Slashdot Mirror
Microsoft Releases IIS FastCGI Module
Marcy writes "Microsoft has just announced the final release of the IIS FastCGI module for IIS 5.1 (XP), 6 (2003), and 7 (2008). This FastCGI module was built with collaboration from Zend, the creators of PHP, and is intended to solve the CGI on Windows problem." It's free as in beer.
One thing I've been keeping an eye on is WPHP. It's only alpha-quality at the moment, but it's basically a WSGI application (WSGI is the standard Python web application interface) with a FastCGI backend that runs PHP. With something like this, you can mix and match PHP and Python — for example, you could write an authentication handler in Python and link it to a legacy PHP application.
Bogtha Bogtha Bogtha
"Forking" (launching) a process is much more expensive on Windows than it is on Linux. Windows NT is architected after VMS (in part because of Dave Cutler). Processes are expensive on windows.
The game.
The only problem is that IIS7 and even II6 have so few critical vulnerabilities that Apache IS a nightmare in comparation. let's no talk about text file configuration....
It's time to realise that Abble's products are the biggest abomination these days. Just say NO to the dumb iAbble way!!
so you're paying out the nose, ears, ass for Windows and MS IIS and you care about free fastCGI?
And IMO, it may be free as in beer but it's poisoned beer by virtue of where it plays.
LoB
"Anyone who stands out in the middle of a road looks like roadkill to me." --Linus
If it tastes bad, there are always other beers. Unfortunatly, I can't brew my own beer. Nobody I know is good enough at it either. Ans I won't want to taste a beer brewwed by a thousand hands, thank you very much.
It's time to realise that Abble's products are the biggest abomination these days. Just say NO to the dumb iAbble way!!
Since when did Zend "create" PHP?
Just because you don't know how to do it doesn't mean it's not a huge advantage for those of us who do.
Yours Sincerely, Michael.
I was in a small shop where we already had IIS to run things like Outlook Web Access. IIS also made it easy to have integrated AD authentication and access controls, so we had single sign on.
Rather than running another box or supporting a VM image to run apache, it's easier just to make do with IIS. The point of this article is that MS is making IIS play better for people from the PHP/fcgi side of things.
We did however run the outside web server on apache on an ancient almost broken P166 and it ran well.
let's no talk text file configuration
Oh, not you as well. There's absolutely nothing wrong with text file configuration. There's a whole world of things wrong with a pointy-clicky GUI interface to a config in the registry when there's no other way to edit it.
How do you search a gui interface? How do you generate a gui config? How can you minimalise a gui config to the bare essentials? How do you upload/download a config and email it to someone? How do you edit the config without having to run remote desktop client? And of course, with clicky configs, if they haven't provided an option for something, then you can't do it. Sorry, "computer says no".
I'll admit that IIS hasn't had many vulnerabilities recently, but this is partly because it's got bugger all functionality. Most new vulnerabilities in apache are usually found in one if its thousands of modular extensions.
Lets not talk about using domain credentials for HTTP authentication (in fact, having your web server assume that's what you want to do), lets not talk about your configuration appearing all over active directory. Lets not talk about how server 2003 starts up every bloody service on the system on boot, giving you about 30 seconds to download the service packs before you get pwned by a virus. Lets not talk about how it took microsoft months to fix a serious user-affecting exploit in word, but yet, when they give a shit (like when DRM got cracked), they have a fix out in a matter of hours.
Personally, I use thttpd, because, er, I don't like the config format for apache. That's not because I don't like having my configs in readable text files, I just don't like the cludgy way that apache does it.
I wrote my first program at the age of six, and I still can't work out how this website works.
Actually, IIS does have text file configuration also - the metabase.
That's one thing I like about it - I can edit the text file OR use the GUI.
The caveat is the text-file is XML, the pro is that it's structure in such a way that it's not as painful to edit by hand as normal XML. Also, there's a log file in the same directory that produces really helpful error messages if you screw up editing it by hand.
Having used both, I find neither significantly better/easier to administrate. They are just different
34486853790
Connection too slow for X forwarding? Try "ssh -CX user@host"
ah php, the unholy merger of c/c++, perl and java.
...and that is all I have to say about that.
http://jessta.id.au
Its kind of a fallacy that 'forking' processes on Windows is significantly more expensive than forking them on Linux. I think it is somewhat more expensive, but that doesn't alter the fact that forking processes on linux is still expensive in the first place.
So, we needed ways to make things go faster - mod_php for example, that ran php scripts inside an apache process, but you still had to fork the apache process for each web request because of many thread-safety issues in php modules. This was also a security problem because every php script ran as the apache user. So the next idea was to start an apache process for each client and re-use it until that client disconnected (and stayed disconnected). This is the fastCGI approach.
With windows, you had 2 ways of running PHP scipts: as a CGI application (slow due to new processes all the time), and as an ISAPI (think of this as the equivalent of mod_php) module. The ISAPI one worked but you had the thread-safety issues of PHP to contend with (just like on Apache 2 that doesn't spawn worker processes).
In summary: nothing much to see, someone's just released fastCGI for IIS now so you have the same configuration options for IIS as you have for Apache.
I think it is somewhat more expensive...
It's a lot more expensive. Some numbers MSR came up with while working on their research OS Singularity put process creation on Linux at ~700,000 cycles, just over 1 million on FreeBSD, and just under 5.4 million cycles on XP. Here's one source; slide 23.
I'm not arguing against your main point; I'm just pointing out that there is actually a huge difference between process creation time on the different systems.
Most have a series of tabs/menus that allow a drill-down type search.
That's not useful. I don't want to have to "drill down", I want to search for a keyword. Say I've got several hosts, and I want to see everything specifically relating to an IP address. I search for the text of the IP address. For beginners looking to change one option, complex GUIs are a mass of buttons and tabs, rather than something they can search for.
Turn off the options you don't want - same way you would in a command line.
I don't want to turn them off, I want to remove all reference to them.
If the GUI attaches to the registry, export the hive and attach it.
That's not useful. I want to mail the config so someone can read it, eg. paste my config to a newsgroup to ask a question when I'm stuck. The usual equivalent in windows-land is you spend days searching for stuff and getting dumb meaningless error messages ("please check that the domain controller is both locatable and contactable" - hey I know, Mr Paperclip, why don't YOU tell ME whether it was either unlocatable or uncontactable or both..), then eventually you find the answer on someone smug bloke's blog with a mugshot of him in the corner and 1000s of thankyou messages, rather than anywhere on MSDN. (incidentally, that error was nothing to do with the server being unlocatable or contactable, but being windows, I couldn't do a trace on it to find out where it was breaking, I just had to click "OK" and try something else).
Yep, text-y configs you can't change things they don't give you options for either!
Text-y configs usually have some level of scriptability, eg. "IfDefined" in apache. Syntax that might apply to one feature will usually apply to all features, making things a lot more versatile.
Another advantage of text configuration is that you can arrange the order of the file according to what's important. You can also add comments.
I wrote my first program at the age of six, and I still can't work out how this website works.
Zend gives aid and comfort to the enemy.
Methinks it's all over but the funeral for FOSS.
Because some people live and work in the real world. Not everyone runs a webserver just to show off their Pokemon collection, some of us get paid money to do this sort of thing - and sometimes the people paying the money want to use Microsoft.
Oh arse
You're talking about a flaw in a apache's security model there, not PHPs. Apache runs as a single user. When it runs PHP as a module, then PHP runs as a single user. Same with Perl, or Ruby, or anything else that relies on a module interface as far as I know. If you use FastCGI (which this article is about, you may have noticed) then you can get it to suexec to a different user when it makes the CGI process, and you don't have the security problem you're whining about.
The bit about PHP admin scripts is application specific - nobody's forcing the authors to do it that way, and you can do the same with any other language. PHP has had it's flaws (register_globals and magic_quotes still give me the shivers), but if you're going to bitch about it, at least educate yourself first.
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
"architected" is not a word, since "architect" is not a verb
A. You're wrong. English is a living language. Any word that people understand as a verb is a verb. You understood what was written, therefore you are lying.
B. Your conclusion ("architected" is not a word) does not automatically follow from your premise (since "architect" is not a verb). Your logic is not logical.
C. Any grammer nazi who does not capitalize the first word in a sentence is a hypocrite.
D. Any grammar nazi who does not end sentences with a period is a hypocrite.
E. Any grammar nazi who complains that the "nazi" in "grammar nazi" should be capitalized does not understand how words can be used in a generic sense and thus no longer be proper names.
F. Grammar nazis suck.
Infuriate left and right
I have been considering this much of late.
I really want OSS to succeed, really. I love the philosophy, and hate the idea of MS being the 'Rome' of my lifetime (the empire that collapses, but only a long time after I die). However, I can't see it happening. This is because it feels like OSS has a natural tendency to stagnate when most developers think things are 'good enough'.
Where's a reliable FastCGI module for Apache? Where's a good config file format, and a GUI to edit it, for Apache? Where's a Linux distro with a GUI as intuative as Windows Explorer? Yes, I recently tried Ubuntu and was very disappointed that its GNOME GUI is *still*, in my opinion, leagues behind what MS and Apple have to offer.
OSS devs develop stuff they care about, to the level that they find acceptable. They generally don't take no shit from nobody, and if you want something done, you can do it yourself. Patch it. I love the theory, but the practice is this: people DON'T HAVE FUCKING TIME to patch it. Businesses often DON'T HAVE THE MONEY. OSS needs to adapt to a philosophy of developing stuff to be better even when they personally don't get much benefit from it, because otherwise businesses WILL just pay MS to get what they want. It sucks, but there you go.
"Hey, boss, we need to push out group policies over all machines on domains foo and bar. Windows has Group Policy Editor and Active Directory. We can do the same thing with Linux, but it will mean spending 5000 man hours developing, testing, and deploying scripts, because nobody has bothered to come up with a solution yet."
What would you choose for your business??
== Jez ==
Do you miss Firefox? Try Pale Moon.
It's trivial on the apache side, and relatively easy on the iis side.
Config the machine to have two IPs.
On apache, set a Listen directive in the config file, to have it listen on IP1:80.
For IIS, run this:
c:\>httpcfg set iplisten -i IP2
By default, both apache and IIS will bind to every IP on the box. These methods let you have each listening on port 80 on their respective IPs.
The only 'hard' part on the IIS side is knowing that httpcfg exists and controls this. If you've ever setup wildcard ssl certs in windows you've been here.
The reason this is controlled through this command prompt on windows is due to the architecture of IIS.
There is a very small kernel-mode component that handles listening on the port and handing off to IIS. This is what you're configuring with httpcfg.
I believe Vista (and therefore Win 2008 Server) doesnt have httpcfg and uses something else (dont know what off the top of my head).
I am starting to believe that you XML turkeys operate in some alternative Universe where diarrhea like this:
... is considered "easy to read" and "easy to maintain". Note the lovely formatting (as it appears in the actual file - less a few newlines as Slashcode wraps the crap) due to some inane Microsoft MMC GUI tool used to generate the thing. Also note the profuse commentary (that is assuming that you actually could ever properly comment this spew as comments are not allowed within tags, even ignoring the fact that the imbecilic MMC tool would simply remove them on the next use).
I will leave it as an excercise to the reader to conclude which one of us is operating based on delusional, emotional attachment to insanely misused formats and which one has an actual experience with configuration files in real life.
As to Semdmail, may I remind you that the so-called "config" file is an actual machine code of a state driven processor around which Sendmail itself was constructed. Apples and oranges. And no, it was no more easy or harder to read then any stream of machine instructions for any other machine to be directly executed by it. It was never meant to be easily human-readable and its syntax is driven by the extremely demanding resource limitations at the time when original Sendmail was developed. The fact that it proved a maintenance nightmare (despite of its extreme power and flexibility as compared to regular config files) was a leading impetus behind Sendmail losing to other MTAs as years went on and extreme frugality with resources became secondary to ease of maintenance.
Oh and your sanctimonious whining about "hopping into this century to drool at shiny but valueless stuff" does not help your cause either, as the basics of computer science remain unchanged since its very inception and they will remain firmly so even if our computers end up grown in vats out of quantum-mechanical nanomachines. And one of those fundamental, time-tested constants is the requirement for brevity, clarity and ability to comment extensively any configuration files, although untold numbers of misguided "innovators" have attempted to "improve" this in a countless number of ways, of which the XML insanity is but one of the later flops, standing atop of a heap of rotting carcasses of previous failures, which went by names such as "binary configuration databases" and "registry hives" and what not.
And so, long after your pet fad is gone, I am sure I will be having this same very conversation with some condescending accolyte of "Object Oriented Four Dimentional Cube, Buzzword Overloaded" config files or what not, who will snicker about how quaintly old-fashioned these fundamentals are, and that I should "get on with the times" to his new favourite, one-and-only, super-correct fad.
In short, your kind never learns.
Quite a comedian you are. How about any other time-proven config file format used by just about any sane application? Bind, DHCP, SSH ... and on and on and on.