The Apache Software Foundation Blog

Friday November 17, 2017

The Apache News Round-up: week ending 17 November 2017

Happy Friday, everyone! Let's review what the Apache community at-large has been up to over the past week:

ASF Board –management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 20 December. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ASF Infrastructure –our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield brilliant performance at 99.69% uptime http://status.apache.org/

ASF Operations Factoid –this week, 180 Apache contributors changed 314,925 lines of code over 965 commits. Top 5 contributors, in order, are: Stephen Mallette, Gary Gregory, Dusan Balek,Tilman Hausherr, and Ravindra Pesala.

Apache Bigtop™ –Big Data management platform.
 - Apache Bigtop 1.2.1 released http://bigtop.apache.org/

Apache CXF™ –an Open Source services framework that helps you build and develop services using frontend programming APIs like JAX-WS and JAX-RS.
 - New security advisory CVE-2017-12624 released for Apache CXF http://mail-archives.apache.org/mod_mbox/www-announce/201711.mbox/%3CCAB8XdGBgipTU4-ajO0j8Khi67kziTcTqwCQbCcpRicGLd81dNA%40mail.gmail.com%3E

Apache Groovy™ –a multi-facet programming language for the JVM.
 - Apache Groovy 2.6.0-alpha-2 released https://groovy.apache.org/

Apache Jackrabbit™ –a scalable, high-performance hierarchical content repository designed for use as the foundation of modern world-class Web sites and other demanding content applications.
 - Apache Jackrabbit 2.15.8 and Jackrabbit Oak 1.7.11 released http://jackrabbit.apache.org/

Apache Mnemonic (incubating) –an Open Source Java-based storage-class memory oriented durable object platform for linked objects processing and analytics.
 - Apache Mnemonic-0.10.0-incubating released

Apache Phoenix™ –enables OLTP and SQL-based operational analytics for Apache Hadoop.
 - Apache Phoenix 4.13 released https://phoenix.apache.org/

Apache UIMA™ –a component architecture and framework for the analysis of unstructured content like text, video and audio data.
 - Apache UIMA Java SDK 3.0.0-beta and uimaFIT 2.4.0 released http://uima.apache.org

Apache ZooKeeper™ –a high-performance coordination service for distributed applications.
 - Apache ZooKeeper 3.4.11 released http://zookeeper.apache.org/

Did You Know?

 - Did you know that you can help test the Apache Struts 2.5.14 test build? https://lists.apache.org/thread.html/958bed42bb445caf1f4e80f1137ff315b70ea3299c5a765cccb9280a@%3Cdev.struts.apache.org%3E

 - Did you know that LinkedIn is leveraging Apache Calcite to provide richer operators in Dali (Data Access at LinkedIn) Views? http://calcite.apache.org/

 - Did you know that Archemy's ArchNav (extensible ontology-driven search engine and knowledge repository) uses Apache Fortress for security? http://directory.apache.org/fortress/


Apache Community Notices:

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

 - "Success at Apache" focuses on the processes behind why the ASF "just works". 1) Project Independence https://s.apache.org/CE0V 2) All Carrot and No Stick https://s.apache.org/ykoG 3) Asynchronous Decision Making https://s.apache.org/PMvk 4) Rule of the Makers https://s.apache.org/yFgQ 5) JFDI --the unconditional love of contributors https://s.apache.org/4pjM 6) Meritocracy and Me https://s.apache.org/tQQh 7) Learning to Build a Stronger Community https://s.apache.org/x9Be 8) Meritocracy. https://s.apache.org/DiEo 9) Lowering Barriers to Open Innovation https://s.apache.org/dAlg 10) All My Roads Led to Apache https://s.apache.org/l9OO 11) Scratch Your Own Itch. https://s.apache.org/7Amk

 - Follow the ASF on social media: @TheASF on Twitter and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation (re-tweets/shares/likes most appreciated!)

 - Presentations from ApacheCon https://s.apache.org/Hli7 and Apache: Big Data https://s.apache.org/tefE are available; as well as videos https://s.apache.org/AE3m and audio recordings https://feathercast.apache.org/

 - Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/and Twitter account https://twitter.com/ApacheCommunity

 - The list of Apache project-related MeetUps can be found at http://apache.org/events/meetups.html

 - The ASF will be participating at China Open Source Conference COSCon '17 18-19 November in Shanghai http://www.huodongxing.com/go/coscon17

 - Apache community members share leadership best practices on Open Source governance, community leadership, open development, and more at FOSS Backstage in Berlin on 20 November 2017 https://berlinbuzzwords.de/17/news/foss-backstage-micro-summit-registration-open-now

 - Meet members of the Apache CloudStack community at the CloudStack European User Group on 21 November in Leipzig https://www.eventbrite.co.uk/e/cloudstack-european-user-group-tickets-38657799519?aff=estw

 - New to the Apache Subversion annual hackathon: a meet-and-greet event with the project Committers! Join us on 23 November in Aachen https://wiki.apache.org/subversion/Aachen2017MeetAndGreet

 - Members of the Apache community will be out in force at Open Source Summit Paris 6-7 December 2017 http://www.opensourcesummit.paris/

 - ASF Quarterly Report: Operations Summary Q1 FY2018 https://s.apache.org/cEUm

 - ASF Annual Report is available at https://s.apache.org/FY2017AnnualReport

 - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache HTTP Server, Avro, ComDev (community development), Directory, Incubator, OODT, POI, Polygene, Syncope, Tika, Trafodion, and more! https://helpwanted.apache.org/

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

# # #

Friday November 10, 2017

The Apache News Round-up: week ending 10 November 2017

And it's Friday already ... time flies when you're as productive as the Apache community! Here's what happened this week:

ASF Board –management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 15 November. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ASF Infrastructure –our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield astute performance at 99.19% uptime http://status.apache.org/

ASF Operations Factoid –this week, 422 Apache contributors changed 857,635 lines of code over 2,005 commits. Top 5 contributors, in order, are: Jian He, Mark Thomas, Tilman Hausherr, Svatopluk Dedic, and Carlos Sierra Andrés.

Apache Commons™ Lang –provides helper utilities for the java.lang API, notably String manipulation methods, basic numerical methods, object reflection, concurrency, creation and serialization and System properties.
 - Apache Commons Lang 3.7 released http://commons.apache.org/lang/

Apache CouchDB™ –pioneering Open Source database that scales from Big Data to Mobile.
 - Apache CouchDB 2.1.1 and 1.7.0 released http://couchdb.apache.org/

Apache Freemarker (incubating) –a Java library template engine to generate text output (HTML web pages, e-mails, configuration files, source code, etc.) based on templates and changing data.
 - Apache FreeMarker 2.3.27-incubating released http://freemarker.org/

Apache HttpComponents™ Core –a set of HTTP/1.1 and HTTP/2 transport components that can be used to build custom client and server side HTTP services with a minimal footprint.
 - HttpComponents Core 5.0 beta1 released http://hc.apache.org/

Apache Jena™ –a framework for developing Semantic Web and Linked Data applications in Java.
 - Apache Jena 3.5.0 released http://jena.apache.org/

Apache Kylin™ –an Open Source Distributed Analytics Engine designed to provide SQL interface and multi-dimensional analysis (OLAP) on Apache Hadoop, supporting extremely large datasets.
 - Apache Kylin 2.2.0 released https://kylin.apache.org/

Apache OpenMeetings™ –provides video conferencing, instant messaging, white board, collaborative document editing and other groupware tools using API functions of the Red5 Streaming Server for Remoting and Streaming.
 - Apache OpenMeetings 4.0.0 released http://openmeetings.apache.org

Apache Qpid™ –a messaging library for the Advanced Message Queuing Protocol 1.0 (AMQP 1.0, ISO/IEC 19464, http://www.amqp.org).
 - Apache Qpid Proton 0.18.1 and Qpid JMS 0.27.0 released http://qpid.apache.org/

Apache UIMA™ –a component architecture and framework for the analysis of unstructured content like text, video and audio data.
 - Apache UIMA Java SDK 2.10.2 released http://uima.apache.org

Did You Know?

 - Did you know that Apache Community Development (ComDev) issue a monthly blog? Catch up at https://s.apache.org/rE1T

 - Did you know that the Italian Army uses Apache Syncope for identity management? http://syncope.apache.org/

 - Did you know that the following Apache projects are celebrating anniversaries in November? Many happy returns to Apache Ant (15 yrs); Apache Labs (11 yrs); Apache HttpComponents (10 yrs); Apache Attic, Buildr, CouchDB, and Qpid (9 yrs); Apache Community Development (8 yrs); Apache OODT and ZooKeeper (7 yrs); Apache Kafka and Syncope (5 yrs); Apache Ambari and Marmotta (4 yrs); Apache BookKeeper, Drill, and MetaModel (3 yrs); Apache Brooklyn, Groovy, Kylin, and REEF (2 yrs); and Apache Geode (1 yr)!


Apache Community Notices:

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

 - "Success at Apache" focuses on the processes behind why the ASF "just works". 1) Project Independence https://s.apache.org/CE0V 2) All Carrot and No Stick https://s.apache.org/ykoG 3) Asynchronous Decision Making https://s.apache.org/PMvk4) Rule of the Makers https://s.apache.org/yFgQ 5) JFDI --the unconditional love of contributors https://s.apache.org/4pjM 6) Meritocracy and Me https://s.apache.org/tQQh 7) Learning to Build a Stronger Community https://s.apache.org/x9Be 8) Meritocracy. https://s.apache.org/DiEo 9) Lowering Barriers to Open Innovation https://s.apache.org/dAlg 10) All My Roads Led to Apache https://s.apache.org/l9OO 11) Scratch Your Own Itch. https://s.apache.org/7Amk

 - Follow the ASF on social media: @TheASF on Twitter and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation (re-tweets/shares/likes most appreciated!)

 - Presentations from ApacheCon https://s.apache.org/Hli7 and Apache: Big Data https://s.apache.org/tefE are available; as well as videos https://s.apache.org/AE3m and audio recordings https://feathercast.apache.org/

 - Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/and Twitter account https://twitter.com/ApacheCommunity

 - The list of Apache project-related MeetUps can be found at http://apache.org/events/meetups.html

 - The ASF will be participating at China Open Source Conference COSCon '17 18-19 November in Shanghai http://www.huodongxing.com/go/coscon17

 - Apache community members share leadership best practices on Open Source governance, community leadership, open development, and more at FOSS Backstage in Berlin on 20 November 2017 https://berlinbuzzwords.de/17/news/foss-backstage-micro-summit-registration-open-now

 - Meet members of the Apache CloudStack community at the CloudStack European User Group on 21 November in Leipzig https://www.eventbrite.co.uk/e/cloudstack-european-user-group-tickets-38657799519?aff=estw

 - Members of the Apache community will be out in force at Open Source Summit Paris 6-7 December 2017 http://www.opensourcesummit.paris/

 - ASF Quarterly Report: Operations Summary Q1 FY2018 https://s.apache.org/cEUm

 - ASF Annual Report is available at https://s.apache.org/FY2017AnnualReport

 - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache HTTP Server, Avro, ComDev (community development), Directory, Incubator, OODT, POI, Polygene, Syncope, Tika, Trafodion, and more! https://helpwanted.apache.org/

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

# # #

Friday November 03, 2017

The Apache News Round-up: week ending 3 November 2017

Enter November! The Apache community has been working on the following over the past week:

ASF Board –management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 15 November. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ASF Infrastructure –our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield pert performance at 99.02% uptime http://status.apache.org/

ASF Operations Factoid –this week, 460 Apache contributors changed 915,743 lines of code over 2,359 commits. Top 5 contributors, in order, are: Stephen Mallette, Daniel Templeton, Gary Gregory, Tilman Hausherr, and Paul King.

Apache Any23™ –Anything To Triples is a library, a Web service, and a command line tool that extracts structured data in RDF format from a variety of Web documents.
 - Apache Any23 2.1 https://any23.apache.org

Apache Geode™ –low latency, high concurrency data management solutions.
 - Apache Geode 1.3.0 released http://geode.apache.org/

Apache Hive™ –Big Data warehouse that facilitates querying and managing large datasets residing in distributed storage.
 - CVE-2017-12625 Apache Hive information disclosure vulnerability for column masking http://mail-archives.apache.org/mod_mbox/www-announce/201710.mbox/%3C3791103E-80D5-4E75-AF23-6F8ED54DDEBE%40apache.org%3E

Apache Ignite™ –in-memory computing platform that is durable, strongly consistent, and highly available with powerful SQL, key-value and processing APIs.
 - Apache Ignite 2.3.0 released https://ignite.apache.org/

Apache Jackrabbit™ –a fully conforming implementation of the Content Repository for Java Technology API (JCR).
 - Apache Jackrabbit 2.14.4 and Jackrabbit Oak 1.6.6 released http://jackrabbit.apache.org/

Apache Juneau™ –Open Source framework for quickly and easily creating Java-based REST microservices and APIs.
 - The Apache Software Foundation Announces Apache® Juneau™ as a Top-Level Project https://s.apache.org/IvJH 

Apache Kafka™ –Open Source enterprise-grade scalable streaming platform.
 - The Apache Software Foundation Announces Apache® Kafka® v1.0.0 https://s.apache.org/8jww
 - Apache Kafka 1.0.0 released https://kafka.apache.org/

Apache Lucene™ –a high-performance, full-featured text search engine library written entirely in Java.
 - Solr Reference Guide for Solr 7.1 released https://www.apache.org/dyn/closer.cgi/lucene/solr/ref-guide/apache-solr-ref-guide-7.1.pdf

Apache MXNet (incubating) –a deep learning framework designed for both efficiency and flexibility.
 - Apache MXNet (incubating) 0.12.0 released http://mxnet.incubator.apache.org/

Apache OpenNLP™ –a Machine Learning-based toolkit for the processing of natural language text.
 - Language Detector Model 1.8.3 released http://opennlp.apache.org/

Apache PDFBox™ –an Open Source Java tool for working with PDF documents.
 - Apache PDFBox 2.0.8 released http://pdfbox.apache.org/

Apache Yetus™ –a collection of libraries and tools that enable contribution and release processes for software projects. 
 - Apache Yetus 0.6.0 released https://yetus.apache.org/

Did You Know?

 - Did you know that you can learn about Open Source governance, community leadership, open development, and more from dozens of members of the Apache community at FOSS Backstage Micro-Summit in Berlin on 20 November? https://berlinbuzzwords.de/17/news/foss-backstage-micro-summit-registration-open-now 

 - Did you know that Apache Struts has new documentation? http://struts.apache.org/docs/

 - Did you know that Yelp runs massively parallel integration tests on Apache Mesos with Task Processing? http://mesos.apache.org/


Apache Community Notices:

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

 - "Success at Apache" focuses on the processes behind why the ASF "just works". 1) Project Independence https://s.apache.org/CE0V 2) All Carrot and No Stick https://s.apache.org/ykoG 3) Asynchronous Decision Making https://s.apache.org/PMvk4) Rule of the Makers https://s.apache.org/yFgQ 5) JFDI --the unconditional love of contributors https://s.apache.org/4pjM 6) Meritocracy and Me https://s.apache.org/tQQh 7) Learning to Build a Stronger Community https://s.apache.org/x9Be 8) Meritocracy. https://s.apache.org/DiEo 9) Lowering Barriers to Open Innovation https://s.apache.org/dAlg 10) All My Roads Led to Apache https://s.apache.org/l9OO 11) Scratch Your Own Itch. https://s.apache.org/7Amk

 - Follow the ASF on social media: @TheASF on Twitter and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation (re-tweets/shares/likes most appreciated!)

 - Presentations from ApacheCon https://s.apache.org/Hli7 and Apache: Big Data https://s.apache.org/tefE are available; as well as videos https://s.apache.org/AE3m and audio recordings https://feathercast.apache.org/

 - Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/and Twitter account https://twitter.com/ApacheCommunity

 - The list of Apache project-related MeetUps can be found at http://apache.org/events/meetups.html

 - Apache community members share leadership best practices on Open Source governance, community leadership, open development, and more at FOSS Backstage in Berlin on 20 November 2017 https://berlinbuzzwords.de/17/news/foss-backstage-micro-summit-registration-open-now

 - Meet members of the Apache CloudStack community at the CloudStack European User Group on 21 November in Leipzig https://www.eventbrite.co.uk/e/cloudstack-european-user-group-tickets-38657799519?aff=estw

 - Members of the Apache community will be out in force at Open Source Summit Paris 6-7 December 2017 http://www.opensourcesummit.paris/

 - ASF Quarterly Report: Operations Summary Q1 FY2018 https://s.apache.org/cEUm

 - ASF Annual Report is available at https://s.apache.org/FY2017AnnualReport

 - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache HTTP Server, Avro, ComDev (community development), Directory, Incubator, OODT, POI, Polygene, Syncope, Tika, Trafodion, and more! https://helpwanted.apache.org/

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

# # #

Wednesday November 01, 2017

The Apache Software Foundation Announces Apache® Kafka® v1.0.0

Popular Open Source enterprise-grade scalable streaming platform in use at Capital One, Goldman Sachs, ING, LinkedIn, Netflix, Pinterest, Rabobank, Target, The New York Times, Uber, Yelp, and Zalando, among others.

Forest Hill, MD —1 November 2017— The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today the availability of Apache® Kafka® v1.0.0, the latest version of the Open Source distributed streaming platform.

Apache Kafka is capable of handling trillions of events per day, and provides a unified platform for handling real-time data feeds and scalable distributed applications. A single Kafka broker can handle hundreds of megabytes of reads and writes per second from thousands of clients.

"Apache Kafka is playing a bigger role as companies are moving to real-time streaming and embracing stream processing," said Jun Rao, Vice President of Apache Kafka. "The 1.0.0 release is an important milestone for the Apache Kafka community as we're committed to making it ready for enterprise adoption."

Initially conceived as a messaging queue, Kafka is based on an abstraction of a distributed commit log. Kafka provides low-latency, high-throughput, fault-tolerant publish and subscribe pipelines and is able to process streams of events. Kafka provides reliable, millisecond responses to support both customer-facing applications and connecting downstream systems with real-time data. Kafka is unique in that it can publish and subscribe to streams of data like a messaging system, process streams of data efficiently and in real time and store streams of data safely in a distributed, replicated cluster.

The Apache Kafka 1.0.0 release includes performance improvements with exactly-once semantics, significantly faster TLS and CRC32C implementations with Java 9 support, significantly faster controlled shutdown, and better JBOD support, among other general improvements and bug fixes. This release represents a significant milestone as companies run Kafka at enterprise scale with the ability to:
  • Publish and subscribe to streams of data at massive scale
  • Process streams of data with state of the art real-time stream processing capabilities and exactly-once semantics
  • Store streams of data durably for the long term

Apache Kafka is in use at large and small companies worldwide, including Capital One, Goldman Sachs, ING, LinkedIn, Netflix, Pinterest, Rabobank, Target, The New York Times, Uber, Yelp, and Zalando, among others.

"We enjoy Kafka's great features and vibrant community. Kafka enabled us to process trillions of messages per day in a scalable way. This opened up a completely new frontier for us to efficiently process data in motion to help us better serve Netflix members around the world," said Allen Wang, Senior Software Engineer at Netflix.

"Yelp uses Apache Kafka to power everything from application logs to analytics, enabling us to more easily and efficiently connect people with great local businesses," said Justin Cunningham, Software Engineer at Yelp. "The 1.0 release is a major milestone, and we're thrilled that Apache Kafka has continuously added innovative new features, while enhancing the reliability and scalability that Yelp depends on as our mobile traffic grows."

"Apache Kafka is Uber's data platform that reliably delivers trillions of messages per day, and empowers the real-time business intelligence to serve all the users around the world," said Lei Lin, Engineer Manager at Uber. "It's very exciting to see the new milestone of Apache Kafka 1.0 release and we are looking forward to this release."

"We invite everyone to download Apache Kafka 1.0.0 and try it out," added Rao. "We welcome community participation and look forward to engaging with users and hearing feedback at upcoming conferences and meetups as well as through the mailing list and pull requests."

Catch Apache Kafka in action at Kafka Summit 2018 in London and San Francisco https://kafka-summit.org/ , and at numerous local meetups https://kafka.apache.org/events .

Availability and Oversight
Apache Kafka software is released under the Apache License v2.0 and is overseen by a self-selected team of active contributors to the project. A Project Management Committee (PMC) guides the Project's day-to-day operations, including community development and product releases. For downloads, documentation, and ways to become involved with Apache Kafka, visit https://kafka.apache.org/ and https://twitter.com/apachekafka .

About The Apache Software Foundation (ASF)
Established in 1999, the all-volunteer Foundation oversees more than 350 leading Open Source projects, including Apache HTTP Server -- the world's most popular Web server software. Through the ASF's meritocratic process known as "The Apache Way," more than 680 individual Members and 6,300 Committers successfully collaborate to develop freely available enterprise-grade software, benefiting millions of users worldwide: thousands of software solutions are distributed under the Apache License; and the community actively participates in ASF mailing lists, mentoring initiatives, and ApacheCon, the Foundation's official user conference, trainings, and expo. The ASF is a US 501(c)(3) charitable organization, funded by individual donations and corporate sponsors including Alibaba Cloud Computing, ARM, Bloomberg, Budget Direct, Capital One, Cash Store, Cerner, Cloudera, Comcast, Confluent, Facebook, Google, Hortonworks, HP, Huawei, IBM, InMotion Hosting, iSigma, LeaseWeb, Microsoft, ODPi, PhoenixNAP, Pivotal, Private Internet Access, Produban, Red Hat, Serenata Flowers, Target, WANdisco, and Yahoo. For more information, visit http://www.apache.org/ and https://twitter.com/TheASF

© The Apache Software Foundation. "Apache", "Kafka", "Apache Kafka", and "ApacheCon" are registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. All other brands and trademarks are the property of their respective owners.

# # #

Tuesday October 31, 2017

The Apache Software Foundation Announces Apache® Juneau™ as a Top-Level Project

Open Source framework for quickly and easily creating Java-based REST microservices and APIs in use at IBM, The Open Group, and Salesforce, among others.

Forest Hill, MD –31 October 2017– The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today that Apache® Juneau™ has graduated from the Apache Incubator to become a Top-Level Project (TLP), signifying that the project's community and products have been well-governed under the ASF's meritocratic process and principles.

Apache Juneau is a cohesive framework that allows developers to marshal POJOs (Plain Old Java Objects) and develop REST (Representational State Transfer) microservices and APIs. Marshalling is used to transform an object’s memory representation to a data format suitable for moving between different parts of a computer program (or across programs), and to simplify communications to remote objects with an object.

"We've worked hard on making the Apache Juneau code as simple and easy to use as possible," said James Bognar, Vice President of Apache Juneau. "We packed Juneau with rich features and functionality, and have successfully directed our efforts on building a diverse community that will help drive the project’s future. We’re very proud to graduate as an Apache Top-Level Project."

Apache Juneau consists of:

  1. A universal toolkit for marshalling POJOs to a wide variety of content types using a common cohesive framework;
  2. A universal REST server API for creating self-documenting REST interfaces using POJOs, simply deployed as one or more top-level servlets in any Servlet 3.1.0+ container;
  3. A universal REST client API for interacting with Juneau or 3rd-party REST interfaces using POJOs and proxy interfaces; and
  4. A REST microservice API that combines all the features above with a simple configurable Jetty server for creating lightweight standalone REST interfaces that start up in milliseconds.


Apache Juneau is in use at IBM, The Open Group, and Salesforce, among others. The Apache Streams project began incorporating Apache Juneau libraries in late 2016.

"Removing Dropwizard and Jackson in favor of Apache Juneau simplified our dependency tree, increased the performance of our APIs, and added several features, especially HTML rendering, that have been a huge hit," said Steve Blackmon, Vice President of Apache Streams. "An on-going collaboration between our projects continues to expand the capabilities of Juneau's Remoteable library. As Apache Streams adds additional data provider Java SDKs powered by Juneau, the variety of HTTP interfaces that can be modeled and integrated with Juneau has expanded."

"We were able to replace existing home-grown REST interfaces on top of EMF objects with ones based on Apache Juneau and dramatically reduced the size of our codebase," said Craig Chaney, former Jazz Repository team lead at IBM. "We also used it as the basis for our Docker-based microservices in our CLM-as-a-Service offering."

"I have used Apache Juneau on projects where I need to work with Web Services," said David Goddard, Executive IT Specialist at IBM. "Juneau has saved us many development hours, enabling me to easily consume third-party REST APIs and construct my own Web Services far more quickly than I would otherwise be able to. Juneau also aids the development of robust, maintainable applications with clear logical code structure."

"When The Apache Software Foundation moved the JSON.org license to Category X, successors for JSON processing were needed," said John D. Ament, Vice President of the Apache Incubator, and Apache Juneau incubation mentor. "Apache Juneau was identified as a clean solution. It provides an easy to use API, great performance and a large number of features that made it a strong recommendation for others to leverage."

"As Apache Juneau grows, we welcome new contributors to join the project and take an active role in its development," added Bognar. "Whether reviewing user code, helping with feedback, or contributing code changes through the mailing list, we look forward to learning more about usage patterns to further improve the product."

Meet members of the Apache Juneau community at the Salesforce Dreamforce 2017 conference 6-9 November 2017 in San Francisco.

Availability and Oversight
Apache Juneau software is released under the Apache License v2.0 and is overseen by a self-selected team of active contributors to the project. A Project Management Committee (PMC) guides the Project's day-to-day operations, including community development and product releases. For downloads, documentation, and ways to become involved with Apache Juneau, visit http://juneau.apache.org/ and https://twitter.com/ApacheJuneau

About the Apache Incubator
The Apache Incubator is the entry path for projects and codebases wishing to become part of the efforts at The Apache Software Foundation. All code donations from external organizations and existing external projects wishing to join the ASF enter through the Incubator to: 1) ensure all donations are in accordance with the ASF legal standards; and 2) develop new communities that adhere to our guiding principles. Incubation is required of all newly accepted projects until a further review indicates that the infrastructure, communications, and decision making process have stabilized in a manner consistent with other successful ASF projects. While incubation status is not necessarily a reflection of the completeness or stability of the code, it does indicate that the project has yet to be fully endorsed by the ASF. For more information, visit http://incubator.apache.org/

About The Apache Software Foundation (ASF)
Established in 1999, the all-volunteer Foundation oversees more than 350 leading Open Source projects, including Apache HTTP Server --the world's most popular Web server software. Through the ASF's meritocratic process known as "The Apache Way," more than 680 individual Members and 6,300 Committers across six continents successfully collaborate to develop freely available enterprise-grade software, benefiting millions of users worldwide: thousands of software solutions are distributed under the Apache License; and the community actively participates in ASF mailing lists, mentoring initiatives, and ApacheCon, the Foundation's official user conference, trainings, and expo. The ASF is a US 501(c)(3) charitable organization, funded by individual donations and corporate sponsors including Alibaba Cloud Computing, ARM, Bloomberg, Budget Direct, Capital One, Cash Store, Cerner, Cloudera, Comcast, Facebook, Google, Hewlett Packard, Hortonworks, Huawei, IBM, Inspur, iSIGMA, ODPi, LeaseWeb, Microsoft, PhoenixNAP, Pivotal, Private Internet Access, Red Hat, Serenata Flowers, Target, WANdisco, and Yahoo. For more information, visit http://apache.org/ and https://twitter.com/TheASF

© The Apache Software Foundation. "Apache", "Juneau", "Apache Juneau", "Streams", "Apache Streams", and "ApacheCon" are registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. All other brands and trademarks are the property of their respective owners.

# # #

Friday October 27, 2017

The Apache News Round-up: week ending 27 October 2017

October has been a great month, filled with all sorts of successes. Here's what's happened over the past week:

Success at Apache –the monthly blog series that focuses on the processes behind why the ASF "just works".
 - Scratch Your Own Itch. by Ignasi Barrera https://s.apache.org/7Amk [also featured in JAX Magazine special issue on Open Source https://jaxenter.com/jax-magazine/issues/open-source-jax-mag-oct-2017 ]

ASF Board –management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 15 November. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ASF Infrastructure –our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield strong performance at 99.75% uptime http://status.apache.org/

ASF Operations Factoid –this week, 450 Apache Committers changed 894,321 lines of code over 2,789 commits. Top 5 contributors, in order, are: Jean-Baptiste Onofré, Daniel Gruno, Stephen Mallette, Daniel Templeton, and Paul King.

Apache Commons™ Codec –provides implementations of common encoders and decoders such as Base64, Hex, Phonetic and URLs.
 - Apache Commons Codec 1.11 released http://commons.apache.org/codec/

Apache DB Derby™ –sub-project of the Apache DB project: a pure Java relational database engine which conforms to the ISO/ANSI SQL and JDBC standards.
 - Apache Derby 10.14.1.0 released http://db.apache.org/derby/

Apache Hive™ –Big Data warehouse that facilitates querying and managing large datasets residing in distributed storage.
 - Apache Hive 2.3.1 released https://hive.apache.org/

Apache HTTP Server™ –the most popular Web server on the planet.
 - Apache HTTP Server 2.4.29 released http://httpd.apache.org/

Apache Jackrabbit™ –a fully conforming implementation of the Content Repository for Java Technology API (JCR).
 - Apache Jackrabbit 2.15.7 and Jackrabbit Oak 1.7.10 released http://jackrabbit.apache.org/

Apache Lucene™ –a high-performance, full-featured text search engine library written entirely in Java.
 - Apache Lucene 5.5.5 and Solr 5.5.5 released https://lucene.apache.org/
 - CVE-2016-6809: Java code execution for serialized objects embedded in MATLAB files parsed by Apache Solr using Apache Tika http://mail-archives.apache.org/mod_mbox/www-announce/201710.mbox/%3CCAOOKt51d8R6rkZHo%2BPUi7B70ER6ng0SvnsorzoufY5-z4iR_FQ%40mail.gmail.com%3E

Apache OpenNLP™ –Machine Learning-based toolkit for the processing of natural language text.
 - Apache OpenNLP 1.8.3 released http://opennlp.apache.org/

Apache OpenOffice™ –leading Open Source office application and personal productivity suite for Windows, Linux, and Mac.
 - Apache OpenOffice 4.1.4 released https://s.apache.org/ASF-AOO-414announcement

Apache Portable Runtime™ –software libraries that provide a predictable and consistent interface to underlying platform-specific implementations.
 - Apache Portable Runtime APR 1.6.3, APR-util 1.6.1 and APR-iconv 1.2.2 released http://apr.apache.org/

Apache PredictionIO™ –Open Source Machine Learning server used to manage and deploy production-ready predictive services.
 - The Apache Software Foundation Announces Apache® PredictionIO™ as a Top-Level Project https://s.apache.org/GsTT

Apache Qpid™ Proton –a messaging library for the Advanced Message Queuing Protocol 1.0 (AMQP 1.0, ISO/IEC 19464, http://www.amqp.org).
 - Apache Qpid Proton 0.18.0 released http://qpid.apache.org/

Did You Know?

 - Did you know that Yelp runs high resource-cost integration tests at scale on Apache Mesos? http://mesos.apache.org/

 - Did you know that the Mahout based Universal Recommender runs on Apache PredictionIO? http://predictionio.apache.org/

 - Did you know that Salesforce uses Apache BookKeeper to store streaming log data? http://bookkeeper.apache.org/


Apache Community Notices:

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

 - "Success at Apache" focuses on the processes behind why the ASF "just works". 1) Project Independence https://s.apache.org/CE0V 2) All Carrot and No Stick https://s.apache.org/ykoG 3) Asynchronous Decision Making https://s.apache.org/PMvk4) Rule of the Makers https://s.apache.org/yFgQ 5) JFDI --the unconditional love of contributors https://s.apache.org/4pjM 6) Meritocracy and Me https://s.apache.org/tQQh 7) Learning to Build a Stronger Community https://s.apache.org/x9Be 8) Meritocracy. https://s.apache.org/DiEo 9) Lowering Barriers to Open Innovation https://s.apache.org/dAlg 10) All My Roads Led to Apache https://s.apache.org/l9OO 11) Scratch Your Own Itch. https://s.apache.org/7Amk

 - Follow the ASF on social media: @TheASF on Twitter and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation (re-tweets/shares/likes most appreciated!)

 - Presentations from ApacheCon https://s.apache.org/Hli7 and Apache: Big Data https://s.apache.org/tefE are available; as well as videos https://s.apache.org/AE3m and audio recordings https://feathercast.apache.org/

 - Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/and Twitter account https://twitter.com/ApacheCommunity

 - The list of Apache project-related MeetUps can be found at http://apache.org/events/meetups.html

 - ASF Quarterly Report: Operations Summary Q1 FY2018 https://s.apache.org/cEUm

 - ASF Annual Report is available at https://s.apache.org/FY2017AnnualReport

 - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache HTTP Server, Avro, ComDev (community development), Directory, Incubator, OODT, POI, Polygene, Syncope, Tika, Trafodion, and more! https://helpwanted.apache.org/

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

# # #

Wednesday October 25, 2017

Success at Apache: Scratch Your Own Itch.

By Ignasi Barrera

Recently I was at an industry conference and was happy to see many people stopping by the Apache booth. I was pleased that they were familiar with the Apache brand, yet puzzled to learn that so many were unfamiliar with The Apache Software Foundation (ASF).

It's important to recognize not just Apache's diverse projects and communities, but also the entity behind their success.

Gone are the days when software, and technology in general, was developed privately for the benefit of the few. As technology evolves, the challenges we face become more complex, and the only way to effectively move forward to create the technology of the future is to collaborate and work together. Open Source is a perfect framework for that, and organizations like the ASF carry out a decisive role in protecting its spirit and principles.

The ASF's mission is to provide software for the public good. We take it one step further, by giving all our Open Source software away for free. According to this mission, the foundation was established back in 1999 as a US 501(c)(3) non-profit charitable organization, and constitutes an independent legal entity to which companies and individuals can donate resources and be assured that those resources will be used for the public benefit. Its all-volunteer nature, along with the meritocracy model followed by its communities, are the pillars of the neutral, trusted space where Apache software is developed.

We strongly believe that good software is built by strong communities. Successful Open Source projects are the result of the work and collaboration in their communities and the people behind them. It is all about the people. Experience has shown us that helping people work together as peers is key in producing software in a sustainable way, and we have collected the lessons learned all these years in what we call "The Apache Way".

This Apache Way is a set of core behaviors all Apache projects follow that are designed to ensure projects are independent and diverse, and that anyone can participate no matter what gender, culture, time zone, employer, or even expertise they have. One can start collaborating with a project by contributing patches or implementing new features, but merit is not only measured by code contributions. Helping users, improving documentation, promoting the project, and other non-coding activities are very valuable and recognized as such, and the recognition of this merit and implication is expressed by granting more privileges in the project: from commit access, to invitations to join the Project Management Committee, to invitations to join the ASF Membership. One of the great differentiators between the ASF and other open source foundations is that the ASF does not dictate the technical direction of its projects: each Apache project is overseen by a self-selected team of active contributors to the project. A Project Management Committee (PMC) guides their respective project's day-to-day operations, including community development and product releases. Meritocracy drives the growth of the communities, and ensures anyone can contribute to projects that are ruled by the people who is involved and really cares about them.

Learning to work this way is not always easy, though. Projects come to the Foundation from very different backgrounds and whilst some of them already have communities that are used to collaborate in open ways, others find it challenging to embrace these core behaviors. The Apache Incubator is the main entry point for codebases and their communities wishing to officially become part of the Foundation, and is where they learn how to put all these principles in practice. Some will find this way of working a good way to rule a project and will graduate as an Apache top-level project, some may find that the Foundation is not the best option for them and choose to leave. Both options are good outcomes, as projects will have invested time in thinking about their community model and how they want governance to be, and this always benefits the Open Source world.

This Open Source model not only exists to create sustainable Open Source projects, but also to meet the expectations of the rest of the world. Software developed at Apache comes with a set of guarantees granted by the popular and business-friendly Apache License, but also with others that are the product of this open governance model, such as project independence or a well-defined project lifecycle. The ASF not only defines how projects operate while active, but also what happens when a project reaches its end-of-life, which is also important for adoption but often not considered by Open Source projects.

These guarantees, along with the reputation earned by many years of producing high-quality open source software, make the +300 freely available Apache projects, from Abdera to HTTP Server to Hadoop to Zookeeper, a trusted choice for individuals and companies looking for Open Source solutions.

The saying "Scratch Your Own Itch" is popular in the tech space, and is an integral principle at the ASF. Apache Committers have a responsibility to the community to help create a product that will outlive the interest of any particular volunteer, as well as for helping to grow and maintain the health of the Apache community.

As an ASF Member, I'm helping with project outreach and mentoring new individuals that make up the greater Apache community.

The Apache Software Foundation provides a safe place for Open Source development, and will keep evolving as technology evolves, welcoming all kinds of projects and communities, and helping people embrace Open Source. Let's see what the future holds for the Open Source world and how we can contribute to making it a better place. Scratch your own itch.


Ignasi Barrera is a long-term Open Source contributor and became involved with the ASF in 2013, when jclouds was first submitted to the Apache Incubator. He is a member of the Apache jclouds Project Management Committee and still actively contributes to the project. Ignasi became an ASF Member in 2015, and helps with community development activities and the promotion of Open Source. 

= = =

"Success at Apache" is a monthly blog series that focuses on the processes behind why the ASF "just works". 1) Project Independence https://s.apache.org/CE0V 2) All Carrot and No Stick https://s.apache.org/ykoG 3) Asynchronous Decision Making https://s.apache.org/PMvk 4) Rule of the Makers https://s.apache.org/yFgQ 5) JFDI --the unconditional love of contributors https://s.apache.org/4pjM 6) Meritocracy and Me https://s.apache.org/tQQh 7) Learning to Build a Stronger Community https://s.apache.org/x9Be 8) Meritocracy. https://s.apache.org/DiEo 9) Lowering Barriers to Open Innovation https://s.apache.org/dAlg 10) Scratch your own itch. https://s.apache.org/Apah

# # #

Tuesday October 24, 2017

The Apache Software Foundation Announces Apache® PredictionIO™ as a Top-Level Project

Open Source Machine Learning server used to manage and deploy production-ready predictive services at ActionML, BizReach, LiftIQ, Pluralsight, and Salesforce, among others.

Forest Hill, MD –24 October 2017– The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today that Apache® PredictionIO™ has graduated from the Apache Incubator to become a Top-Level Project (TLP), signifying that the project's community and products have been well-governed under the ASF's meritocratic process and principles.

Apache PredictionIO is an Open Source Machine Learning Server that enables developers to manage and deploy production-ready predictive services for various kinds of Machine Learning tasks. 

"PredictionIO was started with the goal of democratizing Machine Learning, by providing a high-degree of customization through templates, using an integrated stack of proven technologies provided by other Apache and Open Source projects," said Donald Szeto, Vice President of Apache PredictionIO and Principal Data Engineer for Einstein at Salesforce. "It has been inspiring to see the project going through incubation, with a growing user and developer community who provided invaluable feedback and contribution. We are excited about our graduation, and look forward to continuing the project's goal with the help from the community."

Apache PredictionIO focuses on enabling developers to quickly develop and deploy production-ready Machine Learning pipelines. The project features an engine template gallery, where developers can pick a template, and quickly ramp up a complete setup for their Machine Learning use cases. Each template in the gallery is designed for a specific Machine Learning scenario.

Apache PredictionIO is in use at ActionML, BizReach, LiftIQ, Pluralsight, and Salesforce, among others.

"We are very interested in PredictionIO for solving any Machine Learning tasks," said Shinsuke Sugaya, Chief Scientist at BizReach, Inc. "At BizReach, using PredictionIO, we have built a data-analysis platform for HR, which fits learning models from about 5 million job descriptions and recommends preferred items from them to users everyday. PredictionIO has accelerated our analysis and development tasks for data scientists and developers, and simplified infrastructure from data management to prediction server."

"It was indeed an honor to be asked to mentor PredictionIO through its successful graduation out of the Apache Incubator," said Suneel Marthi, ASF Member and Apache PredictionIO Incubation Mentor. "Apache PredictionIO is the platform that fills the gap between academic research and productionizing Machine Learning-as-a-Service. As a long-time practitioner of Machine Learning involving large scale analytics, and Apache Mahout project committer for many years, I've enjoyed working with PredictionIO team, and can see myself coming back to this community for help with questions when using PredictionIO on the job."

"I'm excited to see Apache PredictionIO begin to gain the recognition it has truly earned," said Cody Kimball, Machine Learning Engineer at Pluralsight. "I was fascinated with the growing field of Machine Learning, but had no idea how to get started given my limited development experience. I had the opportunity at work to spearhead some marketing-related Machine Learning efforts, with a 9-month plan to get a working POC up and running. After only 12 weeks, using PredictionIO, I was able to build a fully functioning recommendation engine on our externally-facing Website. We soon saw a 29% increase in forms being filled out, which resulted in a 29% increase in new qualified sales leads, and projected $1,333 increase in MRR. We rolled out this POC test to just 10% of the Web traffic, with much more areas to improve on. This has opened up so many opportunities that never would have been possible had it not been for the availability and reliability of the PredictionIO platform!"

"Apache PredictionIO is a strategic platform that Data Scientists around the globe should learn to master!” said Shane Johnson, Founder and CEO at LiftIQ. “Our team of developers use PredictionIO at the core of our product architecture, and to power our Lift Intelligence Platform (LiftIQ, an app on Salesforce App Exchange). We have been super impressed with the flexibility of the framework: PredictionIO is built on a solid, progressive foundation and cuts Machine Learning development time in half. It allows developers to stay focused on tuning models and integrating Machine Learning with existing apps. The contributors and community are extremely active and helpful. We have had multiple challenges along our path to proving out our product. Each time we have reached out, we received responses from the community within minutes. Thank you PredictionIO team and community and congratulations on becoming an Apache Top-Level Project!"

"ActionML has been obsessed with Machine Learning for years. Some of us have been committers to Apache Mahout, for instance. Apache PredictionIO proved the missing link in putting ML into production for our more demanding clients, several of which are Fortune 500 companies," said Pat Ferrel, Chief Consultant at ActionML. "PredictionIO plays a key part in our story of 'Success at Apache' https://s.apache.org/l9OO "

"Salesforce is committed to making machine learning more accessible and empowering business users from companies of all industries and sizes to work smarter and be more productive. After donating PredictionIO's Open Source code to ASF, we've seen collaboration from several of our teams, as well as customers, ISVs and a wider community,” said Simon Chan, Senior Director, Product Management, Einstein. "Apache PredictionIO reaching Top-Level Project status will unlock the power of AI for companies large and small, empowering them to combine machine learning with their CRM to deliver smarter, more productive customer experiences."

"We welcome anyone who is passionate about our mission of bringing Machine Learning to the masses to join our effort," added Szeto. "Any feedback or contribution is invaluable to the project. Join the discussion on our user and development mailing lists."

Catch Apache PredictionIO in action at the Salesforce Dreamforce 2017 conference 6-9 November 2017 in San Francisco.

Availability and Oversight
Apache PredictionIO software is released under the Apache License v2.0 and is overseen by a self-selected team of active contributors to the project. A Project Management Committee (PMC) guides the Project's day-to-day operations, including community development and product releases. For downloads, documentation, and ways to become involved with Apache PredictionIO, visit http://predictionio.apache.org/ and https://twitter.com/PredictionIO

About the Apache Incubator
The Apache Incubator is the entry path for projects and codebases wishing to become part of the efforts at The Apache Software Foundation. All code donations from external organizations and existing external projects wishing to join the ASF enter through the Incubator to: 1) ensure all donations are in accordance with the ASF legal standards; and 2) develop new communities that adhere to our guiding principles. Incubation is required of all newly accepted projects until a further review indicates that the infrastructure, communications, and decision making process have stabilized in a manner consistent with other successful ASF projects. While incubation status is not necessarily a reflection of the completeness or stability of the code, it does indicate that the project has yet to be fully endorsed by the ASF. For more information, visit http://incubator.apache.org/

About The Apache Software Foundation (ASF)
Established in 1999, the all-volunteer Foundation oversees more than 350 leading Open Source projects, including Apache HTTP Server --the world's most popular Web server software. Through the ASF's meritocratic process known as "The Apache Way," more than 680 individual Members and 6,300 Committers across six continents successfully collaborate to develop freely available enterprise-grade software, benefiting millions of users worldwide: thousands of software solutions are distributed under the Apache License; and the community actively participates in ASF mailing lists, mentoring initiatives, and ApacheCon, the Foundation's official user conference, trainings, and expo. The ASF is a US 501(c)(3) charitable organization, funded by individual donations and corporate sponsors including Alibaba Cloud Computing, ARM, Bloomberg, Budget Direct, Capital One, Cash Store, Cerner, Cloudera, Comcast, Facebook, Google, Hewlett Packard, Hortonworks, Huawei, IBM, Inspur, iSIGMA, ODPi, LeaseWeb, Microsoft, PhoenixNAP, Pivotal, Private Internet Access, Red Hat, Serenata Flowers, Target, WANdisco, and Yahoo. For more information, visit http://apache.org/ and https://twitter.com/TheASF

© The Apache Software Foundation. "Apache", "Mahout", "Apache Mahout", "PredictionIO", "Apache PredictionIO", and "ApacheCon" are registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. All other brands and trademarks are the property of their respective owners.

# # #

Friday October 20, 2017

The Apache News Round-up: week ending 20 October 2017

The week has zipped by and it's Friday already. Here's what we've been busy with:

ASF Board –management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 15 November. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ASF Infrastructure –our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield on-point performance at 99.77% uptime http://status.apache.org/

ASF Operations Factoid –this week, 547 Apache Committers changed 1,377,543 lines of code over 3,399 commits. Top 5 contributors, in order, are: Varun Saxena, Jian He, Laszlo Puskas, Aditi Hilbert, and Stephen Mallette.

Apache Commons™ Compress –library that defines an API for working with compression and archive formats.
 - Apache Commons Compress 1.15 released http://commons.apache.org/compress/

Apache Commons™ Configuration –software library that provides a generic configuration interface which enables an application to read configuration data from a variety of sources.
 - Commons Configuration 2.2 released http://commons.apache.org/configuration/

Apache James™ –a 100% pure Java SMTP and POP3 Mail server and NNTP News server.
 - Apache James 3.0.1 security release http://mail-archives.apache.org/mod_mbox/www-announce/201710.mbox/%3C18ce3ee5-d5cd-ea2a-6c03-fd1361fa0b99%40apache.org%3E

Apache Lucene™ –a high-performance, full-featured text search engine library written entirely in Java.
 - Apache Lucene 6.6.2 and 7.1.0, and Apache Solr 6.6.2 and 7.1.0 released https://lucene.apache.org/
 - CVE-2017-12629: Several critical vulnerabilities discovered in Apache Solr (XXE & RCE) http://mail-archives.apache.org/mod_mbox/www-announce/201710.mbox/%3CCAOOKt51UO_6Vy%3Dj8W%3Dx1pMbLW9VJfZyFWz7pAnXJC_OAdSZubA%40mail.gmail.com%3E

Apache OpenOffice™ –leading Open Source office application and personal productivity suite for Windows, Linux, and Mac.
 - The Apache Software Foundation Announces Five Years of Apache® OpenOffice™ as a Top-Level Project https://s.apache.org/P2EH

Apache Pulsar (incubating) –a highly scalable, low latency messaging platform running on commodity hardware.
 - Apache Pulsar 1.20.0-incubating released https://pulsar.incubator.apache.org/

Apache Qpid™ Proton –a messaging library for the Advanced Message Queuing Protocol 1.0 (AMQP 1.0, ISO/IEC 19464, http://www.amqp.org).
 - Apache Qpid Proton-J 0.23.0 released http://qpid.apache.org/

Apache Rya (incubating) –a Cloud-based RDF triple store that supports SPARQL queries.
 - Apache Rya 3.2.11-incubating released https://rya.incubator.apache.org/


Did You Know?

 - Did you know that Europe's largest online fashion retailer Zalando uses Apache Kafka and Kafka Streams API for real-time fashion insights? http://kafka.apache.org/

 - Did you know that Pune Smart City uses Apache Wicket? http://wicket.apache.org/

 - Did you know that intelligent customer data platform Amperity uses Apache Aurora? http://aurora.apache.org/


Apache Community Notices:

 - Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

 - "Success at Apache" focuses on the processes behind why the ASF "just works". 1) Project Independence https://s.apache.org/CE0V 2) All Carrot and No Stick https://s.apache.org/ykoG 3) Asynchronous Decision Making https://s.apache.org/PMvk4) Rule of the Makers https://s.apache.org/yFgQ 5) JFDI --the unconditional love of contributors https://s.apache.org/4pjM 6) Meritocracy and Me https://s.apache.org/tQQh 7) Learning to Build a Stronger Community https://s.apache.org/x9Be 8) Meritocracy. https://s.apache.org/DiEo 9) Lowering Barriers to Open Innovation https://s.apache.org/dAlg 10) All My Roads Led to Apache https://s.apache.org/l9OO

 - Follow the ASF on social media: @TheASF on Twitter and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation (re-tweets/shares/likes most appreciated!)

 - Presentations from ApacheCon https://s.apache.org/Hli7 and Apache: Big Data https://s.apache.org/tefE are available; as well as videos https://s.apache.org/AE3m and audio recordings https://feathercast.apache.org/

 - Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/and Twitter account https://twitter.com/ApacheCommunity

 - The list of Apache project-related MeetUps can be found at http://apache.org/events/meetups.html

 - The Apache community will be at All Things Open --stop by the ASF booth and say hello! 23-24 October in Raleigh https://allthingsopen.org/

 - Learn about Apache Atlas, AriaTosca (incubating), Hadoop YARN, Kafka, ManifoldCF, Ranger, Spot (incubating), Thrift, and more at Open Source Summit Europe + ELC Europe 2017 23-26 October in Prague https://osseu17.sched.com/

 - Catch the Apache Ignite and Spark communities at the In-Memory Computing Summit 24-25 October in San Francisco https://imcsummit.org/

 - ASF Quarterly Report: Operations Summary Q1 FY2018 https://s.apache.org/cEUm

 - ASF Annual Report is available at https://s.apache.org/FY2017AnnualReport

 - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache HTTP Server, Avro, ComDev (community development), Directory, Incubator, OODT, POI, Polygene, Syncope, Tika, Trafodion, and more! https://helpwanted.apache.org/

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

# # #

Thursday October 19, 2017

The Apache Software Foundation Announces Five Years of Apache® OpenOffice™ as a Top-Level Project

Latest, secure version of leading Open Source office application and personal productivity suite for Windows, Linux, and Mac now available in 41 languages.

Forest Hill, MD —19 October 2017— The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today the five-year anniversary of Apache® OpenOffice™, the leading Open Source office document productivity suite.

"OpenOffice has been downloaded by millions of users since becoming an Apache project five years ago," said Marcus Lange, Vice President of Apache OpenOffice. "We are extremely proud of our community of loyal users and developers who are committed to the future of OpenOffice. We are inspired by their encouragement and thank them by making the next version of the world's leading Open Source productivity suite even better."

With more than 225 million downloads, Apache OpenOffice includes the following applications:
  1. "Writer" - a word processor;
  2. "Calc" - a spreadsheet tool;
  3. "Impress" - a presentation editor;
  4. "Draw" - a vector graphics editor; 
  5. "Math" - a mathematical formula editor; and 
  6. "Base" - a database management program. 

Apache OpenOffice is available in 41 languages on Windows, macOS and Linux.

In celebration of OpenOffice's triple anniversary this month —17 years as an Open Source project, 6 years at the ASF, and 5 years as an ASF Top-Level Project— the Apache OpenOffice Project Management Committee also announced the immediate availability of Apache OpenOffice 4.1.4, which reflects changes that include:
  • Several updates for language dictionaries
  • Some translation fixes in the UI
  • Bug fixes
  • Security improvements
  • Updated graphics/logos (new Apache feather)
  • Enhancements to the build tools (for developers)

The complete list of changes and new features is available at https://s.apache.org/AOO-414changes ; users are encouraged to download the official version from https://www.openoffice.org/download/

Apache OpenOffice is used by millions of organizations, institutions, and individuals around the world. OpenOffice also plays an integral role in many governments, in response to their mandates to use files in the ISO/IEC standard Open Document Format (ODF). OpenOffice supports localized versions in more than 120 languages (those that are 100% translated and maintained are officially released).

As with all Apache projects, Apache OpenOffice is available as a free download to all users at no cost, charge, or fees of any kind. OpenOffice is Open Source software: its C++ source code is readily available for anyone who wishes to enhance the applications.

Availability and Oversight
Apache OpenOffice software is released under the Apache License v2.0 and is overseen by a self-selected team of active contributors to the project. A Project Management Committee (PMC) guides the Project's day-to-day operations, including community development and product releases. For project data, documentation, and more information on Apache OpenOffice, visit https://openoffice.apache.org/

Download
The project strongly recommends that users download OpenOffice only from the official site https://www.openoffice.org/download/ to ensure that they receive the original software in the correct and most recent version. The project also recommends users review the Release Notes https://s.apache.org/AOO-414releasenotes for important updates and remarks concerning any known issues with this version and their workarounds.

Get Involved!
Apache OpenOffice welcomes contributions and community participation through mailing lists as well as attending face-to-face MeetUps, developer trainings, and user events. Those wishing to get involved in the project can find out more at https://openoffice.apache.org/get-involved.html

About Apache OpenOffice
Originally created as "StarOffice" by StarDivision and after further expansion as an Open Source product under the name "OpenOffice.org" at Sun Microsystems, the project continued development after Oracle Corporation acquired Sun Microsystems in 2010. OpenOffice entered the Apache Incubator in 2011 and graduated as an Apache Top-level Project in October 2012. 9 releases have been made under the auspices of the ASF, with more than 225 million downloads recorded to date. Visit https://openoffice.apache.org/ and https://twitter.com/ApacheOO for more information.

About The Apache Software Foundation (ASF)
Established in 1999, the all-volunteer Foundation oversees more than 350 leading Open Source projects, including Apache HTTP Server -- the world's most popular Web server software. Through the ASF's meritocratic process known as "The Apache Way," more than 680 individual Members and 6,300 Committers successfully collaborate to develop freely available enterprise-grade software, benefiting millions of users worldwide: thousands of software solutions are distributed under the Apache License; and the community actively participates in ASF mailing lists, mentoring initiatives, and ApacheCon, the Foundation's official user conference, trainings, and expo. The ASF is a US 501(c)(3) charitable organization, funded by individual donations and corporate sponsors including Alibaba Cloud Computing, ARM, Bloomberg, Budget Direct, Capital One, Cash Store, Cerner, Cloudera, Comcast, Confluent, Facebook, Google, Hortonworks, HP, Huawei, IBM, InMotion Hosting, iSigma, LeaseWeb, Microsoft, ODPi, PhoenixNAP, Pivotal, Private Internet Access, Produban, Red Hat, Serenata Flowers, Target, WANdisco, and Yahoo. For more information, visit http://www.apache.org/ and https://twitter.com/TheASF
© The Apache Software Foundation. "Apache", "OpenOffice", "Apache OpenOffice", and "ApacheCon" are registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. All other brands and trademarks are the property of their respective owners.

# # #

Friday October 13, 2017

The Apache News Round-up: week ending 13 October 2017

We hope you've had a great week. The Apache community has been busy with the following:

Foundation Statement –Apache Is Open. https://s.apache.org/PIRA

ASF Board –management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 18 October. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ASF Infrastructure –our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield great performance at 99.77% uptime http://status.apache.org/

ASF Operations Factoid –this week, 544 Apache Committers changed 1,026,830 lines of code over 3,469 commits. Top 5 contributors, in order, are: Maxim Solodovnik, Gary Gregory, Claus Ibsen, Iñigo Goiri, and Jonathan Hung.

Apache Commons™ VFS –provides a single API for accessing various different file systems.
 - Apache Commons VFS 2.2 released http://commons.apache.org/vfs/

Apache Jackrabbit™ –a fully conforming implementation of the Content Repository for Java Technology API (JCR).
 - Apache Jackrabbit 2.12.8 and Jackrabbit Oak 1.7.9 released http://jackrabbit.apache.org/

Apache Johnzon™ –a Java library for parsing and creating JSON.
 - Apache Johnzon-1.1.4 released https://johnzon.apache.org/

Apache Lucene™ –a high-performance, full-featured text search engine library written entirely in Java.
 - Apache Lucene 7.0.1 and Apache Solr 7.0.1 released https://lucene.apache.org/
 - CVE-2017-12629: Please secure your Apache Solr servers since a zero-day exploit has been reported on a public mailing list http://mail-archives.apache.org/mod_mbox/www-announce/201710.mbox/%3C018601d343b3%2453868c50%24fa93a4f0%24%40apache.org%3E

Apache NiFi™ –an easy to use, powerful, and reliable system to process and distribute data.
 - CVE-2017-12623 http://mail-archives.apache.org/mod_mbox/www-announce/201710.mbox/%3C13B90414-1C62-4858-BD74-051F67F1F6D4%40apache.org%3E

Apache Phoenix™ –enables OLTP and SQL-based operational analytics for Apache Hadoop.
 - Apache Phoenix 4.12 released http://phoenix.apache.org/

Apache Qpid™ –client supporting the Advanced Message Queuing Protocol 1.0, based around the Apache Qpid Proton protocol engine and implementing the AMQP JMS Mapping as it evolves at OASIS.
 - Apache Qpid JMS 0.26.0 released http://qpid.apache.org/

Apache Syncope™ –an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology.
 - Apache Syncope 2.0.6 released http://syncope.apache.org/

Apache Zookeeper™ –an Open Source server that enables highly reliable distributed coordination.
 - CVE-2017-5637: DOS attack on wchp/wchc four letter words (4lw) http://mail-archives.apache.org/mod_mbox/www-announce/201710.mbox/%3CCANLc_9KJTmetFt6MrsFQm%2Badr-1w2VeGYyMJMVVZ281-3UmJKw%40mail.gmail.com%3E


Did You Know?

 - Did you know that the ASF Incubator has mentored 183 podlings in the Apache Way since its inception in 2002? http://incubator.apache.org/

 - Did you know that Apache Spark won the 2017 JAX Innovation award for "Most innovative contribution to the Java ecosystem"? https://jaxenter.com/winners-jax-innovation-awards-2017-137993.html

 - Did you know that the City of San Diego is using Apache Airflow (incubating) for data automation? http://airflow.apache.org/


Apache Community Notices:

 - "Success at Apache" focuses on the processes behind why the ASF "just works". 1) Project Independence https://s.apache.org/CE0V 2) All Carrot and No Stick https://s.apache.org/ykoG 3) Asynchronous Decision Making https://s.apache.org/PMvk4) Rule of the Makers https://s.apache.org/yFgQ 5) JFDI --the unconditional love of contributors https://s.apache.org/4pjM 6) Meritocracy and Me https://s.apache.org/tQQh 7) Learning to Build a Stronger Community https://s.apache.org/x9Be 8) Meritocracy. https://s.apache.org/DiEo 9) Lowering Barriers to Open Innovation https://s.apache.org/dAlg 10) All My Roads Led to Apache https://s.apache.org/l9OO

 - Follow the ASF on social media: @TheASF on Twitter and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation (re-tweets/shares/likes most appreciated!)

 - Presentations from ApacheCon https://s.apache.org/Hli7 and Apache: Big Data https://s.apache.org/tefE are available; as well as videos https://s.apache.org/AE3m and audio recordings https://feathercast.apache.org/

 - Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/and Twitter account https://twitter.com/ApacheCommunity

 - The list of Apache project-related MeetUps can be found at http://apache.org/events/meetups.html

 - The Apache community will be at All Things Open --stop by the ASF booth and say hello! 23-24 October in Raleigh https://allthingsopen.org/

 - Learn about Apache Atlas, AriaTosca (incubating), Hadoop YARN, Kafka, ManifoldCF, Ranger, Spot (incubating), Thrift, and more at Open Source Summit Europe + ELC Europe 2017 23-26 October in Prague https://osseu17.sched.com/

 - Catch the Apache Ignite and Spark communities at the In-Memory Computing Summit 24-25 October in San Francisco https://imcsummit.org/

 - ASF Quarterly Report: Operations Summary Q1 FY2018 https://s.apache.org/cEUm

 - ASF Annual Report is available at https://s.apache.org/FY2017AnnualReport

 - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache HTTP Server, Avro, ComDev (community development), Directory, Incubator, OODT, POI, Polygene, Syncope, Tika, Trafodion, and more! https://helpwanted.apache.org/

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

# # #

Thursday October 12, 2017

Apache Is Open.

"The Apache Software Foundation is a cornerstone of the modern open source software ecosystem – supporting some of the most widely used and important software solutions powering today's Internet economy."
— Mark Driver, Research Vice President, Gartner

Lauded among the most successful influencers in Open Source, The Apache Software Foundation's commitment to collaborative development has long served as a model for producing consistently high quality software that advances the future of open development. Apache projects power half the Internet, manage exabytes of data, execute teraflops of operations, and store billions of objects in virtually every industry. Apache software projects are an integral part of nearly every end-user computing device, from laptops to tablets to phones.


Open Source.
One of the greatest disruptors to enterprise software, Open Source solutions provide many benefits, including:
  • Lowered costs
  • Higher quality software
  • Freedom from vendor lock-in and proprietary solutions

Open Development.
Organizations of all sizes that embrace open development methodologies benefit from improved speed of development and gain business advantage through:
  • Reduced investment in re-architecting applications
  • Active community support
  • Access to common federation on the leading edge of technology

Enter Apache.

In 1995, eight individuals produced the first public release of a new server software named "Apache", and called themselves the "Apache Group". 22 years after its inception, the Apache HTTP Web Server remains the most popular Web server on the planet.


Incorporation of the ASF.
In 1999, the Apache Group formed The Apache Software Foundation (ASF) with the mission of providing software for the public good. 

  • Membership-based, US 501(c)(3) not-for-profit corporation
  • Ensures Apache projects continue to exist beyond the participation of individual volunteers
  • Establishes role as an Open Source incubator to foster new technologies


Since its inception, the ASF has long been recognized as a leading source for Open Source software that meets the demand for mission-critical, enterprise-grade interoperable, adaptable, and sustainable solutions. 

Open Leadership.

"The Apache Software Foundation has set the standard for modern application and infrastructure software as well as the open source collaborative processes through which it is developed."
— Matt Aslett, Research Director, 451 Research


Today the ASF develops, stewards, and incubates more than 350 Open Source projects and initiatives through its leadership, robust community, and meritocratic process known as the "Apache Way".
  • "Flat" organization: Apache projects and their communities drive development
  • Project development and leadership driven entirely by individual volunteers
  • Provides organizational, legal, and financial support

Open To All.
All Apache software —project downloads, documentation, updates, patches, and more— can be downloaded and used entirely free of any license fees or charge of any kind.
  • Can be used by anyone for any purpose
  • Free of restrictions on installation or deployment
  • Distributed under the flexible, business-friendly Apache License 2.0

Open Participation.
Code for all Apache projects is written by more than 6,000 volunteer individuals and employees of corporations across six continents and contributed to the ASF at no cost. The ASF is governed by the community it most directly serves —the people collaborating within its projects. The ASF's meritocratic processes serve as best practices widely embraced by organizations and individuals alike.
  • Contributions include code, patches, and documentation
  • Select contributors earn "Committer" status, enabling them to commit/write directly to the code repository, vote on community-related decisions, and propose active users for Committership
  • Committers who demonstrate merit in the Foundation's growth, evolution, and progress may be nominated for ASF Membership by existing members

Open Community.
ASF Community Development helps newcomers learn about Apache projects, governance, and activities, and provides guidance on becoming part of the meritocratic, all-volunteer Apache community.
  • "Community Over Code" is the cornerstone of the Foundation's core tenets
  • The ASF has served as a Google Summer of Code mentoring organization each year the since the program's creation in 2005
  • More than 6,300 Apache Committers help grow and maintain the health of the Apache community

Open Project Oversight.
The ASF does not lead the technical direction of Apache projects, but rather provides operational support for projects to self-govern. All Apache projects are overseen by a self-selected team of active contributors.
  • Apache Project Management Committees (PMCs) guide day-to-day operations, including community development and product releases
  • The ASF Board appoints a Vice President to serve as Chair of the PMC
  • Vice President/PMC Chair role is administrative, and carries no additional weight or influence on a project (one vote on project matters just like other PMC members)

Open Innovation.
All code donations, established projects, and communities intending to become fully-fledged Apache projects do so through the Apache Incubator. To graduate as an Apache Top-Level Project, candidate podlings must meet the Apache Maturity Model's rigorous requirements for code integrity, copyright, licenses, releases, consensus building, and independence, among others.
  • 187 Project Management Committees oversee 312 Apache projects
  • 54 new podlings undergoing development in the Apache Incubator
  • Recognized leadership across numerous categories, such as Big Data, libraries, servers and more

Open Communication.
All official communications at the ASF are conducted via mailing lists. Asynchronous communications are required to accommodate geographically-distributed groups across time zones, as is the case for nearly all Apache communities.
  • "If it didn't happen on-list, it didn't happen."
  • Built upon the transparency-oriented culture of the Apache Group, whose collaboration took place on email lists
  • Since the ASF's founding, 340,000+ authors wrote 17.5M+ emails on 7.5M topics, which are archived on 1,247 Apache publicly-accessible mailing lists

Open Opportunity.

"... unlike other open source organizations, the strength of the ASF is its independence from corporate interests … this independence has created a safe haven for a burgeoning open source developer population."
— Matt Asay, InfoWorld

Apache projects must be governed independently of commercial influence. As a vendor-neutral, not-for-profit organization, the ASF and all Apache projects do not take sides, nor endorse or support any particular vendor over other vendors.
  • The ASF does not discourage the development of "competing" products
  • Third parties are free to pursue almost any for-profit or not-for-profit business model based on Apache projects
  • The commercially-friendly and permissive Apache License v2 has become an industry standard within the Open Source world

Continuing Growth.
The ASF has scaled more than 35,000% over 18 years with very limited resources. The ASF is responsible for millions of lines of code by countless contributors across the Open Source landscape: each day millions of people across the globe access the ASF's two dozen servers and 75 distinct hosts.
  • The ASF has grown from an inaugural membership of 21 individuals to 680 individual Members and 6,300 Committers
  • The ASF oversees 150M+ lines of code (valued at US$7B+), developed over 65,000 person-years, with an average of 18,000 Apache code commits each month
  • Nearly 300 new code contributors and 300-400 new people file issues each month

Apache Committers have the responsibility to the collective community to help create a product that will outlive the interest of any particular volunteer, and that the code committed should be clear enough that others not involved in its current development will be able to maintain and extend it.

How You Can Help.

The ASF is funded through tax-deductible contributions from corporations, foundations, and private individuals. You can help the greater Apache community by contributions in the form of:

  • Code and documentation for Apache Projects
  • Funds —become a Sponsor or Individual donor
  • Corporate matching gift program —increase your donation with your employer’s support

Approximately 75% of the ASF's US$1.5MM annual budget is dedicated to running critical infrastructure support services, including bandwidth, connectivity, servers, and hardware: the ASF Infrastructure team keep Apache services running 24x7x365 at near 100% uptime on an annual budget of less than US$5,000 per project. Donations to the ASF also helps offset day-to-day operating expenses such as legal and accounting services, brand management and public relations, general office expenditures, and support staff.

Join the hundreds of donors who have helped support the ASF this year. Every dollar counts! http://apache.org/foundation/contributing.html



# # #

Friday October 06, 2017

The Apache News Round-up: week ending 6 October 2017

Greetings, October. Here's what the Apache community has been working on over the past week:

Foundation Statement –Response From The Apache® Software Foundation To Questions From US House Committee On Energy And Commerce Regarding Equifax Data Breach https://s.apache.org/rjmv

Success at Apache –the monthly blog series that focuses on the processes behind why the ASF "just works".
 - All My Roads Led to Apache by Pal Ferrel https://s.apache.org/l9OO

ASF Board –management and oversight of the business affairs of the corporation in accordance with the Foundation's bylaws.
 - Next Board Meeting: 18 October. Board calendar and minutes http://apache.org/foundation/board/calendar.html

ASF Infrastructure –our distributed team on three continents keeps the ASF's infrastructure running around the clock.
 - 7M+ weekly checks yield savvy performance at 99.78% uptime http://status.apache.org/

ASF Operations Factoid –this week, 549 Apache Committers changed 1,204,410 lines of code over 3,893 commits. Top 5 contributors, in order, are: Oliver Lietz, James Taylor, Mark Thomas, Maxim Solodovnik, and Stephen Mallette.

Apache Calcite™ –a dynamic Big Data management framework.
 - Apache Calcite 1.14.0 released http://calcite.apache.org/

Apache Flume™ –a distributed, reliable, and available service for efficiently collecting, aggregating, and moving large amounts of log data.
 - Apache Flume 1.8.0 released http://flume.apache.org/

Apache Geode™ –low latency, high concurrency data management solutions.
 - CVE-2017-9794 Apache Geode gfsh query vulnerability http://mail-archives.apache.org/mod_mbox/www-announce/201709.mbox/%3CCAEwge-FqzrT%2BdeCkNkM-EQZuKfg-XuqY4cGjFiqxoKBVduY1Zw%40mail.gmail.com%3E
 - CVE-2017-9797 Apache Geode client/server authentication vulnerability http://mail-archives.apache.org/mod_mbox/www-announce/201709.mbox/%3CCAEwge-Hrbb7JS8Nygrh7geyFvW4bMZ3AdCmPOzMfvbniipz0bA%40mail.gmail.com%3E

Apache Groovy™ –a multi-facet programming language for the JVM.
 - Apache Groovy 2.5.0-beta-2 released https://groovy.apache.org/

Apache HTTP Server™ –the world's most popular Web server.
 - Apache HTTP Server 2.4.28 released http://httpd.apache.org/

Apache Impala (incubating) –a high-performance C++ and Java SQL query engine for data stored in Apache Hadoop-based clusters.
 - CVE-2017-9792 Apache Impala (incubating) Information Disclosure http://mail-archives.apache.org/mod_mbox/www-announce/201709.mbox/%3CCAFWiQHYvHUG42bC0EVkxciyR_-uswTW2UZCFQ6o0Q2%2BPGWSi6Q%40mail.gmail.com%3E

Apache Jackrabbit™ –a fully conforming implementation of the Content Repository for Java Technology API (JCR).
 - Apache Jackrabbit 2.8.6 and Jackrabbit Oak 1.7.8 released http://jackrabbit.apache.org/

Apache Juneau (incubating) –a toolkit for marshalling POJOs to a wide variety of content types using a common framework, and for creating sophisticated self-documenting REST interfaces and microservices using very little code.
 - Apache Juneau 6.4.0 (incubating) released http://juneau.incubator.apache.org/

Apache Lucene™ Solr™ –the search server built on Apache Lucene.
 - Apache Solr Reference Guide for 7.0 released https://lucene.apache.org/solr/guide/7_0

Apache NiFi™ –an easy to use, powerful, and reliable system to process and distribute data.
 - Apache NiFi 1.4.0 released https://nifi.apache.org/

Apache OpenNLP™ –a machine learning based toolkit for the processing of natural language text..
 - CVE-2017-12620: Apache OpenNLP XXE vulnerability http://mail-archives.apache.org/mod_mbox/www-announce/201710.mbox/%3CCA%2BV%3DWqjnwc7DCAXMGCBPrgfKJHB0bSP03mrSZ0RJxCin5m6L9Q%40mail.gmail.com%3E

Apache Tomcat™ –an Open Source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and Java Authentication Service Provider Interface for Containers technologies.
 - Apache Tomcat 7.0.82, 8.0.47, 8.5.23, and 9.0.1 released http://tomcat.apache.org/
 - CVE-2017-12617 Apache Tomcat Remote Code Execution via JSP upload http://mail-archives.apache.org/mod_mbox/www-announce/201710.mbox/%3Cf7229e11-5e8d-aa00-ff22-f0a795669010%40apache.org%3E

Apache Wicket™ –an Open Source Java component oriented Web application framework that powers thousands of web applications and Web sites for governments, stores, universities, cities, banks, email providers, and more.
- Apache Wicket 6.8.0 released http://wicket.apache.org

Did You Know?

 - Did you know that the ASF Incubator has mentored new Apache projects and their communities for the past 15 years? http://incubator.apache.org/

 - Did you know that the following Apache projects have anniversaries this month: Xalan and XML Graphics (13 years); MINA and Velocity (11 years); PDFBox (8 years); Thrift (7 years); JMeter (6 years); Cordova, Isis, and OpenOffice (5 years); Chukwa and jclouds (4 years); and Calcite (2 years)? https://projects.apache.org/committees.html?date

 - Did you know that various Apache projects that are seeking assistance are listed at http://helpwanted.apache.org/ ? Help your favorite Apache community!


Apache Community Notices:

 - "Success at Apache" focuses on the processes behind why the ASF "just works". 1) Project Independence https://s.apache.org/CE0V 2) All Carrot and No Stick https://s.apache.org/ykoG 3) Asynchronous Decision Making https://s.apache.org/PMvk4) Rule of the Makers https://s.apache.org/yFgQ 5) JFDI --the unconditional love of contributors https://s.apache.org/4pjM 6) Meritocracy and Me https://s.apache.org/tQQh 7) Learning to Build a Stronger Community https://s.apache.org/x9Be 8) Meritocracy. https://s.apache.org/DiEo 9) Lowering Barriers to Open Innovation https://s.apache.org/dAlg 10) All My Roads Led to Apache https://s.apache.org/l9OO

 - Follow the ASF on social media: @TheASF on Twitter and on LinkedIn at https://www.linkedin.com/company/the-apache-software-foundation (re-tweets/shares/likes most appreciated!)

 - Presentations from ApacheCon https://s.apache.org/Hli7 and Apache: Big Data https://s.apache.org/tefE are available; as well as videos https://s.apache.org/AE3m and audio recordings https://feathercast.apache.org/

 - Do friend and follow us on the Apache Community Facebook page https://www.facebook.com/ApacheSoftwareFoundation/and Twitter account https://twitter.com/ApacheCommunity

 - The list of Apache project-related MeetUps can be found at http://apache.org/events/meetups.html

 - The Apache community will be at All Things Open --stop by the ASF booth and say hello! 23-24 October in Raleigh https://allthingsopen.org/

 - Learn about Apache Atlas, AriaTosca (incubating), Hadoop YARN, Kafka, ManifoldCF, Ranger, Spot (incubating), Thrift, and more at Open Source Summit Europe + ELC Europe 2017 23-26 October in Prague https://osseu17.sched.com/

 - Catch the Apache Ignite and Spark communities at the In-Memory Computing Summit 24-25 October in San Francisco https://imcsummit.org/

 - ASF Quarterly Report: Operations Summary Q1 FY2018 https://s.apache.org/cEUm

 - ASF Annual Report is available at https://s.apache.org/FY2017AnnualReport

 - Find out how you can participate with Apache community/projects/activities --opportunities open with Apache HTTP Server, Avro, ComDev (community development), Directory, Incubator, OODT, POI, Polygene, Syncope, Tika, Trafodion, and more! https://helpwanted.apache.org/

 - Are your software solutions Powered by Apache? Download & use our "Powered By" logos http://www.apache.org/foundation/press/kit/#poweredby

= = =

For real-time updates, sign up for Apache-related news by sending mail to announce-subscribe@apache.org and follow @TheASF on Twitter. For a broader spectrum from the Apache community, https://twitter.com/PlanetApache provides an aggregate of Project activities as well as the personal blogs and tweets of select ASF Committers.

# # #

Tuesday October 03, 2017

Response From The Apache® Software Foundation To Questions From US House Committee On Energy And Commerce Regarding Equifax Data Breach

On 19 September 2017 The Apache® Software Foundation ("ASF") http://apache.org/ was contacted by the US House Committee on Energy and Commerce to answer questions in preparation for their hearing on 3 October regarding the Equifax data breach.

The official response from the ASF follows.

= = =

RESPONSES TO QUESTIONS FROM

US HOUSE COMMITTEE ON ENERGY AND COMMERCE

BACKGROUND:

We think that it is important to provide background about The Apache Software Foundation ("ASF") and its projects as the ASF is very different from conventional for-profit software companies.

The ASF:

 - interacts with the users of its software and provides patches in a different manner than such conventional for-profit software companies;
 - is a not-for-profit foundation qualified under Section 501(c)(3) of the IRS regulations;
 - develops, shepherds, and incubates hundreds of Open Source software projects that are run solely by volunteers, with some Foundation-level operations and services (such as infrastructure, administration, and marketing) provided by paid staff;
 - provides all of its Open Source software free of charge to the public at-large;
 - is financially supported by donations from corporations and  individuals; 
 - is vendor neutral: participation is limited to individuals, irrespective of affiliation or employment status.

Code for Apache projects is written by more than 6,000 volunteer individuals and employees of corporations across six continents and contributed to the ASF at no cost. The ASF maintains records of contributors solely through its list of "contributor license agreements". All individuals who are granted write access to the Apache repositories must submit an Individual Contributor License Agreement (ICLA). Corporations that have assigned employees to work on Apache projects as part of an employment agreement may sign a Corporate CLA (CCLA) for contributing intellectual property via the corporation. The ASF has confirmed that it has not received a CCLA from Equifax, nor has it received code contributions by Equifax employees (although the ASF cannot determine whether an individual contributor is affiliated with Equifax).

Each Apache software project is managed by a Project Management Committee ("PMC"), a self-selected team of active contributors to the project. A PMC guides the project's day-to-day operations, including community development and product releases. The PMC oversees the software development for the projects, including any patches to those projects, which is available for anyone for download from the apache.org website and numerous global mirror sites. Releases of code for Apache
are managed by the PMC, who distinguish between project software releases and patches published to our issue trackers. New releases that include patches are created, voted on by the PMC, and made available for download. The ASF then alerts the community to the patches. Unlike conventional for-profit software companies, the ASF does not provide the patches directly to the users of its software projects.

The ASF does not provide conventional for-profit maintenance contracts or support the way a conventional for-profit software company would because Apache is a charitable organization composed of volunteers. The ASF provides its projects the facility to maintain numerous mailing lists to share with their developer and user communities project-related news and updates, technical discussions, troubleshooting, recommendations, and assistance in an open forum. Some conventional for-profit software companies package software produced by Apache in order to provide more comprehensive support or provide consulting support services.

RESPONSES TO QUESTIONS FROM US HOUSE COMMITTEE ON ENERGY AND COMMERCE:

1) When did the ASF learn of the vulnerability that became CVE-2017-5638?

On 14 February 2017, the Apache Struts PMC first received report of the vulnerability which became CVE-2017-5638. The ASF does not have direct information about whether the CVE-2017-5638  vulnerability caused the Equifax hack.

2) How did the ASF learn of it?

The Apache Struts PMC received a report via its security mailing list from Nike Zheng about the vulnerability. 

3) When did the ASF make a patch available for CVE-2017-5638?

ASF provided a patch for the CVE-2017-5638 bug on 7 March 2017, the same day on which it was reported on its blog. On 7 March 2017, the Apache Struts PMC officially posted an announcement about the vulnerability, along with two Struts releases that fixed it

http://struts.apache.org/announce.html#a20170307
http://struts.apache.org/announce.html#a20170307-2

4) Did the Foundation provide guidance on how the patch/update should be installed (my understanding is that it was a bit more complicated than a traditional patch)?

The patch was released as part of a full release of the Apache Struts project, which means users had to upgrade to the latest version, which is the simplest way of implementing the patch.  The Apache Struts PMC also provided other options, including information about using different implementation of the Multipart parser or filtering out suspicious requests, and other options to implement the patch http://struts.apache.org/docs/s2-045.html . In addition, on 20 March 2017 the Apache Struts PMC released two custom plug-ins to resolve the vulnerability without upgrading to the latest version 
http://struts.apache.org/announce.html#a20170320

5) The ASF's software is all open-source, as we understand it:

Yes: all ASF software projects are provided under the Apache Software License, version 2, an  Open Source Software (OSS) license.

For large organizations like Equifax that rely on Apache’s OSS, do they:

i.      Provide financial assistance, such as donations, to help pay for maintenance of the codebase?

While financial assistance is not required for using ASF software projects, some corporations choose to provide financial assistance through donations.  However the number of companies that provide donations is a very small percentage of the total corporate users of ASF projects.

Donations to ASF go to a general fund and are not targeted for the development, maintenance, or influence of particular projects.

ii.     Provide "volunteers" who help craft/review/patch code?

Some corporations ask that employees contribute to certain projects, but, as noted above, the number of companies that have their employees contribute to ASF projects is a very small percentage of   the users of ASF projects.

iii.    Provide other assistance to help maintain the availability and/or quality of the OSS?

Some corporations provide products, sales, and support services for Apache projects. These organizations have no direct relationship with the ASF. As noted above, the number of companies that have their employees contribute to ASF projects is a very small percentage of the corporate users of ASF projects.

# # #

Monday October 02, 2017

Success at Apache: All My Roads Led to Apache

by Pat Ferrel

I became involved with Apache in 2011. After several years in startups where, as CTO, I felt too removed from building things. Looking for a change, I was keenly aware that the most interesting thing about the startups was our early use of Machine Learning techniques and I wanted to see if building ML solutions, for companies new to the field might not be more satisfying. I started by spending nearly a year in researching the type of applications we had needed in the startups: Natural Language Processing (NLP), text analysis, clustering, and classification. In those days Apache Mahout http://mahout.apache.org/ had several good solutions that were designed for Big Data and approachable by an individual. These ideas seem fairly commonplace now but were in early days only 6 years ago.

Given a great platform to experiment with, I built a web site to advertise expertise in ML but also to showcase many examples from my experiments, including a topic-oriented content site based on clustered and classified text that used NLP to add entities to text. I blogged about things I had learned and techniques that produce results.

Then I got the first contact about a project and it was from a completely unexpected direction: recommenders. Fortunately Apache Mahout then had the state-of-the-art OSS suite of recommenders so I took the consulting job. The company had rolled their own recommender and was selling it as a service but it was old and they wanted to investigate replacing it. 

Welcome to Big Data

The nature of recommenders means you deal with huge amounts of data because you have to track several million people’s actions over years. We had data from a large online retailer and were tasked with using this data to beat the in-house recommender. Specifically they wanted to see if they could improve performance (better results and faster compute times) and get something easier to maintain. 

The first job of a good consultant is to define the problem and outline a path to resolution that fits with the company’s competencies. To me this meant looking at the current system and the expertise of the people working on it. We had Data Scientists and Java Software Developers who knew what it was like to deal with Big Data. They had a highly performant method for gathering data and were quite good at running Apache Hadoop-based analytics. This was seldom the case back then but happily allowed me to look at less turnkey applications and assume the use of important Apache tools.

We agreed on a plan and the basic building blocks including a method for comparing results. I did the research and proposed several candidates for the tests including the Apache Mahout recommenders. It was pretty easy to rank the recommender engines we had and do some exploration of parameter tuning and choices to get our best "challenger" results. The nice thing is that we beat the old threadbare in-house recommender by a significant amount (12%). The winner was the Apache Mahout Cooccurrence Recommender using the Log-Likelihood Ratio as the core cooccurrence metric. This even though we had tested against several Matrix Factorization recommenders, including Mahout's. 

We need something new 

Up till this time I was only a user of Apache projects (discounting a few minor code contributions) but what I found in all recommenders we studied is a fundamental problem that is still mostly unsolved today. We had data from a retailer that included user "buys" but also 100 times more user "views". None of the recommenders could deal with this multimodal data. I consulted the authors and maintainers of the Mahout recommenders and several others we had targeted. We got some suggestions added them to our own ideas and set out to test them. For various reasons, that are beyond the scope of this post, none of the easy solutions helped and actually produced worse results so I had fulfilled the contract and left with a feeling of unfinished business.

One of the mentors of Apache Mahout, Ted Dunning, had suggested a new idea during this time. There was something about it that seemed very intriguing. He had proposed a way to use one type of user behavior to predict another. This was an aha moment for me because it codified intuition. I remember the first time he wrote in email on the Mahout user mailing list the equation that crystallized it all. I began to imagine the implications; all sorts of new data that could be useful, not just "views" but contextual data like location, and enrichment data like tag or category preferences. These all seem to obviously have a bearing on recommendations but now we had a beautiful simple equation to test the intuition.

Becoming a Committer

I set out to hack the Mahout Cooccurrence Recommender to become a Correlated Cross-Occurrence (CCO) recommender. But without some way of testing the algorithm and code we couldn’t be sure it was worth including in Mahout. The datasets publicly available at the time did not have the kind of data we needed (there had been no direct use for it until then) so I scraped the film review site rottentomatoes.com to collect "fresh" and "rotten" reviews of movies. This gave us two different behaviors with very different meanings. Naively you might think, weight one positive and the other negative and so did I but that produced worse results than ignoring the "dislikes". However when I ran cross-validation tests comparing the Mahout Cooccurrence Recommender using likes only, to CCO using both user actions, we got some quite interesting results. The question was: do "dislikes" predict "likes" and when I got 20% lift in predictive precision we could conclude that they do. Not only was intuition right but the new algorithm could tease out the data to make use of it.

The hack was accepted into Mahout Examples and I was invited to become a committer. Then the world changed.

Apache Spark and Mahout-Samsara

When I became a committer Mahout was written on Apache Hadoop MapReduce in Java (as was my hack). But it had also become obvious to most Mahout committers that the future was with much more performant engines like Apache Spark. Committers Dmitriy Lyubimov and Sebastian Schelter had been working on a Spark version of Mahout. In an instant of project time virtually all committers saw this as the future of Mahout, if also a major pivot. 

In retrospect I'm not sure I've ever seen an Apache project change so much in so little time. Today Mahout is deprecating lots of old Hadoop MapReduce code as it falls from use and the new Mahout is truly new. The Mahout subtitle Samsara, references the cycle of life, death, and rebirth in the Hindu tradition. Mahout started as algorithms written specifically for MapReduce, now Mahout-Samsara is a linear algebra DSL in Scala used to roll-your-own algorithms but with most interesting algorithms in very simple DSL-based implementations. Mahout eventually took this transformation even further to include other compute engines like Apache Flink and is now running on GPUs. But I get ahead of things...

Those were exciting times and though I helped with the DSL I remained fixed on implementing CCO, which was first included in Mahout 0.10.0 in October 2014.

PredictionIO

Now we have the CCO algorithm implemented on modern compute engines but several other problems remained in order to actually deploy a recommender. This is because CCO creates a model that needs to be deployed on a special type of server that computes similarity in real time. In Machine Learning terms this is a K-Nearest Neighbors engine, known in concrete terms as Lucene, or it's scalable server derivatives like Solr and Elasticsearch. A turnkey recommender also requires a highly performant massively scalable DB, like HBase. Putting these together we could get a nearly turnkey recommendation server that made use of multimodal real time user behavior. But I didn't see a candidate for all these in Apache and so looked elsewhere. This required an integration project, not Mahout, which integrated with other services but provided none of its own.

I found a project that included everything I needed and was Apache licensed but was run by a small startup called PredictionIO. They had a Machine Learning Server that was a framework for Templates that could implement a wide range of Algorithms. The Server also included nice high-level integrations with Elasticsearch (Lucene server), Spark, and HBase. In May of 2015 I had the first running CCO Server build on Mahout and a whole list of other Apache projects.

Back to Apache

PredictionIO was at the right place to get swept up in a major move to embrace ML/AI by Salesforce Inc. who bought them as part of the Einstein initiative. Since PIO was Apache licensed OSS it was still available and so was the Template I was calling the Universal Recommender. But there was a question now about the future of PIO; what would Salesforce do with it? The old team, that I had worked closely with, wanted to see the project move forward in OSS and Salesforce seemed to agree, but large corporations often have a mixed record in promoting their own OSS projects. In this case Salesforce decided to remove the question by submitting PredictionIO to the Apache Incubator.

The old team was joined by people like me from outside Salesforce to create a project that follows the Apache Way and is free of corporate dominance. I am a committer to PredictionIO, which has three releases under Apache Incubator vigilance and the Universal Recommender is now at v0.6.0, the most popular of PredictionIO Template Algorithms.

With the 3rd release of PIO from Apache we are now in the process of graduation to an Apache Top-Level Project, hatched by the Apache Incubator. I fully expect that we'll be celebrating soon.

Postscript

My journey began with a specific problem to solve. Each step to produce the solution has led back to Apache in one way or another, through mentors, collaboration, use of, and commitment to several projects. But I now have my mature scalable, performant, state-of-the-art nearly turnkey Universal Recommender.  Now we can ingest and get improvements from many types of behavior, enrichment data, and context--using it in real time to serve recommendations subject to robust business rules. My small consulting company ActionML actionml.com now has a powerful tool to solve real problems and we make a living (at least partly) by helping people deploy and tune it for their data.

This is a story of someone single mindedly following a goal over several years. There are many ways to do this in the Software Development world, but not all OSS projects are open to bringing people in. The Apache Software Foundation most certainly is and openly recruits as diverse a group of committers and members as possible. If you want to make a difference and influence the course of an OSS project Apache is a good place to look. Start by getting involved with a project of interest, make contributions, get involved in discussions. If the match is good you'll be invited in as a committer and move on from there. I think of Apache as a do-ocracy, if you do something of value it goes a long way towards being invited in.  

References

Slides describing the CCO Algorithm: https://www.slideshare.net/pferrel/unified-recommender-39986309

IBM DevWorks Post on "Making one thing Predict Another": https://developer.ibm.com/dwblog/2017/mahout-spark-correlated-cross-occurences/

Apache Mahout CCO Implementation: http://mahout.apache.org/users/algorithms/intro-cooccurrence-spark.html

Apache PredictionIO: http://predictionio.incubator.apache.org/

The Universal Recommender Template: http://predictionio.incubator.apache.org/gallery/template-gallery/

Professional Support for the Universal Recommender: http://actionml.com/universal-recommender

# # #

"Success at Apache" focuses on the processes behind why the ASF "just works". 1) Project Independence https://s.apache.org/CE0V 2) All Carrot and No Stick https://s.apache.org/ykoG 3) Asynchronous Decision Making https://s.apache.org/PMvk 4) Rule of the Makers https://s.apache.org/yFgQ 5) JFDI --the unconditional love of contributors https://s.apache.org/4pjM 6) Meritocracy and Me https://s.apache.org/tQQh 7) Learning to Build a Stronger Community https://s.apache.org/x9Be 8) Meritocracy. https://s.apache.org/DiEo 9) Lowering Barriers to Open Innovation https://s.apache.org/dAlg

Calendar

Search

Hot Blogs (today's hits)

Tag Cloud

Categories

Feeds

Links

Navigation