46 comments

[ 3.3 ms ] story [ 114 ms ] thread
[flagged]
Because they keep rules you obviously don’t understand and know
Whats wrong with that? I find it convenient to read with less.
Well, for one, in a mobile screen I can understand the difference between line wraps and new lines.
To be a bit less vitrolic than other comments.

The link is to a plain text file.

The indentation is formatting to give a clear delineation between various sections, such as each feature/fix/item of the changelog. Which makes it easier to read rather a run along blob of text with no clear markers.

You see this same indentation with un/ordered lists in HTML or word documents.

I'm surprised people still actively use it and it seems on par with nginx, at least according to https://www.netcraft.com/blog/january-2023-web-server-survey...
I'm surprised you're surprised. It's a good web server.
I'm surprised HN hasn't added a feature where if you start a comment with "I'm surprised" it asks you to tick a box to confirm that you're really sure you're contributing to the discussion.
Usually when I’m surprised about something, I realize that I am uninformed or out of touch.
I am strongly in favor of this. I would also like HN to implement a warning that your comment may be extremely uninteresting if it starts out with, "Unfortunately..." or, "Can we all just agree that..."
Also some of the snide comments beginning with “lol” and “I didn’t ask you”.
Why surprised? It's rock solid, stable, fast, and does pretty much everything you need, and nothing is hidden behind premium tiers, unlike nginx where they leave bugs and awful behaviour in the open source version that aren't in the premium ones (e.g. nginx used to only resolve hostname entries on start-up, https://forum.nginx.org/read.php?2,215830,215832#msg-215832, so if you used a hostname in proxy_pass, and the DNS changed, oops sorry. Actual honouring of DNS TTLs used to be a premium only feature)
I love apache as much as anyone, cut my teeth with it and still work with it plenty.

It doesn’t strike me as odd to question its fit for people who have more experience with containers. If there’s a reverse proxy in the front, one may just need business logic in the back.

>If there’s a reverse proxy in the front, one may just need business logic in the back.

I'm trying to imagine what that haircut would look like

Walk into your nearest Hot Topic.
Full disclosure: I haven't cut my hair in awhile. It may be influencing my architecture decisions at this point.
I am actively trying to remove apache from a large chunk of projects mainly because at this point it is being used as a poor reverse proxy and not a web server which is its core competency.
Actually, its reverse proxy implementation is quite capable and performant.
I run all my microservices and web sites in containers behind Apache. It's not required to use any specific reverse proxy, nginx is Russian made, like Jetbrains' products so Google pushes them and that's why under-educated milenials assume nginx is the only reverse proxy on Earth.
Why do you believe Google "pushes" Russian software? That seems odd.
I guess referring to conspiracy theories is one way of evaluating software.
I wonder what "other" is and how it suddenly shot up while Apache was suddenly going down.
It's still in most distros default repos, unlike things like caddy, and also supports features like mod_ldap out of the box without enterprise, like nginx. If you just need a simple web server, potentially with some auth even for static files its a no brainier default for internal projects.
Is HTTP/2 just too complex for a mere mortal to implement?
Sounds like the OAuth2 spec.
Well have you seen oauth1? So much trouble to be able to support non-secure HTTP.
I'm on a project where OAuth 2.0 will be implemented. Please send help.
I don't think this has too much to do with the spec and more about discovering and preventing DoS vectors.
Also HAProxy managed to predict and mitigate this issue 5 years ago.
(comment deleted)
No, but QUIC definitely falls in the overly complicated category, spanning multiple, large RFCs.

This attack is just about failing to enforce the negotiated parameters during the start phase of the connection.

Wait till you see the TCP RFCs…
I guess it helps that TCP is usually covered to some extent in an undergrad course, and also that it's unencrypted.
"The early Apache server was a big hit, but we all knew that the codebase needed a general overhaul and redesign."

From the README of the apache_1.3.0 distribution (April 1998) https://archive.apache.org/dist/httpd/

Love this project. It changed the world and it still goes strong. The closest to "forever software"?

A Patchy Server has come such a long way.
Surprising to see stuff like this included in a patch release:

    core: Updated conf/mime.types:
     - .js moved from 'application/javascript' to 'text/javascript'
That’s probably going to break something for somebody.