Open Plenary & State of the Feather
Jim Jagielski

Using Audio Technology and Open Content to Reduce Global Illiteracy, Poverty and Disease
Cliff Schmidt

Knowledge is power; but most knowledge is tied up in text. So how do over one billion illiterate adults in the world access knowledge crucial to preventing disease, creating economic opportunity, and defending their political and human rights? During this talk, Cliff will share his observations from Ghana and discuss Literacy Bridge's Talking Book Project.

Introduction to Apache mod_rewrite
Rich Bowen

mod_rewrite is one of the most powerful, and least understood, modules that come with Apache. This talk will introduce you to the process of crafting a rewrite rule, using many examples and common problems. After this session, rewrite rules will be scientific formulae, rather than magical incantations.

Apache HTTP Server Performance Tuning Part 1: Scaling Up
Sander Temme

The Apache HTTP Server powers some of the busiest sites in the world, so when your web site takes off and becomes popular, you're in good hands when you use Apache. This session covers tuning your Apache HTTP Server for performance. Learn to assess how busy your site is at peak moments using monitoring and log analysis tools, and how to reconfigure Apache and the operating system to meet your needs. Finally, we will discuss caching dynamic content with mod_cache.

Lunch Break

Apache HTTP Server Performance Tuning Part 2: Scaling Out
Sander Temme

As your web site grows in popularity, you will get to the point when one server is not enough. You need to add more boxes, and this session discusses several approaches to scaling out. We will cover webserver load balancing, SSL offload and separating application tiers. We will also discuss how to configure the Apache HTTP Server to front Apache Tomcat servers and how to load balance between Tomcat servers. Finally, we will deal with Java VM and database tuning.

Load-balancing with Apache HTTPD 2.2 and later
Erik Abele

When operating modern, high-profile websites based on J2EE or one of the various web frameworks like Rails or Django, a single machine is rarely enough to handle the demand. It usually requires a whole farm of dedicated application servers load-balanced by one or more frontend servers. Learn how to leverage the Apache HTTP server to implement a robust, secure and effective load-balancer to improve response times and to provide automatic failover for your critical services.

Coffee Break

Scaling the download infrastructure with your success
Peter Poeml

When an organization offers files for download, and grows public, infrastructure might need to serve more requests than the single organization can technically handle. One option to scale is using paid services of a content delivery network (CDN). This is often not affordable, especially for Open Source projects. Another way is building up a mirror infrastructore. But choosing an appropriate mirror is often left to the user, and mirrors might be out of date, incomplete, or unreliable. This talk shows how to build a poor man's CDN, using plain mirror servers and a redirecting Apache HTTP server.

Break My Site
Jeremy Quinn

Practical Stress Testing and Tuning of Web Applications. It is best to know before you go live, whether your new site will stand up to the traffic you expect it to receive. There is only so much you can tell about the speed and capacity of a web project from browsing it by hand. This talk offers practical advice, garnered from real-life experience about how to measure and tune the performance of web applications, using free tools like JMeter, the Open Source load-tester from Apache. The talk will cover, planning your tests, setting up the tools, advise on what data to capture, how to interpret it and some of the possibilities for tuning your project.

Hardening Enterprise Apache Installations Against Attacks
Sander Temme

Enterprise installations of Apache are particularly attractive targets for malicious attacks including Denial of Service, defacement, theft of data or service and installation of zombies or viruses. Hardening your deployment against such attacks calls for some special techniques and tactics. Come to this session to learn about attack detection techniques, server protection, secure deployment of multiple servers, configuration of firewall "demilitarized zones" and judicious use of SSL encryption.

Web Intrusion Detection with ModSecurity
Ivan Ristic

Intrusion detection is a well-known network security technique -- it introduces monitoring and correlation devices to networks, enabling administrators to monitor events and detect attacks and anomalies in real-time. Web intrusion detection does the same but it works on the HTTP level, making it suitable to deal with security issues in web applications. This session will start with an overview of web intrusion detection and web application firewalls, discussing where they belong in the overall protection strategy. The second part of the talk will discuss ModSecurity and its capabilities.

Coffee Break

Apache and Steam Engines: the magic of collaborative innovation
Rishab Aiyer Ghosh

The phenomenal success of Apache and other open source software seems incredibly new, even revolutionary. Yet the collaborative creation of knowledge has gone on for as long as humans have been able to communicate. Rishab looks at collaborative model of creativity, from 18th century steam engines to the human genome project and discusses why and how collaborative creativity works. Using data from the FLOSS studies, he shows how this makes free software a continuing source of economic value and innovation around the world.

Lunch Break

Web Application Security With/Despite Web 2.0
Christian Wenz

Web 2.0 took the internet world by storm. Especially attackers welcome the new possibilities created by Ajax, the increased use of JavaScript, opening up applications via web services, and user generated content. This session shows common pitfalls with modern "Web 2.0" applications and help you to avoid becoming the next victim on the ever-growing list. Web security has not changed that much, but web applications have. Come to this (technology-agnostic) session to learn best practices for state-of-the-art websites.

Kerberos and Single Sign-on with HTTP
Joe Orton

Single sign-on is the holy grail of authentication; Kerberos is becoming the industry standard for network authentication. This presentation will look at current solutions for implementing enterpise-wide single sign-on for web sites using Kerberos and the Apache HTTP Server, including the "mod_auth_kerb" module. Some of the problems with these solutions will be discussed, and work on new approaches will be covered.

Coffee Break

Apache Triplesec: Strong (2-factor) Mobile Identity Management
Alex Karasulu

Identity management and security technologies dealing with multifactor authentication to deter phishing scams are in high demand. Triplesec combines the features of an identity management platform along with a strong (2-factor) authentication solution with a mobile key fob that runs on your cell phone. Triplesec is a hybrid server that will allow for 2-factor authentication, SSO, centralized authorization policy management and event auditing for meeting various regulatory standards. Using Triplesec we will show you how to enable 2-factor authentication in your applications using a cost effective mobile token that runs on any J2ME MIDP 1.0 compatible device.

Apache DS: Bringing "lightweight" to ldap development
Emmanuel Lecharny

Apache Directory Server (ApacheDS) is the ideal directory server for developing LDAP aware software. It is often very difficult to reproduce production environments during various phases the software development lifecycle. Embedding ApacheDS into your tests alleviates the pain of having to launch a full LDAP server beside your tests : you get it for free, unit and integration tests are then easy to write and run. This presentation will show you how to use ApacheDS in a development environment, and why it would be a good idea to use it in production as well.

Take Apache Camel for a Ride
Bruce Snyder

The revered Enterprise Integration Patterns (EIP) book and its accompanying website are indispensable for handling integrations, but utilizing these patterns in your own code can be tedious, especially if you have to write the code from scratch every time. Wouldn't it be nice if you had a simple API for these patterns that makes this easier? Enter Apache Camel, a message routing and mediation engine that provides a POJO-based implementation of the EIP patterns and a wonderfully simple Domain Specific Language (DSL) for expressing message routes. This session will introduce and demonstrate the power of Camel. So go on, take a Camel ride!

File system on Steroids – an Introduction to JCR
Jukka Zitting

Need a file system with embedded metadata, full text search, and transaction support? Or a database with hierarchies, flexible schemas, and versioning? Take a look at the JCR standard that gives you a rich hierarchical content model with features like structured and unstructured content, full text search, versioning, transactions, and observation. This presentation introduces you to the JCR API and Apache Jackrabbit, the fully featured Apache implementation of JCR.

Coffee Break

JCR in Action - Content-based Applications with Apache Jackrabbit
Carsten Ziegeler

The Java Content Repository API (JCR) is the ideal solution to store hierarchical structured content and develop content-oriented applications. To demonstrate the basic architecture of such applications, an example content management application will be developed during the session. Basic techniques will be explained including navigation, searching and observations by using the Apache Jackrabbit project.

Lunch Break

Web Services, Orchestration and Apache ODE
Alex Boisvert

Apache ODE is a web service orchestration engine implementing the Business Process Execution Language (BPEL) standard. What's behind this sentence? What exactly is orchestration and what are the benefits? How can it help you develop your applications? And what the BPEL standard is good and bad for? This session will try to answer to all of these questions by showing you how you can easily describe complex processes and transactions using BPEL and how you can leverage your existing software architecture to quickly implement new applications. Doing so, we'll cover multiple design techniques, best practices for BPEL development, integration with REST/WS-* and scripting technologies, as well as discuss pitfalls and anti-patterns.

Lucene/Solr Case Studies
Erik Hatcher

Lucene and Solr are great tools to have in a developer toolbox. Erik has built several applications using Lucene from his own personal blogging system to faceted library navigation system handling millions of records. In this talk Erik will describe these applications, what made their use of Lucene and other technologies unique and interesting, and where these applications are going. The applications discussed: blogscene, lucenebook.com, Rossetti Archive search engine, Collex, and Blacklight. These applications use a variety of other technologies, though all use Lucene, some also using Solr.

Coffee Break

Apache 3.0 (a tall tale)
Roy Fielding

Thirteen years ago, the Apache Group founders finished the first beta release of Apache httpd, having reached the end of their initial pile of small improvements, and began to look forward to a complete rewrite of the server architecture. Suddenly, our forward progress slowed to a trickle, mailing list traffic dropped by two-thirds, and our focus diverged. Today, we face a new chasm, and our past successes have only made it wider and deeper than before. This talk is about the other side.

Closing Plenary & ApacheCon Raffle