCon Austin, httpd track
On Thu, Dec 4, 2014 at 9:58 AM, Eric Covener cove...@gmail.com wrote: On Tue, Dec 2, 2014 at 4:14 PM, Jim Riggs apache-li...@riggs.me wrote: P.S. mod_proxy_balancer - mod_proxy_fcgi - php-fpm is really fun and interesting too! ;-) mod_proxy_fcgi seems to need a bit of work from what I have been seeing in bugzilla and IRC. I hope to spend a little time on the code and doc, but not being an actual user of it I don't know how far I will really get before being distracted. This is very important stuff IMO. I know we don't do the coordination thing around here, but if the work was organized to some extent, perhaps 3-4 people could easily share the work??? (bite sized chunks of the development: simple reproducers, doc, code, review, whatever) Besides searching through Bugzilla and summarizing each mod_proxy_fcgi bug and ranking by apparent severity, number of users involved in the bug discussion, etc., what else should I put on a Wiki page? E.g., do you have an idea of what needs to be improved in the doc? -- Born in Roswell... married an alien... http://emptyhammock.com/
Re: ApacheCon Austin, httpd track
On 02 Dec 2014, at 4:29 PM, Rich Bowen rbo...@rcbowen.com wrote: Given the focus on SSL in the last year, I think that a talk exactly like that would be appreciated, and could even be a great talk to use to market the track as a whole. I think a lot of people are waking up to the fact that they have no idea what SSL/TLS actually is, and some in-depth teaching on it seems like it would be welcome. An SSL/TLS track would be an excellent idea. There is a significant amount of anti-security sentiment out there, ranging from managers switching it off because they don’t know what it is for, developers complaining that it’s “too hard”, through to technical people actively evangelising against using SSL/TLS because it is perceived to be inconvenient. Regards, Graham —
Re: ApacheCon Austin, httpd track
On 02 Dec 2014, at 3:02 PM, Jim Jagielski j...@jagunet.com wrote: The idea is that being a project with a long, long history, httpd has the unfortunate reputation of being old, slow, and basically, not the new hotness. So even though the project has been around, 2.4 is vastly different, and really should be seen and considered as a whole new web server. I suspect there will always be a “new hotness” around that competes with attention, while projects like the Linux kernel and httpd endure. For me, httpd is a tank. In production it plows through everything, and just doesn’t break, no matter how much punishment you put it under. When a need comes up to perform a task, that functionality is probably already there, meaning there is no need to switch software stacks or go without. In addition, httpd’s technical documentation was and still is one of the best examples of “properly done” documentation in any project anywhere. I put a lot of effort last year closing the last protocol violations that Co-Advisor was reporting for httpd trunk, so HTTP protocol weirdness is less likely to be encountered. People obsess about speed until their first outage, then with the honeymoon over they switch to reliability as a focus. As long as httpd maintains it’s reliability, I don’t think we’ll be going anywhere any time soon. Regards, Graham —
Re: ApacheCon Austin, httpd track
On 12/02/2014 04:14 PM, Jim Riggs wrote: On 11/30/2014 11:08 AM, Jeff Trawick wrote: * deploying Python web apps under uWSGI behind mod_proxy_fcgi/scgi (some material here: http://emptyhammock.com/projects/info/pyweb/index.html) On 1 Dec 2014, at 19:15, Daniel Ruggeri drugg...@primary.net wrote: Similarly, I'm always up for giving my proxy talk if it's welcome (after the first day since I can't make it until Tues). If we think proxy is a big topic, we ought to arrange for a general overview like my proxy talk followed by more specific deep dives such as what Jeff mentions here and a session on new sexiness like WebSockets. Picking up on what Jeff and Daniel are saying, I think some focus on the powerful things mod_proxy_* can do would be really useful. One particular thought that has been in the back of my head for some time is a Begone libphp5.so! talk. For better or worse, PHP is still around and will be for some time, but it is time to get it out of the web server and treat it like the application/backend it is for both security and resource-usage reasons. mod_proxy_fcgi + php-fpm is a really elegant, simple solution to make this happen, but I have found a lot of devs and admins who just aren't even aware of this configuration possibility. (I have explained it to several people at ApacheCon NAs over the past couple of years.) I've actually been using a backported mod_proxy_fcgi in 2.2 for just this purpose for a few years in production. That's certainly a talk I would be willing to give if there is interest. P.S. mod_proxy_balancer - mod_proxy_fcgi - php-fpm is really fun and interesting too! ;-) Awesome. I'll put you down for a php-fpm talk. :-) So, the next step, now that we have a pretty good track roughed in, is that people actually start submitting the talk abstracts to go along with it. It would be great if this didn't get left to the last minute, so that we can actually start doing some track publicity sooner rather than later. Thanks for the great discussion, folks! --Rich -- Rich Bowen - rbo...@rcbowen.com - @rbowen http://apachecon.com/ - @apachecon
Re: ApacheCon Austin, httpd track
On 12/02/2014 03:51 PM, wr...@rowe-clan.net wrote: Rich raises a great point - you could probably even propose a full half day training, and spend a bit of time on configuring different ASF projects (e.g. httpd, Tomcat) while aiming squarely at the state of SSL cryptography itself. I'm certain that class would get some nice registration numbers. FYI, we're planning to drop training/tutorial kind of sessions for this event. They have consistently been a huge logistical nightmare, and we always end up canceling (optimistically) 3/4 of them due to poor attendance numbers. They're a huge hassle for the people that have to plan the content and then not give the talk. They're a huge hassle to have to notify people that the tutorial they signed up for has been canceled. And they're a hassle trying to get the space for a talk that may or may not happen. If this content can be put into a half-day three-talk series, where each talk stands alone or works in concert, that would be ideal. Do you think that we can put together like that? Any chance we could even persuade one of the OpenSSL folks to come for that? Anyone have any contacts there? --Rich -- Rich Bowen - rbo...@rcbowen.com - @rbowen http://apachecon.com/ - @apachecon
Re: ApacheCon Austin, httpd track
On 3 Dec 2014, at 16:00, Rich Bowen rbo...@rcbowen.com wrote: If this content can be put into a half-day three-talk series, where each talk stands alone or works in concert, that would be ideal. Do you think that we can put together like that? Any chance we could even persuade one of the OpenSSL folks to come for that? Anyone have any contacts there? A day on SSL/TLS could and perhaps should cover both OpenSSL and GnuTLS. -- Tim Bannister – is...@c8h10n4o2.org.uk
Re: ApacheCon Austin, httpd track
The idea is that being a project with a long, long history, httpd has the unfortunate reputation of being old, slow, and basically, not the new hotness. So even though the project has been around, 2.4 is vastly different, and really should be seen and considered as a whole new web server. On Nov 30, 2014, at 11:13 AM, Rich Bowen rbo...@rcbowen.com wrote: On Nov 29, 2014 9:45 AM, Jim Jagielski j...@jagunet.com wrote: I'd like to submit something like This ain't your Daddy's Apache!... Does that replace one of the ones already listed or is that a new item? On Nov 26, 2014, at 1:04 PM, Eric Covener cove...@gmail.com wrote: I've started an doc at https://docs.google.com/document/d/11oh1CQEwgxvV_xM92kQyRP8HuI92VHuN5znNz-5-Qwg/edit?usp=sharing and I'm hoping that we can collaborate on what talks need to be in a comprehensive httpd track, what order they should be in, and then hunt down the people that should be giving those talks. Thanks for kickstarting -- I added a very simple bullet for What’s (still new) in 2.4
Re: ApacheCon Austin, httpd track
I've updated the gdoc as proxying and load balancing On Dec 1, 2014, at 8:15 PM, Daniel Ruggeri drugg...@primary.net wrote: On 11/30/2014 11:08 AM, Jeff Trawick wrote: * deploying Python web apps under uWSGI behind mod_proxy_fcgi/scgi (some material here: http://emptyhammock.com/projects/info/pyweb/index.html) * a debugging tricks talk I've given a few times (relatively minor updates from the last North America AC) * drastically updated (rewritten) version of an old capacity-tuning-and-performance talk I gave at a Sun conference in 2009 (https://blogs.oracle.com/trawick/resource/DeepDive/WebStackDeepDiveApache.pdf) Similarly, I'm always up for giving my proxy talk if it's welcome (after the first day since I can't make it until Tues). If we think proxy is a big topic, we ought to arrange for a general overview like my proxy talk followed by more specific deep dives such as what Jeff mentions here and a session on new sexiness like WebSockets. Tuning for throughput is also an interesting topic and in line with the conversations lately (Re: commercial support). A side note on SSL/security: I had the idea a few years back that there is probably enough content to do a here is 5 minutes about how to configure SSL in httpd and then 50 minutes of other important security topics (What Ciphers should I enable? Should I use SSLv3 any more? How to treat my keys and what the hell is an HSM anyway? Passphrase encrypted keys or not? Should I trust my distro's build?). Thoughts are welcome on that topic... not sure if I'm overly paranoid or if these are things that people actually want to hear? -- Daniel Ruggeri
Re: ApacheCon Austin, httpd track
On 12/01/2014 08:15 PM, Daniel Ruggeri wrote: A side note on SSL/security: I had the idea a few years back that there is probably enough content to do a here is 5 minutes about how to configure SSL in httpd and then 50 minutes of other important security topics (What Ciphers should I enable? Should I use SSLv3 any more? How to treat my keys and what the hell is an HSM anyway? Passphrase encrypted keys or not? Should I trust my distro's build?). Thoughts are welcome on that topic... not sure if I'm overly paranoid or if these are things that people actually want to hear? Given the focus on SSL in the last year, I think that a talk exactly like that would be appreciated, and could even be a great talk to use to market the track as a whole. I think a lot of people are waking up to the fact that they have no idea what SSL/TLS actually is, and some in-depth teaching on it seems like it would be welcome. --Rich -- Rich Bowen - rbo...@rcbowen.com - @rbowen http://apachecon.com/ - @apachecon
RE: Re: ApacheCon Austin, httpd track
- Original Message - Subject: Re: ApacheCon Austin, httpd track From: Rich Bowen rbo...@rcbowen.com Date: 12/2/14 8:29 am To: dev@httpd.apache.org On 12/01/2014 08:15 PM, Daniel Ruggeri wrote: A side note on SSL/security: I had the idea a few years back that there is probably enough content to do a here is 5 minutes about how to configure SSL in httpd and then 50 minutes of other important security topics (What Ciphers should I enable? Should I use SSLv3 any more? How to treat my keys and what the hell is an HSM anyway? Passphrase encrypted keys or not? Should I trust my distro's build?). Thoughts are welcome on that topic... not sure if I'm overly paranoid or if these are things that people actually want to hear? Given the focus on SSL in the last year, I think that a talk exactly like that would be appreciated, and could even be a great talk to use to market the track as a whole. I think a lot of people are waking up to the fact that they have no idea what SSL/TLS actually is, and some in-depth teaching on it seems like it would be welcome. Rich raises a great point - you could probably even propose a full half day training, and spend a bit of time on configuring different ASF projects (e.g. httpd, Tomcat) while aiming squarely at the state of SSL cryptography itself. I'm certain that class would get some nice registration numbers.
Re: ApacheCon Austin, httpd track
On 11/30/2014 11:08 AM, Jeff Trawick wrote: * deploying Python web apps under uWSGI behind mod_proxy_fcgi/scgi (some material here: http://emptyhammock.com/projects/info/pyweb/index.html) On 1 Dec 2014, at 19:15, Daniel Ruggeri drugg...@primary.net wrote: Similarly, I'm always up for giving my proxy talk if it's welcome (after the first day since I can't make it until Tues). If we think proxy is a big topic, we ought to arrange for a general overview like my proxy talk followed by more specific deep dives such as what Jeff mentions here and a session on new sexiness like WebSockets. Picking up on what Jeff and Daniel are saying, I think some focus on the powerful things mod_proxy_* can do would be really useful. One particular thought that has been in the back of my head for some time is a Begone libphp5.so! talk. For better or worse, PHP is still around and will be for some time, but it is time to get it out of the web server and treat it like the application/backend it is for both security and resource-usage reasons. mod_proxy_fcgi + php-fpm is a really elegant, simple solution to make this happen, but I have found a lot of devs and admins who just aren't even aware of this configuration possibility. (I have explained it to several people at ApacheCon NAs over the past couple of years.) I've actually been using a backported mod_proxy_fcgi in 2.2 for just this purpose for a few years in production. That's certainly a talk I would be willing to give if there is interest. P.S. mod_proxy_balancer - mod_proxy_fcgi - php-fpm is really fun and interesting too! ;-)
Re: ApacheCon Austin, httpd track
On 11/30/2014 11:08 AM, Jeff Trawick wrote: * deploying Python web apps under uWSGI behind mod_proxy_fcgi/scgi (some material here: http://emptyhammock.com/projects/info/pyweb/index.html) * a debugging tricks talk I've given a few times (relatively minor updates from the last North America AC) * drastically updated (rewritten) version of an old capacity-tuning-and-performance talk I gave at a Sun conference in 2009 (https://blogs.oracle.com/trawick/resource/DeepDive/WebStackDeepDiveApache.pdf) Similarly, I'm always up for giving my proxy talk if it's welcome (after the first day since I can't make it until Tues). If we think proxy is a big topic, we ought to arrange for a general overview like my proxy talk followed by more specific deep dives such as what Jeff mentions here and a session on new sexiness like WebSockets. Tuning for throughput is also an interesting topic and in line with the conversations lately (Re: commercial support). A side note on SSL/security: I had the idea a few years back that there is probably enough content to do a here is 5 minutes about how to configure SSL in httpd and then 50 minutes of other important security topics (What Ciphers should I enable? Should I use SSLv3 any more? How to treat my keys and what the hell is an HSM anyway? Passphrase encrypted keys or not? Should I trust my distro's build?). Thoughts are welcome on that topic... not sure if I'm overly paranoid or if these are things that people actually want to hear? -- Daniel Ruggeri
Re: ApacheCon Austin, httpd track
On Nov 29, 2014 9:45 AM, Jim Jagielski j...@jagunet.com wrote: I'd like to submit something like This ain't your Daddy's Apache!... Does that replace one of the ones already listed or is that a new item? On Nov 26, 2014, at 1:04 PM, Eric Covener cove...@gmail.com wrote: I've started an doc at https://docs.google.com/document/d/11oh1CQEwgxvV_xM92kQyRP8HuI92VHuN5znNz-5-Qwg/edit?usp=sharing and I'm hoping that we can collaborate on what talks need to be in a comprehensive httpd track, what order they should be in, and then hunt down the people that should be giving those talks. Thanks for kickstarting -- I added a very simple bullet for What’s (still new) in 2.4
Re: ApacheCon Austin, httpd track
On Wed, Nov 26, 2014 at 12:43 PM, Rich Bowen rbo...@rcbowen.com wrote: As I mentioned a few months ago, ApacheCon Austin will be the 20th anniversary of the first release of the Apache HTTP server. The plan is to make a big deal of this at the conference, and I'm hoping that we can have a strong httpd track to go along with this. For ApacheCon Europe, several projects (notably, OFBiz) put together what they thought would be an ideal track, and then solicited speakers for individual talks in that track, and that worked really well. I'm hoping we can do a similar thing for Austin, and, in particular, I'm hoping that I don't end up giving half the talks in the track. :-) I've started an doc at https://docs.google.com/document/d/11oh1CQEwgxvV_ xM92kQyRP8HuI92VHuN5znNz-5-Qwg/edit?usp=sharing and I'm hoping that we can collaborate on what talks need to be in a comprehensive httpd track, what order they should be in, and then hunt down the people that should be giving those talks. Thanks for any help you can give towards this. --Rich -- Rich Bowen - rbo...@rcbowen.com - @rbowen http://apachecon.com/ - @apachecon I've given some thought to proposing one of the following talks: * deploying Python web apps under uWSGI behind mod_proxy_fcgi/scgi (some material here: http://emptyhammock.com/projects/info/pyweb/index.html) * a debugging tricks talk I've given a few times (relatively minor updates from the last North America AC) * drastically updated (rewritten) version of an old capacity-tuning-and-performance talk I gave at a Sun conference in 2009 ( https://blogs.oracle.com/trawick/resource/DeepDive/WebStackDeepDiveApache.pdf ) Speak up if one of these seems more helpful to the overall track. -- Born in Roswell... married an alien... http://emptyhammock.com/
Re: ApacheCon Austin, httpd track
I'd like to submit something like This ain't your Daddy's Apache!... On Nov 26, 2014, at 1:04 PM, Eric Covener cove...@gmail.com wrote: I've started an doc at https://docs.google.com/document/d/11oh1CQEwgxvV_xM92kQyRP8HuI92VHuN5znNz-5-Qwg/edit?usp=sharing and I'm hoping that we can collaborate on what talks need to be in a comprehensive httpd track, what order they should be in, and then hunt down the people that should be giving those talks. Thanks for kickstarting -- I added a very simple bullet for What’s (still new) in 2.4
ApacheCon Austin, httpd track
As I mentioned a few months ago, ApacheCon Austin will be the 20th anniversary of the first release of the Apache HTTP server. The plan is to make a big deal of this at the conference, and I'm hoping that we can have a strong httpd track to go along with this. For ApacheCon Europe, several projects (notably, OFBiz) put together what they thought would be an ideal track, and then solicited speakers for individual talks in that track, and that worked really well. I'm hoping we can do a similar thing for Austin, and, in particular, I'm hoping that I don't end up giving half the talks in the track. :-) I've started an doc at https://docs.google.com/document/d/11oh1CQEwgxvV_xM92kQyRP8HuI92VHuN5znNz-5-Qwg/edit?usp=sharing and I'm hoping that we can collaborate on what talks need to be in a comprehensive httpd track, what order they should be in, and then hunt down the people that should be giving those talks. Thanks for any help you can give towards this. --Rich -- Rich Bowen - rbo...@rcbowen.com - @rbowen http://apachecon.com/ - @apachecon
Re: ApacheCon Austin, httpd track
I've started an doc at https://docs.google.com/document/d/11oh1CQEwgxvV_xM92kQyRP8HuI92VHuN5znNz-5-Qwg/edit?usp=sharing and I'm hoping that we can collaborate on what talks need to be in a comprehensive httpd track, what order they should be in, and then hunt down the people that should be giving those talks. Thanks for kickstarting -- I added a very simple bullet for What’s (still new) in 2.4
