Slashdot Mirror

Moderator, do you really think the parent is a troll?

Server share for Windows really is low, and dropping off. Netcraft confirms it.

The question is: as Netcraft counts MySpace accounts as 'Web sites' in its figures, will it now count these 140 million accounts as 'Web sites' also?

If not, whenever you look at Netcraft's figures, don't forget to add 140 million Apache sites to them (not to mention minusing all those GoDaddy parked domains from IIS).

So I suppose they are breaking the law too:

The site of the Austin Independent School District:

http://www.austin.isd.tenet.edu/

What they are running:

http://uptime.netcraft.com/up/graph?site=http%3A%2F%2Fwww.austin.isd.tenet.edu

OS: Linux
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 PHP/5.2.5
Last changed: 10-Dec-2008
IP address: 206.77.0.250
Netblock Owner: Austin Independent School District

Not just PHP...

http://uptime.netcraft.com/up/graph?site=http%3A%2F%2Fwww.austin.isd.tenet.edu

PHP on Linux, perhaps this teacher should quit her job working for a school that hosts their website on illegal software.

It is amazing that people started to think "It is Google or nobody else".

Here, OpenDNS operated, community powered and completely open/free: http://phishtanksitechecker.com/ http://www.phishtank.com/ (supports down to FF 1! and Seamonkey)

In fact, one can even plug phishtank to a terminal browser, the entire API is open.

Also the famous FreeBSD portal :) Netcraft's professional alternative (compared to pure community) http://toolbar.netcraft.com/ Netcraft toolbar.

On Windows, there are way more advanced, payware solutions available which will even do heuristical analysis rather than a simple database comparison. They don't even care which browser or thing you clicked the link on.

It's pretty ironic that a site calling itself "news for nerds" is still in the digital stone age. It wouldn't surprise me if the /. servers are still running Linux Kernel 2.2.x

At least they're still running Apache 1.3. Netcraft confirms it.

Ah yes, that must explain why Apache is doing so terribly in terms of market penetration...

Did I say Apache was doing badly? Hmm, let's see... no, I didn't!

The GP was talking about how some F/OSS products have poorly chosen names. Apache isn't bad at all, but I was pointing out the punny history behind it, and how the Apache developers themselves have tried to get away from it to prevent any chance of mis-perception.

Ah yes, that must explain why Apache is doing so terribly in terms of market penetration...

Most non-technical people have never heard of "patching" and the technical ones all know about Apache.

The GIMP certainly has a stupid name, but I sincerely doubt that it affects its take up anything like as much as the shere existing mindshare of PhotoShop. In fact I'll bet that the GimpShop hack improves its prominence more than a "pure" name change, and I'll bet that most of that is down to the obvious connection with PhotoShop not the sanitization of the user interface.

If anyone running a Linux system simply adopts a self-imposed policy of "I will only install software from the repositories using the package management system" ... then their system is guaranteed to never get malware.
Is that so?

At least they're bright enough to be running Apache on Linux. http://uptime.netcraft.com/up/graph?site=www.change.gov

Running Apache, and probably Linux

Yep, Netcraft confirms it.
http://uptime.netcraft.com/up/graph?site=www.change.gov

But that's only among the subset of browsers with their toolbar installed. If we look at Netcraft's take on the subject, Google is 14 of the top 16 Most-Visited, (Yahoo! #23) Hitwise also counts Google the best. Among my friends, nobody under thirty still uses Yahoo! except those who're still clinging to their fifteen year-old mail accounts, which again, Google does better.

And lastly: http://uptime.netcraft.com/up/today/top.avg.html IIS is number two overall, behind freeBSD. Must not be that insecure.

So a you are calling a website running on Windows Server 2003 that hasn't been update for 4.5 years, and thus has missed out on both Service Packs "secure"?

Actually, it's been declining since 1996.

Microsoft had a terrible track record on security. So, using that reasoning, can I use pre-OS X (or, pre-OS X 10.2 for that matter) examples to justify my point? In fairness, I look at MS track record post XP SP2.

Maintaining security on Windows still takes a lot more effort than doing so on OS X or Linux. The primary reason most people I know who abandoned Windows made the switch was that they were fed up with keeping malware out of their Windows OS... Another common reason is that, ergonomically, Windows just plain sucks. It sucked back in 1995 when the current desktop environment first appeared and it still sucks today some 14 years later if only because it has hardly changed.

And lastly: http://uptime.netcraft.com/up/today/top.avg.html IIS is number two overall, behind freeBSD. Must not be that insecure.

On that list those two IIS servers are blimps in an ocean of Apache servers. One is almost tempted to write them off as statistical anomalies :-D

Yeah, I've heard this fallacy before. Are you going to tell me that the Unix that "runs" the internet in anyway resembles the Unix that runs OS X? OS X is a hybrid kernel to begin with, so that's strike one. Strike two, it's Unix with an entire desktop stack on top of it, which is where the majority of your exploits are introduced.

It's not a "fallacy" just because you can't refute it. Yes, the UNIX that runs Internet servers around the world resembles Darwin, which is a UNIX-certified operating system using a FreeBSD/Mach core. Second, that UNIX security foundation permeates to the rest of the system because the desktop layer relies on much of those services. In addition, OS X has always been multi-user from the start, unlike Win32 which, last I checked, was still vulnerable to a hilarious window messaging exploit until just a couple of years ago when Vista came out. Vista is NT with the old 9x Win32 desktop system grafted onto it. Until Vista came out, Windows was still setting people up with admin accounts by default.

Microsoft had a terrible track record on security. So, using that reasoning, can I use pre-OS X (or, pre-OS X 10.2 for that matter) examples to justify my point? In fairness, I look at MS track record post XP SP2.

If you want to selectively bias your data, go ahead. This doesn't even have anything to do with the topic of the argument, which was that lack of popularity is why OS X hasn't had Microsoft's miserable security track record. If you want to look at today, how about comparing how many exploits Microsoft patches every Patch Tuesday compared to what Apple puts out in Software Update?

Desktop software and Server software are entirely different beasts, and you're comparing them apples-to-apples. For one, a server is usually administered by a professional, which is certainly not the case with Desktops. Secondly, the number of desktop computers running Windows far outnumbers the amount of servers running any operating system. And lastly: http://uptime.netcraft.com/up/today/top.avg.html IIS is number two overall, behind freeBSD. Must not be that insecure.

I see, so when I refute your argument that being more popular increases your number of exploits, suddenly there's another caveat. First you only wanted to look at data post-SP2, and now you want to make distinctions between desktops and servers. And then you cite one single IIS server, ignoring the countless IIS servers that have gotten 0wned (including the military's website, which ended up switching to OS X!).

The facts remain that:
1.) OS X is built on Darwin, a UNIX operating system. That means UNIX security ideas permeate through the system upward.
2.) Popularity doesn't automatically mean your software gets exploited more, because Apache has a better security track record than IIS.
3.) When these issues are brought up, you invent caveats to avoid refuting them. Somehow, one single IIS server means all the exploits over the years never happened.

UNIX runs the Internet, so I suspect OS X has the more scrutinized foundation.

Yeah, I've heard this fallacy before. Are you going to tell me that the Unix that "runs" the internet in anyway resembles the Unix that runs OS X? OS X is a hybrid kernel to begin with, so that's strike one. Strike two, it's Unix with an entire desktop stack on top of it, which is where the majority of your exploits are introduced.

Simply blaming popularity for Windows' myriad of problems over the years compared to OS X ignores that Win32 began as a single-user subsystem and that Microsoft ignored the Internet until 1998.

Microsoft had a terrible track record on security. So, using that reasoning, can I use pre-OS X (or, pre-OS X 10.2 for that matter) examples to justify my point? In fairness, I look at MS track record post XP SP2.

Another counterargument is that Apache has higher market share than IIS, yet IIS has had more security flaws over the years. By your reasoning, Apache should be the one with more flaws.

Desktop software and Server software are entirely different beasts, and you're comparing them apples-to-apples. For one, a server is usually administered by a professional, which is certainly not the case with Desktops. Secondly, the number of desktop computers running Windows far outnumbers the amount of servers running any operating system. And lastly: http://uptime.netcraft.com/up/today/top.avg.html IIS is number two overall, behind freeBSD. Must not be that insecure.

and before you start ranting about windows is a poor web platform http://uptime.netcraft.com/up/today/top.avg.html.

Your theory appears to be that Windows is a good web platform, because on netcraft, 2 out of the top 50 sites by uptime are running Windows. Wouldn't the goodness of a web platform depend on a whole bunch of things, only one of which would be uptime? And uptime would be less important than things like availability and ease of installing software. And most importantly, whether the machine has a blue or green LED for the power light. Obviously machines with blue power LEDs suck, but machines with green LEDs rock! And Windows web servers always have blue LEDs for power lights! Windows sucks and always will. They don't even know how to write drivers for green LEDs.

and before you start ranting about windows is a poor web platform http://uptime.netcraft.com/up/today/top.avg.html.

Nope. They are running Apache 2.2.3 on Debian. ***

Actually, I think it's good for news organizations to report proactively instead of waiting for what they know is going to happen and then just interviewing a bunch of victims. Getting information out there now may prevent some scams from working.

Anyway, I would think twice about sending money to a charity with a site on Road Runner:

http://toolbar.netcraft.com/stats/hosters

In addition to Silverlight, DemConvention.com uses Redhat: searchdns.netcraft.com/?position=limited&host=www.demconvention.com

And it runs on SilverStripe open source CMS/framework, which requires PHP, MySQL, Apache.... (Just do a view-source of the homepage, or check out silverstripe.com/powering-4-days-of-political-history-dnc-2008/)

Source of demconvention.com has: <meta name="generator" http-equiv="generator" content="SilverStripe 2.0 - http://www.silverstripe.com/" />

And then ask yourself, "Movenetworks, the site that issues this silverlight player for download, what is it running? "

Hey, this is fun! Very little dogfood here.

Well it's not running BSD but is probably running redhat at level 3 communications.

http://toolbar.netcraft.com/site_report?url=http://www.demconvention.com

And do a view-source of www.demconvention.com homepage; it is powered by the SilverStripe open source CMS.

http://www.silverstripe.com

Wrong server. Try this one.

Netcraft confirms it.

I can't believe you guys didn't notice this yet. You're slipping.

You should be able to do both with ogg theora. GNU/Linux has done streaming media well for ages. If you don't believe me contemplate the flexibility of MythTV front and back ends.

They are, at least bright enough to use Apache (Red Hat).

NBCOlympics.com doesn't support linux for their videos.

The Olympics, it seems, is not without a sense of irony.

netcraft confirms! it does run on linux

http://uptime.netcraft.com/up/graph?site=dipity.com

1. Think up idea for a sequel to a popular first-person shooter game based on a popular selling title from the early 90s.
2. Spend ten years millions of dollars on its develop, and change your graphics engine 10 times prior to release.
3. During this time, hype up the game in every major gaming rag, and on every major website and blog on the internet. Don't forget to tell Slashdot and Netcraft.
4. ???
5. Profit!

4. Usage of IIS has been increasing dramatically since March 2006. Usage of the Apache HTTP Server has declined significantly beginning in that same month. Netcraft provides these statistics here: http://news.netcraft.com/archives/2008/06/22/june_2008_web_server_survey.html

As Mark Twain said 'There are three kinds of lies: lies, damned lies, and statistics.' These stats are INCREDIBLY slanted as Microsoft paid several domain parkers to move to IIS thus making it look like alot of people use IIS when in fact they do not. Also, they forked their stats: Googles web server is actually a custom build of Apache (not for resale), lighttpd is a custom build of apache as well. Add these stats back in, take into consideration that Microsoft paid off domain parkers and you actually get a stat more like this.

and to quote from your own link: "While those parked domains were a major factor in Microsoft's gains, Windows also saw solid growth in active sites, hostnames that contain content and likely to represent developed web sites."

Why stop at 2006?

Microsoft's IIS web server grows by 2 million sites, boosting market share by 0.36%, [to 35%] but Apache remains in the lead with a total of 49.1%.
June 2008 Web Server Survey

And if you Google around (you do know Google?)

Yes I know Google.

But why should I have to fact-check every post? Without so much as a starting point to begin?

Well, geez, we're talking about Netcraft, and it is right there in the Netcraft announcements:

http://news.netcraft.com/archives/2006/06/04/june_2006_web_server_survey.html

And if you Google around (you do know Google?), you'll see that places like GoDaddy are refusing to deny that Microsoft paid them for this.

Actually, it's misnamed. It should be called "Active Sites", not Active Servers. You can see this by looking at the table above it that is in fact labled "Active Sites" and notice the numbers are the same. The methodology does not count market share, it counts hostnames that have "unique content", ie are not parking or squatting sites. This is no more accurate than the full survey, it just makes an attempt to filter out parking.

Their methodology is here: http://www.netcraft.com/survey/index-200007.html#active

If you're referring to this chart:

http://news.netcraft.com/archives/2008/07/07/july_2008_web_server_survey.html

It also says that Google owns 6% of all servers on the Internet-- 10,468,720 domains. Somehow I doubt that's reliable data.

Usage of IIS has been increasing dramatically since March 2006. Usage of the Apache HTTP Server has declined significantly beginning in that same month

Nice try, troll.
According to the page you linked, Apaches usage has actually increased, as has IIS. Admittedly, Apaches market share has gone down, but that's not what you said. There are still 8.5 million more Apache servers (serving 24 million more sites according to Netcraft) than IIS.
Totals for Active Servers Across All Domains
June 2000 - June 2008

Not to mention that as the largest single OS vendor, Microsofts market share is bound to grow, as their users start discovering the internet. Apache users are largely self selecting in this respect.

This will definitely not happen, and here is why.

1. Microsoft has invested far too much time and far too many dollars into making Internet Information Services (IIS) what it is today.
2. Independent Software Vendors (ISVs) have invested far too much time and far too many dollars into making modules for IIS. Several ISVs have built their entire business around providing these modules for cost.
3. Many of Microsoft's own products, such as Exchange Server 2007, Office SharePoint Server 2007, Office Project Server 2007, and more, have been built around the IIS architecture. Changing to a different back-end server architecture would cost Microsoft financially.
4. Usage of IIS has been increasing dramatically since March 2006. Usage of the Apache HTTP Server has declined significantly beginning in that same month. Netcraft provides these statistics here: http://news.netcraft.com/archives/2008/06/22/june_2008_web_server_survey.html

When you start a campaign about how great your current OS offering is, make sure it runs some sort of your offerings.

http://toolbar.netcraft.com/site_report?url=http://www.mojaveexperiment.com

72.47.200.149 Linux Apache/2.2.3 CentOS 27-Jul-2008

Linux not being in the uptime listings is not because all those Linux machines are crashing, but because of the method used in Linux to measure uptime. In fact, NetCraft even has a FAQ on this here. It's pretty much common knowledge at this point that Linux servers have better uptimes than Windows servers, and that BSD rules the roost (and that absolutely every VAX machine that ever booted VMS is still running!).

That said, .Net is brilliant, and really makes complicated programming accessible to idiots (you can argue about whether this is a good thing or not!). For me, it comes down to "do I spend the cash on keeping Windows Server licenses up to date, keeping SQL server licenses, keeping techs paid to do the routine Windows maintenance, etc, but get away with hiring a cheaper, less skilled programmer" or "do I lay out more cash on a better programmer who can handle developing under Linux, but save the costs of licenses, (some) maintenance, etc"? The decision depends on the situation.

windows servers are very reliable, netcraft confirms it http://uptime.netcraft.com/up/today/top.avg.html. in fact linux isn't even in the top 50. put THAT in your pipe and smoke it

windows is also by far the easiest platform to develop for. .net is a brillant product, sql server is also brillant to use and compared to oracle it's cheap as chips. it also comes with tools like reporting services which OSS simply has no answer to.

i've developed under BSD and windows for years, and windows has by far had better tools for the last 3 years. i just get the feeling you don't know what your talking about....

FreeBSD is doing wonders. It's secure, stable, and open source. Did you forget about Release 7? You are comparing the wrong operating systems completely. http://news.netcraft.com/archives/2008/07/07/aplusnet_is_the_most_reliable_hosting_company_site_in_june_2008.html
It you spoke in sarcasm, then make sure you make it a little more obvious next time

1) SSL certificates do get issued to phishing sites
2) Some banks have login forms on un-encrypted pages

see: http://news.netcraft.com/archives/2005/12/28/more_than_450_phishing_attacks_used_ssl_in_2005.html and http://it.slashdot.org/article.pl?sid=06/02/13/2143251

Lools IIS can't hold its own

Haha! That's funny and insightful!

Oh, wait.
The term "slashdotted" has become ubiquitous with smashing a webserver due to high traffic.
Most webservers are *nix based (though admittedly IIS is gaining ground).
Hm. Nevermind.

You are an idiot, John Marriot, but that has nothing to do with Slashdot now does it?

That shit is all you, John the Bartender Marriot. What's M$ paying you to stink up the place like that?

Heh, he's right:

http://uptime.netcraft.com/up/performance?mode_u=off&errors=0&explain=0&mode_p=on&by=collector&mode_w=off&sd=0&site=www.sun.com&site1=&sample=2&submit=Examine&range=5d&maxy=0

...is the they run Windows Server 2003!
Oh the humanity!
But they do run Apache 2, so at least their opensource site is using some opensource software.
Well, they're hosting provider does anyway.
http://uptime.netcraft.com/up/graph?site=opensource.scouting.org

Did you fail reading comprehension?

No.

Are you capable of reading and understanding atleast the title of the page that I linked to?

Yes.

It's really hard to discuss things with someone that's either mentally impaired or intentionally acting dumb.

I agree that conversing with you is difficult. Acknowledging your problem is the first step to fixing it. :)

Shit joke, but how did you expect me to react (rhetorical question).

About the Netcraft vs. SecuritySpace stats: Netcraft base their server survey on what server software runs a domain, subdomain or any other thing arbitrarily defined as a 'site': This includes live.com profiles, myspace.com profiles and blogger.com sites. I have searched for the document on netcraft.com that confirms this, but it has disappeared. This is reasonably common knowledge though: see this Slashdot post and this Web Server Survey from last year.

SecuritySpace, on the other hand, counts physical servers. There are problems with this approach, but physical servers were what we were discussing.

Additionally, I wouldn't describe Netcraft's figures as accurate. They have been gamed by Microsoft: Firstly by the deal with GoDaddy, which caused the first jump in favour of IIS and GoDaddy's subsequent purchase of RegisterFly, which caused the second.

Also note the absence of Facebook profiles as sites, it's a closed community so cannot be counted, skewing the results in favour of Microsoft again.

This morning I was wondering what has happened with Darklyrics.com

Turns out they were hosted on ThePlanet!

http://toolbar.netcraft.com/site_report?url=http://www.darklyrics.com