Slashdot Mirror
Bitten By the Red Hat Perl Bug
snydeq writes "Smart coders always optimize the slowest thing. But what if 'the slowest thing' is the code supplied by your vendor? That was exactly the situation Vipul Ved Prakash discovered when he tinkered with a company Linux box on which Perl code was running at least 100 times slower than expected. The code, he found, was running on CentOS Linux, using Perl packages built by Red Hat. So Prakash got rid of the Perl executable that came with CentOS, compiled a new one from stock, and the bug disappeared. 'What's more disturbing,' McAllister writes, 'is that this Red Hat Perl performance issue is a known bug,' first documented in 2006 on Red Hat's own Bugzilla database. Folks affected by the current bug have two options: sit tight, or compile the Perl interpreter from source — effectively waiving your support contract. If a Linux vendor can't provide comprehensive maintenance and support for the open source software projects you depend on, McAllister asks, who ever will?"
Installing your own perl under /usr/local, leaving the system one alone under /usr, that waives your support contract?
Seems unlikely, and if actually true, remarkably stupid.
(However, messing with the perl under /usr, that would be a mistake. It could easily break other things that depended on that specific version ...)
Who uses vendor Perl? It's like GCJ; if you don't really need it, it's good enough, but if you really need it, you download the real thing. And like java, it's easy to have multiple versions of Perl on your system.
I guess that's snarky, but seriously. These guys were running a fancy production package on the crap perl install that comes with Fedora? They needed performance (and chose perl?) and they didn't look first at compiling perl from source? It doesn't take long at all, and the benefits are substantial, even aside from not having this bug.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
How difficult is it to install the latest Perl with yum install perl?
You'd get the latest version anyway. :)
slashdot rocks
Why blame Red Hat when it's a package running on a non-Red Hat system?
Yeah, well, good on mr Prakash I guess. Good thing he had the option of rebuilding from source, I can think of a few other operating systems and applications where that simply isn't an option.
So, score one for open source I guess, headline be damned.
"Total destruction the only solution" - Bob Marley
Just because Red Hat made one high-profile mistake, doesn't mean their support service is without value. Jump to conclusions much?
[Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
I would be thankful I had the option of fixing the issue myself. Support contracts on freebsd and linux have always been overrated in my mind when you
are used to solving issues yourself or with the community that uses it. Mailing lists are more helpful to me then the vendor in most cases.
I swear everything runs slower with Redhat compiled binaries, even basic shell utils like grep, sed, and awk.
If it is "supplied by CentOS" then it was compiled by "CentOS" not Red Hat. Red Hat Enterprise Linux enterprise had a hotfix for this weeks ago. So if Vipul had been using a Red Hat product, he would not have had this problem.
...then what good is the support contract anyway? Either stop paying for it or make enough of a stink that they fix it. Of course, RedHat being an enormous company won't pay attention to anyone making a stink unless they are an enormous customer, which is a problem in both open-source and proprietary worlds. At least there's a workaround in the open-source world, one better than object patching the binary...
FTA: diagnostic perl one-liner
time perl -e 'use overload q( sub {};my%h;for (my $i=0; $i 'main';print STDERR "." if $i % 1000 == 0;}'
We used "modules" in a similar situation. http://modules.sourceforge.net/
There was a lot of development where I worked before. Things were written with dependancies to specific versions of programs. They would "probably" work with a later version but the developer didn't want to risk that and neither did the business side, so we implemented modules and let the devoper load the version s/he needed.
"module load perl" would always load the latest version but if you depended on a specific version you could always do a "module load perl/5.5.8" which would set environment variables to only get things from that version.
Worked like a charm.
You are not entitled to your opinion. You are entitled to your informed opinion. -- Harlan Ellison
Well the reason to want to use vendor perl is that perl does some very fancy file management stuff that makes it extremely fast for opening and closing files. So one presume a vendor could optimize this to their kernel.
My guess here is that this is just the recurrence of the UTF-8/16 bug.
Grep and Sort on unix set to UTF-8/16 as opposed to LANG = C (or Posix) are about three orders of magnitude slower on large files. (No I'm not exagerating). Recently this Bug showed up once again on the Leopard on mac.
About ten years ago this showed up in Perl on Redhat. Then it went away. I bet it is back.
I think the reason it comes and goes is it depends on if things are compiled to default to UTF-8/16 or to ascii.
Some drink at the fountain of knowledge. Others just gargle.
Cent OS is *not* an OS that Red Hat provides support for. So, in terms of support, you get what you pay for. The bug is fixable by recompiling Perl? Great. Submit the fix to the maintainers. End of story.
But, supposing that you *did* pay for support and you ran into this problem... It's a known bug with low priority. So get them to fix it. You're paying for support. Hold your vendor to their promises.
And if they don't fix it, find another vendor. That's the beauty of open source. If you need support and your current supplier sucks, you can find another.
But it's completely disingenuous to complain that recompiling your Perl binary will void your support contract *when you have no such contract*.
Well that's one issue with using pre-built things is that you it may not have been optimized for your usage or in the case of Perl, general usage. I kid! I kid! :P At least open source allowed an option. But I would be careful about compiling your own for everything. There are cautionary examples of how this could lead to problems.
Well, there's spam egg sausage and spam, that's not got much spam in it.
*facepalm*
hey redhat do you provide any support for CentOS actually
here's an example of this on a mac OS 10.5 /tmp/foo
[CODE]
perl -we 'for (0..1000000) { print rand(1),"\n"}' >
time sort /tmp/foo
real 0m36.169s
user 0m35.731s
sys 0m0.264s
echo $LANG
en_US.UTF-8
setenv LANG C
time sort /tmp/foo > /tmp/foo2
0.966u 0.201s 0:01.27 91.3%
SO for a small file it's 40 times faster when not defaulting to UTF-8
Perl on leopard however appears to assume LANG=C bey default and is quite fast. As is grep.
Some drink at the fountain of knowledge. Others just gargle.
Here's the full story.
There are a couple fixes here... re implement the Perl code in Java and gain 50%, or re implement in C if you are a man.
If this benchmark was a real issue for your production systems and you had a support contract with Red Hat you would obviously have requested and gotten a hotfix from them already. Done.
That is what support contracts are for to get support and fixes timely even if the generally available package is still going through the full support cycles. Sure CentOS is great and very cheap, but you would go to Red Hat to get timely support and updates if something like this is a real business concern.
The summary said it is disturbing. According to the Bugzilla report, the performance issue arouse as a result of a necessary patch. I can see how this would be disagreeable... but how is it disturbing?
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
Wrong title, wrong article, wrong on just about every level of troubleshooting application performance benchmark.
It only affects x64_86 branch on old 5.8.8 perl package, not just Red Hat.
"Don't let fools fool you. They are the clever ones."
If is a critical to your business, then why are you relying on a general-purpose vendor to provide it to you?
Compiling your own textutils or findutils? That's ridiculous. Compiling your own X11 Server? Lunacy. But if you're building a perl application, it probably makes sense to have tight control of your perl interpreter, down to the compiler options, packages installed and binary builds.
An example from my real life: At some of my employers we've built our own Apache binaries, our own Ruby interpreters, etc. Why? Because we didn't want someone else making version choices for us -- we wanted verified, controlled versions of these key pieces of our software platform.
I know dev teams that build their own GCC because they want very specific feature sets and don't get what they need from their distributions, or because they want conformity across a wide range of platforms.
Control the things that are closest to your application. Let outside vendors cover the infrastructure that isn't. That's just good engineering practice.
Let's keep our eye on the ball, here: this is a known bug, in Redhat's bug tracker, since 2006. Fixes have been commonplace since 2007, and only just now did Redhat get around to fixing the problem. The question remains: what good is Redhat over CentOS (the only difference being logos and a support contract) if they ignore a major performance bug for two years?
Please help metamoderate.
I don't know how many projects have asked Slashdot not to link to bugzilla. It makes the system unusable for the developers trying to get work done.
Here's the text currently in the bugzilla entry (edited to meet slashdot's filter requirements):
Bug 379791 - perl bless/overload performance problem
Summary: perl bless/overload performance problem
Status: VERIFIED
Product: Red Hat Enterprise Linux 5
Component: perl (Show Red Hat Enterprise Linux 5/perl bugs)
Version: 5.2
Platform: All Linux
Priority: urgent Severity: high
Target Milestone: rc
Assigned To: Marcela Maslanova
QA Contact: desktop-bugs@redhat.com
URL:
Whiteboard: GSSApproved
Keywords: ZStream
Depends on:
Blocks:
Reported: 2007-11-13 07:14 EDT by Nigel Metheringham
Modified: 2008-08-29 10:30 EDT (History)
Fixed In Version:
Release Notes:
Description From Nigel Metheringham 2007-11-13 07:14:04 EDT
RHEL5 perl shows the same performance issues as the Fedora 7 perl did - see
Bug #196836 and Bug #253728
This has been demonstrated in the recent perl update perl-5.8.8-10.el5_0.2
Same fix needs taking across to RHEL, ideally as a update release rather than
waiting for next major release cycle.
I do not have RHEL5.1 to test against right now, but the timing of the Fedora
fixes leads me to believe these would be much too late for the 5.1 release
cycle.
-- Comment #2 From Martin Kutter 2007-11-30 05:24:01 EDT --
The issue can be observed running the benchmark script from the recent
SOAP::WSDL package.
To do so, download SOAP-WSDL-2.00_24 (and its dependencies) from CPAN, run perl
Build.PL && perl Build, cd into benchmark and run perl -I../blib/lib 01_expat.t
This is the Output from RHEL4:
perl -I../lib 01_expat.t
Name "DB::packages" used only once: possible typo at 01_expat.t line 2.
Benchmark: timing 5000 iterations of Hash (SOAP:WSDL), XML::Simple (Hash), XSD
(SOAP::WSDL)...
Hash (SOAP:WSDL): 4 wallclock secs ( 3.48 usr + 0.01 sys = 3.49 CPU) @1432.66/s (n=5000)
XML::Simple (Hash): 7 wallclock secs ( 7.19 usr + 0.03 sys = 7.22 CPU) @692.52/s (n=5000)
XSD (SOAP::WSDL): 6 wallclock secs ( 6.06 usr + 0.01 sys = 6.07 CPU) @823.72/s (n=5000)
And this (with reduced n) is from RHEL5 (different machine, perl-5.8.8-10):
Benchmark: timing 500 iterations of Hash (SOAP:WSDL), XML::Simple (Hash), XSD
(SOAP::WSDL)...
Hash (SOAP:WSDL): 1 wallclock secs ( 0.59 usr + 0.00 sys = 0.59 CPU) @847.46/s (n=500)
XML::Simple (Hash): 1 wallclock secs ( 1.06 usr + 0.00 sys = 1.06 CPU) @471.70/s (n=500)
XSD (SOAP::WSDL): 11 wallclock secs (11.34 usr + 0.01 sys = 11.35 CPU) @44.05/s (n=500)
Increasing the number of runs shows the O(n^2) nature of the performance problem
- increasing the number of runs by a factor of 10 increases the runtime for the
XSD bench by a factor of nearly 100:
Name "DB::packages" used only once: possible typo at 01_expat.t line 2.
Benchmark: timing 5000 iterations of Hash (SOAP:WSDL), XML::Simple (Hash), XSD
(SOAP::WSDL)...
Hash (SOAP:WSDL): 6 wallclock secs ( 6.19 usr + 0.03 sys = 6.22 CPU) @ 803.86/s (n=5000)
XML::Simple (Hash): 11 wallclock secs (11.20 usr + 0.02 sys = 11.22 CPU) @ 445.63/s (n=5000)
XSD (SOAP::WSDL): 851 wallclock secs (847.36 usr + 2.28 sys = 849.64 CPU) @ 5.88/s (n=5000)
-- Comment #3 From RHEL Product and Program Management 2007-12-03 15:47:35 EDT --
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the cur
My distro is PCLinuxOS and the latest available kernel is 2.6.22.something. I've found myself having to compile a lot of packages from source because they haven't been added to the repos.
And I've heard of similar problems in Gentoo.
Maybe it's part of the deficient development cycle of some apps? i.e. no stable versions, and keep fixing bugs and adding features (and bugs) at the same time.
Red Hat is dead!
Any clown relying on Perl for performance ... well ... they deserve what they get. Perl is for non time critical applications.
Red Hat has a history of supplying packages with flaky patches. One of the kernel updates for RHEL5.1 was supplied with a backported patch for an NFS-related problem which ended up breaking caching, introducing serious performance issues that made NFS almost unusable when working with multiple files/directories. Red Hat was quick to come up with a patch after the bug had been reported - however, it only applied cleanly to their testing kernel (candidate for the next RHEL update) and refused to introduce it in the mainline kernel package, which forced us to backport the fix ourselves and keep local revisions for about half a year.
Apparently, an issue of similar origin (i.e. bug introduced by Red Hat-specific patch) is currently affecting 3ware/Areca RAID performance when used in conjunction with the RHEL5.2 mainline kernel and Red Hat is refusing to release a maintenence update to correct the error. Won't be fun for those who've got such hardware and are bound by support contracts to use only Red Hat-supplied kernels.
for free from http://www.activestate.com/Products/activeperl/ since it is not effected by this bug. Seriously, this is far from the first time that Red Hat has botched the dynamic language environments it ships.
If he can fix his own problems, then why exactly is he paying RedHat for 'support'? I have filed and fixed numerous bugs in my distro of choice. He should do the same.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Can you be specific about how the vendor compiling Perl is inherently worse than anyone else doing so?
This is what distributions are for: to package and/or compile software so that users don't have to. What makes Perl so special that it's suddenly "inferior" when handled that way?
For goodness sakes people- use a different distribution! Even employees of RedHat don't even exclusively use RedHat. While RedHat was a cool idea back in the late 90s, and I'll admit the IPO was rather exciting (before it happened at least), they are the M$ of Linux distributions.
Let's see him rebuild VBscript or C# from source to get his speed up.
This is what open source is about.
You got it wrong:
"Every time Red Hat releases a hotfix, CentOS grabs the source and compiles it, sometimes weeks or months after Red Hat made it available."
There, fixed it for you.
Seriously, if you want to judge Red Hat's performance using a lagging-behind derivative distro, you are on crack. Even the CentOS guys recommend you to use RHEL if you're so picky about faster releases and/or fixes.
Hope you're just as happy if they stop "giving" cents to FOSS.
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
That's what we did. Download the SRPM for RHEL5's perl (currently unreleased), and pull the perl-5.8.8-U28775.patch. Download the SRPM for your RHEL4-based OS, edit the spec to include:
Patch28775: perl-5.8.8-U28775.patch
And then make sure to then add:
%patch28775 -p1
Somewhere in the patch section.
You then get "official" RH perl with the patch for the reblessing. It took me about 30 minutes to do all that my first time, including dusting off my RPM setup and knowledge.
Should RH have fixed it 2 years ago. Oh yes. For this, RH should be burned in effigy. You could say that everyone already knows about this, except that some of us poor slobs keep discovering it anew :-(
http://blog.rshtech.com/2008/04/rh-el-5-perl-interpreter-bug.html
Yeah, that's me discovering it all on my own. Fun!
But honestly, when has RH ever gotten the perl interpreter completely right. From RH 4 all the way to today, the general opinion is that you should build your own perl interpreter from the freshest, stable release. RH has a long history of screwing up perl patches or being slow to get the latest in. This one (#28775) is just the worst in a long history of messing up perl for RedHat :-(
And I *like* RedHat. I have used them for years now, and I continue to recommend them as the gold standard for enterprise deployments. So I'm not saying this as a hater, just an annoyed schmuck who continues to use them (I'm probably just lazy at this point).
"Doubt your doubts and believe your beliefs." -- Switchfoot, Ode to Chin
No, the steak is the same. It just didn't come with the house vegetables and mashed potatoes.
Or... It's like the Civilian Hummer - in place of weapon and armor fittings, they put in cup holders...
Bow-ties are cool.
Sorry about that, this is in RHEL 5. I used the FC7 SRPM when I made my patch (back in April).
Still principle's the same--just get your current SRPM (e.g. perl-5.8.8-10.el5_0.2.src.rpm), go get the latest FC SRPM (e.g. perl-5.8.8-28.fc7.src.rpm), find the U28775 patch file, add it to the spec, rebuild your original SRPM with that patch file in its spec, etc.
Geez, what was with me and question marks in that post? I need to preview a little longer.
"Doubt your doubts and believe your beliefs." -- Switchfoot, Ode to Chin
If speed is so important for the author of the article, wouldn't something written in C using libxml be a better choice than using (what I'm assuming) are XML modules written exclusively in Perl?
You mean real h4x0rz like Sam Hocevar, who ran Debian last, put predictable pseudo-random number generators in their SSH packages.
Yeah--that was pretty 31337. Seriously--how many boxes could that dude have potentially hacked. That almost in the level of that unix login bug that was buried in the C compiler. ...but eventually, all the 31337 hax0rs get caught.
There's no place like
https://www.redhat.com/archives/fedora-extras-commits/2007-June/msg04242.html
He's not running RedHat Enterprise. -- see that, that's a period. He's blaming the wrong party intentionally to score points for CentOS. Reading RedHat's forums and buglist online is not the same as having enterprise support. F-u-c-k him.
The GPL does not invalidate Trademarks. Red Hat owns the trademarks in question and was well within their rights to ensure it is used the way they wanted it to be used. At no point did Red Hat try to use trade mark law to keep the CentOS project "from doing what the GPL entitled them to do." In fact, RH goes out of its way to make repackaging RHEL much easier. They are not required to release source RPMs, but they do anyway. Red Hat just doesn't want you identifying your recreated distro as RHEL.
"I use a Mac because I'm just better than you are."
Well, it's CentOS, and with a cent being what it is, it shouldn't be surprising performance is at 1/100th...
This is a serious attack. Frankly, I cannot accept it at face value without your backing it up. Can you explain how Redhat was violating the GPL?
Just because all the code is GPLed doesn't mean that every bit on the distro disk is GPLed.
I use both RHEL and CentOS. RHEL is on our production machines and CentOS is what I use for proof-of-concept and non-production machines. RedHat fixes show up a few weeks before CentOS, though I do often just rebuild the SRPM directly on CentOS. Never had a problem building the source RPM either.
CentOS doesn't do the same thing as RedHat. They take RH packages and rebuild them without modification except for vendor tags. Though they do maintain their own bug lists, it's RedHat that does the heavy lifting.
Smart coders always optimize the slowest code? Damn - I guess I better get working on optimizing my apps preference panel. Here I was focusing on the most frequently used code!
...but eventually, all the 31337 hax0rs get caught.
And how exactly do we know this? ;-)
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
And how exactly do we know this? ;-)
I was referring to the guy who committed the not-so-random ssh key generation bug. (I was actually trying to be funny, but failed miserably. I read my comment again and am ashamed as the lack of quality control)
There's no place like
1) CentOS is *not* a RedHat product. So, Vipul, you don't lose any support... because you're entitled to none!
2) For the sake of clearing the FUD with RedHat's bugzilla's policies, here are some details on how it works:
- There's no rule that patches applied on bugzilla are to be reported upstream! Some (large) packages have over 100 patches applied. How would *you* feel if RedHat spammed you every time they applied a patch to whatever software you wrote?
- Upstream devs can register to receive any and all buzilla tickets for their products, if they chose to do so. Some do, some don't. Those that don't sometimes end up complaining that "RedHat/Fedora is keeping patches secret!". Duh.
- When a bug is reported on bugzilla, especially a crashing bug, only a _minimal_ fix is applied that fixes the crash. The patched package goes on QA for a while.
In the Perl story above an upstream patch was applied, so it made *no* sense for RedHat to report it upstream. Turns out that the patch (alone) caused another problem (slowdown). The normal thing to do was to file another bug report on it. Which did happen! And, lo and behold the bug will be fixed:
-- Comment #14 From Marcela Maslanova 2008-08-08 02:42:52 EDT --
This bug will be solved in RHEL5U3.
So Vipul, which didn't contribute a cent to RedHat by using CentOS, is biatchin' that RedHat is simply following the cautious QA policy that RHEL is known for. Perhaps he needs to use another distro that provides more bleeding edge updates, with the obvious risk entailed by less QA. Not that RedHat would give a hoot what Vipul is using (for free)...
...to the profits they bring to your business). That's better.
Michael J. Ryan - tracker1.info
With CentOS or RHEL (fundamentally the same, but still two different entities) the sysadmins should setup a central yum repository for in-house and custom built software. Developers should be building in-house packages into RPMS with dependencies for the correct build of Perl.
:).
I ran into this problem a while ago building a DBIC API on the stock CentOS 5 perl build. DBIC really complains about the slow Perl bug... So, I build an rpm for Perl 5.10 and setup a yum repo. Also I deploy my Perl applications through yum+rpm as well - all my app rpms depend on my in-house perl rpm which keeps dependency issues to a minimum. If you are worried about CPAN dependencies just make sure the applications install spec does the correct stuff with your Makefile.PL and you are using a perl build environment that does CPAN require+installs (that way you don't have to build rpms for each CPAN module
I doubt if I was using RHEL with a support contract that they would give me any guff what I've done.
The upside of this method is that if the sysadmins are motivated enough they can build entire kickstart installs that install groups of home-grown software for specific business purposes.
Hey, looking at the official Bugzilla page for this bug :
https://bugzilla.redhat.com/show_bug.cgi?id=379791
(scroll down to the bottom)
It looks like RedHat is using the exact test package I and a co-worker of mine put together that illustrates this issue. And clearly RH has a Perl build in house that completely fixes this issue.
Look forward to a complete fix soon folks!!!
-CJ
A: Nobody.
That has been this week's issue of "Easy Answers to Easy Questions. Be sure to check back next week, when we address the Easy Question, "Who is really in charge of Linux?"
Blows!
Bug since 2006 in an "Enterprise" Operating System. So they haven't been able to get some spare body to rebuild perl?
Maybe I'm a bit jaded as I have had extensive dealings with Redhat support. I find it funny that for the longest time Redhat pushed their certifications so damn hard, but don't require their own support technicians to know anything beyond scripted responses.
Awesome!
I really appreciate Linux when I hear a story like this:
It's like if I had a car and was able to change its constituent parts at will!
Of course that may void its warranty, but for some that is an acceptable alternative.
Let freedom ring!
I don't know the meaning of the word 'don't' - J
The question remains: what good is Redhat over CentOS (the only difference being logos and a support contract) if they ignore a major performance bug for two years?
Who fixed the bug? Did CentOS fix the bug or did CentOS compile the fixed by Red Hat code?
To be clear, Red Hat fixed the bug and CentOS again rode on their coat tails. Take out Red Hat and CentOS goes away too.
Seems like slashdot bashes redhat every chance they get. The last 3 rh stories were the same way Foxnews talks about Obama.... if recompiling perl was so difficult a solution that you needed redhat support to help you how to figure it out, then kill yourself. We all have problems and bugs waiting to be fixed that make our jobs and lives a little harder.
The question remains: what good is Redhat over CentOS (the only difference being logos and a support contract) if they ignore a major performance bug for two years?
Even if you concede that RH support is worthless (which I don't - your conclusion seems to be that because RH were crap on one support issue, they would be crap in all cases - other posters seem to have better experiences) the value of Redhat over CentOS is that quite a lot of non-technical business types have heard of it and probably have at least a vague impression of it being a significant force with some solidity. This sort of thing is very important for many companies when buying software or support.
What is that Red Hat does that borks perl so badly?
Why do they do it?
And why won't they stop?
Or maybe it's just me that's clueless . . .
...to not rely on some stupid vendor to be the one to provide you with access to what is supposed to be free software. If access to software isn't easily possible and available, it's not very "free". All software should be easily installable from the original maintainers, and distros should not have to or need to maintain any of that software.
All of Sourceforge and the entire Internet should be my Linux software repository. Support cross-distro packaging standards wherever they might arise that will help address the Linux packaging mess.
Promote true freedom - support standards and interoperability.
How bout you test that and report back to us?
CentOS does not have access to the RHEL Build System. They use their own, which may or may not be built with the exact same combinations of tool revisions. I have not seen a comparison on any given package.
CentOS does seem to release errata. No clue if they have any access to HotFixes, which are *not* errata updates.
When's the last time you saw this sort of 'complaint' about a Microsoft product. It may start the same, but the ending is very very different.
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
I rather save the $$$ :)
Red Hat has updated perl packages that fix the problem. A RH support person told me it is due out for RHEL 5 update 3.
Upon a bit of insistence on my part he provided me the updated packages. The performance issue on our servers is gone after installing the new packages.
I know an extreme SSL security bug delivered with Debian Perl packages (and probably many other distributions) since years.
If you want to know it, pay me. I have told them and no one reacted. Now I'm pissed off and let 'em bleed.
http://searchitlocally.com/ads/M4Qr638AAAEAAHacengAAAAA.shtml
went from about 5 sec a page to 2 sec a page. wonderful to have source.