Re: Apache 2.0 Uptake thoughts
> William Rowe wrote... > > ...Ignoring for a moment the 9.13% of Apache servers that don't > reveal their version whatsoever, ang ignorning rounding errors, > 3.57% of the servers out there use some 2.0 version of Apache, > so that 6% of Apache servers (identifying themselves) > run 2.0 as opposed to another version. Question for ya... using the same URI... http://www.securityspace.com/s_survey/sdata/ ...your numbers are not out of line but I don't see how you got all the way to 6 percent. For ALL Servers ( Apache or otherwise )... I get 3.6 pct. using some flavor of 2.x and only 2.36 pct. of Secure Servers. Within the subset 'Servers identified as Apache'... I get 5.4 pct. for ALL Servers and 5.11 for Secure Servers using any flavor of 2.x [snip] Report date: November 1, 2003 * ALL SERVERS Total Servers found: 12,220,278 Total reporting themselves any flavor of "Apache": 7,979,368 Server Name Found Pct. - -- Apache/2.0.40 181671 1.49 Apache/2.0.47 143631 1.18 Apache/2.0.46 030733 0.25 Apache/2.0.45 028823 0.24 Apache/2.0.44 018745 0.15 Apache/2.0.43 017849 0.15 Apache/2.0.39 008280 0.07 Apache/2.0.47 002450 0.02 * <- Apache-AdvancedExtranetServer/2.0.47 Apache/2.0.42 002117 0.02 Apache/2.0.44 001859 0.02 * <- Apache-AdvancedExtranetServer/2.0.44 Apache/2.0.36 001360 0.01 - -- 437518 3.60 3.6 pct. of ALL Servers are using any flavor of Apache 2.x. 5.4 pct. of all "Apache" servers found are using any flavor of Apache 2.x. * SECURE SERVERS Total Secure Servers found: 154,477 Total reporting themselves any flavor of "Apache": 71,541 Server Name Found Pct. - -- Apache/2.0.40 001627 1.05 Apache/2.0.47 000770 0.50 Apache/2.0.46 000306 0.20 Apache/2.0.43 000257 0.17 Apache/2.0.45 000248 0.16 Apache/2.0.44 000198 0.13 Apache/2.0.39 000161 0.10 Apache/2.0.47 51 0.03 * <- Apache-AdvancedExtranetServer/2.0.47 Apache/2.0.42 22 0.01 Apache/2.0.44 17 0.01 * <- Apache-AdvancedExtranetServer/2.0.44 - -- 3657 2.36 2.36 pct. of ALL Secure Servers are using any flavor of Apache 2.x. 5.11 pct. of all "Apache" Secure Servers found are using any flavor of Apache 2.x. [snip] > Personally, I'm pleased by a 6% uptake in a software > application that doesn't have to change till someone > needs the new features, given that we continue > to provide the security patches people need for their > existing 1.3 infrastructure. Well... then I wonder what the percentage of folks is that have NEVER needed the 'new features' and what it will take to EVER get them to upgrade if they haven't already done so? That's obviously ( after almost 2 years of waiting to find out ) the majority of users, by far... and may remain so until... ... forever ??? Don't know. > Of course it will only grow higher if folks trust 2.0 > and can get their problems solved, which the current > dialog in [EMAIL PROTECTED] I hope will help address. Got any comments back in the other thread about any of the following 'suggestions'? - Close 1.3 to ALL patches ( security included ) and finally put the nails in the coffin lid. - Re-open 1.3 for additions, changes, new things, since it's obvious ( by now ) that the majority of Apache users don't even need/want 2.x. - Maintain active development on ALL versions of Apache. Maybe the simple reason a lot of people haven't bothered to go anywhere near Apache 2.0 is that they simply don't realize that 1.3.x is 'dead man walking' as far as this devlist is concerned. If they embrace that horror... maybe the 2.x numbers will JUMP I don't know... an 'annoucement' or something that makes it CLEAR to the average 1.3.x joe that he's now using 'obsolete/unsupported' software? Yours... Kevin Kiley
RE: Apache 2.0 Uptake thoughts
Bill, Thanks for the great link. Here's one for you: http://www.securityspace.com/s_survey/server_graph.html?type=http&domaindir= &month=200310&servbase=YToxOntpOjA7czoxMzoiQXBhY2hlLzEuMy4yNyI7fQ==&serv1=QX BhY2hlLzIuMC40Nw== It's the historical market share of all servers overlaid with 2.0.47 2.0.47 is making progress but you can clearly see that it's taken many years to get any traction. Here's a question for you seeing that your closely related to Covalent where are the Covalent stats for sites running their version of Apache 2.x? How many servers have they shipped? Thanks Peter -Original Message- From: William A. Rowe, Jr. [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2003 1:33 AM To: [EMAIL PROTECTED] Subject: Apache 2.0 Uptake thoughts For those interested in the question of Apache 2.0 uptake, my favorite resource is http://www.securityspace.com/s_survey/data/index.html - where you get gobs of details. The upgrade/downgrade report helps identify if a release was a winner (mostly upgrading to, or through, that version) - or a loser (when you see some significant percentage fall back on earlier releases.) Drill down to Theft and Upgrades, choose Apache, then a specific release, e.g. 2.0.47. Scroll down to the version upgrade/downgrade list. Some of this is going to be random noise - multiple versions working in a distributed farm, pre-adoption testing, or difficulty reconfiguring the server (in the case of 1.3 -> 2.0 transitions.) But notably, 29.4k sites upgraded to .47 in October, and 1k sites backed down. Good retention, it indicates that the 2.0.47 release solved problems. (191 moved forward to 2.0.48-dev, not a bad thing at all.) The server details is also fun, no matter if you are comparing products or very specific releases. Here's where it's interesting. IIS 6.0 has 1.28% of the servers out there, that's about 5 1/3% of all IIS servers deployed. This, with a version that rolls out-of-the-box with specific flavors of the Windows OS. About the same time as IIS 6, Apache 2.0 rolled out. Ignoring for a moment the 9.13% of Apache servers that don't reveal their version whatsoever, ang ignorning rounding errors, 3.57% of the servers out there use some 2.0 version of Apache, so that 6% of Apache servers (identifying themselves) run 2.0 as opposed to another version. Personally, I'm pleased by a 6% uptake in a software application that doesn't have to change till someone needs the new features, given that we continue to provide the security patches people need for their existing 1.3 infrastructure. Of course it will only grow higher if folks trust 2.0 and can get their problems solved, which the current dialog in [EMAIL PROTECTED] I hope will help address. Just statistics to ponder as we approach next week. See you all in Vegas! Bill
Apache 2.0 Uptake thoughts
For those interested in the question of Apache 2.0 uptake, my favorite resource is http://www.securityspace.com/s_survey/data/index.html - where you get gobs of details. The upgrade/downgrade report helps identify if a release was a winner (mostly upgrading to, or through, that version) - or a loser (when you see some significant percentage fall back on earlier releases.) Drill down to Theft and Upgrades, choose Apache, then a specific release, e.g. 2.0.47. Scroll down to the version upgrade/downgrade list. Some of this is going to be random noise - multiple versions working in a distributed farm, pre-adoption testing, or difficulty reconfiguring the server (in the case of 1.3 -> 2.0 transitions.) But notably, 29.4k sites upgraded to .47 in October, and 1k sites backed down. Good retention, it indicates that the 2.0.47 release solved problems. (191 moved forward to 2.0.48-dev, not a bad thing at all.) The server details is also fun, no matter if you are comparing products or very specific releases. Here's where it's interesting. IIS 6.0 has 1.28% of the servers out there, that's about 5 1/3% of all IIS servers deployed. This, with a version that rolls out-of-the-box with specific flavors of the Windows OS. About the same time as IIS 6, Apache 2.0 rolled out. Ignoring for a moment the 9.13% of Apache servers that don't reveal their version whatsoever, ang ignorning rounding errors, 3.57% of the servers out there use some 2.0 version of Apache, so that 6% of Apache servers (identifying themselves) run 2.0 as opposed to another version. Personally, I'm pleased by a 6% uptake in a software application that doesn't have to change till someone needs the new features, given that we continue to provide the security patches people need for their existing 1.3 infrastructure. Of course it will only grow higher if folks trust 2.0 and can get their problems solved, which the current dialog in [EMAIL PROTECTED] I hope will help address. Just statistics to ponder as we approach next week. See you all in Vegas! Bill