Interview with Scott Hawkins, author or “Essential Apache for Web Professionals”

Who is Scott Hawkins?

I’m a computer geek. I’ve been fascinated with computers since my Dad bought me my first one at the age of 12 (it was a Commodore VIC-20 with a whopping 2 Kilobytes of RAM). I studied computer science in college, taught it to bored freshmen for a couple of years, then started working in industry.

At various times I’ve worked as a programmer, a web developer, Unix administrator, and technical writer. I started my industry career as a C/Unix programmer, then gradually got more interested in the systems administration side of the business.

I began writing technical books mostly because I’m also a frustrated novelist. In 1999 I was trying, without much success, to find a publisher for a novel I’d written–sending out query letters to publishers and so forth. (For those of you not familiar with the publishing world, this is roughly the same thing as a community theater actor from Des Moines knocking on the door at MGM and asking if he can star in the next Die Hard movie.)

Then, one day, I was on the Informix web site and I saw a little blurb saying “Writers Wanted.” At first I thought it was some sort of cruel joke, but it turned out that Informix had a deal with Prentice-Hall and was looking for somebody who both a) knew how to string together a sentence and b) was reasonably competent with Informix. That particular book idea never panned out, but I ended up writing the Linux Desk Reference instead. It was successful, and things went from there.

At the moment I’m working as a a Unix / Web administrator at a small company in Atlanta, GA.

How long have you been working with Apache, and how did you get interested in it?

I’ve been working with Apache and Apache-like servers since about 1994-1995. At the time I was working for a small company that was trying to distribute information via an intranet. (We invested a couple of months setting up NCSA httpd to do document distribution.)

I’ve been working with Apache both professionally and personally since it was first released.

In your opinion, where does Apache need the most development at the moment?

There are still a number of modules that haven’t been ported from Apache 1.3 to Apache 2.x. Getting out the biggies like mod_php and mod_jk for 2.x was a big step, but a lot of environments also rely on more obscure modules in addition to the big names. The less-than-complete state of module porting is still a strong disincentive to make the switch.

What was it like writing “Essential Apache for Web Professionals“? How long did it take? Any major difficulties?

Essential Apache for Web Professionals actually went pretty fast. I had written another Apache book the year before, so I had a good idea of what topics needed to be covered and all the details were still fresh in my mind.

In general, though, I would say that writing a technical book is similar to writing twenty or thirty term papers in a row. It can be done, but it’s not really anyone’s idea of a good time.

What advice do you have for people that are considering exchanging IIS for Apache?

I’m quite confident that that is a sound business decision. At the risk of arousing all the Microsoft partisans out there, I’ll reiterate the party line: Apache is faster, more reliable, more secure, and free.

In your opinion, what security measures should Apache administrators deploy?

Running on Apache (as opposed to IIS) is a good first step :^). In all seriousness, it’s not possible to put together a security policy that is exactly right for every environment. The below is a short list of things that are always a good idea:

• a. Don’t run as root
• b. Create directories for any CGI content and allow CGI to be run ONLY from those locations.
• c. Disable telnet and ftp services on your machine and replace with ssh/scp.
• d. Disallow the use of .htaccess files by using the “AllowOverride None” directive.
• e. Make sure someone in your organization is responsible for keeping an eye on security advisories, and upgrading as necessary.

What version of Apache do you prefer, 1.3.x or 2.0.x?

As a programmer, I prefer 2.0. As the name implies, Apache 1.x was in fact fairly patchy. I think 2.0 is an elegant consolidation of the core features, and very well thought-out with regards to future requirements–for instance, they’ve put some real effort into wireless support. I’m also excited about the multithreading refinements, and what that means for the Apache vs. IIS duel.

However, in my day-to-day life I’m still using 1.3. I wouldn’t call it a preference, but my business relies on a number of modules that are only available for 1.3.

What are your future plans? Any exciting new projects?

As it happens, yes. I’m just wrapping up a year-long development effort this week. Myself and a few partners have created a GUI interface to Unix that can be run on the wireless handheld devices. The idea is to give all the pager slaves out there a way to fix Unix problems without staying chained to a terminal.