« SSL Labs APIs now available in Beta | Main | OpenSSL Cookbook 2nd Edition released »

Apache Security: free, ten years later

February 26, 2015

Officially, Apache Security—my first book—came to life in March 2005, when it was published by O'Reilly. But its life started earlier; in May 2004, I left my steady job in a pursuit of a more exciting future. Or perhaps a future in which I'd be spending more time doing what I loved. In retrospective, I wouldn't recommend to anyone to leave their job to write a book, but it worked out for me in the end.

About a week ago, quietly, and ten years after the original publishing date, we set Apache Security free. (You can get it from the Feisty Duck web site.) Although it's been clear for a long time that Apache Security isn't going anywhere, it's only now that its journey is finally complete.

Naturally, I wasn't planning for it to be like this. Soon after the first release I started to compile notes for the second edition. After all, it's only after publishing a book that you start to hear from your readers. Unfortunately, O'Reilly had other ideas and -- a couple of years later -- refused to publish another edition. Although Apache Security did sell pretty well (for a technical book), O'Reilly wanted more. Their decision probably made sense from a business perspective, but that hadn't been my motivation.

To their credit, O'Reilly immediately agreed to return the copyright to the book to me, which would have allowed me to work on the second edition independently from them. But it wasn't to be. Sadly, it took them years to follow through on that promise, by which time it was too late. The world had moved on, and Apache wasn't as interesting as it had been once. I, too, moved onto other subjects.

Today, Apache Security exists largely only as a record of a past time. It's actually still a very useful book, because it teaches concepts that are still valid. Conceptually, there were no significant changes since 2005. However, many of the details (e.g., the configuration directives) are now obsolete. Thus, I'd recommend that you browse it though it, but refer to the official Apache documentation for up-to-date instructions for particular tasks.