Microsoft Releases IIS FastCGI Module

Marcy writes "Microsoft has just announced the final release of the IIS FastCGI module for IIS 5.1 (XP), 6 (2003), and 7 (2008). This FastCGI module was built with collaboration from Zend, the creators of PHP, and is intended to solve the CGI on Windows problem." It's free as in beer.

Problem?

[Gabest]

So, what is the "CGI on Windows" problem? I've used php with iis before, cgi and isapi mode both. WAMP still beats them anyway.

Re:Problem?

[Saint+Stephen]

"Forking" (launching) a process is much more expensive on Windows than it is on Linux. Windows NT is architected after VMS (in part because of Dave Cutler). Processes are expensive on windows.

Re:Problem?

[gbjbaanb]

Its kind of a fallacy that 'forking' processes on Windows is significantly more expensive than forking them on Linux. I think it is somewhat more expensive, but that doesn't alter the fact that forking processes on linux is still expensive in the first place.

So, we needed ways to make things go faster - mod_php for example, that ran php scripts inside an apache process, but you still had to fork the apache process for each web request because of many thread-safety issues in php modules. This was also a security problem because every php script ran as the apache user. So the next idea was to start an apache process for each client and re-use it until that client disconnected (and stayed disconnected). This is the fastCGI approach.

With windows, you had 2 ways of running PHP scipts: as a CGI application (slow due to new processes all the time), and as an ISAPI (think of this as the equivalent of mod_php) module. The ISAPI one worked but you had the thread-safety issues of PHP to contend with (just like on Apache 2 that doesn't spawn worker processes).

In summary: nothing much to see, someone's just released fastCGI for IIS now so you have the same configuration options for IIS as you have for Apache.

Re:Problem?

[EvanED]

I think it is somewhat more expensive...

It's a lot more expensive. Some numbers MSR came up with while working on their research OS Singularity put process creation on Linux at ~700,000 cycles, just over 1 million on FreeBSD, and just under 5.4 million cycles on XP. Here's one source; slide 23.

I'm not arguing against your main point; I'm just pointing out that there is actually a huge difference between process creation time on the different systems.

Re:Problem?

[FooBarWidget]

Windows doesn't even support forking. You can start new processes, but forking the existing process is impossible. Even things like Cygwin only emulate it with threads.

Re:Problem?

"architected" is not a word, since "architect" is not a verb

Re:Problem?

[A+nonymous+Coward]

"architected" is not a word, since "architect" is not a verb

A. You're wrong. English is a living language. Any word that people understand as a verb is a verb. You understood what was written, therefore you are lying.

B. Your conclusion ("architected" is not a word) does not automatically follow from your premise (since "architect" is not a verb). Your logic is not logical.

C. Any grammer nazi who does not capitalize the first word in a sentence is a hypocrite.

D. Any grammar nazi who does not end sentences with a period is a hypocrite.

E. Any grammar nazi who complains that the "nazi" in "grammar nazi" should be capitalized does not understand how words can be used in a generic sense and thus no longer be proper names.

F. Grammar nazis suck.

Re:Problem?

[Karellen]

Even things like Cygwin only emulate [fork() on Windows] with threads.

Sorry, but that's bollocks.

Cygwin fork() does create a new process. It calls CreateProcess() and then copies the current process into the new one. See the relevant Cygwin API FAQ for a full explanation.

Re:Problem?

[Karellen]

Doh. the relevant API FAQ.

Re:Problem?

[bytesex]

A. There is a difference between spoken and written language. Spoken language can indeed mutate as we go along; written language changes by (written) decree. This is what the 'living language' apologists usually forget.
B. - F. The rest of your points have no real bearing to the point at hand.

Re:Problem?

[plague3106]

Is it the same on Win2k3 Server?

Re:Problem?

[TheDreadSlashdotterD]

This is a web forum. Formal language rules need not apply. It's like speaking with characters.

Re:Problem?

[A+nonymous+Coward]

I don't know where you get such a laughable idea, that written language changes by written decree. If that were the case, we'd get new slang from the written dictionary which would come from written articles, not the other way round. Written and spoken language drive each other. Language is language. Spoken or written makes no difference as to how it evolves.

Re:Problem?

[Penguinisto]

Is it the same on Win2k3 Server?

Probably higher, considering the layers of security checks and "reducing the threat surface" whatnot which MSFT applied to IIS for Windows 2003 Server.

/P

Re:Problem?

[gbjbaanb]

I didn't realise it was that larger, but CPU cycles doesn't tell the whole story. On a 1.8Ghz CPU, that's... 0.03 seconds on Windows.

Still, if only PHP could fix their threading issues in their modules, it'd make sense to run scripts in worker threads (using Apache 2, of course) and Linux webservers would appear to run faster.

Re:Problem?

Forking is extremely cheap on linux. A linux fork is less expensive than a windows nt thread. mod_ stuff exists on linux to go even faster, not because forking is slow.

Re:Problem?

[Foolhardy]

Win32 doesn't support forking, but the NT kernel does. For that matter, by far most of the expense of starting a Win32 process on Windows is due to Win32 subsystem overhead, including compatibility database lookups, not the kernel. SFU processes (that belong to the POSIX subsystem) and native processes (that belong to no subsystem) are MUCH cheaper, and incidentally support true kernel level copy-on-write fork.

Cygwin doesn't use the kernel's fork support because Cygwin is built upon on Win32. SFU can because it runs parallel to Win32.

Re:Problem?

[rabtech]

"Forking" (launching) a process is much more expensive on Windows than it is on Linux. Windows NT is architected after VMS (in part because of Dave Cutler). Processes are expensive on windows. This is true because Windows and the Win32 require threads and assume they exist; if you want to spin-off a lightweight operation you kick up a new thread. Although most Unix systems have OS threads these days that wasn't always the case - processes were the word of the day for a long time and still are in some ways.

Re:Problem?

and just under 5.4 million cycles on XP.

XP is not a server OS. Let's try comparing it in Windows Server 2003, m'kay?

Re:Problem?

[PitaBred]

And if you have, say, 100 visitors at the same time? That's 3 seconds just to start the processes, much less actually run anything. It's multiplicative ;)

Re:Problem?

Even in a world in which threads exist, forking can be more robust if you don't need a shared memory space. If my server decides to run a CGI script in another thread, and the script crashes, well, it's just crashed my server.

Really, in my view, it's just that someone at Microsoft (or DEC?) couldn't be bothered to implement copy-on-write paging. :-)

Re:Problem?

[EvanED]

I didn't do the comparison, m'kay?

Besides, XP and Server 2003 have the same architecture and use almost the same kernel. Server 2003 could start processes four times faster than XP (what I suspect is a very liberal assumption) and it would still be almost twice as slow as Linux.

Re:Problem?

This is why THREADS are in use on Windows so much, vs. forking an ENTIRELY NEW PROCESS, from the parent one. Thread uaage costs much less than forking an entirely diff. worker process (child) off the parent process.

Re:Problem?

I think a better argument that supports his claim is that written language often conforms to certain standards. If this weren't the case, you wouldn't see people writing in Classical Latin in time periods when nobody spoke with case markers.

Of course, this point too breaks down and starts to resemble yours when you add in the fact that spoken language also has a certain degree standardization. If I went around speaking in my own private dialect (maybe I went around calling people "y'all"), people might have difficulty understanding me, and so we standardize our speech for a general audience when speaking with the larger population.

Re:Problem?

[localman]

fork the apache process for each web request

Wait... under apache mod_php you don't reuse the forked child to handle mutliple requests? I assumed you did because that's what mod_perl does.

Crazy, if I'm understanding correctly!

Re:Problem?

D. Any grammar nazi who does not end sentences with a full stop is a hypocrite.

There fixed it for you. --- Kind Regards, Grammar nazi.

Re:Problem?

[Pollardito]

"architected" is not a word, since "architect" is not a verb

A. You're wrong. English is a living language. Any word that people understand as a verb is a verb. You understood what was written, therefore you are lying. who knew that George Bush posted on Slashdot?

Re:Problem?

[gbjbaanb]

I was dumbing it down a little for easier understanding. In Apache, using mod_php (like mod_perl too), you fork a heap of processes and reuse them. But you only ever have 1 client running on each process. In apache 2 (not in worker MPM mode) I believe you'd run the php sessions in a single process.

Re:Problem?

[beckerist]

Windows NT is archityped? architectured? ... how about "was built?"

Re:Problem?

[plague3106]

But you have nothing to back up your guess at all, do you? Much of reducing the threat surface had to do with disabling features by default, not adding more security checks. IIS 7 may be another story though.. but IIS 6 I seriously doubt.

Ah well, at least you got a +3 for posting something as a statement even if you can't back it up.

Re:Problem?

[Penguinisto]

I didn't mean to hurt your feelings or anything - There's a good reason why I qualified it as "probably" as opposed to "definitely". If such follies as UAC in Vista is any indication (and that's just the tip of one very bloated iceberg), it's a pretty solid bet that MSFT simply tacked on more cycle-eating code to prevent break-ins.

In either case, don't complain to me - complain to Microsoft's marketing department, who went well out of their way to push that perception back when Windows Server 2003 launched (well, it came in second - right after the bazillion demonstrations showing how easy they made it to migrate for all the holdouts still using Windows NT 4.0).

/P

Re:Problem?

[EvanED]

Exactly. Unix is built around the process model, where forking is common. People do things with the command line a ton, piping output between programs, so process creation time is more important there than under a typical Windows workload, where programs tend to do more. (I'm not trying to place a value judgment on this; each approach has advantages and disadvantages. I tend to think that the Unix approach is better for command line manipulation, and the Windows approach of monolithic processes are better if you're using a GUI.) This means that different tasks are more tightly bound on Windows than they are on Unix, and a shared-memory approach is perhaps more natural for such things if the interaction is higher.

I would have been very interested to see the Windows thread creation time on there as well. I thought the same thing when I first saw the numbers.

Re:Problem?

[Haeleth]

Mod parent up dammit. Interesting AC posts need more love.

I think a better argument that supports his claim is that written language often conforms to certain standards. If this weren't the case, you wouldn't see people writing in Classical Latin in time periods when nobody spoke with case markers.

The Latin example is problematic, because it comes from a time before mass literacy and when writing materials were either inherently temporary (wax tablets) or extremely expensive (parchment). This means that the writing that has survived is inherently more likely to be in a formal register, since informal writing would not have been done on permanent materials, and since the writers -- aware that living languages had regional differences and were changing with time -- deliberately chose a classical form of the language that was the same everywhere and likely to remain the same forever.

Conversely, the reason people first chose to write in English was very deliberately to use the current language of the common people, and that has by and large continued to be a goal, so English writing has always been more likely to conform to the usage of the day than to any literary standard. Read any great author and you will, I strongly suspect, find that their writing is sprinkled with usages that grammar nazis deplore; there are whole books dedicated to pointing out "mistakes" made by great authors.

It is very important not to create a false dichotomy here, by the way. The fact that language is living and evolving does not mean that it does not have rules, and it does not mean that there's no such thing as a grammatical mistake. It merely means that the rules that were true 10 years ago may not be true today, and that the rules that grammar nazis hold dear (particularly regarding things like sentence-final prepositions, sentence-initial conjuncitons, split infinitives, and so forth) are likely to be arbitrary constructs that do not bear any relation to the language as spoken and written by real people.

Re:Problem?

Apologize! You called his baby, UGLY!

Re:Problem?

Go away little kiddie. This is not a Linux vs. Windows thing, it's a UNIX concurrency model (in common with all UNIX's, not just the one you like to have religious wars over) vs. VMS/Windows concurrency model. And it's not even possible for fork to be less expensive than a Windows thread, or any other comparative relationship because they aren't comparable: fork is to Win32's CreateThread as processes are to threads. To use a car analogy, in a race would my starter be faster than your car? It doesn't make sense. If you actually understood any of this, or things like what fork does and the difference between processes and threads, you'd know that it really isn't possible for an OS to create a process faster than a thread. Forking is slow, but everything's relative. It's faster than Windows' CreateProcess. It's slower than multiplexing (not creating a new execution context at all). Stay in school, kid.

Re:Problem?

[functor0]

If you read the cygwin mailing list archives (http://sourceware.org/ml/cygwin/2002-04/msg01071.html) it looks like you can on Windows NT/XP. However, it doesn't sound like they went through the trouble to figure out why their implementation was actually slower because it wasn't compatible with Win95.

Re:Problem?

[plague3106]

I didn't mean to hurt your feelings or anything - There's a good reason why I qualified it as "probably" as opposed to "definitely".

Didn't hurt my feelings; even probably implies that you have good reason to believe something. Good reason, not "well this is how I view things." I'm just sick of /. modding up any crap someone tosses out on /. as it if were true. Bash MS, you get karma it seems, regardless of facts.

If such follies as UAC in Vista is any indication (and that's just the tip of one very bloated iceberg), it's a pretty solid bet that MSFT simply tacked on more cycle-eating code to prevent break-ins.

And this has exactly what to do with Win2003 server? I can see you haven't actually used the product, so perhaps you should not comment on it with speculation. The OP posted some benchmarks at least. I at least work with Server 2003 everyday. Did you even check out the Server 2008 beta to see if this "safe bet" is as safe as you think?

In either case, don't complain to me - complain to Microsoft's marketing department, who went well out of their way to push that perception back when Windows Server 2003 launched (well, it came in second - right after the bazillion demonstrations showing how easy they made it to migrate for all the holdouts still using Windows NT 4.0).

Don't blame you for throwing out some statement for which you really have no basis in fact? I requested fact, you came back with your bias perceptions. Ya, I think I can blame you for that.

Re:Problem?

[Henkc]

Good point. Too many people think of web servers as if they're only serving their mommy's baby photos. Starting/forking procs on *busy* web servers is a major issue and can kill a server. Ask anyone who hosts more than his mommy's baby photos.

Why bother?

[FictionPimp]

What's wrong with apache?

Re:Why bother?

[EveryNickIsTaken]

Oh, come on. Every Windows admin needs excitement! And when I say excitement, I mean the fun of dealing with the buggiest, most backdoor-filled MS software ever created. IIS has at least provided thousands of A+ techs with job security.

Re:Why bother?

[El+Lobo]

The only problem is that IIS7 and even II6 have so few critical vulnerabilities that Apache IS a nightmare in comparation. let's no talk about text file configuration....

Re:Why bother?

[Ed+Avis]

Surely they should have zero critical vulnerabilities?

Re:Why bother?

IIS has text file configuration now? That's news to me.

Re:Why bother?

[will_die]

If that comment could be trusted you would know that IIS7 uses a text file to store its configuration.

Re:Why bother?

[marcovje]

That's because Microsoft is quite reluctant to label anything "Critical". Nearly all superficial bug amount comparisons falter because of different habits to rate a bug.

Microsoft probably things "Huh, the world didn't end? Ahh, then it probably isn't critical."

Re:Why bother?

[sydb]

What's wrong with text file configuration? Some people happen to like it. For good reasons, like:

• you see your config right there in front of you
  
• you can do scripted configuration using standard unix tools
  
• you can archive config files and see what they do just by looking at them
  
• you can run diffs against configs
  
• you can adopt your own standards for commenting changes
  
• you can put your config in an SCM tool
  

Just because you don't know how to do it doesn't mean it's not a huge advantage for those of us who do.

Re:Why bother?

[sqldr]

let's no talk text file configuration

Oh, not you as well. There's absolutely nothing wrong with text file configuration. There's a whole world of things wrong with a pointy-clicky GUI interface to a config in the registry when there's no other way to edit it.

How do you search a gui interface? How do you generate a gui config? How can you minimalise a gui config to the bare essentials? How do you upload/download a config and email it to someone? How do you edit the config without having to run remote desktop client? And of course, with clicky configs, if they haven't provided an option for something, then you can't do it. Sorry, "computer says no".

I'll admit that IIS hasn't had many vulnerabilities recently, but this is partly because it's got bugger all functionality. Most new vulnerabilities in apache are usually found in one if its thousands of modular extensions.

Lets not talk about using domain credentials for HTTP authentication (in fact, having your web server assume that's what you want to do), lets not talk about your configuration appearing all over active directory. Lets not talk about how server 2003 starts up every bloody service on the system on boot, giving you about 30 seconds to download the service packs before you get pwned by a virus. Lets not talk about how it took microsoft months to fix a serious user-affecting exploit in word, but yet, when they give a shit (like when DRM got cracked), they have a fix out in a matter of hours.

Personally, I use thttpd, because, er, I don't like the config format for apache. That's not because I don't like having my configs in readable text files, I just don't like the cludgy way that apache does it.

Re:Why bother?

[jimstapleton]

Actually, IIS does have text file configuration also - the metabase.

That's one thing I like about it - I can edit the text file OR use the GUI.

The caveat is the text-file is XML, the pro is that it's structure in such a way that it's not as painful to edit by hand as normal XML. Also, there's a log file in the same directory that produces really helpful error messages if you screw up editing it by hand.

Having used both, I find neither significantly better/easier to administrate. They are just different

Re:Why bother?

[jimstapleton]

Yes, though the GP argued that it didn't, not that it did

II6 has something called metabase.xml. It's actually a fairly easy to edit XML file, compared to most XML config files I've seen too.

Re:Why bother?

[gbjbaanb]

I'm not sure whether you think IIS has a text file or not...

Still, for my fellow readers:

With IIS7, all IIS configuration is now stored in a simple XML file called applicationHost.config, which is placed by default in the \windows\system32\inetsrv\config directory from an Apache v IIS blog entry that also discusses the fastCGI module.

Re:Why bother?

[El+Lobo]

True. And that's it's beauty. Do you want to edit it? Do it. There is also something called IIS Manager which is the GUI for that.

Re:Why bother?

[jimstapleton]

If I skip an answer, it's safe to say I can't give a good answer.

How do you search a gui interface?
Most have a series of tabs/menus that allow a drill-down type search. Sometimes things aren't in the most obvious places, but it's not that bad, and if you don't know the exact text of what you are looking for it's a lot easier than text files. If you know the exact text, then it is harder. It's nicer to have both (such as provided in IIS)

How can you minimalise a gui config to the bare essentials?
Turn off the options you don't want - same way you would in a command line.

How do you upload/download a config and email it to someone?
Depends, if the gui attaches to an file (a-la IIS), email the text file. If the GUI attaches to the registry, export the hive and attach it.

How do you edit the config without having to run remote desktop client?
Assuming there is a command line interface to the machine, you can edit the file the GUI controls with a text editor, if it is a text file. If it is registry, you can call tools in windows that allow you to query/write the registry, and if it is a proprietary binary, you are SOL unless they wrote a tool for it.

And of course, with clicky configs, if they haven't provided an option for something, then you can't do it. Sorry, "computer says no".

Yep, text-y configs you can't change things they don't give you options for either! That's a matter of programmer incompetance, and not specific to the interface.

Re:Why bother?

[JasterBobaMereel]

Do you want to tell Microsoft that they are actively discouraging use of the registry in favour of XML configuration (structured text files)

Re:Why bother?

[morgan_greywolf]

Look, man, no one is ever going to take you seriously. You troll every Linux and Mac OS X article, and this post is clearly a flamebait, but to answer your post:

A comparison of critical vulnerabilities is an apples-to-oranges comparison between IIS and Apache. First off, IIS is more vulnerable because it only runs on one platform, Windows Server. This makes exploiting security bugs a known quantity. Security bugs in the OS aren't counted against IIS in many bugs counts, despite the fact that these security bugs often directly affect IIS and sometimes only IIS, despite the fact that IIS and the OS are essentially integral to one another.

Let's add to that the fact that Microsoft doesn't consider many security vulnerabilities to be 'critical'. Even some remotely-exploitable bugs that could lead to pwning the box aren't counted as 'critical' by Microsoft, because there is no known 'live' exploit for it.

Re:Why bother?

You are aware that the first and second-to-last-option are possible with GUI tools also, right?

In your own words: Just because you don't know how to do it doesn't mean it's not a huge advantage for those of us who do.

Ideally, both should be available, but some people thing text files are the pincle of configuration, and gods-gift-to-computers.
Well, as they saying goes, nothing is perfect. Not even text files. If I'm not sure what I'm looking for, I'd rather use a GUI like found in IIS (which can help me find it) than a poorly written/documented text config (fortunately, Apache's doesn't fall into this category).

Re:Why bother?

Apache has modular extensions? Really? Wow! If only MS had thought of providing IIS with a full set of COM interfaces and if only there was a vibrant market for IIS extension software then they'd have half the websites in the world using it by now!

Re:Why bother?

[dave420]

It's slower, for one. And I say that as a die-hard Apache user.

Re:Why bother?

[sqldr]

Most have a series of tabs/menus that allow a drill-down type search.

That's not useful. I don't want to have to "drill down", I want to search for a keyword. Say I've got several hosts, and I want to see everything specifically relating to an IP address. I search for the text of the IP address. For beginners looking to change one option, complex GUIs are a mass of buttons and tabs, rather than something they can search for.

Turn off the options you don't want - same way you would in a command line.

I don't want to turn them off, I want to remove all reference to them.

If the GUI attaches to the registry, export the hive and attach it.

That's not useful. I want to mail the config so someone can read it, eg. paste my config to a newsgroup to ask a question when I'm stuck. The usual equivalent in windows-land is you spend days searching for stuff and getting dumb meaningless error messages ("please check that the domain controller is both locatable and contactable" - hey I know, Mr Paperclip, why don't YOU tell ME whether it was either unlocatable or uncontactable or both..), then eventually you find the answer on someone smug bloke's blog with a mugshot of him in the corner and 1000s of thankyou messages, rather than anywhere on MSDN. (incidentally, that error was nothing to do with the server being unlocatable or contactable, but being windows, I couldn't do a trace on it to find out where it was breaking, I just had to click "OK" and try something else).

Yep, text-y configs you can't change things they don't give you options for either!

Text-y configs usually have some level of scriptability, eg. "IfDefined" in apache. Syntax that might apply to one feature will usually apply to all features, making things a lot more versatile.
Another advantage of text configuration is that you can arrange the order of the file according to what's important. You can also add comments.

Re:Why bother?

Oh you must be slashdot regular. Let me give you some real world logic rather than the play time most slashdotters live in.

It's on Linux - that's the problem.

Re:Why bother?

[sqldr]

Apache ships with about 30. When there's a security hole in one of these extensions, they blame apache. IIS ships with about 2. When there's a security hole in an IIS extension, they blame the extension.

Re:Why bother?

[jimstapleton]

That's not useful. I don't want to have to "drill down", I want to search for a keyword. Say I've got several hosts, and I want to see everything specifically relating to an IP address. I search for the text of the IP address. For beginners looking to change one option, complex GUIs are a mass of buttons and tabs, rather than something they can search for.

And if the keyword(s) you think up aren't in there? If the author of the document hasn't provided enough notes. I've found cases like that in text files. In those situations, I would have vastly preferred a GUI.

Remember: You aren't everyone - Just because you can't find a use for something doesn't mean someone else can.

I don't want to turn them off, I want to remove all reference to them.

And if they are off in either case, who cares?
And what if the default is on - removing something could then turn it on. I have seen that in config files. For control purposes, it's better to have it there and set to precisely what you want than to ignore it and hope it goes away.


That's not useful. I want to mail the config so someone can read it, eg. paste my config to a newsgroup to ask a question when I'm stuck. The usual equivalent in windows-land is you spend days searching for stuff and getting dumb meaningless error messages ("please check that the domain controller is both locatable and contactable" - hey I know, Mr Paperclip, why don't YOU tell ME whether it was either unlocatable or uncontactable or both..), then eventually you find the answer on someone smug bloke's blog with a mugshot of him in the corner and 1000s of thankyou messages, rather than anywhere on MSDN. (incidentally, that error was nothing to do with the server being unlocatable or contactable, but being windows, I couldn't do a trace on it to find out where it was breaking, I just had to click "OK" and try something else).

So you have to use a hive-querying tool (command line or GUI), as opposed to a text editor (command line or GUI). If you are asking the questions, the people will either be on Windows, or have WINE. So, text or hive, you need a tool to open it, and the people helping you will probably have the appropriate tools around.

Oh, and trust me, I've had similar obscure errors in Linux with text-configured files, where I had to find some smug RTFM bloke who finally realized what I wanted wasn't documented before helping and making me feel a moron for not be a mind reader.

Text-y configs usually have some level of scriptability, eg. "IfDefined" in apache. Syntax that might apply to one feature will usually apply to all features, making things a lot more versatile.

s/usually/somtimes/. I've seen way to many "option=value" style configs where there was no scriptability.
Oh, and, believe it or not, GUI can too. It's usually provided with a text box, and help box with how the scripting can be done. Admittedly it is more rare though.

Another advantage of text configuration is that you can arrange the order of the file according to what's important. You can also add comments.

And you can have files for commets with GUI configs.

The advantages you find in most GUIs:
(a) You don't have to run extra commands to find out if you screwed something up in the config - it'll tell you immediately
(b) It's a lot less likely to make a typographic error in the file it saves to, than you are hand editing.
(c) If you don't know the name of an option you are searching for, or the text the developer decided to associate with them, you can find it easier by exploring the GUI, since GUIs are typically organized in a theme-based hierarchy.

Each has their advantages. Some advantages are more important to some people than others. Because of this, neither is universally better, and both are quite useful.

I know in my case, when I administrate IIS, I use both the GUI and the text file. When I administrate apache, I use the text file, because that's all there is, but I wish there were a gui available many times, because I could get the job of changing a few options done a lot faster using that than searching up and down the text file.

Re:Why bother?

[archen]

The usual equivalent in windows-land is you spend days searching for stuff and getting dumb meaningless error messages ("please check that the domain controller is both locatable and contactable" - hey I know, Mr Paperclip, why don't YOU tell ME whether it was either unlocatable or uncontactable or both..), then eventually you find the answer on someone smug bloke's blog with a mugshot of him in the corner and 1000s of thankyou messages, rather than anywhere on MSDN. (incidentally, that error was nothing to do with the server being unlocatable or contactable, but being windows, I couldn't do a trace on it to find out where it was breaking, I just had to click "OK" and try something else).

Oh man, that's just WAAY too true. And I truly feel the pain setting up an Exchange server right now (where the click here for more information link in the Exchange control panel conveniently does NOTHING).

Whenever I see text file argument come up with Apache I always think the same thing to myself - I'm glad I don't use Apache. No seriously, the text configuration is like a non nonsensical text barf compared to what it ought to be, but I think that is partially due to the way most distros lay out the default configuration. Using Lighttpd is like a dream in comparison when dealing with the text configuration. This is one area that I wish Apache (and most defiantly Xorg) should work on.

Re:Why bother?

[dnix]

The only problem I see in the use of a text file configuration is the lack of documentation. For example, to run a standalone fastcgi based application (IIPImage) I had to spend few weeks reading blogs and participating in forums, just to realise, at the end, that I have to use fake empty files to set the fcgi handler correctly... If somebody is interested here is the howto. In terms of performances... IIS + fastCGI is very quick!

Re:Why bother?

[sYkSh0n3]

I'm still not sold on IIS. The last time i used it, I was tinkering with some ASP scripting and the system was online for about 3 minutes on a dial up connection. It still managed to be hacked and they edited the file i had open. So I gave up on that and went back to LAMP for anything that would be exposed to the internet.

Re:Why bother?

[sqldr]

but I wish there were a gui available many times

There used to be a program called "Comanche" that did this. Last reference I can find of it is back in 2001. I tried it once, and instead of reading down a file bit by bit, I was overwhelmed with tab after tab of options I'd never used or even heard of.

Re:Why bother?

[PinkPanther]

And when I say excitement, I mean the fun of dealing with the buggiest, most backdoor-filled MS software ever created.

I don't understand your point. They don't mention Exchange once in this article.

Re:Why bother?

[Niten]

For one thing, Apache's FastCGI module is notoriously flaky and poorly documented. In the past, Apache users typically employed mod_php, mod_python, etc., and as a result mod_fastcgi has historically received second-class treatment by developers. There's a reason so many people are turning to lighttpd for their FastCGI applications even though Apache 2 offers its own multithreaded MPM, and performance is only part of the equation...

Re:Why bother?

[PinkPanther]

The advantages you find in most GUIs: (a) You don't have to run extra commands to find out if you screwed something up in the config - it'll tell you immediately

...as long as the developer(s) put in the proper validation rules, which they often don't beyond single-field validation. When a configuration is more complicated (e.g. a system-level setting on a multi-host configuration) then often the validation misses the fact that you've just made one of the sub-host configs invalid.

Let's face it, not many programmers like to spend time writing complex validation and error checking routines. And there is a bit of a conflict of interest for commercial apps in that less validation leads to more support calls (and more support $$$).

(b) It's a lot less likely to make a typographic error in the file it saves to, than you are hand editing.

True, though see response to (a) again. And I will make the brash statement that a system that "expects" a valid configuration likely isn't going to spit out very useful error messages when an invalid config is created. One thing you have to admit about many of the hand-edited configuration systems (http servers, ftp server, mail servers) is that they often indicate where in their configuration files they are hitting errors while loading.

(c) If you don't know the name of an option you are searching for, or the text the developer decided to associate with them, you can find it easier by exploring the GUI, since GUIs are typically organized in a theme-based hierarchy.

Yes, sometimes. But then there are countless cases where this is not true. Try configuring MS SQL Server Express to allow non-encrypted TCP client connections. Damn, if I haven't lost 2 hours on a couple of occasions be that damned boolean combo box (why a combo box for true/false??) is NOT in the TCP connections area. Oh, and don't forget that you can enable TCP, but you still have to enable each interface separately as well.

GUIs have the potential to be better organized and if the developer considers the right use cases it can even make administration more efficient, but as the GP stated there are simply things that the command-line/text-file configuration is substantially more efficient at due to a lack of effort/consideration from developers on the GUI front.

Re:Why bother?

I highly recommend you check security bulletin counts for IIS 6 vs. Apache 2. Prior to v6, IIS was indeed very insecure. IIS 6, however, has been rock solid. Of course, if the facts don't count, ...

Re:Why bother?

Let's not talk about how ignorant you are.

Re:Why bother?

[Vancorps]

Sendmail wants it's text file back. Just because it's a text configuration doesn't automatically mean you have all those advantages. Furthermore, IIS 5,6,and 7 all use an XML config file called the metabase which is quite easy to read and allows you to do all of the same tasks.

You're right though, it can be great, scripting has been easy for quite some time on Windows and naturally was always easy on Linux. Scripting is the only thing that keeps the sysadmin in me sane as I manage both Windows, Linux, and OS X. I rather hate OS X though as Apple seems to break things pretty regularly. Sometimes NFS shares will mount okay, sometimes they'll disappear randomly. Same with SMB connections. Annoys the hell out of me especially with the crappy defaults for SMB configuration. Linux and Windows play well together so at least those systems don't present me with issues regularly.

Re:Why bother?

[Necrobruiser]

Sounds like you've fixed the lack of documentation issue....

Re:Why bother?

[heffrey]

Where do you want me to begin?

Re:Why bother?

I guess desktop users got an excuse to be lazy, ineffective and ignorant. But that's not the case for servers. I just hope I don't ever have to rely on a website maintained by a guy that uses a GUI to configure his server.

Re:Why bother?

You see there how your comment added absolutely nothing to the conversation and made no actual technical comparisons or insights?

That's what's wrong with Apache: you and people like you who post dumb things like that. The farther along I get in my career the less willing I am to tolerate this sort of childishness and the more I enjoy using Microsoft products. They work for the most part and when they don't, I don't have to frequent forums with people who have your juvenile attitude toward technology.

If you're going to evangelize for a technology that you feel is worthy of consideration, do it appropriately and do it intelligently. All you're doing by posting that kind of irrelevant, off-topic crap is giving normal people with real jobs a reason to tune you and other nearby evangelists out after one sentence.

Re:Why bother?

[nuzak]

mod_fcgid > mod_fastcgi. However, mod_fcgid doesn't compile on older apache versions (I'm looking at you, Redhat EL). And of course, lighttpd's fastcgi just works without fussing.

I think it was Open Market Inc's licensing that kept it out of Apache mainstream. Even though the company doesn't even exist any longer, the code still has the license problems. mod_fcgid is supposedly a reimplementation, but might have been based off the old code, and the developers haven't wanted to bother with putting it into Apache either.

Re:Why bother?

[pseudorand]

> What's wrong with text file configuration?

Just wait for IIS7. It will be to Apache what IE7 is to Firefox.

Re:Why bother?

[weicco]

For beginners

For beginners exiting simple text editor (vi comes to mind) is sometimes impossible task. But servers aren't for beginners. They are pretty advanced stuff.

Re:Why bother?

One more reason - ability to search plain text file for a needed configuration option, instead of spending five minutes in a humble attempt to find the damned option hidden in some 3-d level GUI tab.

Re:Why bother?

[encoderer]

Wow, I wouldn't be actually TELLING people this. According to Netcraft, IIS usage has surged recently while Apache use has retracted. The overwhelming majority of these servers are secure and stable.

Your problems are more an indication of YOUR abilities than of IIS.

I can install Apache in 5 minutes with more open holes than a cheerleader after the homecoming game. It doesn't make the software insecure.

Re:Why bother?

[morgan_greywolf]

And if the keyword(s) you think up aren't in there? If the author of the document hasn't provided enough notes. I've found cases like that in text files. In those situations, I would have vastly preferred a GUI. In many cases, you don't need to know the keywords, as in the parent's example. Just search for the IP address. Another example: if I want to know which mod_php is loaded in Apache, I don't have to know the keywords that Apache uses to determine which mod_php gets loaded. I don't even need to know the config file. I can do:

$ cd /etc/apache2
$ find . -xdev -exec grep -l php \{\} \; ./mods-enabled/php5.conf ./mods-enabled/php5.load ./mods-enabled/dir.conf ./mods-available/php5.conf ./mods-available/php5.load ./mods-available/dir.conf


See? It's obviously loaded from ./mods-enabled/php5.load

Then I can:

$ grep php ./mods-enabled/php5.load
LoadModule php5_module /usr/lib/apache2/modules/libphp5.so


Which tells me that it's loaded from /usr/lib/apache2/modules/libphp5.so

I didn't have to know the keyword 'LoadModule'. I didn't need to know the config file it was present in. I only had to know three letters: 'php' -- what I was looking for.

s/usually/somtimes/. I've seen way to many "option=value" style configs where there was no scriptability. With text-y configs on *nix, there's always scriptability, even if I have to use an external script to get it. Usually a little sed and/or awk magic. Or Perl or Python. Try that with a GUI.

know in my case, when I administrate IIS, I use both the GUI and the text file. When I administrate apache, I use the text file, because that's all there is, but I wish there were a gui available many times, because I could get the job of changing a few options done a lot faster using that than searching up and down the text file. Mac OS X's Apache has a GUI. For Windows, there's always tools like this one. Finally, on other *nixes (Linux, FreeBSD, Solaris), you could always write one. Python and PyGTK are great tools for writing GUI admin tools that essentially edit text file configs. One might even exist, already, but I prefer configuring apache from the command line.

Re:Why bother?

[oliderid]

httpd.conf can be quite difficult the first time you see it. Somes distributions have even splitted it into different configuration files (OpenSuse). You can understand it if you run dozens of virtual hosts but splitting the default httpd.conf is absurd IMHO.

Anyway there are editing tools:
http://kochizz.sourceforge.net/
Looks promising.

But I have never used it (the only one I've tried: YaST HTTP server module was incomplete for taste, I couldn't configure properly webdav through it).

Re:Why bother?

[drsmithy]

Oh, not you as well. There's absolutely nothing wrong with text file configuration. There's a whole world of things wrong with a pointy-clicky GUI interface to a config in the registry when there's no other way to edit it.

There are lots of measurable, demonstrable things wrong with "text file configuration". Most of the complaints about "a pointy-clicky GUI interface to a config in the registry", however, boil down to taste and inertia.

How do you search a gui interface?

Ideally, you don't because it's well designed. However, for a reasonable example, look at OS X's System Preferences.

How do you generate a gui config?

You dump it to a file and reload it. Or you push it out to clients from a central location.

How can you minimalise a gui config to the bare essentials?

Same way you do with "text files" - turn everything off you don't need.

How do you upload/download a config and email it to someone?

Dump it to a file. Tell them which settings to change.

How do you edit the config without having to run remote desktop client?

Running a "remote desktop client" is conceptually identical to SSHing into a machine and firing up vi, so I don't really see how this is a criticism. However, you avoid doing that by having management tools that push configurations out over the network.

And of course, with clicky configs, if they haven't provided an option for something, then you can't do it. Sorry, "computer says no".

Indeed. Just like when there's no option to do it in the "text file configuration".

Re:Why bother?

[Penguinisto]

let's no talk about text file configuration....

Bet I can whip up vi, edit httpd.conf, and type "service apache graceful" at a bash prompt a whole lot faster than you can click-wait-click-wait-click-click-wait-click-wait-wait your way to a config then reboot the box to apply any critical IIS settings ;)

/P

Re:Why bother?

[FictionPimp]

Lets see, my worthless comment spawned a very good conversation on the merits of apache, IIS, and lighttpd with fastcgi.

I think you need a therapist. You should not be so upset with a simple question. Life's too short.

BTW, the company I work for uses IIS and apache. We have products that require them.

Re:Why bother?

[Penguinisto]

The overwhelming majority of these (new IIS) servers are secure and stable.

...and on parked (read: static) domains.

/P

Re:Why bother?

[Penguinisto]

Ah - noticed that IIS 7 does have a text (XML) file.

I do have one question - does it cover the whole wad, or just whatever MSFT felt like exposing to it?

/P

Re:Why bother?

[raddan]

You missed one: you don't need a GUI to configure your application. This makes a HUGE difference when the machine is embedded, remote, or otherwise hard to connect a screen to.

Re:Why bother?

Actually, the Apache conf format isn't scriptable by standard Unix tools because it doesn't have a standard format. It looks a bit like XML at first, but clearly isn't. Any nontrivial change you want to script first requires that you write a parser for the httpd.conf format!

The IIS Metabase is in XML, meaning that you can script it with any standard tool that can parse XML. I would probably choose Python or Perl, but you could use JS, C#, VBS, PowerShell, Ruby, or whatever else you feel like that has its own XML library or access to MSXML.

dom

Re:Why bother?

[Dragonslicer]

And when I say excitement, I mean the fun of dealing with the buggiest, most backdoor-filled MS software ever created.

I don't understand your point. They don't mention Exchange once in this article.

I don't understand your point. They don't mention Internet Explorer once in this article.

Re:Why bother?

No, your comment was the first one above the default viewing threshold so everybody else attached their posts to it to prevent those posts from being scrolled off the page and missed by the karma-giving mod overlords. Same thing that has happened in every other story posted to Slashdot since they changed karma to a word.

I think you need a therapist.

How clever. I'll bet nobody has ever posted that sort of non-sequitor on a website before after having the pointlessness of their commentary so roundly exposed.

Re:Why bother?

[dadragon]

ISS7 is already available in workstation form with Vista. It's all right, doesn't piss me off nearly as much as IIS5 or 6. Now to get Tomcat and PHP going.....

Re:Why bother?

Sometimes you don't have a say as to what server software is installed into a datacenter. Maybe the data center is already setup to run IIS on a bunch of web servers, and there's some extra room for some applications. In this case, it might be easier for the company to add this plug-in, than to go the full Apache route, where the people running the data center don't have the required knowledge, nor time to learn about it. If they're already setup to manage IIS, then this is a no-brainer to go this route to install PHP applications. Since MSFT is involved with this, this will give the management that warm-and-fuzzy feeling, so there will be little argument as to whether this is a viable solution.
    This option is good, because it now raises the ability to run some useful open source server solutions on someone's already established MSFT data center. Now if more open source projects would use better database access layers (like Sql Alchemy) then they could run on already established database clusters in the corporate data center.
    I'm really curious, though, to what this means for running Python applications on the IIS services...

Re:Why bother?

[Alioth]

Text file configuration for servers is orders of magnitude better than a GUI. A GUI is clumsy to automate. It can't be checked into the source code management of choice (making rolling back awkward). Servers shouldn't have GUIs, and if they do, all server processes should have a text configuration underneath it all that can be versioned and automated.

Re:Why bother?

[nuzak]

> How do you search a gui interface?

Eclipse does a nice job at it. It has a search box at the top of the preferences gui, and it narrows down the items in the tree to those that contain your search item.

I'm all for text configs with good gui tools to back them. These days, that usually means XML, which ain't perfect, but it's good enough when I have decent editor support like emacs's nxml-mode. Microsoft seems to have gotten the message as well, and actually has moved a lot of configuration to text, especially in IIS

Re:Why bother?

[hackstraw]

You can also add human readable comments with things like who changed something, when, and why.

These things add no value to the computer program, but to us stupid humans, we actually value these things.

AFAIK, there is no way for 99.999% of the human race to tell much about HKEY_LOCAL_MACHINE\SOFTWARE\foo\bar\MGROPW with type of REG_SZ and a value of 0c0a000a2c means without some other information. The only part I made up in this example is foo and bar, everything else is stolen from a screen capture I found here.

Personally, I think that the trend towards XML based configuration files is not much better, because they seem to me as just another form of the example above.

Re:Why bother?

I'm glad you've brought this up, this should not be forgotten and will severely undermine Netcraft's remaining credibility as soon as they start trumpeting when IIS is the "dominant" webserver out there. For better studies check out those on Security Space.

Oh yeah, check out the lovely big Microsoft skyscraper ad on the Netcraft site. Who's yo Daddy???

Re:Why bother?

[localman]

What is IE7 to Firefox?

Re:Why bother?

[ssstraub]

> Just wait for IIS7. It will be to Apache what IE7 is to Firefox.

So IIS7 will be an attempt to copy the good features from the competition that is both too little and too late but will be forced on the world anyway?

Re:Why bother?

[FictionPimp]

I'm sorry, I'll be more careful with my comments next time. Can you forgive me? http://nissaninfiniticlub.net/photopost/data/500/4455normal_Internet-SeriousBusiness.jpg

Re:Why bother?

[localman]

I agree that different people like different ways of doing things, and so I'm glad that there's diversity out there with GUI and text based configs. Personally I vastly prefer text configs if the format is sane (like Apache) and GUI configs if its not (like sendmail). But I did want to say this about deleting options:

And if they are off in either case, who cares?

In Apache, with so many options, it makes a big difference. If you have a complex server with tons of features enabled, you can have a complex config. However on some of my servers I am using a config file of only a 10's of lines, and it's great to not have to scan through every possible option when I only need 20 or so. So I think there is a chance that the more complex a system becomes text files (with sane defaults) makes for a more scalable solution.

I cant even _imagine_ trying to build a GUI around Apache's config. I mean, to even show every option would be insane!

Cheers

Re:Why bother?

[toadlife]

Which version did you use?

IIS4 (and any version before that) = A joke
IIS5 = Very Featurefull, but tended to be unstable when loaded with buggy third party apps, and due to it's design was almost impossible to *properly* secure.
IIS6 = Complete rewrite from IIS5. The first secure version is IIS. Also MUCH faster and MUCH more stable. Extremely low discovered vulnerability count in the four years since it was released.
IIS7 = I have no experience with it, but I've heard it's better than IIS6.

Re:Why bother?

[toadlife]

Who said the parent was relying on Microsoft for data? There are other places to do those comparisons.

Re:Why bother?

[jimstapleton]

Next example.

You want to load a module in there, and mod_php isn't loaded... In fact, you don't know what modules are and aren't loaded.

In the case of apache, you are in luck, the module loading section is near the beginning. But if it were near the end like some other options, then you have to sift through the file.

The problem is, your case, custom tailored to show the benifits of config files (which I am not denying), does not disprove the drawbacks.

Re:Why bother?

[Cctoide]

A boon to people who think that someone comes by and empties their Recycle Bin every day, lest it get full.

Re:Why bother?

[Just+Some+Guy]

Personally, I think that the trend towards XML based configuration files is not much better, because they seem to me as just another form of the example above.

I disagree:

1. You can still embed comments in XML files.
2. This:

   [FOO]
   bar: baz

   is not inherently superior to:

   <foo>
   <bar>baz</bar>
   </foo>

3. CVS, SVN, and so on handle XML just as easily as text.
4. Authors don't have to write their own config file parsers. Every language comes with an XML parser these days. Code re-use is good.
5. You can write a DTD or Relax NG schema that describes the config file, then use any XML authoring or validation tool you want to generate and test the resulting file.
6. Unicode? Handled.

Basically, I see no disadvantage in XML config files and a whole lot of reasons why they're nice. That doesn't mean I always use them for my own code, but I'm starting to lean in that direction.

Re:Why bother?

[spectecjr]

The overwhelming majority of these (new IIS) servers are secure and stable. ...and on parked (read: static) domains.


That used to be the case for Apache, and people were jumping up and down claiming it was the second coming.

Basically, Netcraft need to report by # of IPs per server type, not # of domain names.

Re:Why bother?

[IgnoramusMaximus]

... all use an XML config file called the metabase which is quite easy to read ...

And you lost all credibility right there. Bloated, insanely bracketed, rambling XML file with 40 letter long tags ... easy to read!? Easy to edit!? You gotta be kidding me. It is nothing but a case of fashionable, trendy, pointy-hair managment friendly, corporate-speak buzzword infused useless nonsense.

XML is (on its best days) a markup language intended for embedding formatting parameters in documents, not for every conceivable data or configuration file known to man, just because it allows for insane abuse of the letter "X" in ludicrous acronyms on glossy brochures!

I truly hate these mindless fad followers. Whatever the new and shiny toy they get their paws on is always the "greatest thing ever invented", to be forcibly mis-applied to most ludicrously inapproptiate tasks conceivable, only of course to be abandoned uncermoniously when the next shiny buzzword infested toy appears to the great oohs and aaahs from the marketing drones.

It makes my blood boil when thinking how many times did the rest of us gets stuck with the half-baked kludges left behind like turds by this menace of bloody fashion victims. Awful asshat kludges like XML formatted configuration files.

Re:Why bother?

[heinousjay]

When you're 90, you're going to be really thankful for that 15 seconds.

Re:Why bother?

[jimstapleton]

You've obviously never seen the metabase.

XML is utter crap, and 99% of what it is used for, it shouldn't be used for.
That includes as a configuration file.

However, the way it is handled in IIS, it is actually easy to read, because 99% of what you are editing bears more of a resemblance to a config file than an XML file, because of the attribut structure.

So far, IIS is the only use of XML as a config file that I have found easy to use. A pathetic follower of a useless trend, it is, but at least it does it's job well, even within those bounds.

Re:Why bother?

[morgan_greywolf]

Not a problem. We know that the filename for modules end in .so.

So:


$ find . -xdev -exec grep -H "\.so$" \{\} \; ./conf/httpd.conf:# LoadModule foo_module modules/mod_foo.so ./conf/httpd.conf:LoadModule access_module modules/mod_access.so ./conf/httpd.conf:LoadModule auth_module modules/mod_auth.so ...


Next?

Re:Why bother?

[davester666]

"It's free as in beer."

(License for Windows not included)

Re:Why bother?

[Amouth]

+1

i use IIS6 and have no issues.. and i doubt anyone would if they configure it correctly and acutaly know what they are doing.

the only complaint i have at all with IIS6 is that rapid fail protection is on by default and that each site created uses the default app pool unless you change it..

what does this mean..

take a shared hosting provider.. that updats to IIS6 and doesnt' know about it.. they have a box.. create 20-30 sites on it move peoples stuff over and in a few min none of them work.. because some lame person on one of the sites causes server 500 errors.. i think defautl is 5 in 5min.. and it shuts down the app pool that it occured in .. which is the default pool wich all the sites are in .. it doesn't say anything.. it doesn't note it (even in the event log) it just turns off the app pool..

it is sad when you have to call a client's hosting provider (and a big name one at that) and explain to them how IIS6 works vs IIS5 after they have moved to it.......

Re:Why bother?

[Vancorps]

The other responder covered your ignorance of the IIS metabase. Perhaps you should actually look something before commenting on it. It is very easy to read and very very easy to script configurations, it's even easy to synchronize configurations without having to write much of anything yourself. Of course you can, every function of IIS configuration can be scripted through WSH on old Windows and Powershell in newer setups.

I can also state that Oracle's configuration files are also XML and quite easy to read. Perhaps your experience with XML configuration files is limited if you feel that strongly against. I won't say it's the best solution but it's a hell of a lot better than you make it out to be. All of the .Net web services deployed in our organization are very easily managed as web.config is an XML based file as well and again quite easy to read.

It's too bad you have such blind hatred of something you clearly know little about. We use it for a good number of functions including exporting and importing data from disparate systems and it works great, is fast, and very friendly to troubleshoot when there is something wrong with coding. I'll also note how you fail to mention any better alternatives in your inflammatory rant.

I fail to see how XML is faulted for some poor implementations. Some programmers don't use it properly and muddy it up with incoherent tags but the same thing happens in regular config files as well, think Sendmail.

XML isn't the greatest thing ever invented but in this case it works extremely well so chill out, pop a Vicodin, drink a beer, do something to relax because clearly you're flustered by all this new fangled technology or at best, you've been surrounded by people that don't understand what XML is or how it is suited for configuration files.

I will also add that XML isn't new at all so shiny new toy jokes aside hop into this century and move on.

Re:Why bother?

[KevReedUK]

ISS7??? Didn't know we were past the second space station yet, let alone the seventh... and to think that it's running Vista ???

Maybe I need to trade my tinfoil hat in for a hard-hat...

Re:Why bother?

Apache on windows sucks balls. If you have to run Windows on your servers for whatever reason, IIS is the way to go, not in the least because there's vendor support on it.

Re:Why bother?

buggiest, most backdoor-filled

Sounds like your mom. Or so I've heard.

Re:Why bother?

[Jainith]

Actually it seems to be missing a native way to do hotlink/deeplink blocking, blocking of for instance known bad referrers or user-agents.

There are several 3rd party plugins that accomplish these tasks, some of which apparently have Microsoft's blessings. But it rather annoys me that it seems the missed this very simple task in their rewrite of IIS7.

Where as Apache as I understand it (I've never really been responsible for an Apache Backend that wasn't integrated into some other application) has had these features implemented by way of configuration files / regular expressions for years.

Re:Why bother?

[MikeFM]

I'm familiar with both Apache and IIS and I'd rather use Apache any day. Rather than half an hour of clicking around to make it behave the way I want, if it's possible at all in crappy IIS, I can copy, paste, and modify a short bit of text in a few seconds. There is no mystery to how it works and it always works on the first try, assuming you know what you're doing, which is not something I can say for IIS.

Re:Why bother?

[Allador]

You know, its usually better to have a clue before opening your mouth about something.

IIS6 is based on XML config files.

IIS5 and 6 and later all ship with administration tools that let you do most things with your server.

So in the case of windows, you can whip up vi, edit the metabase and/or web.config files (or alternatively use the included tools), then type 'net stop w3svc' then 'net start w3svc'.

Why would you reboot the server? Do you like the flashy lights and beeps? It's definitely not necessary to load your settings. In fact, for the vast majority of changes, you dont even have to restart IIS.

Re:Why bother?

[shutdown+-p+now]

Nor SharePoint.

Re:Why bother?

[IgnoramusMaximus]

The other responder covered your ignorance of the IIS metabase. Perhaps you should actually look something before commenting on it.

I am starting to believe that you XML turkeys operate in some alternative Universe where diarrhea like this:

<?xml version ="1.0"?><configuration xmlns="urn:microsoft-catalog:XML_Metabase_V61_0"><MBProperty><IIS_Global Location ="." BINSchemaTimeStamp="10d5deca4057c401" ChangeNumber="642" HistoryMajorVersionNumber="14" SessionKey="9431b62980000002a0...1ca113" XMLSchemaTimeStamp="b036da01ab56c532"></IIS_Global><Location ="/" AdminACL="49634462f0000000a4000...419891"></IIS_ROOT> <IIsComputer Location ="/LM" EnableEditWhileRunning="1" EnableHistory="1" MaxBandwidth="4294967295" MaxHistoryFiles="10">
</IIsComputer>

... is considered "easy to read" and "easy to maintain". Note the lovely formatting (as it appears in the actual file - less a few newlines as Slashcode wraps the crap) due to some inane Microsoft MMC GUI tool used to generate the thing. Also note the profuse commentary (that is assuming that you actually could ever properly comment this spew as comments are not allowed within tags, even ignoring the fact that the imbecilic MMC tool would simply remove them on the next use).

I will leave it as an excercise to the reader to conclude which one of us is operating based on delusional, emotional attachment to insanely misused formats and which one has an actual experience with configuration files in real life.

As to Semdmail, may I remind you that the so-called "config" file is an actual machine code of a state driven processor around which Sendmail itself was constructed. Apples and oranges. And no, it was no more easy or harder to read then any stream of machine instructions for any other machine to be directly executed by it. It was never meant to be easily human-readable and its syntax is driven by the extremely demanding resource limitations at the time when original Sendmail was developed. The fact that it proved a maintenance nightmare (despite of its extreme power and flexibility as compared to regular config files) was a leading impetus behind Sendmail losing to other MTAs as years went on and extreme frugality with resources became secondary to ease of maintenance.

Oh and your sanctimonious whining about "hopping into this century to drool at shiny but valueless stuff" does not help your cause either, as the basics of computer science remain unchanged since its very inception and they will remain firmly so even if our computers end up grown in vats out of quantum-mechanical nanomachines. And one of those fundamental, time-tested constants is the requirement for brevity, clarity and ability to comment extensively any configuration files, although untold numbers of misguided "innovators" have attempted to "improve" this in a countless number of ways, of which the XML insanity is but one of the later flops, standing atop of a heap of rotting carcasses of previous failures, which went by names such as "binary configuration databases" and "registry hives" and what not.

And so, long after your pet fad is gone, I am sure I will be having this same very conversation with some condescending accolyte of "Object Oriented Four Dimentional Cube, Buzzword Overloaded" config files or what not, who will snicker about how quaintly old-fashioned these fundamentals are, and that I should "get on with the times" to his new favourite, one-and-only, super-correct fad.

In short, your kind never learns.

I'll also note how you fail to mention any better alternatives in your inflammatory rant.

Quite a comedian you are. How about any other time-proven config file format used by just about any sane application? Bind, DHCP, SSH ... and on and on and on.

Re:Why bother?

[jayp00001]

Another plus to the GUI approach is that only a reasonably experienced admin would consider:

find . -xdev -exec grep -l php \{\} \; ./mods-enabled/php5.conf ./mods-enabled/php5.load ./mods-enabled/dir.conf ./mods-available/php5.conf ./mods-available/php5.load ./mods-available/dir.conf

See? It's obviously loaded from ./mods-enabled/php5.load

obvious. Even more fun would be trying to explain that line to a complete newb. However looking under the isapi filters and seeing d:\PHP\php would be both obvious and easy even if you had to click on every tab to locate it.

Re:Why bother?

[ggvaidya]

*stands up and applauds*

Re:Why bother?

[DragonWriter]

This:

[FOO]
bar: baz

is not inherently superior to:

<foo>
<bar>baz</bar>
</foo>

Well, assuming that being more concise and easier to read isn't "superior", I'd agree.

Re:Why bother?

[try_anything]

If humans didn't have to do all that laboriously by hand (click... click... click... click...) then what good would all those certifications be?

Let's hope the AFL-CIO never gets interested in technical issues ;-)

Re:Why bother?

[gaspyy]

I'm no MS fan, but actually "few critical vulnerabilities" means NONE in this case.
Secunia lists exactly 3 (THREE) IIS6 vulnerabilities, two of them Medium and one Low.

Pretty impressive considering the mess that was IIS5.

Re:Why bother?

[pagerss]

Ms want everyone with windows to have server with iis. This is not bad but will stay for new user not for advance user. May be have idea to beat apache but for now i can not see how cat this happen.

Re:Why bother?

[bigstrat2003]

Concise, yes. Easier to read, no. There's no difference in ease of reading between the two, imho.

Re:Why bother?

[bigstrat2003]

Bitter, much? IE7 is vastly superior to FF1.0 (the last time I bothered to try FF). Given how much I hear about FF becoming slow and bloated as it goes on, I'm going to hazard a guess that it's still vastly superior to the new version of FF, since FF, from what I hear, only has gotten worse over time.

And I, frankly, see nothing wrong with Microsoft "forcing" (not like you're actually forced to get the update) you to upgrade to the new version of IE. If you're not using it, why the hell should you care? If you were still using IE6, I can sort of understand being irritated if your browser suddenly goes away due to automatic updates (although I can't understand why you'd prefer IE6 to IE7)... but then again, that's why you shouldn't have the damn things on anyway.

Re:Why bother?

[bigstrat2003]

There's absolutely nothing wrong with text file configuration. Pure bullshit. Text file configuration can work well, but to say there's nothing wrong with it is insane. Prime example: if you're an apache novice, and you go download a copy of apache to learn it, the httpd.conf is so vast and intimidating that it could scare someone off altogether (now, I don't have a lot of respect for that person's willingness to learn, but I digress...). Text file configuration tends to be bigger and more unwieldy than GUI configuration, although it has its advantages, as you've already noted. Any program worth its salt should provide both methods of configuration, not just one. There ARE problems with both methods.

Re:Why bother?

[bigstrat2003]

Servers shouldn't have GUIs Wrong. Servers should have both configuration methods so that people can use the one they prefer, not the one forced upon them by the developers.

Re:Why bother?

[ILongForDarkness]

I think MS is pretty clear on what they categorize as what. By definition critical updates are ones that enable a hacker to take over or completely crash the system. Anything shy of that is less important (not saying it won't kill you business, but the server is still "yours").

Re:Why bother?

[ssstraub]

In what way is IE7 "vastly superior" to FF 2.0.0.8? The extreme lack of plugins? The inability to EASILY rearrange the toolbar how I want it? (Read: like how it was in IE6, file menu on top and everything!)

Re:Why bother?

[bigstrat2003]

It renders things properly. As I said, I'm led to believe that FF renders sites properly now, but when I tried FF 1.0, it did a horrible job of rendering various sites I used, and did so slowly at that. Even if the rendering is fine now, FF is still said to have become bloated over time, so it STILL hasn't become better than IE. Plugins and rearrangement of menu items is pure fluff. IE7 does the core things well, FF didn't. That's all it comes down to.

On a similar note, Python + PHP via FastCGI

[Bogtha]

One thing I've been keeping an eye on is WPHP. It's only alpha-quality at the moment, but it's basically a WSGI application (WSGI is the standard Python web application interface) with a FastCGI backend that runs PHP. With something like this, you can mix and match PHP and Python — for example, you could write an authentication handler in Python and link it to a legacy PHP application.

Zend + MS

[thatskinnyguy]

This FastCGI module was built with collaboration from Zend, the creators of PHP, and is intended to solve the CGI on Windows problem. Glad to see that we all can get along.

Re:Zend + MS

[marcello_dl]

That's because real standards pose no barrier of interoperability. Compare this with, say, having to implement support for NTFS.

Besides, IMHO the CGI on windows problem is: windows :)

free as in beer?

[Locutus]

so you're paying out the nose, ears, ass for Windows and MS IIS and you care about free fastCGI?

And IMO, it may be free as in beer but it's poisoned beer by virtue of where it plays.

LoB

Re:free as in beer?

[EricWright]

The "free as in beer" thing really annoys me. I've NEVER seen free beer, anywhere! I propose we all stop using this ridiculous phrase and start using "free as in air" instead.

Now, if there IS free beer being offered somewhere, just point me in the right direction.

Re:free as in beer?

[tttonyyy]

The "free as in beer" thing really annoys me. I've NEVER seen free beer, anywhere! I propose we all stop using this ridiculous phrase and start using "free as in air" instead.

Now, if there IS free beer being offered somewhere, just point me in the right direction. Try this direction:

http://en.wikipedia.org/wiki/Gratis_versus_Libre#Free_as_in_free_beer_versus_free_as_in_free_speech

Re:free as in beer?

[kie]

is this what you are looking for?
freebeer.org

Re:free as in beer?

[Thyamine]

That may be true in some respects, but all of my clients have Windows servers to some extent, and most have only Windows servers. To suggest that people would have to pay extra to set this up is a little silly. IIS is a component of Windows, so you get that for 'free' when you purchase whichever flavor of Windows server you choose. And yes, you are paying for the cost of IIS development somewhere in that Windows price, but when someone has the option of just turning on IIS on an underutilized box, or finding/buying a box to install linux and Apache on, the idea of price is a non-issue.

They already have IIS, and it takes 5 minutes to set it up. The cost of time alone on setting up a new box to run something else almost immediately negates the benefit in most IT manager's eyes when all they are seeing is consulting time to setup, manage, and maintain a linux box they know almost nothing about.

Re:free as in beer?

free as in the first beer is pricey but you get an extra one free.

Re:free as in beer?

[suv4x4]

so you're paying out the nose, ears, ass for Windows and MS IIS and you care about free fastCGI?

As a PHP developer I care. I can convince someone to install a free official plugin by MS on his host, than convince him to buy something.
If it was paid, I'm sure, as any pointy haired management guy, he'd decide it's not important and run as CGI.
Then it's my fault it performs like crap.

Hence, it's a good thing it's there, and free.

--

So, that's about step 1 in the "Make PHP devs become Windows devs".

Now step 2: driving the PHP crowd to .NET. They even have a PHP-to-C# converter, and there's a third party PHP compiler for .NET.

You know this is what they want right. While cooperating with Zend they kept bad mouthing PHP on MSDN and offering tutorials to switch to the superior .NET... Ok, ok.. apart from cost, gotta give 'em that: is IS far superior :P

Re:free as in beer?

[pebs]

The "free as in beer" thing really annoys me. I've NEVER seen free beer, anywhere! I propose we all stop using this ridiculous phrase and start using "free as in air" instead.

Now, if there IS free beer being offered somewhere, just point me in the right direction.

Never been to a keg party before? Or any party that provides free beer?

There are also some bars/clubs that will provide free beer if you show up early enough in the night (and that's with no cover as well). Granted, its customary to tip the bartender, but that can be compared to donating to an open source project.

But overall, I agree with you, free beer isn't that common that the phrase makes sense.

Re:free as in beer?

[PinkPanther]

The "free as in beer" thing really annoys me. I've NEVER seen free beer, anywhere!

Man, you are working for the wrong company and/or going to the wrong school.

Oh, and us travelling s/w folks can also write off the odd drink too. Consider a job in support, consulting, sales, product management or the executive team. :-)

Re:free as in beer?

[EricWright]

I guess that counts... it's not exactly free beer, but when the company pays for it, it's the next best thing.

Re:free as in beer?

Woosh

Re:free as in beer?

Just because a bunch of Slashtards modded it +5 Funny doesn't mean it actually is funny. If it was supposed to be a joke, it's a very poor one.

Re:free as in beer?

[Larry+Lightbulb]

You're not missing much, most free beer turns out to be Miller Lite or something like that.

Re:free as in beer?

[csk_1975]

>The cost of time alone on setting up a new box to run something else almost immediately negates the benefit in most IT manager's eyes when all they are seeing is consulting time to setup, manage, and maintain a linux box they know almost nothing about.

In my experience most IT manager's have little to no knowledge of either Windows or Linux. The extent of their knowledge seems to revolve around PPT slides on the cost/benefit of outsourcing. If they spent a little time educating themselves on the basics of linux and the myriad solid standards based applications available for it they would bring a real value proposition to their companies rather than just keeping chairs from floating away. Microsoft Windows server licences and CALs are not cheap and since the basic functionality is available for free elsewhere it seems unjustifiable.

Re:free as in beer?

[Annymouse+Cowherd]

Ah, but we have the source to air - see http://en.wikipedia.org/wiki/Earth's_atmosphere

Re:free as in beer?

[dq5+studios]

Go to any Anheuser-Busch owned theme park (SeaWorld, Busch Gardens, etc) and they'll have 21+ building that gives out free beer. Granted it's mainly Budweiser and Michelob, but it's still free.

Re:free as in beer?

ask and you shall receive: http://www.freebeer.org/

Re:free as in beer?

[CastrTroy]

Having programmed in both PHP and .Net, I would have to say that I like programming in .Net much much much more. As for how well the server products run, that's up for debate, but the actual task of developing a product in .Net is much more pain free than doing the same in PHP.

Re:free as in beer?

>start using "free as in air" instead.

In my macroeconomics class we learned why air is also not free.
Since air is only useful if it is clean and it there is constant research and
compliance issues to keep it clean in a modern society which translates into dollars,
then air is not actually free.

Re:free as in beer?

[Braino420]

FYI, there is an Apache Windows client.

Re:free as in beer?

[cronot]

Funny, yes. But I think there's a bit of truth in there. That notion of "Free as in beer" is really confusing when you're explaining free as in freedom vs. free as in beer to someone that is new to the concept.

Re:free as in beer?

[RogerWilco]

Free beer if you play hockey at this club and are 18-25:
http://endandit.nl/regionaal/2007/07/20/gratis-bier-zuipen-op-larensche-hockeyclub

Free beer at Heineken Light events to promote the new beverage:
http://www.heinekenlight.com/index.html

TRavel agency TUI offereing "beer included" trips to Mallorca
http://mips.tui.de/MIPS/mips;MIPSSession=DJQMyD6xjL9ytLQlXXLmTY7Cdjk7B4vy0xRMyGcrWnG7VWfjnWy9!1378868524?cmd=init&mipsId=10039

Re:free as in beer?

[Lord+Ender]

If you were a hot young woman, you would probably be asking the question "is there any such thing as beer that isn't free?"

Re:free as in beer?

[Evil+Adrian]

Windows and MS IIS is really not that expensive.

A kidney transplant is expensive.

Buying a house is expensive.

Windows and MS IIS is a reasonable business expense.

Immature exaggeration: never appreciated.

Re:free as in beer?

[Allador]

If what you're looking for is a server to run IIS, its really not that expensive.

Not to mention you're looking at at least $2000 for a bottom end, entry level server, its just not that much money.

If you buy it with a server from Dell, its all of ~$250.00. Standard version is a whopping ~$600.

Re:free as in beer?

[Locutus]

first off, ever heard of virtual machines? There are hundreds of pre-configured virtual machines out there( see some here: http://vmware.com/appliances/ ) and sites like rPath( http://www.rpath.com/rbuilder ) even give you a pretty simple way to create your own. And the players are free and you can purchase versions with multi-VM management features for deployment. So there is no hardware cost for either deploying a Linux and OSS solution or just testing it.

Secondly, it just might be time someone learned a little about Linux and OSS because dumping money into MS solutions is so yesterday.

And last, are IT managers dictating tools and they don't know about Linux and OSS? Talk about keeping a blind eye on what's going on in the market. Just the savings in client licenses should be enough to make him/her realize they could do alot more with their budgets with just a little OSS in or outside of virtual machines. And I'm still talking about this being on your Windows boxes.

I know there are still many archaic Windows shops out there so your not alone. The other day I ran into some guys at lunch who use spreadsheets to keep track of version control and bugs. I clued them in on subversion and bugzilla and how they could put those in VM's and start acting like a real shop.

LoB

Re:free as in beer?

[Locutus]

sound like the typical MS way of software development. Make it brain-dead simple to click through wizards and get a default setup using as many Windows-only resources as possible. Then, when it's time to grow up from this simple project, developers flail around attempting to figure out how to get stuff working and many never do. But nobody gets fired for choosing Microsoft so they just get assigned to another project.

Oh, and I don't think comparing PHP to MS .Net is appropriate unless you are doing some kind of .Net scripting. Try doing some Java based stuff and see how you like that compared to MS .Net. After all, Java is what Microsoft targetted with their .Net language and frameworks.

LoB

Re:free as in beer?

[Locutus]

and that comes with all the virus protection and firewall software you need? Not to mention the database and other parts of the picture? Then yes, $250 isn't that bad for all that.

Still, free is much better and paid support directly from the developers who work on the OSS project is pretty nice. That reminds me of a couple of 4 hour phone conferences with MS developers while a friend was trying to get a Microsoft product working. At the end of the 8th hour, he asked about the last part of the puzzle to get the solution he'd asked about and the MS guys said that the software didn't do that. Eight freak'n hours to get to a goal, which was mentioned in the 1st hour, and the software could not operate as requested. I've never run across that from OSS developers. OSS developers can be assholes to you when you ask dumb questions but they know what is going on. IMO.

LoB

Re:free as in beer?

[Allador]

and that comes with all the virus protection and firewall software you need? You probably shouldnt be running A/V on a server. Dont browse MySpace on an unpatched IE from the console of the server and you should be fine.

Win2003 has a very mediocre firewall built in, and there are decent open source host-based firewalls if thats your thing (Komodo, etc). Most folks put a hardware firewall in front of all their servers, regardless of whether their linux, unix, or windows, so that should be a moot point.

That reminds me of a couple of 4 hour phone conferences with MS developers while a friend was trying to get a Microsoft product working. At the end of the 8th hour, he asked about the last part of the puzzle to get the solution he'd asked about and the MS guys said that the software didn't do that. Eight freak'n hours to get to a goal, which was mentioned in the 1st hour, and the software could not operate as requested. I wasnt there, so I'm speculating, but frankly that sounds like either incompetence or lack of research. I've been doing quite a lot in the MS world for ~15 years, and I've not seen anything like that happen unless people didnt do their research.

Are you absolutely sure that this person was competent, and experienced on the platform? Did they perform well at other tasks, or was this a pattern of behavior? Was this someone playing passive-aggressive, and they hate Microsoft so much that they do stupid things on install/configuration/administration and then bitch about how Windows is broken (sadly, I see this now and then)? Was this someone who was a pro at Unix systems, but would refuse to learn how windows systems work and so would constantly complain that windows was broken? Or was this someone who was generally competent, did their research and planning before hand, and had a reasonable level of experience on the platform before trying complicated things?

What MS product? What wasnt working? Why didnt he know from his research up front that the product could or couldnt do that?

In all my time, the only time I've ever needed to talk to MS support was for: a very stupid bug in their DHCP server, and flakiness in the win2000 version of the NTFRS. In both those occasions, the calls were included with my MSDN universal (not a cheap product, mind you), and we spoke directly with MS developers that coded those products.

Thats not to discount your friend's experience. I've never touched Great Plains, Commerce Server, or a handful of other products.

Frankly though, the only times I've seen the kind of thing you've described, where someone needs to sit on the phone with MS support in installing/configuring an MS product is if: 1) They didnt do their research before hand, just assumed it would work some way, and screwed it all up as a result; or 2) Their machines were so screwed up from years of poor and sloppy SA work that nothing worked right on their boxes.

Re:free as in beer?

I've had two free beers this week (I could have had more, but my girlfriend didn't want me to drink any more). The brewery "Krostitzer" offers free beer every year at the matriculation party of the University in Leipzig, Germany.

Re:free as in beer?

I've had two free beers this week. Could have had more, but my girlfriend didn't want me to. It's offered every year at the matriculation party of the University of Leipzig, Germany by a local brewery ("Krostitzer", originating from a nearby village called Krostitz and commonly abbreviated as "Krosti").

Re:free as in beer?

[Locutus]

it was MS SourceSafe and their documentation on how it does/doesn't work with their other products is a joke. Everything is a marketing doc and it turns out that it couldn't do what my buddy wanted it to do. He asked them about it and they said it could. BTW, I was there for all 8 hours.

Oh, for some reason, those guys would not tell me what software configuration management(SCM) package they are using at Microsoft. The way they laughed on the phone at my question lead me to believe it was not something they tell people and it's not a Microsoft product.

Anyways, I've found that people who make their living on Microsoft are Microsoft to the bone. Hardly worth attempting to tell them about something new/interesting in OSS because if it ain't MS, it doesn't exist. They'll be happy to wait 5-10 years to get it from Microsoft.

LoB

Re:free as in beer?

[Allador]

it was MS SourceSafe and their documentation on how it does/doesn't work with their other products is a joke. Everything is a marketing doc and it turns out that it couldn't do what my buddy wanted it to do. He asked them about it and they said it could. BTW, I was there for all 8 hours.

Ahhh, yeah. SourceSafe is pretty crappy. It's really only appropriate for very small teams with very simple needs. Unfortunately, alot of not-too-savvy shops use it because it ships with the rest of the tool stack, and for these kinds of groups, it generally works 'good enough', so they never try anything different. These also tend to be, in my experience, the sorts of groups who dont do alot of process and release management. Very ad-hoc shops, in other words.

Specifically:

it was MS SourceSafe and their documentation on how it does/doesn't work with their other products is a joke.

I'm not aware that it has any integration capabilities with anything other than the dev environments made by MS. You've basically got the API where other things can hook into it, IVSS and MSSCCI. The former is all com stuff, so easy to consume, though the documentation is fairly crappy. The latter is (I believe) the api used to make a new provider, which I think you need to setup as a VSIP, which is free if you dont want dedicated tech support.

But other than that, I dont think there's much in the way of 'integration' with other MS products. There's even (IIRC) some real caveats to hooking it into your AD to use network logins.

Still sounds to me like the guy didnt do his research, but hey, I wasnt there. I think most of us who have been around in the MS world for a while know that VSS is pretty crappy, and doesnt do much, and what it does, it doesnt do well, so would be looking for an alternate solution.

If you want to maintain the API and semantics of VSS, you can use SourceGear Vault, which maintains the api and the way VSS works, but uses a real database on the backend, and is much more reliable and contains many integration points.

Oh, for some reason, those guys would not tell me what software configuration management(SCM) package they are using at Microsoft. The way they laughed on the phone at my question lead me to believe it was not something they tell people and it's not a Microsoft product.

It's all second or third hand, but my understanding is that many years ago, MS bought source rights to a high-performance commercial product (something like Perforce) and have been modifying it to their own needs internally for many years. Not too surprising I guess, they have fairly unique needs. The combination of the size and monolithic-nature of their windows systems, combined with the way they do their development.

Anyways, I've found that people who make their living on Microsoft are Microsoft to the bone. Hardly worth attempting to tell them about something new/interesting in OSS because if it ain't MS, it doesn't exist. They'll be happy to wait 5-10 years to get it from Microsoft.

Well, always nice to slip in an insulting generality to a population that uses a different toolset than you do, but hey, thats what /. is for, right?

I've got a better (and probably more accurate) generality for you to arbitrarily divide up the population with. It's still pretty silly, but is a much more useful theoretical basis to model populations with.

1. Those who arent technology professionals, and use only what they know, and cant even be bothered to learn about the industry as a whole, and let vendors/consultants/etc be their technology professionals so they dont have to.

2. Those who develop the internal skills and staff to be technology professionals, in at least one subset, without relying on external consultants or vendors.

Now there's nothing inherently wro

Re:free as in beer?

[bigstrat2003]

Secondly, it just might be time someone learned a little about Linux and OSS because dumping money into MS solutions is so yesterday. Bashing Microsoft and assuming that their product can't possibly be the best one to fit a given person/organization's needs is so yesterday.

The icing on this troll cake is how you imply that running Windows is archaic. Glad to know that most of us are in the stone age, I guess?

Re:free as in beer?

[bigstrat2003]

No shit, .net is Windows-only. Got any other insights you'd like to share? Here's a news flash: .net is a joy to work with. The class libraries work well, C# (if that's what you're using, it's what I use) is a nice language, the only bad thing about working in .net is that you're restricted (for now) to deploying to Windows.

And I have done a bunch of Java stuff, .net works better than Java. Java was a good language for a while, but now, unless you want the cross-platform compatibility it brings, there are far better choices out there.

Re:free as in beer?

[bigstrat2003]

Anyways, I've found that people who make their living on Microsoft are Microsoft to the bone. Hardly worth attempting to tell them about something new/interesting in OSS because if it ain't MS, it doesn't exist. They'll be happy to wait 5-10 years to get it from Microsoft. While your jab has some merit in it, I'll turn that right around and point out that you don't have to look very hard in the OSS crowd to find the exact opposite of what you specified: nothing MS does could possibly interesting, no matter what it is. If it's MS, it's automatically inferior.

Both sides are equally wrong.

Re:free as in beer?

[Locutus]

in the context of my comment, archaic Windows shops are those who don't look outside of Microsoft for solutions.

And I guess somehow I should believe that Microsoft solutions are always the best? WTF...

LoB

Re:free as in beer?

[bigstrat2003]

And I guess somehow I should believe that Microsoft solutions are always the best? WTF... No, you shouldn't.

Perhaps you didn't mean it this way, but you came off 100% as the typical OSS fanboy who believes that MS products are nothing more than a waste of money, and that for every possible problem, OSS is the best solution. Forgive me if I misjudged, but your post screamed "OSS fanboy and unreasonable MS-hater" to me.

Re:Free

[paul.tap]

I like free beer too, but I'm always scared that the brewery may change the recipe and not tell me why it suddenly tastes so bad. Therefor I'm glad to know how to brew one myself.

Muh?

Can somebody who speaks Web-Gobbledygook translate for us surface-dwellers?

Re:Muh?

[Aladrin]

It's an add-on for a program that you'll never use that fixes a bug you'll never encounter. How do I know this? Because if this applied to you at all, you'd already know all the 'Web-Gobbledygook' that was used in the summary.

Re:Muh?

[InlawBiker]

A simplification.... Back in "old days" of the web, before on-page scripting, programs run on the server had to be done by CGI - common gateway interface. I.e. fill in a form, hit submit - the server runs a program and eventually spits out the result.

Many of these CGI programs were written in something like PERL, which had to compile itself before it ran every time. So it could take a while before the program finished doing what it was supposed to do, and it was doing so many many times, over and over, putting a big load on the server.

FastCGI simply pre-loaded the program(s) into memory and kept them persistent. This way the program was loaded up once, when the web server started, and was then available at any time.

My company was using OpenMarket transaction server, which was all CGI-based and quite huge. They (OpenMarket) developed FastCGI in part to speed up that application and made it available to all for free.

I am rather surprised that this became an "Apache is better" discussion... OK I'm not that surprised. Instead I was wondering why it took so long for something like this to come out for IIS. It's really been around a long time, in Web-years anyway.

Stop the insanity.

[TheyCallMeBruce]

Why use IIS - just install WAMP (windows,Apache,MySQL,PHP).

Re:Stop the insanity.

[bibel]

Sometimes you don't have a choice. If the client wants Windows, IIS, MSSQL, PHP (WIMP), who are you to argue ?

Re:Stop the insanity.

[deniable]

I was in a small shop where we already had IIS to run things like Outlook Web Access. IIS also made it easy to have integrated AD authentication and access controls, so we had single sign on.

Rather than running another box or supporting a VM image to run apache, it's easier just to make do with IIS. The point of this article is that MS is making IIS play better for people from the PHP/fcgi side of things.

We did however run the outside web server on apache on an ancient almost broken P166 and it ran well.

Re:Stop the insanity.

[init100]

If the client wants Windows, IIS, MSSQL, PHP (WIMP), who are you to argue?

Then why not go Microsoft all the way and swap PHP for ASP.NET?

Re:Stop the insanity.

[tomknight]

Because some people live and work in the real world. Not everyone runs a webserver just to show off their Pokemon collection, some of us get paid money to do this sort of thing - and sometimes the people paying the money want to use Microsoft.

Re:Stop the insanity.

People actually still use IIS?

"and sometimes the people paying the money want to use Microsoft." ...and there's a sucker born every minute...still true.

All those PHBs out there who insist on M$, due to their incompetence.
I consider use of anything from M$ a sign of incompetence and avoid any
individuals/organizations who use/recommend this junk. Of course, I do
try to gently enlighten them. Some see the light, some don't, and continue
in their slow spiral to BSODs, downtime, virus/spyware/malware disease
and data destruction, etc. Life's too short to waste any more time, money
effort on M$ junkware.

You can only help those who want to be helped.

Re:Stop the insanity.

[vaderhelmet]

Apache does run on Windows. This seems to be widely overlooked. Everyone's primary reason for running IIS is "We have Windows". Seeing as they are both free, there must be some other reason for not using Apache. My guess would be lacking familiarity of and the learning curve to configure Apache.

Re:Stop the insanity.

[tomknight]

And I guess you're employed full time... flipping burgers?

Re:Stop the insanity.

[Nosklo]

Rather than running another box or supporting a VM image to run apache, it's easier just to blah blah blah... You can run IIS and apache in the same server, without another box and without VM images.

Re:Stop the insanity.

[deniable]

You can run IIS and apache in the same blah blah blah...

I know, I've done it. How do you recommend running both through port 80? Is it worth the extra effort?

Re:Stop the insanity.

[Phroggy]

As long as they're not both running on port 80 on the same IP address, there should be no problem. By default, Apache will bind to every interface it can find, but just add a Listen directive to change that.

Re:Stop the insanity.

[PPH]

The previous poster makes a good point and helps illustrate another.

Some people get paid to do what the boss tells them to do, in spite of technical merits or the lack thereof. This tool allows them to do that with a minimum(?) of pain.

The other point illustrated is that, particularly for server applications, Windows is still running way behind the rest of the O/S world. Unlike the desktop, where they (Microsoft) has managed to capture a large portion of the developer mindshare, the same isn't true in server space. If the PHB wants to meet his Windows infiltration quota and get invited to dinner at Bill's house, he's going to need some way to get all these applications rehosted.

Re:Stop the insanity.

[Allador]

It's trivial on the apache side, and relatively easy on the iis side.

Config the machine to have two IPs.

On apache, set a Listen directive in the config file, to have it listen on IP1:80.

For IIS, run this:

c:\>httpcfg set iplisten -i IP2

By default, both apache and IIS will bind to every IP on the box. These methods let you have each listening on port 80 on their respective IPs.

The only 'hard' part on the IIS side is knowing that httpcfg exists and controls this. If you've ever setup wildcard ssl certs in windows you've been here.

The reason this is controlled through this command prompt on windows is due to the architecture of IIS.

There is a very small kernel-mode component that handles listening on the port and handing off to IIS. This is what you're configuring with httpcfg.

I believe Vista (and therefore Win 2008 Server) doesnt have httpcfg and uses something else (dont know what off the top of my head).

Re:Stop the insanity.

[shutdown+-p+now]

IIS comes preinstalled with Windows, and with a (relatively) nice GUI to configure it, with a few wizards for the more common tasks. It also integrates nicely with e.g. Windows Authentication when you need it (say, for intranet apps).

Re:Stop the insanity.

[Nosklo]

I know, I've done it. How do you recommend running both through port 80? Is it worth the extra effort? The same ways you would use another box, or setting up a VM. Proxying, or using different IPs, or some other approach. And yes, it is worth it.

Re:Stop the insanity.

[bibel]

Then why not go Microsoft all the way and swap PHP for ASP.NET?

So that you still have some dignity left

Re:Free

[El+Lobo]

If it tastes bad, there are always other beers. Unfortunatly, I can't brew my own beer. Nobody I know is good enough at it either. Ans I won't want to taste a beer brewwed by a thousand hands, thank you very much.

Turn about

[Dareth]

Sure we can do that, but first you need to tell us more about this horrible rumor about this evil daystar that burns us vamp... I mean us technical type folk who dare venture out in the daytime.

Rasmus Lerdorf must be pissed today

[mshmgi]

Since when did Zend "create" PHP?

Re:Rasmus Lerdorf must be pissed today

[PHPfanboy]

Hi, I work for Zend (not in Marketing dept.) - this issue comes up every time it's written in the press or other interviews. It's not how we market ourselves, and every time we're quoted as "the creators of PHP" Zeev and Andi get hauled over the coals by the PHP development community. It's not the first time and probably not the last time this has happened. For the record, this is how Zend markets itself:

Zend is the PHP company.
Businesses utilizing PHP know Zend as the place to go for PHP expertise and sound technology solutions. Andi Gutmans and Zeev Suraski, two of Zend's founders, are key contributors to PHP and creators of the open source Zend Engine. Because of their internationally recognized authority, the company and its founders continue to play leadership roles in the PHP and open source communities, and are accountable for a central role in the explosive growth of PHP.
Slighty different, I think you'll agree.
Happy PHP'ing

Re:Rasmus Lerdorf must be pissed today

[MrMunkey]

True Rasmus did create PHP, but Zeev and Andi rewrote the PHP parser in PHP3 and later created the Zend Engine along side PHP4. I'm not sure if it was a typo or if it was a misconception by the author of the article, but I'd say Zeev and Andi would at least know what they are talking about.

http://en.wikipedia.org/wiki/Php

Re:Rasmus Lerdorf must be pissed today

[mshmgi]

You'd think any ./ editor would have realized this ... Oh, well, they'll probably get it right the NEXT time they run this article ;)

Re:Free

[jimstapleton]

Well put.

Even as a often-self-brewer, there is something to be said for "it exists and works well, or at least well enough". It is often nice to not have to go through the effort of making it yourself (or improving it to your needs).

Misread headlines

[Just+Some+Guy]

"Microsoft Releases IIS Fascist Module"? So I see they've made it official. On the other, it might be better than the "IIS Promiscuous Module" that seemed to be so popular a few years ago.

ah, php

[Jessta]

ah php, the unholy merger of c/c++, perl and java.

Re:ah, php

[Phroggy]

PHP in contrast to Perl

Re:ah, php

[lena_10326]

PHP in contrast to Perl

You know. I skimmed that page and a major complaint was PHP's inconsistent function parameters as well as its large number of similar function calls. I've done a lot of work using Perl and a lot of work using PHP, and the one constant I found with Perl was there are generally 10 ways to code a particular algorithm in which 9 of them are generally unreadable by novice Perl programmers. Some of those most confusing code I've ever seen was in Perl code.

Perl is semantically complex, which I find is far worse than PHP's function library. Perl is generally a time drain for me when it comes to debugging semantical errors, whereas ~95% of the bugs I write in PHP are syntax bugs that get reported by the PHP compiler. PHP is simply effortless for me. That's why I use it for CGI scripting and not Perl.

I will use Perl for data file processing tasks though.

Re:ah, php

[Phroggy]

I've done a lot of work using Perl and a lot of work using PHP, and the one constant I found with Perl was there are generally 10 ways to code a particular algorithm in which 9 of them are generally unreadable by novice Perl programmers. This is absolutely true. Perl has such a complex syntax that it takes a long time to learn the whole language, and until you do, you can't read anyone else's code because they wrote it using a different subset of the language than you've learned, and you can't even figure out what to look up in the documentation.

But as long as 1) nobody else ever has to read the code, or 2) the only people who will read the code are Perl experts, it's great. Perl may be harder to read than PHP, but once you learn it, it's easier to write.

Adding these two lines to the top of every Perl script will help immensely with catching errors:
use strict;
use warnings;

it always worked before.....2003

[hesaigo999ca]

I never had any PHP problems using the ActivePhp install (or Perl for that matter) when I used
to install them on my windowsxp pro versions, only when I tired to install on the windows 2003 servers, that WoW...what a f** job that was, so much research because of the problems for installing it....which is actually really the reason why I think they came out with this.

Read the documentation from a googled server 2003 php install and you will see it takes even the best of them to get it going. You have to play with access permissions, cgi rules, redo extensions that get screwed up on install...I imagine this makes it all that much easier, but it always worked on windowsxp before...quite beatifully too!

FastCGI vs Proxy

[tcopeland]

Over on Linux, my perception is that FastCGI enjoyed a brief reawakening as it was (for a while) _the_ way to deploy Ruby on Rails apps with Apache. But now that seems to have changed to over to using Apache + mod_proxy_balancer + Mongrel.

One nice thing about mod_proxy_balancer is that it's easy to distribute the Mongrels across a couple of machines... and Apache will take them out of the loop if the machine goes down or they become unresponsive or whatever. Works for us, anyhow....

Re:FastCGI vs Proxy

[LordLucless]

Another somewhat-useful feature of FastCGI is being able to suexec each virtual host so they run as their own user rather than every site running as apache. Not necessarily for everyone, but can be very useful.

Re:FastCGI vs Proxy

[Fweeky]

One day, in the dim and distant future, I hope to see FastCGI supported by mod_proxy[_balancer]. Sadly, the module in Apache trunk seems to have pretty much died. *sulk*.

Actually, scratch that. What I want to see in the dim and distant future is a PHP HTTP SAPI module, so it can run its own webserver and I can proxy or not as needed.

3RD Party Software -- was Re:Why bother?

[melstav]

Because, sometimes, you also have to run 3rd party, non-free software... that was written to require IIS.

Oh?

Its good to hear of Microsoft finally adopting 10 year old technologies. Don't get me wrong, FastCGI has done wonders for request throughput a lot of companies I've started. But its comical to hear that its just now being ported to IIS. What exactly was the problem???

Sometimes not an option

[tjstork]

I really like web development on Linux more, and Apache most of all. But, sometimes, we're stuck with IIS and Windows.

FastCGI will allow me to write a service in C++, and be more portable to Linux. Sure, I have a bunch of socket code that I could use, but, web servers do such great things with threads and sockets that I'd love to be able to leverage that. FastCGI, you make my day.

Now, to find a good FastCGI library for C++, or, just read the spec. Hopefully, Microsoft complies with the spec.

As much as I troll around about the virtues of Windows, in my heart of hearts, I love Linux more. Even the other night, my wife found a cracked copy of Vista Ultimate for my dual opteron, and I just couldn't bring myself to get rid of SUSE, even though I've completely wrecked my installation. So I downloaded Ubuntu instead and will apply that!

Apache isn't free

http://archives.neohapsis.com/archives/openbsd/2004-06/0448.html

Wow

[Trailer+Trash]

You open source free software kiddies might want to step back and watch some *real* innovation going on! We're calling it FasTcGI" over here in the Windows world. Well, take a look at it, I'm sure you're all hankering to just rip it off and use it with your oh-so-wonderful "apatchY" web server.

Huh? It's, what?

Nevermind....

Re:Wow

[Trailer+Trash]

Impressive, jokes are now modded as "troll". Could you folks not figure that one out?

Re:Wow

Only because there's no -1 Lame mod choice.

Re:Wow

[Trailer+Trash]

No, if you think it's lame you ignore it and move on. I seem to have picked up a "friend" or two who follow me around and hit troll on about half my postings.

Re:Congrats to M$!!!

Ha ha! Very good! Now, let me know when 802.11 wireless works in fucking linux without having to move heaven and earth.

Also, kill yourself.

Security

[melonman]

Great, so now I get the legendary security of IISS coupled with the legendary security of PHP? To be fair, it shouldn't be much worse than PHP/Apache, since the most common PHP setup effectively disables user-based access control and lets any PHP script anywhere on the server access any data created by any other PHP script anywhere on the server.

I do hope they've kept that thing where you install a new PHP application and then try to run the admin.php script via the web server as nobody before anyone else on the Internet does. That's a race condition implemented with real vision if ever I saw one. The more I think about it, the more it seems to me that Windows and PHP deserve each other.

Re:Security

[LordLucless]

You're talking about a flaw in a apache's security model there, not PHPs. Apache runs as a single user. When it runs PHP as a module, then PHP runs as a single user. Same with Perl, or Ruby, or anything else that relies on a module interface as far as I know. If you use FastCGI (which this article is about, you may have noticed) then you can get it to suexec to a different user when it makes the CGI process, and you don't have the security problem you're whining about.

The bit about PHP admin scripts is application specific - nobody's forcing the authors to do it that way, and you can do the same with any other language. PHP has had it's flaws (register_globals and magic_quotes still give me the shivers), but if you're going to bitch about it, at least educate yourself first.

and in other news ...

[LorenzoV]

Zend gives aid and comfort to the enemy.

Methinks it's all over but the funeral for FOSS.

Re:and in other news ...

[PHPfanboy]

I don't think this is a valid point at all. FOSS is not just Linux. Due to Zend work with IBM, MySQL and SugarCRM and other apps are running on iSeries machines. Windows is just another OS that people want to run stable PHP apps on. Let's not get too melodramatic.

Re:and in other news ...

[nuzak]

Why don't you keep your drooling little Bill-bashing aphorisms on Groklaw where they belong?

Article doesn't mention

that the speed increase was due to MS figuring out how to harness the energy of Cory Doctorow's ego.

P.S.: It's cute when Cory tries to sound like a geek and fails miserably.

IIS Myth debunkathon

* IIS is pretty darn secure if it's set up right. The same with apache. In fact my 8 high traffic IIS boxes have never been rooted or suffered any security problems.
* IIS does support text config files - meta base with IIS6 and Web.configs with IIS7 (same as htaccess effectively)
* IIS6+ doesn't represent IIS4, which is where the insane hackability came from - that was back in '98. That's nearly 10 years ago. Apache has been a consistent serious mess since.

Typically the moment they HELP open source, everyone slates them. Not exactly fair is it?

etc etc...

Re:IIS Myth debunkathon

[Vexorian]

How exactly does this help open source?

Re:IIS Myth debunkathon

By opening a proprietary server technology to allow open source applications to be hosted easily and cost effectively (if you already have Microsoft infrastructure).

Good example - I work at a Microsoft outfit yet we use this to host wordpress and mediawiki for a few projects rather than community server and flexwiki which are both chunks of poo as far as I am concerned.

Re:Congrats to M$!!!

[flyingfsck]

When? A few years ago...

Why don't you try Mandriva 2008? It has wizards for everything - ideal for the pointy-clicky masses.

Too lazy

[Joe+U]

I know in my case, when I administrate IIS, I use both the GUI and the text file.

Because you, like me, spent the time to actually learn how to properly run IIS.

Most complaints about point and click seem to be done by people who never bother to learn the other methods.

Updates?

[JCSoRocks]

There are new updates / patches / versions of PHP coming out all the time. How is that going to work with this new FastCGI? Is Microsoft really going to take the time to continually update it? Or is Zend going to get screwed into doing all of the update work themselves? If you *do* end up deciding to use this who the heck do you contact regarding support issues? I read the "article" (press release really) and didn't see any of these questions answered. It seems to me that anyone that's actually serious about using PHP for any sort of reasonably useful app will want to know the answers.

Who cares?

The burning question is, is J-Lo pregnant or what?

WIMP Architecture

[x_Curious_x]

Score 1 for this. I wonder is anyone else out there using (Windows, IIS, MySQL, PHP5) in production servers? It's a little unorthodoxed but Me knows Windoze. Also, I hear about all the licensing issues and costs associated with running windows over linux and etc., and I'm wondering what about when you rent from a hosting provider who has to worry about the licensing costs and all that jazz and all you have to do is admin and deploy your applications. Granted if the business gets serious you'll likely want to start hosting your own dedicated servers, but I also figure since there are so many linux web/database server deployments out there the transition should be minimally painful. Adding this fastCGI enhancement should make that even easier. We'll see if we get there.

Re:Free

[Penguinisto]

If it tastes bad, there are always other beers. Unfortunatly, I can't brew my own beer. Nobody I know is good enough at it either. Ans I won't want to taste a beer brewwed by a thousand hands, thank you very much.

You do realize that you're going to be awfully thirsty, considering that rather contradictory statement? ;)

/P

Better late than never....

[alexborges]

Congrats, Microsoft, you came in late for about a FULL DECADE and STILL people buy your crap. No matter how unethical is the fact that your "web" thing never did anything other than crash for no reason, spawn windows when anyone hit the webserver, and eat away all resources; people do bow unto you, take your crap and PAY FOR IT.

I can understand Microsoft very well. What ill never understand is its fanbois.

Re:Better late than never....

[jez9999]

I have been considering this much of late.

I really want OSS to succeed, really. I love the philosophy, and hate the idea of MS being the 'Rome' of my lifetime (the empire that collapses, but only a long time after I die). However, I can't see it happening. This is because it feels like OSS has a natural tendency to stagnate when most developers think things are 'good enough'.

Where's a reliable FastCGI module for Apache? Where's a good config file format, and a GUI to edit it, for Apache? Where's a Linux distro with a GUI as intuative as Windows Explorer? Yes, I recently tried Ubuntu and was very disappointed that its GNOME GUI is *still*, in my opinion, leagues behind what MS and Apple have to offer.

OSS devs develop stuff they care about, to the level that they find acceptable. They generally don't take no shit from nobody, and if you want something done, you can do it yourself. Patch it. I love the theory, but the practice is this: people DON'T HAVE FUCKING TIME to patch it. Businesses often DON'T HAVE THE MONEY. OSS needs to adapt to a philosophy of developing stuff to be better even when they personally don't get much benefit from it, because otherwise businesses WILL just pay MS to get what they want. It sucks, but there you go.

"Hey, boss, we need to push out group policies over all machines on domains foo and bar. Windows has Group Policy Editor and Active Directory. We can do the same thing with Linux, but it will mean spending 5000 man hours developing, testing, and deploying scripts, because nobody has bothered to come up with a solution yet."

What would you choose for your business??

Re:Better late than never....

[deek]

"Hey, boss, we need to push out group policies over all machines on domains foo and bar. Windows has Group Policy Editor and Active Directory. We can do the same thing with Linux, but it will mean spending 5000 man hours developing, testing, and deploying scripts, because nobody has bothered to come up with a solution yet."

What would you choose for your business??

I would choose the right tool for the right job. If that job is pushing out group policies, and Microsoft have a tool for it, and open source does not, then I choose Microsoft.

If Microsoft has a tool for it, and open source has a tool as well, then I choose open source. Why? Because I have the option to tailor the program to my specific circumstances. Say I wanted to push out different policies, dependent on some essential criteria. If the Microsoft tool does not support this feature, you are hosed! With open source, you can add the feature yourself, and even better, contribute it back to the creators, so everyone benefits.

The point is, you've chosen an example where you would certainly choose a Microsoft tool. I'm sure there are also many examples where you'd choose open source. You've just got to evaluate it case by case.

OSS needs to adapt to a philosophy of developing stuff to be better even when they personally don't get much benefit from it, because otherwise businesses WILL just pay MS to get what they want.

It all depends on what your overall objective is. If the objective is to destroy Microsoft, or it's to cater to what others want, then yes, an OSS project needs to develop beyond the immediate needs of the developer. If the objective is to satisfy the needs of the developer, then no, the OSS project should stop when the developer is happy. There's nothing wrong with both, and I'm sure that both are happening in the OSS world. It's a big world after all, and it can quite happily cope with many different reasons for doing things.

For me personally, I'm not a great programmer, but I have enough talent that I can modify existing source code with a little effort. For me, open source adds a whole new dimension of freedom to software and computer use. It's great, and I really appreciate all those other programmers making the source available. I don't expect them to pander to my requirements, unless that is what they want to do.

If business wants a feature added to OSS software, and they're willing to pay money for it, surely they can sponsor the original open source developer to create it for them. After all, they were going to pony up the money to some software company somewhere. They might as well give it to a developer directly, and get a custom solution created for them, that specifically meets their needs.

Re:Better late than never....

[shutdown+-p+now]

Where's a good config file format, and a GUI to edit it, for Apache?

Curiously enough (and perhaps proving your point) is that the GUI exists, but it's non-free...

Apache for Windows [was:free as in beer?]

[Lumenary7204]

... but when someone has the option of just turning on IIS on an underutilized box, or finding/buying a box to install linux and Apache on, the idea of price is a non-issue. Umm... What about Apache for Windows?

The Apache.org download page.

-- and --

The Win32 binary download mirror.

Just as "free" as Apache for Linux/UNIX...

WAMP + .NET - How?

[iBod]

>>WAMP still beats them anyway.

So how can I run all my lovely .NET 2.0 web services under WAMP?

I use LAMP/WAMP plenty and often, but .NET web services are just too good to ignore when designing big, complex web/intranet applications (not some Mom & Pop shopping cart).

If Apache under Windows could offer .NET 2.0 web services like IIS can, then I'd be sold.

Before anyone tells me to write my web services using some lame Java technology - JUST DON'T!!!!

The trouble with FastCGI

[Animats]

FastCGI is a good idea that's underutilized, underdocumented, and undermaintained. It's straightforward enough; the web server launches a subprocess, as with CGI, to handle the transaction. But instead of running it only once, the transaction process can be reused to process additional transactions. The web server and transaction process communicate via interprocess communication over local sockets. If the transaction process crashes, the server starts another one. Multiple transactions processes can be run simultaneously.

This is the obvious way to do transactions. Yet it's much more common to build the transaction program into Apache's address space, with mod_php, mod_perl, mod_python, etc. This leads to security and reliability problems; you're trusting the interpreter and all its libraries. This is a real problem in shared hosting environments. Also, if there's a memory leak, eventually Apache will choke. With FastCGI, the transaction programs have a finite life; they're usually terminated and reloaded every N transactions or N minutes, to flush them out and get a clean copy.

The problem seems to be that the Apache support organization dropped support for fast CGI when its developer fell behind the Apache distros some years back. A later version, mod_fcgi, comes from China, and has almost no documentation in any language.

I've used mod_fcgi to run Python. It took several days to get the first program running, because the documentation is sparse and mod_fcgi doesn't produce useful error messages in the Apache log. There's also no mechanism to find out what mod_fcgi is doing, and the transaction parameters are configurable only on a per-server basis, rather than on a per-transaction basis.

That sort of thing is probably why it doesn't get used much. This could be fixed with a few weeks of work, if anybody cared. The basic idea and code are sound. Now that Microsoft is in the game, the open source world needs to play catch-up here.

Text file configuration

[tknd]

There's absolutely nothing wrong with text file configuration.

I call BS. There's plenty wrong with text file configuration. One example is the free form syntax that you have to learn for every piece of software. It is rarely consistent and sometimes there are options are not even documented.

Another annoying issue is how many config files there are. For some pieces of software it is all piled into one configuration file, for others it is separated into multiple files scattered in different places. Sure, to some degree it is up to the distro to determine how they want to organized everything, but half the time I find myself trying to hunt down a config file in some awkward place in /etc.

Also there is no feedback to you if you did something wrong until you try to start the software. Even then, it is up to the software to determine if the error was truly an error and whether or not to tell you about it. For example if I have a config file that has the line Option="off" and I happen to want to change it to Option="on" but fat finger it to Option="om" when will I find out that I've made a mistake? Lucky for me I can touch type so I can read what I'm typing on the screen. But I've seen many people glance down at the keyboard, type what they want, and move on without knowing that they've made a mistake. Just read Slashdot to find a good percentage of the geek population making these errors.

How many times have you blown up your X configuration and got tired of restarting X to fix it?

Don't get me wrong, I understand that there are many good points to text config files and in some cases I would prefer it to a GUI. But to say there's absolutely nothing wrong with it is stupid. You also cannot ignore the benefits of GUI configuration (preventing "wrong" options from being chosen, providing some documentation right next to the configuration option, very little learning curve, etc). Text file configuration has its advantages and disadvantages. GUI configuration has its advantages and disadvantages. I think we can still do better than both. But if everyone just sits around and thinks to himself "text is better than GUI" or "GUI is better than text" then we get no innovation.

One really simple solution is simply to provide both interfaces! For example I see no reason Apache can't start itself with a default configuration just for apache configuration purposes. It would tell the user to browse to localhost:888 where the user is presented with a web interface. Now we have a simple graphical html forms interface for configuring apache. Once the configuration is complete, the settings would be saved in a valid httpd.conf or whatever it was file and when the user does /etc/init.d/httpd start everything works. If you still felt you wanted to edit the config file by hand, you could still do it. If you wanted to archive the config file you could still do it. Also, most web browsers (even lynx) have a "search" feature built-in to the browser. So voila, searchable GUI interface!

Two things you apparently didn't know

[toadlife]

1) IIS need not be restarted to apply changed settings.
2) IIS's cofiguration is stored in a XML file, which can be edited by hand.

Re:Two things you apparently didn't know

[Penguinisto]

Ab't the XML file: See where I replied to myself?

/P

Re:WAMP + .NET - How?

[msormune]

You don't "write web services" using .NET or Java or what ever. You IMPLEMENT them. You write web services using WSDL and XML. That's the whole point of them.

No

[unity100]

believe me, you wouldnt be able to find a host with windows and php and any other meshup. you would need to REALLY look hard for it.

almost ALL of the shared hosting is being done out of linux boxes, and mysql and php are a given on them.

check the hub to get to know whats going on with the hosting scene better : www.webhostingtalk.com
just our own box hosts more than 350 accounts on linux/apache/mysql/php, many community sites, and around 60 of it are 1000-2000 product strong big estores on oscommerce/creloaded.

microsoft is archaic, not late on this one.

Zend would instantly reconsider,

[unity100]

when they notice that the millions of (around 40 million) small to medium web hosting providers will be rather irritated that they are making love to microsoft than supporting their products on the linux/apache/mysql/php hosting scene. that scene is what made zend what it is, and boy i wouldnt ever dream of going at odds with it if i was any executive at zend.

Re:Zend would instantly reconsider,

[PHPfanboy]

I hope you wrote that when we teamed with IBM and Oracle to officially support PHP on those databases and made PHP even a consideration for large companies.

PHP's great advantage (other than time to market) is it's multi-platform. All Zend server products do already work best on Linux, the work with Microsoft is to bring it up to par as much as possible in terms of performance and reliability. What's the big problem with that? Linux hosting is cheaper anyway, so you have an edge.

Seeing as most of the small to medium shared hosting providers don't pay a dime to Zend, nor does Zend have a commercial offering for them at the moment (because you're probably getting your PHP from Plesk, cPanel or Ensim and running it in CGI mode for security reasons), it's not like there's much wrath to fear (or economic fallout). Shared hosting companies owe as much to Zend as the other way around, so lets not pretend anyone is doing anybody any favors.

Shared hosting = many sites on 1 server (there'd better be, otherwise you'll be going out of business next month charging $5 a month for a server). As there are about 30 million PHP sites out there, and most shared hosting companies have many customers per server, and several servers, we're probably talking a few thousand companies, dozens of thousands at most, certainly not the tens of millions of companies you estimate.

Re:Zend would instantly reconsider,

[unity100]

PHP's great advantage (other than time to market) is it's multi-platform. All Zend server products do already work best on Linux, the work with Microsoft is to bring it up to par as much as possible in terms of performance and reliability. What's the big problem with that? Linux hosting is cheaper anyway, so you have an edge. had you spent those resources on bettering php on linux, it would be better even further, which is almost all of us small to medium (and many big ones too) are using. instead you are forking your effort to something which has no market value as of now, and wont probably have one even if you put great resources in it in the near future. in a way you are rather neglecting your real niche. which is bad.

Seeing as most of the small to medium shared hosting providers don't pay a dime to Zend, nor does Zend have a commercial offering for them at the moment (because you're probably getting your PHP from Plesk, cPanel or Ensim and running it in CGI mode for security reasons), it's not like there's much wrath to fear (or economic fallout). Shared hosting companies owe as much to Zend as the other way around, so lets not pretend anyone is doing anybody any favors. thats narrow sighted thinking.

there are almost no boxes having linux and php and not having zend accelerator. you would notice that for many php products zend accelerator is a recommendation, and for some it is a requirement. which immediately means that zend is a major name and go to place for php developers of any kind, who do major business in the open source market, and especially ecommerce market with oscommerce, creloaded, and others. naturally you would be able to easily conclude that whenever these people need any solution in regard to php (zend ide, for dev environment for example, zend encoder for example, for protecting source code in closed source commercial projects) its zend they are bringing their business to. because zend is the name.

it is some reputation like ibm has in business matters in computing world. that kind of authority and recognition is something that no company that has been just founded a few years ago can buy with any amount of money. that IS zend's power.

Shared hosting = many sites on 1 server (there'd better be, otherwise you'll be going out of business next month charging $5 a month for a server). As there are about 30 million PHP sites out there, and most shared hosting companies have many customers per server, and several servers, we're probably talking a few thousand companies, dozens of thousands at most, certainly not the tens of millions of companies you estimate. there are 40 million web hosts around the internet as of now. that includes big boys like liquidweb, dreamhost and such, who maintain many boxes in datacenters or run their own farms, also resellers which sport just a few dozen accounts.

yet, almost all of those web hosts are on lamp boxes, and many with zend naturally. you are mistaking that people are using zend products on boxes that serve php pages. no such distinction exist. companies get lamp boxes by default, and serve all accounts from there, plain html or php. its the customary practice. i can say that lamp box with some kind of accelerator (zend or ioncube) is the default thing in the industry. i should note that oses like redhat 3 and above have ready scripts to install zend with just typing installzendopt, which should further tell the importance and reach of zend through this sector.

therefore you should never leave out your niche and go flirt with some company that has harmed whichever it flirted with, always having a hidden agenda.

Re:Zend would instantly reconsider,

[PHPfanboy]

had you spent those resources on bettering php on linux, it would be better even further, which is almost all of us small to medium (and many big ones too) are using. instead you are forking your effort to something which has no market value as of now, and wont probably have one even if you put great resources in it in the near future. PHP is the #1 web scripting language on the web, I think it's doing quite well, and we didn't fork anything, we added resources. What would you say about supporting PHP on FreeBSD or Mac or AIX or Solaris which is something we already do. Would that be OK?

There are many commercial companies who want to pay money to run Windows now. Your claim about market value is simply not accurate.

By the way we do better PHP on Linux. It's called Zend Core and it's the most tested, commercially supported up to date PHP distro. And we sell Zend Platform, it's a PHP application server which helps PHP applications scale, run with better performance and run more reliably. If you'd like me to email you the name of our sales guy who deals with the Turkish market I'll be happy to do so.

in a way you are rather neglecting your real niche. which is bad. This is not justified claim. As Zend's goal is to grow PHP to the enterprise and as far as possible, I think it is rather up to Zend Management team to decide what our real niche is. You have just described what PHP's initial niche was. Zenders are important members of the core PHP community, but certainly not the majority.
By the way, your site Webgeekworld offers scripts for Java and ASP and .Net, all of which are outside the Shared Linux hosting marketing. Why don't you stick to your niche?

thats narrow sighted thinking. Hello? We're a commercial company! If we don't sell my wife and 2 little daughters starve. You can call that narrow sighted if you like. I call it economically responsible.

there are almost no boxes having linux and php and not having zend accelerator You are referring to the free-of-charge Zend Optimizer, not the Accelerator which has been part of Zend Platform for almost 3 years. And your information is not accurate, we often get requests from customers to speak to their large hosting companies to get Zend Optimizer installed.

it is some reputation like ibm has in business matters in computing world. that kind of authority and recognition is something that no company that has been just founded a few years ago can buy with any amount of money. that IS zend's power. Yes, marketing and brand power is very nice. As a commercial company however, we need to generate revenues too. I'm sure your company needs to generate revenues.

i can say that lamp box with some kind of accelerator (zend or ioncube) is the default thing in the industry. I can say with more certainty and numbers than you'll ever have that it definitely is *not* the default thing in the industry. And again, you're referring to free Optimizers/Decoders which are not the same as commercial or free Opcode Caches (= Accelerators).

i should note that oses like redhat 3 and above have ready scripts to install zend with just typing installzendopt, which should further tell the importance and reach of zend through this sector. Fantastic! So, RedHat makes money from selling support, HP or Dell makes money from the hardware, someone makes money selling shared hosting. Oh? Where's the Zend dollars there? Like I told you, we don't have a standard commercial product for Shared Hosting.

therefore you should never leave out your niche

This sounds like a very risky business strategy.

and go flirt with some company that has harmed whichever it flirted with, always having a hidden agenda.

Well, it's a bit late for that. Seeing as there are thousands of small, medium and large companies that do want to use PHP on Windows, I think it would be irresponsible not to support them properly. You don't. Fair enough. Best of luck with WebGeekWorld, we look forward to having you as a satisfied paying customer.

Re:Zend would instantly reconsider,

[unity100]

PHP is the #1 web scripting language on the web, I think it's doing quite well, and we didn't fork anything, we added resources. What would you say about supporting PHP on FreeBSD or Mac or AIX or Solaris which is something we already do. Would that be OK?

any support for any platform that is reliable to do business with are ok with us. We are negative towards microsoft because we have many tales of screw-ups they did to whomever worked with them. you know, hosting is a field where reliability and trust reigns supreme.

There are many commercial companies who want to pay money to run Windows now. Your claim about market value is simply not accurate.

to the quite contrary your look on the matter is not accurate. we hosters already are familiar with this situation. we call it "ms corporate culture". small to med businesses who used ms products in office and so on for years, built their infrastructure and personnel over it naturally tend to put a microsoft box if they choose to maintain their low volume web server. or, they go seek people who would create their dynamic site in asp, which is just continuation of corporate culture.

not only these single entities (webservers put on microsoft stuff) do not constitute bulky business compared to 100-200 hosting clients filling out each server on linux hosting side, but they eventually do switch.

we also do web development (as a natural expansion) in addition to hosting, and almost every month we talk with 1-2 clients who are going to switch from microsoft based stuff to php. (our quote request volume is around 4 a day average) especially asp to php. and you naturally can conclude that when they do switch, they rarely run php sites on windows they go all the way. but that happens in shared hosting generally of course.

This is not justified claim. As Zend's goal is to grow PHP to the enterprise and as far as possible, I think it is rather up to Zend Management team to decide what our real niche is. You have just described what PHP's initial niche was. Zenders are important members of the core PHP community, but certainly not the majority. By the way, your site Webgeekworld offers scripts for Java and ASP and .Net, all of which are outside the Shared Linux hosting marketing. Why don't you stick to your niche?

webgeekworld is a hobby project that i made over the weekends. its a script directory/community. if there was martian scripting on dark side of pluto, their category would be there too.

You are referring to the free-of-charge Zend Optimizer, not the Accelerator which has been part of Zend Platform for almost 3 years. And your information is not accurate, we often get requests from customers to speak to their large hosting companies to get Zend Optimizer installed.

there are VERY bad eggs among the bad eggs in hosting community. i can name names, but it would not be wise to do as such. you would be surprised what other troubles such big names may cause to their clients, and zend optimizer installation would be trivial compared to them.

Hello? We're a commercial company! If we don't sell my wife and 2 little daughters starve. You can call that narrow sighted if you like. I call it economically responsible.

we are your people. in 5 or so years we have come from being a curious webnerds' pastime to providing majority of shared hosting on the web. just like oscommerce has become something of a field in itself despite starting from a single script. stick with us. we are your niche. if you back us as you did, things will be going far from this point.

I can say with more certainty and numbers than you'll ever have that it definitely is *not* the default thing in the industry. And again, you're referring to free Optimizers/Decoders which are not the same as commercial or free Opcode Caches (= Accelerators).

sad to hear yet im still on the opposite side of this subject. free optimizers do c

If one is idiot as to do that :

[unity100]

since the most common PHP setup effectively disables user-based access control and lets any PHP script anywhere on the server access any data created by any other PHP script anywhere on the server. then s/he shouldnt be messing with php or apache or anything web related at all. it is a simple mod in apache that you need to activate in order to prevent that. it allows you to do that yourself so that you can use php in any situation - after all you may need to use it in an intranet with a box that has a software needing to modify any and all files in it, including os files. like cpanel development.

Web "gook" here.

[unity100]

basically what they did is to take a 10 year old technology to run cgi scripts faster, and integrate it to IIs.

cgi scripts are behind the web page you are seeing as of now, running the go-between between the database and your interface, and processing your inputs and database info at the same time. so its something major.

but as said what they did is 10 years old, nobody needs or uses it anymore. so its rather "gook"

IIS sucks.

[MikeFM]

Forking has gotten a lot cheaper in Linux since we originally sought out better ways to demand more from our webs servers. It's still probably not the ideal way to do high-load stuff but it's improved.

Why anyone would use Windows for a web server I can't really imagine. Linux or BSD is cheaper, easier, more flexibile, more reliable, more secure, and runs faster with less overhead. I hate when I need to develop for, or admin, IIS-based web servers because they are such poor systems.

Re:IIS sucks.

yawn. bad workman. tools. 'nuff said.

Some facts about IIS

I've seen the rant on this topic, and I(m a bit surprised to find it so uninformed.

First about IIS : it's not initially an in-house Microsoft Product. It was "acquired", or rather exchanged, with a company that dealt with real-time defragmentation on mainframes. The company that originally designed IIS (named Purveyor at that time) had obviously a good record of writing resource-efficient and very robust apps. They refused to invest in the pure CGI approach at that time and designed another highly optimized mechanism for web extensions, similar (I don't know if it was imitation or emulation) to NSApi, basically loading DLLs in the main process of the http server and defining standard entry points. That mechanism was typical of their problem space as it guarantees that random processes won't start on the server.

The cause of the vast majority of so-called IIS vulnerabilities is in fact due to bad-written or bad-secured extensions. That concern was addressed years ago by Microsoft, by disabling most extensions at install time, and by isolating the dlls in distinct processes that can not harm the main HTTP process (and that run with a least privileged account). Add to this the .Net security layer (for cases where .net is used) that wraps a sandbox around the whole thing, and you'll see why the number of vulnerabilities has fallen in the past years.

Now for the configuration part. IIS initially relied on a very dark configuration storage called the metabase. You could only manipulate that by using the GUI or a bunch of vbscripts. That metabase could become corrupt, and stall your entire web server. This also has changed a lot, and the configuration is today expressed via XML files. They are cleanly separated (a hierarchy of configuration files that can or can not override the settings of their parent, depending on the settings), and can be selectively exported or duplicated along a web farm (as machine specific configuration can get stored via another mechanism, called data protection API. DPAPI allows for storing sensitive parameters out of band on the target server, so that your brand new production-ready script and deployement package don't contain those informations).

So, don't attack blindly one of the finest parts of Windows. Microsoft has taken an initial splendid work, and in 10 years managed to keep it on the edge (with the upcoming version becoming a multi-transport server, not limited to http).

Oh, do you wonder what Microsoft gave in return for Purveyor ? At that time NTFS had no defragmentation API. The company that made purveyor got the full specs of the soon-to-be defragmentation API for NTFS *way before* other companies got it. If you use one commercial product to defragment your NTFS disks, chances are you bought it from them.

Re:The _Real_ CGI on Windows Problem

[Allador]

The neosmart page produces this:

PHP has encountered an Access Violation at 0286A2CB Which is bizarre for an error that might be caused by being slashdotted.

Re:WAMP + .NET - How?

[aztracker1]

Okay, he uses the .Net framework to create web-service functionality.. which is far nicer than *ANY* comparative option I've seen... Then again, I (heart) ASP.Net, but have worked with other web technology platforms.

Did you say problem?

[_bluevincent_]

Isn't it just the recurrent WINDOWS PROBLEM?

Re:WAMP + .NET - How?

[shutdown+-p+now]

Before anyone tells me to write my web services using some lame Java technology - JUST DON'T!!!!

Please mod parent Troll/Flamebait. It's akin to asking "how do I do that some other way, except that I don't really want to hear it".

FYI, there are just "Web services". Whether it's .NET or Java (or Python, or C++ ...) implementation under the hood, it doesn't matter - that's kinda the point of Web services. And it's just as easy to write a Web service in Java as it is in .NET.

No F***ing Way.

[mpapet]

They already have IIS, and it takes 5 minutes to set it up. The cost of time alone on setting up a new box to run something else...

For your customers IIS is great. Really. Except they probably bought one of those low-end crippleware Windows Server versions. They'll probably never need the features on these low-end versions. You're successful, so everyone wins.

But, when the win32 consulting cash starts running dry, you'll could add Linux or possibly BSD to your business. So, start now by grabbing Debian and get a feel for it. That way you'll be prepared for what's coming and the more experienced Linux admins like me won't eat your lunch.