Articles about apache

birthday

Apache Cassandra at 10: Making a community believe in NoSQL

Ten years ago this month, when Lehman Brothers was still just about in business and the term NoSQL wasn't even widely known, let alone an irritant, Facebook engineers open-sourced a distributed database system named Cassandra. Back then, the idea that huge numbers of companies would need a scalable database was almost …
Rebecca Hill, 16 Jul 2018
Coal miners

How polite: Fun-bucks coin miners graciously ease off CPU pounding

Cryptocurrency-mining malware writers are dialing back their use of your compute cycles in order to avoid detection. This is according to Johannes Ullrich, head of research at SANS, who today pointed out that malicious mining apps are scaling down activity and employing built-in encryption to make them harder for antivirus …
Shaun Nichols, 29 Jun 2018
Data breach

Equifax reveals full horror of that monstrous cyber-heist of its servers

Equifax has published yet more details on the personal records and sensitive information stolen by miscreants after they hacked its databases in 2017. The good news: the number of individuals affected by the network intrusion hasn't increased from the 146.6 million Equifax previously announced, but extra types of records …

Oracle corrals and patches Struts 2 vulnerabilities

Oracle has stepped outside its usual quarterly security fix cycle to address the latest Apache Struts 2 vulnerability. Ever since it emerged at the start of September, CVE-2017-9805 has been (in the words of a former Australian prime minister) “a shiver looking for a spine to crawl up”, because so many vendors use Apache to …
A beaver chewing down a tree

New 'Beaver' web server has exactly ONE user outside China

Netcraft's monthly survey of web-facing computers has turned up an oddity: a new web server called “Beaver” that's used by exactly one web site outside China. “Just over a million sites now exhibit the Beaver Server header, and these make use of more than 110,000 unique domain names – mostly under the .cn top-level domain,” …
Simon Sharwood, 29 May 2017

Apache OpenOffice: Not dead yet, you'll just have to wait until mid-May for mystery security fixes

Apache OpenOffice, sized for euthanasia by one of its own last year, still lives and should see an update before the end of May, allegedly. The open-source productivity suite has been referred to as "a shambling corpse" by those appalled at its languid update schedule and those skeptical that its skeleton crew of volunteers …
Thomas Claburn, 28 Apr 2017

Apache Foundation hails Metron as new top level project for cybersecurity

The Apache Software Foundation (ASF) has announced Metron, a cybersecurity applications framework for centralised monitoring and analysis of network traffic, as its newest top-level project. Metron was born out of Cisco's OpenSoc project in 2014. OpenSoc aimed to provide a scalable security analytics tool based on the Hadoop …

Inside OpenSSL's battle to change its license: Coders' rights, tech giants, patents and more

Analysis The OpenSSL project, possibly the most widely used open-source cryptographic software, has a license to kill – specifically its own. But its effort to obtain permission to rewrite contributors' rights runs the risk of alienating the community that sustains it. The software is licensed under the OpenSSL License, which includes …
Thomas Claburn, 24 Mar 2017
Dudley Do-Right Royal Canadian Mounted Police

Canadians can file online tax returns again after emergency outage

Canada's taxman has restored online services it took down over the weekend to respond to unspecified vulnerabilities. The Canada Revenue Agency (CRA) announced the end of its partial outage at 5:00PM Sunday, Eastern Daylight Time. The agency doesn't stipulate the vulnerability it identified, merely saying it affected “ …

Apache Struts 2 needs patching, without delay. It's under attack now

Infosec researchers have found a “dire” zero-day in Apache Struts 2, and it's under active attack. If you're a sysadmin using the Jakarta-based file upload Multipart parser under Apache Struts 2, Nick Biasini of Cisco's Talos advises applying the latest upgrade immediately. CVE-2017-5638 is documented at Rapid7's Metasploit …

Google must be Beaming as Apache announces its new top-level projects

The Apache Software Foundation has today announced two new top-level projects, Apache Beam and Apache Eagle. Apache Beam is yet another technology birthed by Google's work on data processing, and its roots can be traced back to Google's initial MapReduce system which revolutionised the science of distributed data processing …

Even big data devs make big data security gaffes

Apache Big Data Europe Big data application programmers routinely download and execute unverified code, opening the door to information-stealing hackers, a security researcher has claimed. Olaf Flebbe, chief software architect at European software integrator Science+Computing, is upset that software engineers have got into the habit of insecurely …
John Leyden, 21 Nov 2016
Baby

'Podling' Apache projects are spending longer in the incubator

ApacheCon Stewards of the Apache Software Foundation are mildly concerned that many nascent projects are spending longer in the incubator, putting pressure on limited mentoring resources. In the 12 months up to November 2016, ASF oversaw 30 new "podling" incubator projects, of which four were retired and just seven graduated. Jim …
John Leyden, 17 Nov 2016
Hadoop

Hadoop experiencing growing pains in lamestream businesses

Apache Big Data Fast, unbridled growth has hurt adoption of Hadoop, according to a leading advocate of the technology. John Mertic, director of program management at ODPi, said that work on Hadoop was often relegated to a "skunkworks" project in many mainstream organisations. "It's effectively stuck," he said during a keynote presentation at …
John Leyden, 16 Nov 2016

Is it time to unplug frail OpenOffice's life support? Apache Project asked to mull it over

The Apache OpenOffice project has limited capacity for sustaining itself in an energetic manner. The retirement of the project is a serious possibility. Those are the words of Dennis Hamilton, the volunteer vice-president of OpenOffice who advises the Apache Software Foundation board. Yesterday, he publicly floated the idea of …

Apache, Debian crews patch library with DoS vuln

A file upload library used in Apache Tomcat and various Linux distributions needs patching to plug a denial-of-service vulnerability. Discovered by the TERASOLUNA Framework Development Team, the bug in libcommons-fileupload-java, which sits under Apache Commons FileUpload, has the Common Vulnerabilities and Exposures …
Various types of clouds. Photo by Shutterstock

One place to inhale all cloud: Apache Libcloud 1.0 now available

The Apache Software Foundation has announced that Libcloud 1.0, the cloud service interoperability Python library, is now generally available. Notably, version 1.0 introduces two new driver types, container-as-a-service and backup-as-a-service, with a full changelog available here – though the degree to which it will ease the …

Remote code execution found and fixed in Apache OpenMeetings

Recurity Labs hacker Andreas Lindh has found four vulnerabilities, including a remote code execution hole, in Apache OpenMeetings. The flaws mean attackers could hijack installations of the popular virtual meetings and shared whiteboard application. Lindh reported two critical flaws including a predictable password reset …
Darren Pauli, 7 Apr 2016

Create a news alert about apache, or find more stories about apache.

Biting the hand that feeds IT © 1998–2018