Slashdot Mirror
eWeek: Apache 2.0 Trumps IIS
AK47 writes "eWeek has a very positive review of Apache 2.0, entitled "Apache 2.0 Beats IIS at Its Own Game." They recommend the native Apache version on Windows over IIS for production use, citing superior security with no loss in performance."
And if it can run ASP, can it run it 'all the way' -- ie could you take any ASP page and run it from apache?
If it can handle ASP, there could be a lot of changeover. If not, then most 'hard core' M$ shops won't change.
autopr0n is like, down and stuff.
After three years of development, Apache 2.0 (or, more accurately, Version 2.035) has finally been released. Unix users will find plenty to like in Version 2.0, but the biggest impact will be on Windows servers, where Apache can now perform as a production-level Web server.
I would hope no one was using the windows version for the last 3 years, this gives little reason to trash their unix to jump to windows.
Chicago2600.net more than a lifestyle, its a survival trait.
Most places use IIS because they want to use ASP as their scripting language, instead of Perl/PHP. What is the performance like with an ASP parser?
I don't think too many people will switchover, if it means having to rewrite all their ASP code, or if using an ASP parser is slower than using IIS, especially since IIS is free (if you have Windows), whereas the chilisoft asp parser costs money.
I don't know of any other free asp parsers. But, if there were ones that offered comparable performance, I'm sure a lot of people would switch over.
"Knowledge makes us accountable." - Che Guevara
...What a bad article. Starting off by claiming Apache 2 outperforms IIS in their very own tests, yet making not one iota of these alleged "tests" available. Really an artivle like this does a dis-service to Apache and Linux, smacking of evangelism.
Height: 38U, Weight: 0 Newtons, Eyes: #0000FF, OS: Gray Matter 1.0 (Alpha)
The news blurb doesn't go into any detail as to HOW they benchmarked it (for all I know, they might've tested only static web pages and CGI applications)... does anyone know how well it runs ISAPI applications? And is it easy to set up to be able to run ISAPI applications?
(An ISAPI application is basically a DLL files that is loaded into memory and it stays in memory until it was 'halted' by an administrator, thus giving it a protential performance boost over CGI applications. That's the theory, anyway..)
Also, they don't even bother to publish any real results, all they say is "Apache kept pace with IIS during the entire test"..WTF does that mean in reality? Were they using dynamic pages or static? What were the software and hardware configs like? Numbers please?
If this article were the other way around harping IIS over Apache 2.0, most Slashdotters would (rightly in that case too) be ripping it to shreds for being a flimsy piece of shit..Hopefully we can all see it for the garbage it is, even if in the end it supports our (well the majority of us, anyway) favorite web server.
I have read a number of things about IIS6: mostly that it is a from-scratch rewrite, with a particular eye on security. Also you can assume it'll perform pretty well.
.NET Server (or whatever it's called this week) comes out.
So, as much as I would like to see the world dump IIS in general, a lot of shops out there will probably just wait and move to IIS6 when
They know how much is riding on this release. If IIS6 isn't tight, fast, and secure, then people will start jumping ship.
ZOMG I WOULD LOVE TO KNOW ABOUT YOUR FEELINGS ON MACINTOSH VERSUS WINDOWS, VI VERSUS EMACS, AND HOW YOU'RE NOT A DORK
"unfriendly administration interface"
looks to be the only negative thing they could say about it.
In fact, it seems to be the only bad thing I ever hear these days about most open source programs.
What the hell is going on? Do we need to hire some UI consultants from Microsoft or something?
I would have to say quite the opposite about trying to admin an IIS machine, you want to change a simple setting? Expect to spend half an hour navigating menus till you find the setting hidden in some illogical unexpected location. Meanwhile to change the setting on almost any open source software package, just grep the config file(s) and you'll find where the option you want is within a couple of seconds.
That's because you're an "expensive expert", donchaknow.
Christ, let's just give them GUI tools for config files and be done with it. It would ease the transition for a lot of IIS "admins" who would like to take a step up in life but have an inertia/familiarity problem. Settings that have a list of valid options to select from, a "help" button next to each item to help them grok the stuff that IIS has been hidig from them...
Point being, don't let your superiority complex get in the way of an effective conversion effort.
pr0n - keeping monitor glass spotless since 1981.
Dealing with .conf files instead of a GUI interface is an _advantage_ not a disadvantage. If we really needed a GUI frontend for making changes to a conf file there would be a bunch of them floating around. It takes no time to slap one together. In fact, IBM HTTP Server which is a "cutified" apache comes with a web form interface for configuring .conf files. Of course I've never seen anyone use it because it is quicker and easier to edit a text file than dig around in interface panels.
You have to use an OS where a thread is not another process like Solaris or Mac OS X, for Mac OS X you have to use Darwin 6.0(or Mac OS X 10.2)
So, when one of Microsoft's fine products is riddled with security holes, apologists blame the systems admins for not being competent.
When deriding superior, free alternatives, they claim any baboon can administer Microsoft products.
I'm failing to see the value proposition in a range of products which allow idiots to render a business vulnerable to serious damage.
I'm a big fan of Apache too, but this article is a piece of crap. They assert Apache 2.0 is as fast as IIS 5.0 on Windows but offer no benchmarks. They acknowledge that IIS had 10 security alerts this past week but offer no equivalent stat for Apache. (A thousand? Zero?) They don't even acknowledge that moving from IIS to Apache is a potentially career-ending chore. I love good reviews of OSS as much as the rest but this was more of a videobit than an actual article...
It's only unfriendly to a person that cannot grok the advantages of text file based configuration, such as being able to copy the file to a source repository, grep it for keywords, parse it using a regular expression, etc. etc.
In reality a text file configuration is worth a million GUI config tools.
Yeah, the article is weak and has no details whatsover, but the average management schmo has little to no knowledge about how a product works anyway. They read mags like eWeek and base their decisions on just these kinds of articles.
:-D
So drop a copy on his desk with a little note about "same performance, better security." See how nice that sounds.
I think it says something about the state of IT when they consider it
a downside that Apache doesn't have a point-and-click web-based
configuration tool.
The only advantage of such interfaces is that they're friendly to
novices, which is all well and good when you're dealing with a word
processor or e-mail client, but this is a web server. Anyone
who uses one for anything other than a toy needs to be (or to hire) a
skilled professional just to keep the thing running and up to date.
Anyone who finds editing a text file intimidating has no business
administrating any kind of server.
Heck--I wouldn't hire a web administrator who couldn't write
their own point-and-click configuration tool.
Yeah, we forgot, because all their ads were about speed. All the benchmarks they paid for/trotted out were about speed. Apache was about "doing it right, no fast" ... now that IIS isn't as fast, IIS is about "services?"
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
Apache is eons ahead of IIS in terms of usability and reliability, but the big fat problem is that IIS natively runs VBScript/ASP, while Apache does not (and Chilisoft doesn't always cut the mustard). Lots of companies are somewhat locked-in to IIS because of their existing VBScript code which they're not willing to port to PHP or Perl, either because of ignorance or lack of resources (time, money, brains). If we could somehow create a 99.9% functional VBScript parser for Apache, then Apache could swallow up a very large bunch of IIS users in one quick bite.
-Billco, Fnarg.com
A 3am reboot on a public webserver that may be trying to be viewed by people on the other side of the world isn`t a very good solution. I find it VERY irritating when a website i`m trying to read goes down to reboot for 10 minutes or however long. Moreso, if you delay the reboot then you are still vulnerable for those hours until 3am, assuming you stop work at 5pm, that leaves 10 hours for someone to break in and install backdoors, which wont be removed by your update - plenty of time for even the most stupid of scriptkiddies.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Yes a textfile, especially a well commented one like the default shipped with Apache is far easier than a gui. Gui`s work well for relatively simple tasks (eg the controls of a web browser), but when the interface needs to display thousands of possible options it just looks cluttered, and the only way to combat the clutter is to hide the options under sub menus, which destroys the usability aspect. Ofcourse you can search a textfile, how do you find which submenu a particular gui option is under, i have yet to see a gui which you could search for a particular option or an option containing a particular value.
And ofcourse you have more flexibility in configuration files, to type in strange custom configurations that a gui designed would never expect.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
This article is filled with misinformation.
Somehow... the numbers don't add up.
Traditionally, IIS on Windows was the leader of the pack on static web serving, beating Apache on Linux by a factor of about 4.5 to 1, Windows (5500 req/s vs ~1200 req/s). Apache on Windows scrubbed the bottom of the graph at a measly 500 (yes, five hundred) req/s. Now, suddenly, Apache 2 for Windows is beating/matching IIS? That would effectively place it in the lead of every other web server on the market, free and commercial. Yet at the same time Apache for Linux and other Unicies is retaining "approximately the same performance." (~1200 req/s). So, what's the moral of the story here? Everyone running a unix box should throw it out, install a copy of NT or 2k and install Apache and be home free?
Of course not. The attitude of the journalist is evidently anti-MS.
Which would mean, if these numbers were in fact true (I don't remember reading any numbers in the article anyway), that Apache on Windows is about 4.5 times faster than it is on Linux and Unix.
Once again, it doesn't make sense. This guy is tying two granny knots with a loop, and it ain't happenin'.
I'd really like some information on these tests that they ran. What, did they run an ASP database call on IIS and compare it to a print "Hello, world\n"; perl script on Apache? Come on, there is obviously something fishy going on here.
I trust this article like I trust The Register... about as far as I can throw the box it's running on (and that, my geeky friends, is not very far at all).
IIS was faster serving static content, Apache was faster serving dynamic content.
I wouldn't expect IIS 6 to be that much faster. More secure, probably, given the attention that this aspect of the product has received in the past. The central flaw in the app has almost always been in ISAPI filters. Unicode escaping bugs are mildly nasty, but they've seldom been the showstoppers that the buffer overflows in various filters have been.
Also disastrous for them has been the fact that the overflows generally tend to be in the context of the system user (for the unfamiliar, it's a [usually] non interactive account with privledges ABOVE that of the Administrator account [can kill any process, for instance]). I particularly wonder if they'll be able to address this issue with IIS6. I suspect that changing this will have negative consequences for performance (just a guess; I don't have one of those shared source licenses so I could tell for sure).
The ASP.NET web.config files are already XML based; I guess it's nice. There's lots of options, you can tell they're trying to seem like there's more to their server products than simple admin interfaces for morons.
I mean, it'd be nice if ZDNet at least TRIED to hide it's bias against MS and it's agend to ebarass them.
For example, the comment/article about the "10 new security vulnerabilities in IIS!"
What ZDNet fails to tell you, the obvious, is that what MS released was a "Cumulative Patch for IIS" which is all the patches released since IIS 4 was released.
Rather than installing a Win2K server and then having to track down the dozen or so patches, you can just apply this.
There have not been any new vulnerabilities in IIS since May 2001. Almost a year ago!
(Note: there has been a 1 or 2 vulns. found in Index Server and one or two in SMTP, both optional components of IIS, and not related to the web-serving W3SVC portion).
Why does ZDNet lie so flat-out like this?
There's a couple of reasons. First is you don't have to write your own parser. Many fine XML parsers exist and can be plugged into just about any language. Secondly, the idea of XML is to produce well-formed, structurally correct documents. Kind of important for configuration files I think. Sure, you can still screw up the config itself with your Apache front-end program but having to worry about writing the correct format back is one less thing to program around.
While I agree with your accounting analysis... if the place is going to run Win2K servers though, there is no additional cost in running IIS (its part of the OS distro) and so unless they make the switch to an open OS such as Linux, they still have to captialize the OS and server cost. So they get hit twice.
That said, for 90% of places running web servers out there, there are only about a dozen lines in httpd.conf that need to be edited to get the site up and running in a configuration that will suit their needs!
There are also ton's of great application servers that plug right into it (if they aren't bundled to begin with) and only require minor tweeks. If your developers writing the code can't figure this simple stuff out, they shouldn't call themselves developers.
AF-Design, web development.
Everyone is always saying that apache is difficult to configure and that IIS is a piece of cake.
But the true question is: Do you want a lamer that can't read a manual and edit a configfile appropriately, to administer your dear webserver???
I mean I'm not against usability this or that,
but for god's sake. You only have to edit a config file. If the admins are too stupid for that then they shouldn't be administering something...
True or not?