Interesting data point

[William A Rowe Jr <wr...@rowe-clan.net>]

According to securityspace's October-November delta, nearly half a million
web hosts jumped to httpd 2.2.31 in the past month alone (almost entirely
from older 2.2.x servers) while 11k downgraded to an older 2.2 or upgraded
2.2.31 to 2.4.x.

Half a million in 31 days?  This is triple the 2.2.31 adoption from the
Sept time-frame.

http://www.securityspace.com/s_survey/data/man.201510/srvch.html?server=Apache&revision=Apache%2F2.2.31

The httpd 2.4.12 - 2.4.17 series experienced about 142k upgrades vs. 16k
downgrades over the same period, and similar numbers in Sept-Oct.  Those
releases are essentially concurrent with the 2.2.31 release, and I didn't
look back into 2014's releases on either branch since 2.2.29 and 2.4.10 are
both over a year old.

Here are some tallies to give you a rough idea of what happened last month;
FromToFromTo2.2.x-2.2.314723592.2.312.4.x26972.4.x+2.2.3119162.2.312.2.x-
1634Other2.2.31246702.2.31Other6697498945110282.4.x-2.4.x613082.4.x2.4.x-800
2.2.x2.4.x419742.4.x2.2.x-2715Other2.4.x385992.4.xOther1238114188115896
Upgrades640826Downgrades26924

2.4.x refers to the 2.4.12 - 2.4.17 releases (past 12 mos,
the same basic lifespan as 2.2.31), but I tallied our earlier
2.4.x release counts for any +/- upgrade/downgrade deltas.
E.g. 2.2.4 -> 2.4.7 isn't counted anywhere, but 2.4.16 -> 2.4.7
is counted as a 2.4.x- downgrade.  I counted 2.4.12 -> 2.4.16
only once, in the 2.4.x+ upgrade tally.

2.2.x refers to 2.2 flavors prior to 2.2.31, but .31 is tallied
but I tallied 2.2.31 into +/- upgrade/downgrade deltas.
I did re-count 2.4.x+ -> 2.2.31 conversion in the 2.4.x -> 2.2.x-
downgrade tally.

"Other" may be pre-2.4.x, or a non-specific Apache/2 Server string,
or too small a proportion to call out individually.

On the one hand, I'm ecstatic that users are clearly upgrading at
maybe the fastest pace in forever.  On the other hand, I am stuck
wondering how we have made the 2.4.x transition effectively 3x
harder than upgrading within the 2.2 lineage, and puzzling over
what we can improve as a project to ease this transition for millions
of deployed 2.2.x instances.

Re: Interesting data point

[Jacob Champion <ch...@gmail.com>]

On 11/12/2015 12:35 AM, William A Rowe Jr wrote:
> If it is that easy to move 202k sites (111k net) to an entirely
> different server, it is supposed to be much simpler for the users to
> move within the same server - from their 2.2.x to 2.4.current, isn't
> it?  And if it is that easy to move away, then for 2.2 to 2.4 migration
> to continue to be painful will surely hurt httpd adoption, down the road.

I think this oversimplifies things. In my experience the decision to 
switch servers or upgrade versions involves a lot more than how "easy" 
or "hard" the upgrade is.

If (hypothetically) nginx meets a new use case that Apache doesn't, it 
doesn't matter how much easier it would have been to upgrade Apache. I'm 
going to switch straight from Apache 2.2 to nginx, even if it's very 
difficult to do.

If I am perfectly happy (or more appropriately: my management chain is 
perfectly happy) with Apache 2.2, it doesn't matter how easy or hard it 
is to switch to 2.4. I'm not going to spend any money/effort to switch; 
I'm just going to follow the 2.2.x line. (And it looks like 2.2.31 added 
a lot of great functionality.)

So I don't want to downplay your comment -- you may be absolutely 
correct, and maybe it is hard to upgrade -- but adoption numbers alone 
don't necessarily tell you much about the *difficulty* of said adoption. 
It probably tells you more about the user-perceived bang for buck.

--Jacob

Re: Interesting data point

[William A Rowe Jr <wr...@rowe-clan.net>]

Indeed Frederik and Eric,

I looked this morning and only OpenSUSE.latest and FreeBSD.latest appear to
include one of the versions current over the past year.  Others are
shipping older (often much older) 2.2/2.4 versions.

So all but a handful of the numbers cited were for admins 'going it on
their own' from source or third parties, very few using distribution
packages at all.  Similarly, changing server products altogether is a
manually intensive exercise.
On Nov 12, 2015 08:56, "Frederik Nosi" <fr...@postecom.it> wrote:

> Hi,
>
> On 11/12/2015 03:17 PM, Eric Covener wrote:
>
>> On Thu, Nov 12, 2015 at 3:35 AM, William A Rowe Jr <wr...@rowe-clan.net>
>> wrote:
>>
>>> If it is that easy to move 202k sites (111k net) to an entirely different
>>> server, it is supposed to be much simpler for the users to move within
>>> the
>>> same server - from their 2.2.x to 2.4.current, isn't it?  And if it is
>>> that
>>> easy to move away, then for 2.2 to 2.4 migration to continue to be
>>> painful
>>> will surely hurt httpd adoption, down the road.
>>>
>> I don't think the numbers necessarily speak to the difficulty in
>> upgrading (or switching).  There are
>> some people who won't switch until absolutely forced, and others who
>> have new requirements
>> or are just more liberal in making a change.
>>
>> I personally do not really see a lot of bad feedback about 2.2 to 2.4
>> migration. Maybe there would be a good perspective from e.g. one of
>> the debian maintainers, because their users in some way would have
>> been "forcibly" dragged though it to stay current on the OS.
>>
> In my experience, it's not the apache upgrade difficulty per se, but the
> fact that a lot of people using RHEL / SLES have yet to upgrade to their
> latest versions (RHEL 7 / SLES 12) which include Apache 2.4
>

Re: Interesting data point

[Frederik Nosi <fr...@postecom.it>]

Hi,

On 11/12/2015 03:17 PM, Eric Covener wrote:
> On Thu, Nov 12, 2015 at 3:35 AM, William A Rowe Jr <wr...@rowe-clan.net> wrote:
>> If it is that easy to move 202k sites (111k net) to an entirely different
>> server, it is supposed to be much simpler for the users to move within the
>> same server - from their 2.2.x to 2.4.current, isn't it?  And if it is that
>> easy to move away, then for 2.2 to 2.4 migration to continue to be painful
>> will surely hurt httpd adoption, down the road.
> I don't think the numbers necessarily speak to the difficulty in
> upgrading (or switching).  There are
> some people who won't switch until absolutely forced, and others who
> have new requirements
> or are just more liberal in making a change.
>
> I personally do not really see a lot of bad feedback about 2.2 to 2.4
> migration. Maybe there would be a good perspective from e.g. one of
> the debian maintainers, because their users in some way would have
> been "forcibly" dragged though it to stay current on the OS.
In my experience, it's not the apache upgrade difficulty per se, but the 
fact that a lot of people using RHEL / SLES have yet to upgrade to their 
latest versions (RHEL 7 / SLES 12) which include Apache 2.4

Re: Interesting data point

[Eric Covener <co...@gmail.com>]

On Thu, Nov 12, 2015 at 3:35 AM, William A Rowe Jr <wr...@rowe-clan.net> wrote:
> If it is that easy to move 202k sites (111k net) to an entirely different
> server, it is supposed to be much simpler for the users to move within the
> same server - from their 2.2.x to 2.4.current, isn't it?  And if it is that
> easy to move away, then for 2.2 to 2.4 migration to continue to be painful
> will surely hurt httpd adoption, down the road.

I don't think the numbers necessarily speak to the difficulty in
upgrading (or switching).  There are
some people who won't switch until absolutely forced, and others who
have new requirements
or are just more liberal in making a change.

I personally do not really see a lot of bad feedback about 2.2 to 2.4
migration. Maybe there would be a good perspective from e.g. one of
the debian maintainers, because their users in some way would have
been "forcibly" dragged though it to stay current on the OS.

Re: Interesting data point

[William A Rowe Jr <wr...@rowe-clan.net>]

On Thu, Nov 12, 2015 at 2:00 AM, William A Rowe Jr <wr...@rowe-clan.net>
wrote:

> According to securityspace's October-November delta, nearly half a million
> web hosts jumped to httpd 2.2.31 in the past month alone (almost entirely
> from older 2.2.x servers) while 11k downgraded to an older 2.2 or upgraded
> 2.2.31 to 2.4.x.
>
> Half a million in 31 days?  This is triple the 2.2.31 adoption from the
> Sept time-frame.
>
>
> http://www.securityspace.com/s_survey/data/man.201510/srvch.html?server=Apache&revision=Apache%2F2.2.31
>
> The httpd 2.4.12 - 2.4.17 series experienced about 142k upgrades vs. 16k
> downgrades over the same period, and similar numbers in Sept-Oct.  Those
> releases are essentially concurrent with the 2.2.31 release, and I didn't
> look back into 2014's releases on either branch since 2.2.29 and 2.4.10 are
> both over a year old.
>
This might be easier to follow as a graphic, here is the overall adoption
of 2.2.29 and .31, along with 2.4.10 and later;

http://s.apache.org/FXM

Consider that this all ignores the users who latch onto their OS
distributor - who had 'locked' on 2.2 and 2.4 releases long ago, and whose
users are only going to pick up a new httpd when their distributor ships
it.  What I believe we are looking at is honest-to-goodness sysadmins who
push out "their own choice" of httpd onto their machines.

> On the one hand, I'm ecstatic that users are clearly upgrading at maybe
> the fastest pace in forever.  On the other hand, I am stuck wondering how
> we have made the 2.4.x transition effectively 3x harder than upgrading
> within the 2.2 lineage, and puzzling over what we can improve as a project
> to ease this transition for millions of deployed 2.2.x instances.
>
And before the inevitable laments begin that we chose to ship a 2.2.31
release...

Same time period, 201,907 sites adopted nginx in lieu of Apache, while
90,997 left nginx for Apache, with a net deficit of 111k sites moving to
'something else'.

If it is that easy to move 202k sites (111k net) to an entirely different
server, it is supposed to be much simpler for the users to move within the
same server - from their 2.2.x to 2.4.current, isn't it?  And if it is that
easy to move away, then for 2.2 to 2.4 migration to continue to be painful
will surely hurt httpd adoption, down the road.