Ryan Paul at Ars Technica reports a shocker – Microsoft has signed up as a $100,000 per year sponsor of the Apache Foundation which produces their number one Web server competitor.
Today at the OSCON open source software convention, the Apache Software Foundation (ASF) got an unexpected new sponsor: Microsoft. The Redmond software giant, which will contribute $100,000 annually to the ASF, joins Google and Yahoo as a platinum sponsor of Apache development.
The ASF is a nonprofit group that exerts loose organizational guidance role over a sprawling ecosystem of autonomously managed software projects, including the Apache web server and a host of libraries, frameworks, toolkits, and programs. The culture of the ASF is built upon what they call the "Apache Way," a philosophy of consensus-based collaborative stewardship and volunteerism.
I spoke with Apache Software Foundation (ASF) president Justin Erenkrantz, who views Microsoft’s sponsorship of Apache as a step forward for interoperability. He believes that this move is based on a legitimate desire by Microsoft to foster collaborative development of Apache technologies that implement Microsoft standards. In particular, he points out an ASF project called Apache POI which offers native Java libraries for reading and writing Microsoft Office file formats.
Erenkrantz told me that Microsoft has been moving in this direction for quite some time. The company recently invited several Apache contributors to visit its Redmond headquarters for informal interoperability talks. Microsoft’s recognition of the role that open source software will play in enterprise infrastructure comes directly from the top, he says, and isn’t just confined to rogue elements within the company.
It’s critical to understand two things about our sponsorship of the ASF: what it is, and what it is not.
It is not a move away from IIS as Microsoft’s strategic web server technology. We have invested significantly in refactoring and adding new, state-of-the-art features to IIS, including support for PHP. We will continue to invest in IIS for the long term and are currently under way with development of IIS 8.
It is a strong endorsement of The Apache Way, and opens a new chapter in our relationship with the ASF. We have worked with Apache POI, Apache Axis2, Jakarta, and other projects in the last year, and we will continue our technical support and interoperability testing work for this open source software.
I’m sure there will still be a certain amount of suspicion of Microsoft’s motives but customer demand for interoperability makes strange bedfellows and the lack thereof in Microsoft server products is always a prime competitor talking point.
Over the last week there have been a number of reports of automated SQL injection attacks on Web sites running Microsoft’s flagship IIS Web server. The Washington Post’s Brian Krebs summarizes them nicely in Hundreds of Thousands of Microsoft Web Servers Hacked.
It isn’t entirely clear whether there is actually a vulnerability in IIS or it’s just the usual problem of Web programmers not sanitizing user input, but Microsoft has issued a security advisory (951306) with workarounds.
Update: Microsoft’s Bill Sisk says that the problem is due to poor Web programming practices and not any IIS vulnerability and also that security advisory 951306 is for a different problem.
Microsoft Developer Division General Manager Scott Guthrie today revealed the roadmap for a series of additional Web development products that build on top of last week’s RTM of Visual Studio and .NET FX 3.5. In outline form with liberal quoting from Guthrie, it looks like the following:
The Windows Server Division Weblog heralds the restricted release of the June 2007 Community Technology Preview (CTP) of Windows Server 2008: