Re: mod_perl usage stats continue to decline
On Tue, 30 Nov 2004 16:31:48 -0800 Philippe M. Chiasson [EMAIL PROTECTED] wrote: I just noticed that by default, Fedore Core ships httpd.conf with this snippet: # # Don't give away too much information about all the subcomponents # we are running. Comment out this line if you don't mind remote # sites finding out what major optional modules you are running ServerTokens OS So that certainly doesn't help numbers. Yup that's what I was talking about when I was talking about my system. Fedora and RHEL both do this and have been since IIRC around RH 9. How about my X-Powered-By suggestion for a while ago ? http://perl.apache.org/advocacy/issues.html#X_Powered_By I also agree this is a great idea. Especailly if I read this correctly that it will work behind a dual Apache setup. - Frank Wiles [EMAIL PROTECTED] http://www.wiles.org - - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_perl usage stats continue to decline
Stas Bekman wrote: Frank Wiles wrote: On Mon, 01 Nov 2004 17:47:26 -0500 Stas Bekman [EMAIL PROTECTED] wrote: for some reason we still don't have the numbers for Oct 2004 from netcraft but regardless it's easy to see that the stats are getting worse all the time: http://perl.apache.org/outstanding/stats/securityspace.html http://perl.apache.org/outstanding/stats/netcraft.html Isn't this probably caused in part by systems that don't have 'mod_perl' in their server signature and/or systems using a small Apache front end with a mod_perl backend on another port? You mean the decline is because more and more people move to the front-/back-end setup, and people aren't just moving to php? I just noticed that by default, Fedore Core ships httpd.conf with this snippet: # # Don't give away too much information about all the subcomponents # we are running. Comment out this line if you don't mind remote sites # finding out what major optional modules you are running ServerTokens OS So that certainly doesn't help numbers. I just checked my system at home and it doesn't report mod_perl to NetCraft. I think we discussed that earlier. If I remember correctly NetCraft can't scan ports (even the known ones) due to legal reasons. Maybe we should put together a quick howto on fixing that and suggest it on the mailing list? Do you think it'll have any impact when we talk about hundreds of thousands of users who aren't on the list and will never reach our site? What technique to help the scanners were you thinking about? How about my X-Powered-By suggestion for a while ago ? http://perl.apache.org/advocacy/issues.html#X_Powered_By Philippe M. Chiasson m/gozer\@(apache|cpan|ectoplasm)\.org/ GPG KeyID : 88C3A5A5 http://gozer.ectoplasm.org/ F9BF E0C2 480E 7680 1AE5 3631 CB32 A107 88C3A5A5 signature.asc Description: OpenPGP digital signature
Re: mod_perl usage stats continue to decline
Frank Wiles wrote: On Mon, 01 Nov 2004 19:18:47 -0500 Stas Bekman [EMAIL PROTECTED] wrote: You mean the decline is because more and more people move to the front-/back-end setup, and people aren't just moving to php? Oh I'm sure some of the decline is people moving to PHP, Python, Java, etc... but I don't think that we're losing as many people as that survey says. The reason I say that is because doing a default install of Apache2/mp2 via the instructions on perl.apache.org, my server at home doesn't report that it is using mod_perl. I'm sure other people are in similar situations where they don't even realize their server isn't claiming to be mod_perl powered. I'm not saying that we shouldn't do that. But I think that no matter how things are configured by default now, both stats counters give a good indication that the user base is going down. Maybe we should put together a quick howto on fixing that and suggest it on the mailing list? Do you think it'll have any impact when we talk about hundreds of thousands of users who aren't on the list and will never reach our site? What technique to help the scanners were you thinking about? I wasn't really thinking about a scanner technique, but you're I wasn't talking about the scanning technique. But the approach that will tell the scanners that mod_perl is there :) If user sets ServerToken to Off, you can't do much. And you can't enable it by default since some believe it's a security issue. right we wouldn't reach everyone via the mailing list. However, if we could put the howto up on the website, mention it on the list, etc it couldn't hurt to help boost those numbers. It wouldn't be anything drastic, but shouldn't be much work for us and/or the users. Sure, but I still want to hear first, what do you have on your mind, that you want to propose to users? While I think the NetCraft survey is important, maybe we should attack this another way. Create our own registered users page, like the Linux Counter site, where mod_perl users could list their sites. This still wouldn't catch everyone, but every little bit helps. Personally, I doubt we really want to do that. But if others are interested, by all means go for it. I just think noone will really care, and we will have the efforts wasted, which otherwise could be directed at better venues. But what do I know :) Please don't consider that as a discouraging note :) -- __ Stas BekmanJAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide --- http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
