You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Rich Bowen <rb...@rcbowen.com> on 2014/11/26 18:43:22 UTC
ApacheCon Austin, httpd track
As I mentioned a few months ago, ApacheCon Austin will be the 20th
anniversary of the first release of the Apache HTTP server. The plan is
to make a big deal of this at the conference, and I'm hoping that we can
have a strong httpd track to go along with this.
For ApacheCon Europe, several projects (notably, OFBiz) put together
what they thought would be an ideal track, and then solicited speakers
for individual talks in that track, and that worked really well. I'm
hoping we can do a similar thing for Austin, and, in particular, I'm
hoping that I don't end up giving half the talks in the track. :-)
I've started an doc at
https://docs.google.com/document/d/11oh1CQEwgxvV_xM92kQyRP8HuI92VHuN5znNz-5-Qwg/edit?usp=sharing
and I'm hoping that we can collaborate on what talks need to be in a
comprehensive httpd track, what order they should be in, and then hunt
down the people that should be giving those talks.
Thanks for any help you can give towards this.
--Rich
--
Rich Bowen - rbowen@rcbowen.com - @rbowen
http://apachecon.com/ - @apachecon
Re: ApacheCon Austin, httpd track
Posted by Graham Leggett <mi...@sharp.fm>.
On 02 Dec 2014, at 3:02 PM, Jim Jagielski <ji...@jaguNET.com> wrote:
> The idea is that being a project with a long, long history,
> httpd has the unfortunate reputation of being old, slow,
> and basically, not the new hotness. So even though the
> project has been around, 2.4 is vastly different, and
> really should be seen and considered as a whole new
> web server.
I suspect there will always be a “new hotness” around that competes with attention, while projects like the Linux kernel and httpd endure.
For me, httpd is a tank. In production it plows through everything, and just doesn’t break, no matter how much punishment you put it under. When a need comes up to perform a task, that functionality is probably already there, meaning there is no need to switch software stacks or go without. In addition, httpd’s technical documentation was and still is one of the best examples of “properly done” documentation in any project anywhere. I put a lot of effort last year closing the last protocol violations that Co-Advisor was reporting for httpd trunk, so HTTP protocol weirdness is less likely to be encountered.
People obsess about speed until their first outage, then with the honeymoon over they switch to reliability as a focus. As long as httpd maintains it’s reliability, I don’t think we’ll be going anywhere any time soon.
Regards,
Graham
—
Re: ApacheCon Austin, httpd track
Posted by Jim Jagielski <ji...@jaguNET.com>.
The idea is that being a project with a long, long history,
httpd has the unfortunate reputation of being old, slow,
and basically, not the new hotness. So even though the
project has been around, 2.4 is vastly different, and
really should be seen and considered as a whole new
web server.
> On Nov 30, 2014, at 11:13 AM, Rich Bowen <rb...@rcbowen.com> wrote:
>
>
> On Nov 29, 2014 9:45 AM, "Jim Jagielski" <ji...@jagunet.com> wrote:
> >
> > I'd like to submit something like "This ain't your Daddy's Apache!"...
>
> Does that replace one of the ones already listed or is that a new item?
>
>
> > > On Nov 26, 2014, at 1:04 PM, Eric Covener <co...@gmail.com> wrote:
> > >
> > >>
> > >> I've started an doc at
> > >> https://docs.google.com/document/d/11oh1CQEwgxvV_xM92kQyRP8HuI92VHuN5znNz-5-Qwg/edit?usp=sharing
> > >> and I'm hoping that we can collaborate on what talks need to be in a
> > >> comprehensive httpd track, what order they should be in, and then hunt down
> > >> the people that should be giving those talks.
> > >
> > > Thanks for kickstarting -- I added a very simple bullet for "What’s
> > > (still new) in 2.4"
> >
Re: ApacheCon Austin, httpd track
Posted by Rich Bowen <rb...@rcbowen.com>.
On Nov 29, 2014 9:45 AM, "Jim Jagielski" <ji...@jagunet.com> wrote:
>
> I'd like to submit something like "This ain't your Daddy's Apache!"...
Does that replace one of the ones already listed or is that a new item?
> > On Nov 26, 2014, at 1:04 PM, Eric Covener <co...@gmail.com> wrote:
> >
> >>
> >> I've started an doc at
> >>
https://docs.google.com/document/d/11oh1CQEwgxvV_xM92kQyRP8HuI92VHuN5znNz-5-Qwg/edit?usp=sharing
> >> and I'm hoping that we can collaborate on what talks need to be in a
> >> comprehensive httpd track, what order they should be in, and then hunt
down
> >> the people that should be giving those talks.
> >
> > Thanks for kickstarting -- I added a very simple bullet for "What’s
> > (still new) in 2.4"
>
Re: ApacheCon Austin, httpd track
Posted by Jim Jagielski <ji...@jaguNET.com>.
I'd like to submit something like "This ain't your Daddy's Apache!"...
> On Nov 26, 2014, at 1:04 PM, Eric Covener <co...@gmail.com> wrote:
>
>>
>> I've started an doc at
>> https://docs.google.com/document/d/11oh1CQEwgxvV_xM92kQyRP8HuI92VHuN5znNz-5-Qwg/edit?usp=sharing
>> and I'm hoping that we can collaborate on what talks need to be in a
>> comprehensive httpd track, what order they should be in, and then hunt down
>> the people that should be giving those talks.
>
> Thanks for kickstarting -- I added a very simple bullet for "What’s
> (still new) in 2.4"
Re: ApacheCon Austin, httpd track
Posted by Eric Covener <co...@gmail.com>.
>
> I've started an doc at
> https://docs.google.com/document/d/11oh1CQEwgxvV_xM92kQyRP8HuI92VHuN5znNz-5-Qwg/edit?usp=sharing
> and I'm hoping that we can collaborate on what talks need to be in a
> comprehensive httpd track, what order they should be in, and then hunt down
> the people that should be giving those talks.
Thanks for kickstarting -- I added a very simple bullet for "What’s
(still new) in 2.4"
Re: ApacheCon Austin, httpd track
Posted by Jim Jagielski <ji...@jaguNET.com>.
I've updated the gdoc as "proxying and load balancing"
> On Dec 1, 2014, at 8:15 PM, Daniel Ruggeri <DR...@primary.net> wrote:
>
> On 11/30/2014 11:08 AM, Jeff Trawick wrote:
>> * deploying Python web apps under uWSGI behind mod_proxy_fcgi/scgi
>> (some material
>> here: http://emptyhammock.com/projects/info/pyweb/index.html)
>> * a debugging tricks talk I've given a few times (relatively minor
>> updates from the last North America AC)
>> * drastically updated (rewritten) version of an old
>> capacity-tuning-and-performance talk I gave at a Sun conference in
>> 2009
>> (https://blogs.oracle.com/trawick/resource/DeepDive/WebStackDeepDiveApache.pdf)
>
> Similarly, I'm always up for giving my proxy talk if it's welcome (after
> the first day since I can't make it until Tues). If we think proxy is a
> big topic, we ought to arrange for a general overview like my proxy talk
> followed by more specific deep dives such as what Jeff mentions here and
> a session on new sexiness like WebSockets. Tuning for throughput is also
> an interesting topic and in line with the conversations lately (Re:
> commercial support).
>
> A side note on SSL/security: I had the idea a few years back that there
> is probably enough content to do a "here is 5 minutes about how to
> configure SSL in httpd" and then 50 minutes of other important security
> topics (What Ciphers should I enable? Should I use SSLv3 any more? How
> to treat my keys and what the hell is an HSM anyway? Passphrase
> encrypted keys or not? Should I trust my distro's build?). Thoughts are
> welcome on that topic... not sure if I'm overly paranoid or if these are
> things that people actually want to hear?
>
> --
> Daniel Ruggeri
>
Re: ApacheCon Austin, httpd track
Posted by Graham Leggett <mi...@sharp.fm>.
On 02 Dec 2014, at 4:29 PM, Rich Bowen <rb...@rcbowen.com> wrote:
> Given the focus on SSL in the last year, I think that a talk exactly like that would be appreciated, and could even be a great talk to use to market the track as a whole. I think a lot of people are waking up to the fact that they have no idea what SSL/TLS actually is, and some in-depth teaching on it seems like it would be welcome.
An SSL/TLS track would be an excellent idea.
There is a significant amount of anti-security sentiment out there, ranging from managers switching it off because they don’t know what it is for, developers complaining that it’s “too hard”, through to technical people actively evangelising against using SSL/TLS because it is perceived to be inconvenient.
Regards,
Graham
—
Re: ApacheCon Austin, httpd track
Posted by Tim Bannister <is...@c8h10n4o2.org.uk>.
On 3 Dec 2014, at 16:00, Rich Bowen <rb...@rcbowen.com> wrote:
>
> If this content can be put into a half-day three-talk series, where each talk stands alone or works in concert, that would be ideal. Do you think that we can put together like that? Any chance we could even persuade one of the OpenSSL folks to come for that? Anyone have any contacts there?
A day on SSL/TLS could and perhaps should cover both OpenSSL and GnuTLS.
--
Tim Bannister – isoma@c8h10n4o2.org.uk
Re: ApacheCon Austin, httpd track
Posted by Rich Bowen <rb...@rcbowen.com>.
On 12/02/2014 03:51 PM, wrowe@rowe-clan.net wrote:
> Rich raises a great point - you could probably even propose a full half
> day training, and spend a bit of time on configuring different ASF projects
> (e.g. httpd, Tomcat) while aiming squarely at the state of SSL cryptography
> itself. I'm certain that class would get some nice registration numbers.
FYI, we're planning to drop training/tutorial kind of sessions for this
event. They have consistently been a huge logistical nightmare, and we
always end up canceling (optimistically) 3/4 of them due to poor
attendance numbers. They're a huge hassle for the people that have to
plan the content and then not give the talk. They're a huge hassle to
have to notify people that the tutorial they signed up for has been
canceled. And they're a hassle trying to get the space for a talk that
may or may not happen.
If this content can be put into a half-day three-talk series, where each
talk stands alone or works in concert, that would be ideal. Do you think
that we can put together like that? Any chance we could even persuade
one of the OpenSSL folks to come for that? Anyone have any contacts there?
--Rich
--
Rich Bowen - rbowen@rcbowen.com - @rbowen
http://apachecon.com/ - @apachecon
RE: Re: ApacheCon Austin, httpd track
Posted by wr...@rowe-clan.net.
--------- Original Message --------- Subject: Re: ApacheCon Austin, httpd track
From: "Rich Bowen" <rb...@rcbowen.com>
Date: 12/2/14 8:29 am
To: dev@httpd.apache.org
On 12/01/2014 08:15 PM, Daniel Ruggeri wrote:
> A side note on SSL/security: I had the idea a few years back that there
> is probably enough content to do a "here is 5 minutes about how to
> configure SSL in httpd" and then 50 minutes of other important security
> topics (What Ciphers should I enable? Should I use SSLv3 any more? How
> to treat my keys and what the hell is an HSM anyway? Passphrase
> encrypted keys or not? Should I trust my distro's build?). Thoughts are
> welcome on that topic... not sure if I'm overly paranoid or if these are
> things that people actually want to hear?
Given the focus on SSL in the last year, I think that a talk exactly
like that would be appreciated, and could even be a great talk to use to
market the track as a whole. I think a lot of people are waking up to
the fact that they have no idea what SSL/TLS actually is, and some
in-depth teaching on it seems like it would be welcome.
Rich raises a great point - you could probably even propose a full half
day training, and spend a bit of time on configuring different ASF projects
(e.g. httpd, Tomcat) while aiming squarely at the state of SSL cryptography
itself. I'm certain that class would get some nice registration numbers.
Re: ApacheCon Austin, httpd track
Posted by Rich Bowen <rb...@rcbowen.com>.
On 12/01/2014 08:15 PM, Daniel Ruggeri wrote:
> A side note on SSL/security: I had the idea a few years back that there
> is probably enough content to do a "here is 5 minutes about how to
> configure SSL in httpd" and then 50 minutes of other important security
> topics (What Ciphers should I enable? Should I use SSLv3 any more? How
> to treat my keys and what the hell is an HSM anyway? Passphrase
> encrypted keys or not? Should I trust my distro's build?). Thoughts are
> welcome on that topic... not sure if I'm overly paranoid or if these are
> things that people actually want to hear?
Given the focus on SSL in the last year, I think that a talk exactly
like that would be appreciated, and could even be a great talk to use to
market the track as a whole. I think a lot of people are waking up to
the fact that they have no idea what SSL/TLS actually is, and some
in-depth teaching on it seems like it would be welcome.
--Rich
--
Rich Bowen - rbowen@rcbowen.com - @rbowen
http://apachecon.com/ - @apachecon
Re: ApacheCon Austin, httpd track
Posted by Rich Bowen <rb...@rcbowen.com>.
On 12/02/2014 04:14 PM, Jim Riggs wrote:
> On 11/30/2014 11:08 AM, Jeff Trawick wrote:
>> * deploying Python web apps under uWSGI behind mod_proxy_fcgi/scgi
>> (some material
>> here: http://emptyhammock.com/projects/info/pyweb/index.html)
>
>
> On 1 Dec 2014, at 19:15, Daniel Ruggeri <DR...@primary.net> wrote:
>> Similarly, I'm always up for giving my proxy talk if it's welcome (after
>> the first day since I can't make it until Tues). If we think proxy is a
>> big topic, we ought to arrange for a general overview like my proxy talk
>> followed by more specific deep dives such as what Jeff mentions here and
>> a session on new sexiness like WebSockets.
>
>
> Picking up on what Jeff and Daniel are saying, I think some focus on the powerful things mod_proxy_* can do would be really useful.
>
> One particular thought that has been in the back of my head for some time is a "Begone libphp5.so!" talk. For better or worse, PHP is still around and will be for some time, but it is time to get it out of the web server and treat it like the application/backend it is for both security and resource-usage reasons. mod_proxy_fcgi + php-fpm is a really elegant, simple solution to make this happen, but I have found a lot of devs and admins who just aren't even aware of this configuration possibility. (I have explained it to several people at ApacheCon NAs over the past couple of years.) I've actually been using a backported mod_proxy_fcgi in 2.2 for just this purpose for a few years in production.
>
> That's certainly a talk I would be willing to give if there is interest.
>
> P.S. mod_proxy_balancer -> mod_proxy_fcgi -> php-fpm is really fun and interesting too! ;-)
>
Awesome. I'll put you down for a php-fpm talk. :-)
So, the next step, now that we have a pretty good track roughed in, is
that people actually start submitting the talk abstracts to go along
with it. It would be great if this didn't get left to the last minute,
so that we can actually start doing some track publicity sooner rather
than later.
Thanks for the great discussion, folks!
--Rich
--
Rich Bowen - rbowen@rcbowen.com - @rbowen
http://apachecon.com/ - @apachecon
Re: ApacheCon Austin, httpd track
Posted by Rich Bowen <rb...@rcbowen.com>.
On 12/04/2014 10:23 AM, Jeff Trawick wrote:
> Besides searching through Bugzilla and summarizing each mod_proxy_fcgi
> bug and ranking by apparent severity, number of users involved in the
> bug discussion, etc., what else should I put on a Wiki page? E.g., do
> you have an idea of what needs to be improved in the doc?
Some howto kinds of docs on setting up various important things (php,
python) to run under the various flavors of fcgi would be awesome. It's
all a bit word of mouth at the moment.
--
Rich Bowen - rbowen@rcbowen.com - @rbowen
http://apachecon.com/ - @apachecon
Re: ApacheCon Austin, httpd track
Posted by Jeff Trawick <tr...@gmail.com>.
On Thu, Dec 4, 2014 at 9:58 AM, Eric Covener <co...@gmail.com> wrote:
> On Tue, Dec 2, 2014 at 4:14 PM, Jim Riggs <ap...@riggs.me> wrote:
> > P.S. mod_proxy_balancer -> mod_proxy_fcgi -> php-fpm is really fun and
> interesting too! ;-)
>
> mod_proxy_fcgi seems to need a bit of work from what I have been
> seeing in bugzilla and IRC. I hope to spend a little time on the code
> and doc, but not being an actual user of it I don't know how far I
> will really get before being distracted.
>
This is very important stuff IMO.
I know we don't do the coordination thing around here, but if the work was
organized to some extent, perhaps 3-4 people could easily share the work???
(bite sized chunks of the development: simple reproducers, doc, code,
review, whatever)
Besides searching through Bugzilla and summarizing each mod_proxy_fcgi bug
and ranking by apparent severity, number of users involved in the bug
discussion, etc., what else should I put on a Wiki page? E.g., do you have
an idea of what needs to be improved in the doc?
--
Born in Roswell... married an alien...
http://emptyhammock.com/
Re: ApacheCon Austin, httpd track
Posted by Eric Covener <co...@gmail.com>.
On Tue, Dec 2, 2014 at 4:14 PM, Jim Riggs <ap...@riggs.me> wrote:
> P.S. mod_proxy_balancer -> mod_proxy_fcgi -> php-fpm is really fun and interesting too! ;-)
mod_proxy_fcgi seems to need a bit of work from what I have been
seeing in bugzilla and IRC. I hope to spend a little time on the code
and doc, but not being an actual user of it I don't know how far I
will really get before being distracted.
Re: ApacheCon Austin, httpd track
Posted by Jim Riggs <ap...@riggs.me>.
On 11/30/2014 11:08 AM, Jeff Trawick wrote:
> * deploying Python web apps under uWSGI behind mod_proxy_fcgi/scgi
> (some material
> here: http://emptyhammock.com/projects/info/pyweb/index.html)
On 1 Dec 2014, at 19:15, Daniel Ruggeri <DR...@primary.net> wrote:
> Similarly, I'm always up for giving my proxy talk if it's welcome (after
> the first day since I can't make it until Tues). If we think proxy is a
> big topic, we ought to arrange for a general overview like my proxy talk
> followed by more specific deep dives such as what Jeff mentions here and
> a session on new sexiness like WebSockets.
Picking up on what Jeff and Daniel are saying, I think some focus on the powerful things mod_proxy_* can do would be really useful.
One particular thought that has been in the back of my head for some time is a "Begone libphp5.so!" talk. For better or worse, PHP is still around and will be for some time, but it is time to get it out of the web server and treat it like the application/backend it is for both security and resource-usage reasons. mod_proxy_fcgi + php-fpm is a really elegant, simple solution to make this happen, but I have found a lot of devs and admins who just aren't even aware of this configuration possibility. (I have explained it to several people at ApacheCon NAs over the past couple of years.) I've actually been using a backported mod_proxy_fcgi in 2.2 for just this purpose for a few years in production.
That's certainly a talk I would be willing to give if there is interest.
P.S. mod_proxy_balancer -> mod_proxy_fcgi -> php-fpm is really fun and interesting too! ;-)
Re: ApacheCon Austin, httpd track
Posted by Daniel Ruggeri <DR...@primary.net>.
On 11/30/2014 11:08 AM, Jeff Trawick wrote:
> * deploying Python web apps under uWSGI behind mod_proxy_fcgi/scgi
> (some material
> here: http://emptyhammock.com/projects/info/pyweb/index.html)
> * a debugging tricks talk I've given a few times (relatively minor
> updates from the last North America AC)
> * drastically updated (rewritten) version of an old
> capacity-tuning-and-performance talk I gave at a Sun conference in
> 2009
> (https://blogs.oracle.com/trawick/resource/DeepDive/WebStackDeepDiveApache.pdf)
Similarly, I'm always up for giving my proxy talk if it's welcome (after
the first day since I can't make it until Tues). If we think proxy is a
big topic, we ought to arrange for a general overview like my proxy talk
followed by more specific deep dives such as what Jeff mentions here and
a session on new sexiness like WebSockets. Tuning for throughput is also
an interesting topic and in line with the conversations lately (Re:
commercial support).
A side note on SSL/security: I had the idea a few years back that there
is probably enough content to do a "here is 5 minutes about how to
configure SSL in httpd" and then 50 minutes of other important security
topics (What Ciphers should I enable? Should I use SSLv3 any more? How
to treat my keys and what the hell is an HSM anyway? Passphrase
encrypted keys or not? Should I trust my distro's build?). Thoughts are
welcome on that topic... not sure if I'm overly paranoid or if these are
things that people actually want to hear?
--
Daniel Ruggeri
Re: ApacheCon Austin, httpd track
Posted by Jeff Trawick <tr...@gmail.com>.
On Wed, Nov 26, 2014 at 12:43 PM, Rich Bowen <rb...@rcbowen.com> wrote:
> As I mentioned a few months ago, ApacheCon Austin will be the 20th
> anniversary of the first release of the Apache HTTP server. The plan is to
> make a big deal of this at the conference, and I'm hoping that we can have
> a strong httpd track to go along with this.
>
> For ApacheCon Europe, several projects (notably, OFBiz) put together what
> they thought would be an ideal track, and then solicited speakers for
> individual talks in that track, and that worked really well. I'm hoping we
> can do a similar thing for Austin, and, in particular, I'm hoping that I
> don't end up giving half the talks in the track. :-)
>
> I've started an doc at https://docs.google.com/document/d/11oh1CQEwgxvV_
> xM92kQyRP8HuI92VHuN5znNz-5-Qwg/edit?usp=sharing and I'm hoping that we
> can collaborate on what talks need to be in a comprehensive httpd track,
> what order they should be in, and then hunt down the people that should be
> giving those talks.
>
> Thanks for any help you can give towards this.
>
> --Rich
>
> --
> Rich Bowen - rbowen@rcbowen.com - @rbowen
> http://apachecon.com/ - @apachecon
>
I've given some thought to proposing one of the following talks:
* deploying Python web apps under uWSGI behind mod_proxy_fcgi/scgi (some
material here: http://emptyhammock.com/projects/info/pyweb/index.html)
* a debugging tricks talk I've given a few times (relatively minor updates
from the last North America AC)
* drastically updated (rewritten) version of an old
capacity-tuning-and-performance talk I gave at a Sun conference in 2009 (
https://blogs.oracle.com/trawick/resource/DeepDive/WebStackDeepDiveApache.pdf
)
Speak up if one of these seems more helpful to the overall track.
--
Born in Roswell... married an alien...
http://emptyhammock.com/
Re: ApacheCon Austin, httpd track
Posted by Rich Bowen <rb...@rcbowen.com>.
On 11/26/2014 12:43 PM, Rich Bowen wrote:
> As I mentioned a few months ago, ApacheCon Austin will be the 20th
> anniversary of the first release of the Apache HTTP server. The plan is
> to make a big deal of this at the conference, and I'm hoping that we can
> have a strong httpd track to go along with this.
>
> For ApacheCon Europe, several projects (notably, OFBiz) put together
> what they thought would be an ideal track, and then solicited speakers
> for individual talks in that track, and that worked really well. I'm
> hoping we can do a similar thing for Austin, and, in particular, I'm
> hoping that I don't end up giving half the talks in the track. :-)
>
> I've started an doc at
> https://docs.google.com/document/d/11oh1CQEwgxvV_xM92kQyRP8HuI92VHuN5znNz-5-Qwg/edit?usp=sharing
> and I'm hoping that we can collaborate on what talks need to be in a
> comprehensive httpd track, what order they should be in, and then hunt
> down the people that should be giving those talks.
>
> Thanks for any help you can give towards this.
So, we're down to the last month of the CFP, and I've yet to see most of
this content appear in the proposed papers. I wonder if folks can take a
look back over this conversation, and either submit the talks that
you've suggested, or bug someone who might be able/willing to give the
talk in Austin.
The above Google doc is still open for suggestions and edits, as well as
for listing the URL of the talk(s) you have proposed.
I'd really like to have two days of content (that's either 12 or 11
talks, depending on which days we go with) and I'm confident that
there's that much content out there, but getting people to present it is
harder than it once was. I could really use your help.
--Rich
--
Rich Bowen - rbowen@rcbowen.com - @rbowen
http://apachecon.com/ - @apachecon