Apache Web Server Share Falls Below 50 Percent For First Time Since 2009

darthcamaro writes "Apache has always dominated the web server landscape. But in August, its share has slipped below 50 percent for the first time in years. The winner isn't nginx either — it's Microsoft IIS that has picked up share. But don't worry, this isn't likely a repeat of the Netscape/IE battle of the late 90's, Apache is here to stay (right?)" The dip is mostly the result of GoDaddy switching to IIS from Apache. Which is to say GoDaddy hosts a whole lot of sites.

base it on traffic vs. how many domains host'd

I'm willing to bet you'd see drastically different numbers...

Re:base it on traffic vs. how many domains host'd

[93+Escort+Wagon]

Netcraft's report shows the percentages for all domains as well as for active domains.

This article is a bit sensationalistic - no surprise. As a percentage of all domains, Microsoft is at 23% (Apache's at 47%). Looking at just non-parked domains, they're at 12% (versus 54% for Apache). Not really much of a "Apache vs. IIS" story there...

If there's any news at all, it's that servers other than Apache and IIS have managed to gain significant traction over the past couple of years. I remember when it had really turned into a two horse race, and gains by one exactly mirrored losses by the other. But now it's a bit more of a healthy competition.

Re:base it on traffic vs. how many domains host'd

As a percentage of all domains, Microsoft is at 23% (Apache's at 47%). Looking at just non-parked domains, they're at 12% (versus 54% for Apache).

Don't you think it is interesting that your numbers say that half of what IIS is doing on the web is domain parking?

Re:base it on traffic vs. how many domains host'd

[93+Escort+Wagon]

Actually, looking at the raw numbers... it's just shy of 90%! But even for Apache, something like 70% of sites are not "active" by Netcraft's metrics - and it's a similar story with all the others.

Re:base it on traffic vs. how many domains host'd

[TheRaven64]

And on active sites it looks like IIS has been dropping in use since April 2009. Apache has actually picked up a bit since they had a big drop between 2005 and 2007, although it's down a bit since the small peak in 2011. The most interesting part is the growth of the 'other' line from about 6% to about 12% over the past 3 years. It's sad to see Lighttpd has almost died (not much development for years, now just counted as part of 'other'), but it's good to see a few different servers clustered around the 5-10% mark. Having a single server with over 50% of the market makes it quite an attractive target. It would be good to see more diversity.

Re:base it on traffic vs. how many domains host'd

[gbjbaanb]

I look forward to next months survey, looking at active sites (not that parked site irrelevance) usage, Microsoft is on 12%, and nginx is at 11%.... not long and Google will host more sites than Microsoft too, that'll be newsworthy in some way (though mostly of relevance only to marketing droids)

Re:base it on traffic vs. how many domains host'd

[IwantToKeepAnon]

The Netcraft graphs show "Google" as a platform, last I read (a couple years ago granted) that google ran a customized version of apache. Does google now offer a honest-to-goodness webserver of its own? Or can googles #'s be added into the apache category? And what about Tomcat sites? Are they already included in the apache #'s?

Thanks for the link.

note to self..

..another reason not to host on godaddy.

Re:note to self..

[CFD339]

You needed one other than the hostile upsell pressure virtually every where they touch?

Re:note to self..

No kidding. Their hosting was slow as it was. Now, multiply that latency by a factor of 10, especially if the service is inactive for 20 minutes and unloads itself. The next user will be waiting for several seconds for a response on even a simple page.

GoDaddy IIS

[naubrey]

Which is to say that GoDaddy hosts a lot of *parked* domains on IIS.

Re:GoDaddy IIS

[Manfre]

Which is to say that GoDaddy hosts a lot of *parked* domains on IIS.

...which were previously served using Apache. None of these stats will ever be able to convey the usefulness of site content based upon web server software.

Re:GoDaddy IIS

[ShanghaiBill]

Which is to say that GoDaddy hosts a lot of *parked* domains on IIS.

Honest question: Why did they switch? I have never understood why anyone would use IIS, and always assumed ISS users were clueless newbies. So why would GoDaddy go to the time and expense of switching? What do they gain?

Re:GoDaddy IIS

[Trepidity]

You could look at what the share is among the top N domains, for N=1000 or N=10,000 or whatever, at least as a sanity check.

Re:GoDaddy IIS

[LoRdTAW]

Simple: asp.net. Plenty of half assed coders out there can, with little effort, build a website using Visual Basic or C#.

Re:GoDaddy IIS

Which is why they were using apache + mod_php before.

Re:GoDaddy IIS

[kasperd]

asp.net

That's really no reason to move customer domains. As a customer I'd immediately leave a provider, which moved my domains to a new platform without asking me first. Customers that want asp.net should have to choose so on their own. The only way you could suddenly move a lot of sites from one platform to another without breaking something would be if they didn't need any server side scripting in the first place.

It could be done with parked domains. But why would you want to do that (except as a marketing stunt to promote Microsoft)?

Re:GoDaddy IIS

[whoever57]

Honest question: Why did they switch?

My WAG is that MS threw a bunch of money at Godaddy, not directly, you understand, but indirectly.

Furthermore, my conjecture is that MS is prepared to throw this money at Godaddy because Microsoft's share of sites was looking rather sad (3rd place for market share of active sites last month).

Re:GoDaddy IIS

[t4ng*]

...or better yet, analyze each home page, if it has no links to other pages within the same web site assume it is a parked domain (or spam domain) and ignore it.

Re:GoDaddy IIS

[csumpi]

Simple: asp.net. Plenty of half assed coders out there can, with little effort, build a website using Visual Basic or C#.

Sounds like a great accomplishment and major win for Microsoft.

Re:GoDaddy IIS

[Pseudonym]

Your half-assed crap code. Our passion.

Re:GoDaddy IIS

[Sir_Sri]

That's not necessarily a good metric either, as systems built for that amount of traffic are not necessarily indicative of what is suitable for the rest of us. That's sort of the formula 1 versus a regular driving vehicle problem.

Re:GoDaddy IIS

I knew this was true when a "developer" had an issue with an outgoing HTTPS endpoint and said "it works in the application I cut-n-pasted it from. I almost ended is life right there.

Re:GoDaddy IIS

[smash]

Other types of web developer are exceedingly rare.

Re:GoDaddy IIS

[KingMotley]

Honest answer: Because IIS serves static pages faster than Apache does so they can park more domains on the same hardware. With the amount of domains they park, it's not an insignificant difference.

Re:GoDaddy IIS

[KingMotley]

Simple reason really. Microsoft serves static pages faster than Apache and scales better under this scenario. It allows Go Daddy to park more sites on the same host, which then saves them money.

Re:GoDaddy IIS

[siride]

I don't know how you can say this when the primary language for dynamic sites run by Apache is PHP, which is mountains of shit worse than C#.

Re:GoDaddy IIS

Go have a look at web server market share for active sites, as well as the top million busiest sites, you fucking nitwit.

Re:GoDaddy IIS

[rtb61]

It was a huge M$ marketing stunt at the time. Why the switch because it was profitable to do so. Now the real question is about market share. Should the Go Daddy site plus all the web sites it servers be considered one site in terms of choice of server to in reality more effectively measure choice by people who actually administer web sites. It seems at the very least two sets of statistics should be presented to more accurately show choices made.

Re:GoDaddy IIS

[CBravo]

As said earlier: Nginx is faster than both.

Re:GoDaddy IIS

[spongman]

They switched because your assumptions are wrong.

Re:GoDaddy IIS

[benjymouse]

As said earlier: Nginx is faster than both.

Citation needed.

I could only find this: http://www.webperformance.com/load-testing/blog/2011/11/what-is-the-fastest-webserver/

Apparently you are wrong, IIS beats up the competition; only lighttpd comes close.

In the tests,
* IIS used only half the CPU compared to Nginx at bandwidth saturation.
* IIS delivered more than double peak throughput
* IIS had about half the response time compared to Nginx, under medium load.

In short, IIS appears to be twice as fast compared to Nginx.

What benchmarks are you thinking of when you claim "Nginx is faster than both"? Do you have a link?

Re:GoDaddy IIS

[benjymouse]

Nginx serves static pages faster than Apache or MS. Try again.

http://www.webperformance.com/load-testing/blog/2011/11/what-is-the-fastest-webserver/

IIS outperforming Nginx by a factor two. Your turn to "try again".

Re:GoDaddy IIS

[benjymouse]

As said earlier: Nginx is faster than both.

nope.. IIS almost 2x faster than Nginx when serving static content.

Re:GoDaddy IIS

[Tablizer]

But a spammer would use Linux instead of IIS because it's cheaper on the large scale, and spammers and scammers go for large scale because their success rate is low per CPU cycle.

Re:GoDaddy IIS

[Bert64]

Why would spammers care what is cheaper?
What they're doing is already highly dubious, so chances are they will have no qualms about using warez and/or hacked servers.

Re:GoDaddy IIS

[Bert64]

If you look at the netcraft graph going back several years, you will often see significant bumps in share either for or against IIS. Several of these are down to MS paying large hosting providers to put their parked sites on IIS for promotional reasons.

Re:GoDaddy IIS

[Lennie]

I wonder how he configured nginx.

Multiple processes is what nginx would need to get the maximum performance out of a the Quad-core machine.

And he used a different harddisks for Windows than Linux are they of the same type ?

Those are some of the things that come to mind first.

Re:GoDaddy IIS

[xyra132]

It might be a good indication of what the mainstream hosts will be using in a couple of years though. As with your formula one analogy, (a subset of the) technology developed at the extreme high end is commoditised and trickles down.

Re:GoDaddy IIS

[Ash-Fox]

Unfortunately, I have no graphs I can share with you due to confidentiality reasons. You can get Apache to outperform Nginx by configuring Apache to use prefork, then increasing Linux's file descriptors to a much larger setting than default to coincide with the forked processes and the connection limits you wish to handle.

This is something that is done in large cloud setups used in major websites that use Apache with load balancers, or in more sophisticated networks, using BGP to perform "true load balancing" (requires a router to hash source and destination IP to maintain a connection to the same server and weight calculations).

I have not managed to get Nginx to perform as well as Apache in this configuration (prefork + increased file descriptors), or any other configuration when Apache is in this configuration. IIS in my experience doesn't do too badly with static content, however, I have never seen it outperform Apache in the 'proper' environment and configuration when it came to static content (this also included disabling modules not in use), however the differences were very minor.

I will say though, if you're using IIS for serving static content, you might not be using your money wisely. It's not really as cost effective to pay for windows licenses and machines verses just the machines (I expect GoDaddy got freebies from Microsoft). Before the argument on support - You will often find that hardware vendors like HP and IBM provide their own support for various operating system configurations and certain uses on server hardware is included with your hardware contracts, should you be a sufficiently large buyer.

It really only makes sense to run IIS if you have specific IIS/windows applications to run on the webserver like .NET applications. Costs could be reduced in such a scenario to keep IIS for static pages if it required a new breed of administrators to join a team to maintain some 'free' server option. However, if the administrators are multi-platform (like where I work), this is unlikely the case.

Re:GoDaddy IIS

[Eivind]

They switched because they where paid to do so, because it looks good in marketing. They're in the position to control the webserver for millions of domains, thus Microsoft bribes them to use IIS.

Re:GoDaddy IIS

[benjymouse]

Multiple processes is what nginx would need to get the maximum performance out of a the Quad-core machine.

1. It is mentioned that default configuration was used, but the tester was willing to adjust parameters if the server was not taking advantage of the machine.

2. The CPU utilization at bandwidth saturation test should not be impacted, even if Nginx was running on a single core - unless it showed that bandwidth could not be saturated. But bandwidth was saturated with Nginx and cpu utilization was more than double that of lighttpd and IIS.

And he used a different harddisks for Windows than Linux are they of the same type ?

That could be an issue. But the test used a "real, minimalistic page with a variety of resource sizes and types". The content was static so it will quickly be served from the disk cache negating any performance difference between drives. And again, that should not have a bearing on the bandwidth saturation/cpu utolization test.

Re:GoDaddy IIS

I think you misunderstood - "cheaper" refers to the load they can manage with the resources they have. It's nothing to do with licensing costs.

Re:GoDaddy IIS

[benjymouse]

Unfortunately, I have no graphs I can share with you due to confidentiality reasons. You can get Apache to outperform Nginx by configuring Apache to use prefork, then increasing Linux's file descriptors to a much larger setting than default to coincide with the forked processes and the connection limits you wish to handle.

Using processes to serve individual requests seems like a massive waste of resources, and I have a hard time believing this will run faster than a standard threaded worker. Do you have any theory behind why Apache would process requests faster with preform as opposed to worker?

I have searched for optimization guidelines for Apache and I cannot find anyone recommending this setup, except for when compatibility is required.

I suppose that if Apache is used to serve non-static content using a foreign/3rd party module, there could be local lock contention issues if the module is poorly written. If the lock contention is intra-process (process local locks) I suppose that you could get around that by running multiple processes. But that would merely mean that the server is not being slowed down waiting for locks, not that it will run faster than Nginx.

But in this case no such modules are involved, and lock contentions are clearly not at issue for any browser in the bandwidth saturation tests.

Re:GoDaddy IIS

[Trailer+Trash]

Simple: asp.net. Plenty of half assed coders out there can, with little effort, build a website using Visual Basic or C#.

Sounds like a great accomplishment and major win for Microsoft.

Ever heard of PHP?

Re:GoDaddy IIS

Half-assed coders using .Net are why I have a job cleaning up half-assed .Net code and replacing it with properly designed .Net code. I'm a whole-assed .Net developer, and it pays very well.

Also, .Net is a ridiculously useful platform that can do just about anything you want. And if you have a Windows (XP or later) license just laying around (and who doesn't?), you shouldn't let it go to waste. You paid for it, after all. Use it. Learn how to use .Net and you'll be on the gravy train in no time.

Re:GoDaddy IIS

that is a special kind of half assed then. I am not a spectacular web programmer, and HTML/PHP/MYSQL/JS is much easier to get things built with. I always thought the overglorified brochure websites were done with dreamweaver anyway.

Re:GoDaddy IIS

[CAIMLAS]

In other words, IIS does nothing much better than Apache?

Re:GoDaddy IIS

Shanghai - Many people switch to IIS because it CAN be run by low cost newbs. What I don't understand is why corp management consistently sacrifices reliability and scalability and settles for unreliable mediocrity with IIS (and Microsoft). And, in the end pays more for slews of license fees and loss of experience by migrating admins who rather than staying put, roam from company to company for a better deal.

I'm just a bitter old man :) I just witness companies spending millions of dollars supporting inferior Microsoft infrastructures using 2-3 times the amount of admins than reliable nix based infrastructures requiring fewer, more experienced and dedicated admins at more than half the cos and simpler license models. Am I sick if I enjoy a perverse pleasure while Microsoft audits our MS Team?

Re:GoDaddy IIS

[tlhIngan]

Why would a spammer bother? You know what's cheaper than running their own machines? Using someone else's machine. Most spammers use botnets and such for everything - less likely to get caught, there's so many out there that prices are low and many ISPs don't do egress filtering properly so port 25 outgoing makes life simple.

Re:GoDaddy IIS

Except this has zero to do with asp or those that use it. This is about millions of parked domains that have no content other than the GoDaddy advert or an advert for "buy this domain".

Re:GoDaddy IIS

Hello? Since when is parking a bad thing? I love to park a bit from time to time.

Re:GoDaddy IIS

The original poster makes a valid statement, plenty of half-assed coders out there can build a website w/ IIS and VB.Net or C#. Likewise, plenty of half-assed coders out there can install Linux, setup Apache and program in PHP. It is NOT rocket science.

I have been in this field for about 17 years, a long time ago yes setting up Linux, setting up Apache and programming with CGI scripts and other technologies required some knowledge and skills. Fast-forward to today, there are so many how-to blogs out there, documents. OWASP exists to help ANY coder develop secure web applications, plenty of experts to assist newbies and are energetic about security and a safer web.

Just because it is a Microsoft product does not imply anything produced with it will be shitty - such an ignorant and arrogant opinion by a lot of "so called" professionals and "experts" here. I work at a pure MS shop, our websites are safe and secure, penetration test after test proves that. Training is provided for writing secure code and well performing code. It is about education. A shitty PHP coder will do no better than a shitty MS coder.

Re:GoDaddy IIS

[MooseMiester]

There's another aspect to this argument...

An Apache webserver has a license cost of ZERO.

An IIS webserver has a license cost starting at close to $1,000, add SQL Server (Please don't use SQL EXPRESS to host a website with any traffic you'll be sorry) and you're looking at another $6,000.

Why, then, would I use IIS? Because I have to support Microsoft products or CMS systems that only run there.

DUH!!!

Re:GoDaddy IIS

[Ash-Fox]

Didn't my last sentence say that?

Hmm

[Tailhook]

The statistical effect of millions of empty, neglected GoDaddy hosted sites will not ultimately mean a great deal. It does raise a question for me, however; what benefit does GoDaddy hope to realize with IIS? My last contact with IIS was about 9 years ago. At that time it was fragile, insecure and plagued with mysterious "metabase" corruption problems. The thought of using such a thing for large scale hosting seems absurd and I've ignored it ever since.

Has it since improved enough to entice really large operations?

Re:Hmm

[ackthpt]

No doubt it has improved, but it's still a PITA to work with. I have to work with it now and really miss Apache.

Re:Hmm

[loufoque]

IIS runs on Microsoft Windows.
GoDaddy administrators do not have the skill to manage Linux boxes.

Re:Hmm

It does raise a question for me, however; what benefit does GoDaddy hope to realize with IIS?

Cash?

Re:Hmm

[gman003]

I was forced to use it during school. I can't say much for the fragility or insecurity (I only had to run some rudimentary static websites on it to pass the class), but the administration was much easier for the learn-by-rote students (which my school seemed to love the most).

From the perspective of a guy who often doesn't even start X on his *nix boxes, it seemed a bit inflexible. But perhaps they have some weird .NET crap that works better for what they need.

Re:Hmm

[kasperd]

IIS runs on Microsoft Windows.

Apache runs on Windows as well, so this is no reason to choose IIS.

Re:Hmm

[readingaccount]

You basically just admitted that Linux boxes are harder to administer than Windows servers. This makes Linux servers much less appealing for companies when you can find Windows server admins for a dime a dozen, but Linux admins are harder to find and generally cost a lot more.

Re:Hmm

[readingaccount]

Technology changes a lot in 9 years. 9 years ago I honestly though Linux was superior to Windows on a technical level, at least for desktop purposes. Now, I'm quite convinced of the opposite.

Re:Hmm

[Molochi]

"Not having the skills" just means they lack a breadth of training.

Re:Hmm

[DuckDodgers]

Linux isn't harder to administer because of any inherent problems, it's harder for the average person to administer because we probably had Windows in the home computer and at the office, and at the school. Making the jump from Windows 95 to Windows NT or from Windows Vista to Server 2008 is a lot easier than jumping from Windows to Linux.

If you're a serious power-user administrator, Linux and Unixes in general has been easier to administer than Windows Server for a very long time. You have more interoperable shell tools at your disposal. The Server GUI is better for an admin novice, but terminal tools are quicker for a power user than toggling through programs and hunting through menus. Microsoft is catching up with PowerShell, but even if the technology is extremely flexible and mature (and it may well be), they took the odd step of inventing a new syntax different enough to be confusing to people comfortable with bash or cmd.exe - me among them. Now I'm asking myself whether making the investment in Powershell is worthwhile. It probably is, but I don't look forward to it.

Re:Hmm

Yes. They are marginally harder to admin. What you get with an increased skill requirement is a reasonable assurance that your admin is competent. Windows server admins ARE a dime a dozen, but the vast majority don't have the skil to be deemed a server admin. But hey... look on the bright side, at least they're a dime a dozen when you fire your "admin" for screwing something up.

Re:Hmm

[Zontar+The+Mindless]

Perceptions change a lot in 9 years. 9 years ago I honestly thought Windows was superior to Linux on a technical level, at least for desktop purposes. Now, I'm quite convinced of the opposite.

Re:Hmm

[jader3rd]

Now I'm asking myself whether making the investment in Powershell is worthwhile.

It's worthwhile.

Re:Hmm

[Tough+Love]

what benefit does GoDaddy hope to realize with IIS?

It's a lot cheaper for Micro$oft to pump up IIS by paying off godaddy than spending tons of money on devs, and you know, testing.

Re:Hmm

what benefit does GoDaddy hope to realize with IIS?

It integrates with the rest of the Micro$oft stack of which GoDaddy is a huge retailer. Also, C# is a really neat language IMHO. While the language isn't inherently Windows only, it is backed by the .Net framework. Theological discussions aside, it's a powerful platform for certain solutions.

Re:Hmm

[evilviper]

Windows servers undoubtedly have the advantage of being able to turn up a service almost on accident, and have it minimally work. Actual administration and maintenance of them, though, is a Kafka-esque nightmare. I feel bad for Exhange admins. I've heard many horror stories of Windows support telling Admins there's no fix, no fallback, and they'll have to reinstall the entire server recreate datastores, and then they take a few months manually importing All user emails.

Linux/Unix servers take more knowledge and effort to get up and running in the first place, but then are much more stable and deterministic, handle higher load, need less babysitting, and are easier and more consistent to keep updated and make changes to, knowing you're never going to have unrelated services break, or mysterious slowdowns and service unavailability.

There's no doubt what comes out ahead in the end... Linux adminsa can mantain many times more servers than Windows admins. Consider that those Windows admins won't be free, and you'll be cash positive by hiring Linux admins in a very short time. I've worked for some of the most penny-pinching tight-wad companies around, and they emphasize Linux heavily (including on the desktops) paying their Linux admins more than even most management, and yet they heavily prefer Linuxx, and wouldn't dream ofusing Windows for anything important.

Re:Hmm

[smash]

I'd say its a bit misleading. Sure, Windows is easier to make work, but to actually secure and keep maintained is a pain in the arse.

Re:Hmm

[smash]

+1. Powershell is quirky. It is prettty excruciatingly slow. There are bugs. But it really is pretty neat, and nothing similar exists in the Unix world as yet. If you need to admin Windows boxes, you'd definitely be well advised to learn powershell.

Re:Hmm

knowing you're never going to have unrelated services break

Just wait for systemd or enable SELinux you will see

Re:Hmm

Actually, IIS has improved very significantly in the last 9 years. In IIS 7, released in 2009, they pretty much got rid of Metabase completely in favor of XML-based config files (though the files were extremely complex and not easily hand-editable). They also made IIS management scriptable (via PowerShell) without the nasty hacks that the older versions required. More recent versions have added a lot of useful features, including SNI support in IIS 8. Performance is much better than the older versions too.

Re:Hmm

[smash]

Not really true. I've seen Linux boxes administered by muppets, and back in the day when I was 20, I was one of those muppets in charge of looking after a fleet of Linux boxes. Just because someone can use google and click their way through a redhat installer, doesn't mean they have a clue.

Platform choice is pretty irrelevant as far as judging competency goes actually, IMHO being a competent administrator/architect is more about change management (i.e., how do we get from A to B without fucking everyone over), engineering resiliency into your designs, being proactive about security and using the best tool for the job, in a platform agnostic manner.

Trade-offs will be involved (this is essentially what engineering is). If (for example) running a Windows web server makes it 10x easier for your internal web development guys, and it can be secured by spending a little more time than an apache box, then you run a Windows web server, and stick whatever content-aware firewall you deem appropriate in front of it.

In other situations (e.g., DNS servers, firewalls, mail relays, etc) - Linux, BSD or other unix platform of choice may be more appropriate.

Re:Hmm

[DaveAtFraud]

You basically just admitted that Linux boxes are harder to administer than Windows servers. This makes Linux servers much less appealing for companies when you can find Windows server admins for a dime a dozen, but Linux admins are harder to find and generally cost a lot more.

Er, no. Windows makes the easy things easy (pick what you want from the list rather than, horror of horrors, type something) but still hasn't succeeded in making the difficult easy. This lulls people who think they know what they're doing into jumping into the deep end and finding out they can't swim. Lots of things when setting up a server (web or otherwise) that require an understanding of the underlying networking. The Windows admins who don't know this are the ones who are "a dime a dozen." The ones that do can create a secure, functional site with Windows but wish they had Linux since it's easier and more secure and faster and more flexible and....

Cheers,
Dave

Re:Hmm

[MightyMartian]

My experience with Powershell is sufficient to state that Windows users can keep it. Bash is a far far more mature shell with a helluva more lineage and experience behind it.

Re:Hmm

One law: Sarbanes-Oxley

I can justify MS stuff to the auditors because it is commercial, meets FIPS, Common Criteria, and all those other items.

Without those certifications, if I use tools (RedHat is certified, but a lot of web stuff isn't), I can actually be fired on the spot or maybe even arrested for not following due process or making a due diligence effort in software.

Same with AD. AD is "blessed" by a lot of certifying agencies. A number of LDAP implements may be better, but they are not. Since I don't want to wind up in a PMITA fed pen, it is AD or nothing in most companies.

Re:Hmm

[KingMotley]

It's improved significantly. There is no "metabase" anymore. Everything is stored in .config files that you can edit with a text editor if you want. It has some really nice features, and is really easy to manage via GUI if you prefer too. Or powershell if that's your thing.

Re:Hmm

Especially if the server serves up basically the same web technology.

"The dip is mostly the result of GoDaddy switching to IIS from Apache" -- Naysayers, sure GoDaddy has a huge amount of idle sites, but wasn't the same statistic used years ago (again with GoDaddy sites being counted) when everyone here was cheering Apache trumping IIS and others servers?

Re:Hmm

[readingaccount]

but still hasn't succeeded in making the difficult easy

I'll meet you half-way and suggest that in Windows, it's easier to get something going initially, but in Linux it's easier to make detailed and significant changes later on.

As for Windows admins wishing they had Linux, I've met a few Win admins and they generally consider interest in Linux to be something of a "phase", one which you grow out once you gain enough experience at what actually happens in corporate setup and why Exchange is so widely used (hint: it's fucking awesome how much capability it provides compared to a scattering of similar tools and services in Linux).

Re:Hmm

[rabbit994]

Apache runs like dogshit on Windows and has worse security problems then IIS on Windows.

Re:Hmm

[siride]

You hit the nail on the head with many (but not all) MS products. I've had the (dis)pleasure of working with SSIS, SSAS and SSRS. SQL Server itself is a pretty decent DB, certainly better than MySQL, but the tools for extending it are just awful. Sure, SSIS is graphical and you can throw together a pretty flowchart that will make managers and bean counters happy at the demo. Then you actually have to do something real with it and find that you can't, for example, deploy a complex package hierarchy to the SQL Server store without manually changing core behavior of your packages, or you can't import Excel files that have blank columns that start having numbers in them because Excel via SSIS insists on guessing the types based on the first 8 rows (only configurable via a registry setting!) and it may break in production without any warning. The list goes on and on. Here are a few more: http://ayende.com/wiki/I%20Hate%20SSIS.ashx?AspxAutoDetectCookieSupport=1.

I've found similar problems in other MS products. Visual Studio is still somewhat of an exception, but probably because it can still get out of your way and let you write code, and it's been around long enough that the good engineers of ages past kept it from turning to shit.

Re:Hmm

what benefit does GoDaddy hope to realize with IIS?

It's a lot cheaper for Micro$oft to pump up IIS by paying off godaddy than spending tons of money on devs, and you know, testing.

Really? You really believe that Microsoft allocates zero of its 99,139 employees (from their website) to development or testing of IIS? Let's be conservative and say that 139 of them work on IIS and the other 99,000 do something else. 139 people working full time for 9 years is a lot of time spent on a web server. Plenty of time for it to get good, for instance. Have you tried it recently? First hand knowledge?

Re:Hmm

[FuzzNugget]

Other way around: you get what you pay for.

I know of Windows admins who were perplexed by filenames with mixed upper and lower case characters when they had to briefly deal with a Linux system.

Re:Hmm

[ArsonSmith]

I do kind of like the object oriented nature and not needing to use sed and awk to get useful info out of structured command output. Otherwise it seems like so much of it is different for the sake of being different and I can't stand to use it. When I need to I find it easier to figure out the commands I need to run, then use a Unix shell to generate them.

Re:Hmm

[siride]

Yep. And if you want OO or real programming, just use Perl or Python.

And for God's sake, the whole signing scripts business with Powershell is a tragedy. I can understand the value of being a little bit more tight with scripts that can do harmful things, but it should only matter for scripts that need to run as admin or do system management tasks. I shouldn't need to cryptographically sign a script to extract tags from music files, for example. The process to do the signing is itself unnecessarily complex.

Re:Hmm

[smash]

I'll grant you bash is more mature and intuitive, sure - but you can do things in powershell that just either aren't possible with bash without writing helper applications in a non-scripting language or are exceedingly convoluted.

The big difference is the object pipeline which takes a little to get your head around, but enables you to do far more processing on data than text manipulation with sed, grep, awk and friends.

I'd suggest opening your mind a little and giving it a shot. If you don't administer windows boxes, fair enough its pretty pointless, as the whole point is interfacing to .net objects which don't exist on Linux.

But if you DO need to deal with Windows boxes, you'd be doing yourself a dis-service to write Powershell off.

Re:Hmm

Microsoft stuff is fairly easy to use and robust, assuming they've thought of the use case in advance.

If they haven't you have ALMOST NO RECOURSE.

Linux isn't like that (less one button solutions), but that's why it requires more skill.

And that's why "Systems Administrator" is just a job title and you shouldn't treat employees like they're interchangable at that level, or your company will be the one to suffer.

Re:Hmm

Like Brainfuck is worthwhile. Or Tcl.

Re:Hmm

[DaveAtFraud]

but still hasn't succeeded in making the difficult easy

I'll meet you half-way and suggest that in Windows, it's easier to get something going initially, but in Linux it's easier to make detailed and significant changes later on.

As for Windows admins wishing they had Linux, I've met a few Win admins and they generally consider interest in Linux to be something of a "phase", one which you grow out once you gain enough experience at what actually happens in corporate setup and why Exchange is so widely used (hint: it's fucking awesome how much capability it provides compared to a scattering of similar tools and services in Linux).

My experience is that it seems like Windows admins who worked with Linux (or proprietary Unix) still prefer it but "put up with" IIS when they have to use it due to corporate policy. The admins who grew up on Windows and dabbled with Linux end up back on Windows. The main thing for me is that Linux is easier to troubleshoot since I don't have to go digging for some obscure registry entry that some program messed with and ended up breaking something else. Whoever came up with the registry should be taken out and shot (or have some suitably painful means of execution; shooting might be to easy for them).

I'll grant you that exchange is a pretty amazing tool. Way back when there used to be some competing products (just like there used to be competing word processors and spreadsheets, etc.). They all got plowed under by the Windows/Microsoft Office jugernaught. Now, the only "competition" comes from open source projects that just don't seem to have the understand of the big corporate world. I'm working as a Unix Engineer in a big big telco at the moment and the level of integration (aka, lockin) to Windows as the corporate desktop is amazing and, at the same time, horribly stupefying. I end up using an X emulator under Windows to do my work slowly and painfully when I would easily be twice as productive with a Linux box but that's not the corporate standard.

Cheers,
Dave

Re:Hmm

[Shados]

The SQL BI stack is in line with others in term of "usuability". Its not as powerful as, let say, Informatica, but the deployment of packages and all that fun stuff is in line. There's reasons for these woes, but overall it works fine once you understand the best practices. The excel issue is because of how the excel drivers work. Not so much an issue with SSIS as it is with the drivers (you'll have that issue with virtually anything that interface with excel unless it isn't using the default driver). So the same solution applies. Not saying its good, just saying you'll have these issues with any similar tools. Competing spreadsheets have their share of bullshit. There's a FEW that are better on the market, but none are open source, and they're brutally expensive.

Visual Studio while decent fails miserably on large (I mean actually large. No, your 100k lines of code per main component/service isn't large.) while other IDEs do fine (IntelliJ for java comes to mind...Eclipse is a joke =P). I used to love Visual Studio, but lately I want to toss it out the window because of that issue. At least .NET itself is awesome.

Re:Hmm

[turbidostato]

" but you can do things in powershell that just either aren't possible with bash without writing helper applications in a non-scripting language or are exceedingly convoluted"

I'll take you mean in Windows. No doubt doing things on windows is exceedingly convoluted. Now, there's a ton of things you can do with Bash if you take the time to learn it -and it surely pays out: unix-like environments have a tradition of not mangling too much with things that work, so what you learn now will be of value ten or even twenty years down the road just like things we learned ten or even twenty years ago are still relevant. Try that with Microsoft: OK, invest what it takes to be proficient on Power Shell; you can bet that in five years you'll need to re-learn it because they'll radically change it just like you had to do going from DOS to Windows to Windows NT 3.5 to Windows NT 4.0, etc.

Oh, and even for the things you can't do on Bash, Perl, Python or Ruby are scripting languages.

Re:Hmm

If you are setting up multiple VM's or web servers, then the scripting abilities in Linux, and the ability to copy the partitions wholesale make the clickity-click of IIS administration a big PIA by comparison.

Re:Hmm

You're a fucking retard.

RHEL and SLES both meet FIPS and have the same cc evaluation assurance level as Windows.

Banking, stock exchanges, traders, etc all overwhelmingly use Linux. And eDirectory is a better directory service architecture than AD ever was.

Better hand yourself in now for some federal ass pounding, if you don't even know enough to know that.

Re:Hmm

[asmkm22]

MS has done a pretty good job of keeping up on stability and security for all of their products since about 2006. I personally still host with nginx, due to the cost of MS products, but I administer enough to say that they are pretty straight forward and secure. It's easy for people to assume that Apache = secure or whatever, but the truth is, there are a shit ton of Apache deployments that are broken and exposed, usually as a result of people blindly apt-get installing whatever random package some outdated how-to tells them to in order for Obscure CMS Product #1 to run.

Or, worse yet, they use Word Press.

Re:Hmm

[turbidostato]

"Technology changes a lot in 9 years"

Not 9 but 20 years ago I run NFS and CIFS, LDAP, Bind, Postfix... now I run NFS and CIFS, LDAP, Bind, Postfix...

No, technology doesn't change a lot, marketroid guys make it look like so to stay in the business of selling new licenses.

Re:Hmm

[benjymouse]

And for God's sake, the whole signing scripts business with Powershell is a tragedy. I can understand the value of being a little bit more tight with scripts that can do harmful things, but it should only matter for scripts that need to run as admin or do system management tasks. I shouldn't need to cryptographically sign a script to extract tags from music files, for example. The process to do the signing is itself unnecessarily complex.

Just set the execution policy for the scope that you want. Type man set-executionpolicy -para scope. You will notice that scope can be set for the process, the current user account or for the local machine. So if you want to then simple set a less restrictive execution policy (like RemoteSigned) for your current user. That will still prevent scripts downloaded through a browser or received through a mail to be executed.

There are a lot of legitimate uses for script signing. For instance, for a tightly managed system you could put in place a regime where an auditor/reviewer must sign a script only after review, and the farm of machines will only execute scripts that have been signed by the reviewer. Thus you can have devops develop scripts and test at their test systems, but to deploy the scripts they must follow the review process.

Re:Hmm

And don't forget how bad the open source GUI's usually are. See Eric Raymond's essay on open source GUI's, at http://www.catb.org/esr/writings/cups-horror.html

I just evaluated Fedora 19. With the advent of Gnome 3 and entirely pointless replacement of init scripts and everything written to use them with the "ooooohh!!! shiny" but fundamentally unstable mish-mosh of poorly integrated features that is "systemd", I predict a serious loss of market share for Fedora, Red Hat, and a lesser drop for Linux overall due to *publishing crap interfaces*.

Do not *start* me on that piece of broken gui randomness that is NetworkManager. Just don't.
                   

Re:Hmm

[lgw]

You're a fucking retard.

This is exactly the welcoming spirit of Linux users that made sure it never was the year of Linux on the desktop. I'm sure the main reason Android is taking off it there's no need for help from the "community" to install it or apps that run on it.

Re:Hmm

[lgw]

You realize all you've really said was "I understand Linux and not Windows Server, and I like what I already know"? Basically, everything you believe about Windows is wrong, but like anything else it does take skill and knowledge to do it right.

Re:Hmm

[benjymouse]

There are *a lot* of little things in PowerShell that makes you go "aw, that's a good idea". Things you will not find in other shells and neither in Pytho, Ruby or Perl.

Off the top of my head:

* Consistent common parameters for "impact management": You can pass a parameter called -WhatIf to every built-in command that may change persistent state. The -WhatIf parameter runs the command in simulated mode, only echoing on the console what it *would have* done. Similarly a common -Confirm parameter which asks *before* changing persistent state. It even works for scripts and functions: If you declare that your script (in a .ps1 file) "supports shouldprocess" you can pass the -WhatIf parameter to your script and PowerShell will set the whatif preference for the duration of the entire script - as if each command of the script had been passed a -whatif parameter as well.

* Commands, functions, script blocks and script files declare parameters with (optional) static types. This information is used by PowerShell to coerce values to the correct types before invocation. But the declarations can also contain declarative validation attributes, allowing the *shell* to validate parameters before invocation. Declarative validation can validate required parameters, string lengths, number/date ranges, regular expressions, value sets. The kicker here is that the script author does not need to *implement* validations, merely declare them, the information is available to the shell which can use it to both validate parameters before invocation, but *also* to report the validations through the help system. That's right, when you set up validation, help text that describes the acceptable values is automatically generated from this meta information.

And yes, even the tab completion (or intellisense in the integrated scripting environment) will pick up on the parameter type and validation. If you restrict a parameter to a certain value set, tab completion will cycle through those values when the shell determines that you request tab completion for the parameter.

* The PowerShell help system allow for in-script help text through special code comments. No need to author external help files. You can write the documentation right there in the script (using special "dot" comments), and when you do man myscript.ps1, the help system will report the documentation.

* PowerShell workflows allow scripts to suspend and resume at a later time. No, this is not the process suspend of sh shells. PowerShell actually saves the state of script execution to persistent storage and you can resume execution later, even after system restart - or on another computer. This is incredibly useful for the type of scripts that manages farms of servers and that may be running for a long time. If the script is somehow interrupted (power failure, hardware failure) it can later automatically pick up its execution from the latest savepoint. I.e. you can restart it and have it run to completion.

PowerShell is not simply a programming language. It has many features which are directly aimed at being used in a scripting setting and which are not found in general purpose language like Python or Ruby.

Re:Hmm

[Tablizer]

Linux makes people cuss? Is it because its commands look like cuss-words?

spending problem. [usdebtclock.org]

You have a Herbert Hoover Problem.

Re:Hmm

[benjymouse]

I'd say its a bit misleading. Sure, Windows is easier to make work, but to actually secure and keep maintained is a pain in the arse.

Can you elaborate on this, please? As far as I know, Windows Server and IIS comes pretty secure out of the box.

For instance, when you create a new website you automatically also get a specific (virtual) identity for the website/app pool. By default the app pool identity does not have any permissions outside the website directory, effectively preventing the cross-contamination that is so common on Apache setups (yes, because the admins did not bother to create accounts per website, or because such a setup decreases the website density on a shared server).

On IIS, the "account per website" is automatic and implied. The default permissions are restricted and applications are isolated.

If you let the Windows server auto update you are also pretty secure at the OS level. Install headless if you want to decrease the attack surface. Even if you choose to manage the patching yourself, Windows still receives fewer patches (fewer vulns) compared to Linux and they are batched in monthly updates which means you only has to manage patches once per month.

Re:Hmm

[Bert64]

Competent windows admins cost just as much as competent linux admins... The only difference is that the market is flooded with incompetent people who (falsely) claim knowledge of windows while very few of those incompetents claim to have linux knowledge.
Indeed i have interviewed people who claim to be experienced windows sysadmins, where their experience boils down to "reinstalled xp on my home computer" or something similar.
It's a double edged sword for MS, on the one hand they can try to claim lower costs by hiring these incompetents, but on the other this is one of the factors which has earned windows its reputation for being unreliable and insecure.

Re:Hmm

[gandhi_2]

I'm sure it has nothing to do with educational institutions teaching kids that "computing" means windows/office use or mac consumerism.
And it has nothing to do with OEMs selling machines with windows only.
And it has nothing to do with momentum or timing.
It has nothing to to with PHBs only knowing what they see on TV or in magazine ads, or large advertising budgets.

Re:Hmm

[MightyMartian]

I'm going to be blunt. I have yet to meet a text replacement/massaging problem that couldn't be solved with ask. Years ago I wrote an ask script to translate a gawdawful mainframe export of a stationary supplier's catalog. W're talking tens of thousands of records, all space delimited with variable field sizes for different kinds of inventory records and some records that were even multi line.

I wrote the script on my Linux machine at home, grabbed the script and a compile of gawk for DOS and took it to the customer, wrote a quick batch wrapper and we took the whole bloody file and imported it into his POS system.

I'm sure powershell is a wonder, but those who make grand declarations about the limited utility of *nix userland utilities are either ignorant or for dubious reasons sweeping away decades of *nix scripting.
I'm sure

Re:Hmm

[MightyMartian]

I can't imagine a sane or competent sysadmin, whatever OS he is running, allowing automatic updates on his production servers.

I've had a few MS patches royally buttfuck servers.

Re:Hmm

[FirephoxRising]

+1. Powershell is quirky. It is prettty excruciatingly slow. There are bugs. But it really is pretty neat, and nothing similar exists in the Unix world as yet. If you need to admin Windows boxes, you'd definitely be well advised to learn powershell. WTF? quirky, painfully slow and buggy are the best they can do? I'm very glad nothing similar exists in the unix world, I'm sure good concepts could be adapted, but this sounds pretty pathetic.

Re:Hmm

[lgw]

You have a Herbert Hoover Problem.

The US National debt is now $148,000 per taxpayer. You're good for your share, right? Yeah, our grandkids will be paying that back.

You may like all the various things the government is doing (those three-letter agencies are great, right?), and that's fine and all, but continuing to ask our grandchildren to pay even more to make our lives better today is not what I call good, just, or right.

Re:Hmm

[Zenin]

I'll take you mean in Windows.

In general actually.

Bash can't pickup a random .so shared library and start instantiating objects, calling methods, as if it was just any normal bash object. That's the kind of power we're talking about with PowerShell: Any DLL on the system is at your command, no need for any "glue".

Perl can't do it either, you'll need an XS wrapper. Python I believe is the same. Ruby I'm not sure of, but I highly doubt it.

Not that PowerShell isn't without its warts. It's a great idea, but with one of the worst implementations I've ever had the displeasure of dealing with. String quoting rules are all over the place and incredibly error prone. The pipe everything obsession with syntax is insane. Wildcard handling is so horribly broken that most commands have both -Path and -LiteralPath options.

But the idea and the power that idea offers is absolutely incredible. The closest equivalent in the open world would be something like what Groovy script is to Java.

Re:Hmm

[smash]

Dude... Powershell is already coming up 7 years old, and the core concepts are still the same, there are just more cmdlets available. If you're even comparing to Ruby, Bash or Python you clearly have no idea how powershell operates or what it can do and have not spent any real time playing with it.

And as you have not spent any time playing with it, your opinion is entirely uninformed, and you're just shitting on it because it is written by Microsoft.

Maintaining the status quo because this is how we've always done things is retarded.

So, check it out or don't. Not really concerned. But yourself, and the open source world in general would be well advised to check out anything new by any commercial developer, including microsoft - and profit from the mistakes and successes made without reinventing the wheel yourself and making the same mistakes.

Re:Hmm

[smash]

Don't get me wrong, for working with text, unix utilities are awesome. BUT - you're constantly fighting with the (inconsistent, between tools) text representation of data as you pipe it between tools, rather than working with the actual data. There is no grep, cut, awk, etc on Powershell, because you aren't munging text constantly.

In Powershell you can spend far less time faffing about with text munging, and just run queries against objects in the pipeline. You can directly and easily interrogate WMI, and instantiate any .net object on the system.

Its an entirely different kettle of fish, and works completely differently to any unix shell.

Whether or not it is "better" is open to dispute (to get your head around the way it works is certainly a bit mind-bending initially), but if you need to administer WINDOWS systems, then you'd do well to learn it, because Microsoft are pushing it hard and you can do things on Windows with powershell that are just extremely tedious or practically impossible with other shells (random example: interrogating battery status - including USB connected UPS is a one liner)

And no, nothing similar will ever happen on a Unix platform until there is a universal framework for interrogating or instantiating system objects.

Re:Hmm

You "argument" is like saying "You just admitted that driving a Formula 1 car is harder than driving a bobby car." /As if that was a bad thing!/

It is *always* harder to *do something harder*.
The point is just, that Windows is incapable of doing it *at all*.
That doesn't make Linux hard. It makes Windows (and its users) crippled.

Re:Hmm

[smash]

Yeah definitely, that's what I'm talking about. And yes, it certainly has its warts, and is definitely not mature. But the way it works vs. say bash or perl is a total paradigm shift. And there's a pretty amazing amount of groundwork that must have been done to enable this all to work.

Unfortunately, as demonstrated here, plenty of people will dismiss it out of hand because it is written by microsoft and the syntax is pretty alien - but I really think the open source world could learn a lot from Powershell, take the ideas that work and make something better.

But its not going to be as simple as just writing a shell unfortunately - there's a heap of operating system ground-work that needs to be done first.

Re:Hmm

and nothing similar exists in the Unix world as yet

WAT?

You're like that Windows admin who bragged about the "cool logging functionality" of Windows. (He meant the event viewer.)
No, Linux *totally* doesn't have had that... SINCE FOREVER!

Under Linux, there is no mindset of monolithic "applications".

I have 61 (!) packages in the app-shells section of my package manager right now. Every one of them can use any other software and files there are out there. Like, for example, ImageMagick, dbus, udev, cron jobs, init scripts, desktop environment keyboard shortcuts, browser and editor plug-ins, lirc, xinetd, ...
So in all of them you can do all the features those programs can do.

I wrote an IR-remote-controlled streaming radio with a button to keep the current or last song, an *answering machine*, a custom server, a *file system*, a tool to cheat in "find the differences" games, a sceen-cam-combo capture tool with youtube support, a *multi-track music synthesizer*, a backup and achive error management solution, a heterogenous software building system and a software project management and planning tool ... plus loads and loads of little glue scripts to make life nice ... IN BASH.

Yeah... "nothing similar exists"... riiight...

Re:Hmm

[smash]

It's slow and quirky because it works entirely differently to a traditional unix (or other OS) shell. It's not just running text commands and munging text output to pipe between commands. It's object oriented and can talk to any .net object on the system natively, without any additional utilities or text processing to get the info you want. It takes the Unix concept of "everything is a file" to the next level - everything is an OBJECT, with methods, properties, etc. This is why it is "quirky", because you'll need to re-train your brain to the way powershell works. It's certainly not worse, it's just very different, and you need to change the way you try to do things.

Comparing speed to bash or perl is not really fair because they simply don't offer anywhere near the power or flexibility. And that's not being a massive microsoft fanboy or a shill or whatever, it's simply a fact.

It's definitely not perfect, but it's an entirely new concept which will no doubt evolve over time. I have absolutely zero doubt in my mind that eventually object-based shells will appear on other platforms. Probably implemented a lot cleaner than Powershell too.

But full credit where credit is due - Powershell is one of the more interesting things coming out of Microsoft at the moment. It's a tragedy actually that the Powershell support is so much more complete in Windows 8 as I'm just not sure I can stomach the other changes at work.

At home I'm Mac/BSD all the way.

Re:Hmm

[smash]

You clearly don't understand what powershell is and what it can do. None of the shells in your package manager are object based. All of them will be doing brainless text munging drugery to import and export data between commands in the pipeline. None of them are transparently remote-machine aware. None of them provide code-signing ability. There is no way to directly interrogate pretty much any object on the operating system, natively, from the shell. None of them have built-in input validation ability for any scripts you write. The list goes on. None of them can run a command against every machine in my domain in one line of code.

And yes, I'm a Unix user since 1995. I do both Unix and Windows in my day job (I simply don't trust Windows outside the firewall). At home I'm all mac/bsd.

Re:Hmm

So shovels are better than bulldozers because anyone can pick up a shovel? Bulldozer drivers are definately "harder to find and generally cost a lot more".

Re:Hmm

Not 9 but 20 years ago I run NFS and CIFS, LDAP, Bind, Postfix... now I run NFS and CIFS, LDAP, Bind, Postfix...

You may run Postfix now, but I doubt you ran Postfix 20 years ago. Sendmail maybe?

Re:Hmm

[jez9999]

Not me - I actively tried to find something other than Apache and stumbled upon Cherokee.

My issue with Apache is configuration. It's a clusterfuck mess. Whatsmore there's no half-decent graphical configuration to get you up and running quickly, just a huge messy conf file and if you're really unlucky, a bunch of .htconfigs scattered about the place. Cherokee basically forces web-interface-based configuration and makes a decent interface for you to do so. It would be nice if it based its config on XML so you could choose between web config and XML text editing, but oh well.

Re:Hmm

> You basically just admitted that Linux boxes are harder to administer than Windows servers.
No he didn't, parse again.

Re:Hmm

If they cannot even manage Linux, it seems highly unlikely that they can manage Windows...

Re:Hmm

Why would you have any MS software on a server in the first place? That sounds like a really, really bad idea.

Re:Hmm

[marcello_dl]

> I'll grant you bash is more mature and intuitive, sure - but you can do things in powershell that just either aren't possible with bash without writing helper applications in a non-scripting language or are exceedingly convoluted.

even without touching powershell I am sure bash is uglier. And sure it relies on external tools. It's the latter which makes bash stronger, bash + the wealth of already available, fast, mature unix commands. And did I mention Free? free.

Re:Hmm

[postbigbang]

Far be it from me to defend Microsoft, but powershell has evolved dramatically and bash has only a tiny fraction of the breadth within Microsoft's administrative context. The sheer number of commands and their capacity to be driven by command-line argument and environmental variables makes bash look very 1974.

That said, Microsoft is only now catching up with the myriad Linux/BSD commands-- and the uniformity of the varying branches of Linux is bad on a good day. This is why many admins settle on a branch/distro, then evolve scripts to do routine work. You get three main branches until you get into puppet or chef or other management telemetries.

That said, powershell is just another school of thought, if also a business plan from Microsoft.

Re:Hmm

[DuckDodgers]

As if the Microsoft fanbase does not contain its own horde of trolls. Both communities have huge numbers of kind, welcoming, intelligent people and huge numbers of assholes. You can't use that criteria to condemn or praise either side, because in that respect they're even.

The problem with monitoring the debt clock is that you're looking in the wrong direction. Here are three things that don't get enough attention by people in the US:
1. Taxes on wealthy Americans were higher under President Reagan. Was he a dreaded socialist? Did he engage in class warfare?
2. Our nation spends three times as much money per capita on health care as other first world countries with longer average life expectancies.
3. From 2002 until the present we have been at war, but in that period the government has cut taxes instead of raising them. During previous wars, US legislators and the President had this crazy idea that taxes should be increased at a time of war to cover the additional expense. Instead, President Bush and Congress cut taxes twice in 2002, and Congress has not substantially raised them since.

Re:Hmm

[siride]

Fair points. I've also heard that competing products aren't much better. But that only means that MS has a chance to make something really good and blow away the competition. In that area, they failed.

Re:Hmm

[DuckDodgers]

I appreciate the advice and I believe it to be true. The question is whether I can move my career forward into working entirely in a Linux environment or not. If I can't, then learning Powershell is a necessity.

Re:Hmm

[siride]

I did not know you could do that and it never came up in any of the reading I did on script execution policy. Clearly, I didn't read close enough ;). That looks like it probably solves the problem.

In my post above, you'll note that I did say that signing is not a bad idea and necessary in certain contexts, so I think we agree there.

Re:Hmm

" it's harder for the average person ".. like the finance staff, or project manager. Any staff who specialise in computing know just what a mess these "average people" make when they do things in Windows. Private data gets put up publicly, passwords are things like "1234" and all sorts of things like that happen.

Re:Hmm

[cornjones]

I 'grew up' on Linux/Solaris before job opportunities took me mostly MS around Win2k timeframe. I definitely thought the toolset was limited compared to what I was used to at the time. I think a lot of that changed as I got more comfortable with windows scripting, especially powershell.

That said, as I got more formal in my approach (less, get on there and try to make something work, more, this is the goal, what configuration of tools will meet that requirement), i started to realize that any competent engineer should be able to make either linux or windows as stable and secure as the other. The question then becomes what makes sense for the problem at hand. What are the requirements from business/mgmt, what do my junior admins know, what does dev work best with? Often those will choose your base toolset. I think of it similar to deciding whether to build in brick vs concrete vs wood vs steel. You are the engineer and should be comfortable that you can build something that will meet the client requirements, is maintainable and meets the security and availability goals, the material is only one consideration in meeting those goals and all have tradeoffs.

This does seem an appropriate place for a question i have. I haven't worked with larger (100 server+) farms on *nix so I don't really know what tools are available that ease in administration/configuration. When I was last doing it we were still scripting individual tool sets and copying text files individually. What are the preferred analogous tools to AD for both users (LDAP) and GPO type capabilities? Configuration auditing, still tripwire?

Thanks

Re:Hmm

[DuckDodgers]

Thanks for filling in some details. I've heard people rave about PowerShell before. I've also read that Microsoft planned adding an optional view pane to every control panel and administrator tool in Server 2012 that would output the PowerShell equivalent command to anything you did in the GUI. That strikes me as a brilliant way to turn your slow click-monkeys into fast shell admins. I'd like to see Red Hat or Canonical (Ubuntu) do something similar for Unix, but I don't think even Red Hat has the engineering resources for a project like that.

The problem I had with powershell, which I assume is commonplace, is that I fired it up expecting it to be a backwards-compatible superset of cmd.exe. It isn't, lots of the syntax that works fine in cmd.exe gives errors in Powershell or works but does something different from the cmd.exe equivalent. That of course makes me nervous - to my knowledge, bash hasn't changed much since introduction over 20 years ago. It has arcane syntax and plenty of warts, but an investment in bash will probably still be useful in another twenty years. Will Microsoft be using Powershell in ten years, in a form that's compatible with current syntax?

And while consistency in command interfaces is hugely powerful, there's something to be said for the global interoperability of using text everywhere. If I'm doing complicated administrative tasks on Linux, I can do part of it in C++, pipe the output through a sed script, pipe that output through some Python script I downloaded, pipe that output through a Perl script I wrote, and feed that into some Ruby program. Then I can take the Ruby results and put them through a Basic application and then through Common Lisp and then a C# program running on Mono. Of course that's a contrived and very silly example, but the point is that while text is far more tedious to work with than (properly designed) object types, you have easy interoperability between hundreds of different tools.

Re:Hmm

I would never say such a thing to a newbie (or even a seasoned user) who is trying to learn and asking questions, or is trying to help out others.

However, I will be happy to insult and deride charlatans and self proclaimed experts who are deliberately spreading FUD or selling snake oil. Every day of the week.

For your information, Android is taking off because it is very competitive on its technical merits, and because there is not monopoly carrying out anti-competitive tactics to kill competition in a free market.

Re:Hmm

That has nothing to do with what he said. Enabling SELinux does not "break unrelated services". It will "break" services that don't comply with your security policy. This is called "working as designed".

I understand that's quite a foreign concept to you nitwits, but I'm not going to try to teach you any further.

Re:Hmm

[CAIMLAS]

And? This has been the case for over a decade now. You can hire a dozen Windows admins for a dime - and each will have a dozen or so systems they can effectively manage.

With MS's bare bones Windows installs, PowerShell management, etc. and destruction of the 'old' MSC way of managing Exchange, this is becoming much less the case. Any reasonably complex Windows site is now going to require similar levels of skill to manage as a comparable Linux environment. The tools to do so, however, will be significantly less mature, with a smaller community: there are still far more Perl Monkeys than PowerShell Punks (or whatever) out there, and using puppet is a far cry more intuitive and known than something like the more advanced/esoteric PowerShell management functionality necessarily leveraged for a non-stock Windows installation.

Re:Hmm

[smash]

Most of the newer admin tools in 2008 R2 can spit out powershell cmdlets at the end of a wizard, as can exchange 2007 onwards. If you're a unix guy and use windows, try using powershell more than cmd.exe, as a lot of your unix aliases work (ls, forward slashes for paths, etc) and it has similar (even more awesome) tab completion.

If you need to get text out of powershell you can do that to - either CSV or XML.

But if you keep everything within the pipe within powershell, it's all live objects and you don't lose any metadata.

Re:Hmm

[geek]

Bullshit. Postfix didn't exist 20 years ago (1997) and LDAP was just first introduced in 1993. Likewise CIFS was in 1996. Unless you were like the first person to ever use LDAP I doubt that one is true.

Re:Hmm

[smash]

Powershell can invoke any .net object's methods. Given that powershell is only really available on Windows, which is where you'll be using it - it is free on that platform, so bash being free doesn't really make any difference if it is a windows box (or network, given that almost all cmdlets can be used on remote machines with the trivial use of -computername parameter) you're administering.

Re:Hmm

[smash]

My advice is to learn as many platforms as possible. There are plenty of "unix guys" and there are plenty of "Windows guys". You want to be the guy who knows the ins and outs of both and can sort out the issues between them and/or pick the correct tool for the job. It's not always Windows and its not always Linux either.

Re:Hmm

[CAIMLAS]

As a perl-writing Linux admin, I had to write powershell a couple years ago to do what would've been fairly easy with perl (progmatically, at least): a dozen or so nested logic structures, conditions, and what have you, based on the textual descriptors of various Sharepoint elements/objects, the end goal being to migrate multiple different Sharepoint environments into a single organized hierarchy.

This didn't work well. Neither perl-like text based sorting or the like worked well (because EVERYTHING is an object) or conventional OO type thinking. Quirky is an understatement. As for excruciatingly slow? Also an understatement: simple textual list sorts took FOREVER. And if that wasn't bad enough, sorting through a handful of 1-5MB XML files at a time (yes, using the proper XML functions) ballooned memory use to gigabytes. I ultimately resorted to dropping things to XML, doing the real work in perl, and then feeding the result back into Powershell - it was quicker, and the system didn't OOM in the process.

It isn't Powershell that's neat; it's Microsoft's integration of PS into its core OS functionality (and every other product) to allow for management and manipulation. That on its own isn't enough to justify using Powershell, unfortunately. It's just too damn unwieldy: it's like the undead afterbirth of COBOL, Java, Perl, and VB - leveraging only the unwieldy parts of each.

Thankfully, you're right: there isn't a burdensome, poorly conceived and implemented by Indians, management scripting language for Linux. But for everything else? We've got purpose built tools which do their one job, and do it well. (perl + puppet/chef, on the other hand, seems like a fairly close comparison to WMI...)

Re:Hmm

[bill_mcgonigle]

GoDaddy administrators do not have the skill to manage Linux boxes.

Years ago, when GoDaddy was insisting that their servers were fine despite that my client's site was sending TCP RST packets instead of data (they used GoDaddy because of the boobs on football, against my recommendation), the packets were coming from a FreeBSD machine. Could have been a firewall, I suppose.

Re:Hmm

[CAIMLAS]

As an administrator, the only thing on that list which is even remotely appealing is the last item, and only then in a limited (say, cloud-type) environment. Everything else just reads as "look, something else to avoid knowing how to program, while at the same time providing a great big mess on which you can hang your hat at the end of the day because it's difficult to debug/troubleshoot with traditional language knowledge".

Re:Hmm

[CAIMLAS]

Yeah, but you're running NFS4, Samba4, BIND9, and Postfix with a bunch of extras bolted on (dnsrbl, postscreen, etc.) which didn't exist 20 years ago! :P

Not that there's much of a difference, mind you...

Re:Hmm

[benjymouse]

I've also read that Microsoft planned adding an optional view pane to every control panel and administrator tool in Server 2012 that would output the PowerShell equivalent command to anything you did in the GUI. That strikes me as a brilliant way to turn your slow click-monkeys into fast shell admins.

Maybe they planned it that way, and the server manager certainly offers to quote the powershell script it will execute when you install features and/or roles on a server. However, it does not seem to have penetrated all features, as of Server 2012, and the control panels for the individual roles (IIS, AD etc) typically do not offer such a feature. So if that's their grand plan, they are not there yet.

You *can* however often "export" the setting that you have chosen using the server manager. This is not export as a powershell script, rather the chosen setup is exported as XML which can be *used* by a PowerShell install script at some later point in time or on some other server to repeat the installation.

With Server 2012R2, PowerShell will be bumped up to version 4. Version 4 includes desired state configuration which extends PowerShell with recipe-like declarative functionality. I suspect that this is going to form the backbone of the integration of Server Manager and PowerShell in the future, i.e. rather than generating an imperative script, the Server Manager GUI can generate a PowerShell recipe (formally also a script, albeit a declarative one) which can be readily executed by PowerShell (v4).

The desired state configuration include ways to describe dependencies, package manager style.

I'd like to see Red Hat or Canonical (Ubuntu) do something similar for Unix, but I don't think even Red Hat has the engineering resources for a project like that.

Like a GUI frontend to puppet or chef?

The problem I had with powershell, which I assume is commonplace, is that I fired it up expecting it to be a backwards-compatible superset of cmd.exe. It isn't, lots of the syntax that works fine in cmd.exe gives errors in Powershell or works but does something different from the cmd.exe equivalent.

Yes, PowerShell is significantly different from cmd. Bash also broke some backwards compatibility with the earliest shells. cmd to PowerShell is a much bigger leap compared to the leap from the first sh to bash. For one, the commands of cmd are (somewhat) unix style in the way they use text/stream stdin and stdout. PowerShell does away with that and streams objects. All PowerShell cmdlets stream objects (COM objects, .NET objects, WMI objects wrapped in PS extended type system). Backwards compatability with older utilities is achieved by regarding old utilities as commands that consume and produce sequences of strings - where string is an object type.

It has arcane syntax and plenty of warts, but an investment in bash will probably still be useful in another twenty years. Will Microsoft be using Powershell in ten years, in a form that's compatible with current syntax?

Who knows? Will you still be using bash if something vastly better comes along? One problem with bash (and an obvious difference between PowerShell and bash) is how bash is still created to run on a single machine. Yes, you can use SSH and other tools to fan out and run on multiple machines, but each script is still understood in the context of a single machine. PowerShell is designed with remoting in mind, and many of the commands - and all of the workflows - support multiple remote machines by default. This is not merely the capability to launch remote commands, it also extends to being able to control remote jobs through local job commands and to how the results are marshalled back with a reference back to the computer, thus the command consolidates results from multiple computers into a single result

Re:Hmm

[MightyMartian]

I've been digging into Powershell because, as you say, it's the only decent game in town for Windows, so if you're doing any kind of major scripting, it's the beast you have to use. But I find it obscenely verbose. *nix userland utils may be very cryptic, but I spend a helluva lot less time in actual man-hours typing them out, and where I have to deal with any kind of inconsistency in output (which, if you use GNU utils, isn't that great anyways), there is still good ol' sed, which once you master regular expressions, can pretty much do anything.

I don't exactly see a lot of difficulty with system level scripting either, although this is considerably more system dependent. At least in Linux, where I've done most of my work in the last ten years, you've got /proc where you can find, and in many cases alter, core kernel functionality with ease. I can't think of anything Powershell could bring to the *nix table that hasn't already been around one way or another for decades.

I still just wish that MS had built a decent sh variant with extensions for all the Windows "specialness".

Re:Hmm

[Richy_T]

Yep, just what I wanted for a simple three liner script, adjust the security policy of the whole machine. Which I may not even have access to anyway and could necessitate several layers of bureaucracy and will not be worth it for the small benefit my script gives.

I found a work around in the end. So this restriction didn't even provide the security it purported to, it just made my life more needlessly complex. This is the exact opposite of what scripting is supposed to be.

Don't get me wrong. Though I'm not a Windows guy, Powershell is a good step in the right direction and has some quite nifty features. In a generation or two, it might even have been slick. There was just no need for Microsoft to cripple it like that.

Re:Hmm

[Richy_T]

FWIW, I think the work-around was calling powershell with my script as the parameter instead of calling my script directly.

Re:Hmm

Nurg!

Now, think of the 20 other ways to do the exact same thing without all of this adjective filled corporate schillware

Re:Hmm

[lgw]

"Taxes on wealthy Americans" is a distraction. It gets you all worked up about class warfare and social justice, but it's just not a significant amount of missing revenue. Worse, tax revenue from the working and middle class is fairly stable though hard economic times, but tax revenue from high income brackets takes a dive in a recession.

Anyhow, have whatever tax system you want, everything's been tried and nothing has kept federal revenue above 19% of GDP for long. If we keep spending more than 19% of GDP, we will go under. And of course that's what's going to happen - we've already missed the chance to provide a soft landing for people dependent on entitlements. Now when the entitlement bubble bursts it's going to be very ugly indeed: people are planning and depending on promises that simply cannot be met.

Oh, well, it's mostly medical costs, and as you say we spend a lot more than we have to there, so it's not like there won't be health care after the current insane system collapses.

Re:Hmm

[Richy_T]

Powershell implements a few ideas I'd been wishing for in scripting languages for a while (notably piping objects). I'll still use Perl over it in a heartbeat because those warts, they're of Lemmy from Motorhead stature. Instantiating object is powerful but awkward for simple tasks (And one script I found lists about six different options for which object to complete the same task - see below*) and STDIN and STDOUT handling gives a serious headache for certain tasks.

Still, definitely some good ideas to pick from.

(OK, this isn't powershell but I think it applies equally)
*

' Set Http = CreateObject("WinHttp.WinHttpRequest.5.1")
' Set Http = CreateObject("WinHttp.WinHttpRequest.5")
' Set Http = CreateObject("WinHttp.WinHttpRequest")
' Set Http = CreateObject("MSXML2.ServerXMLHTTP")
' Set Http = CreateObject("MSXML2.XMLHTTP")
    Set Http = CreateObject("Microsoft.XMLHTTP")

Re:Hmm

[Richy_T]

There aren't really system objects in the same way on Linux since no COM (or whatever Microsoft is calling it this week). Nonetheless, I think something similar could be brought to bear and some of the same benefits could be realized.

Re:Hmm

[Richy_T]

Our grandkids will tell us "F*ck you" and sell us for rendering for the fat. And serve us right.

Re:Hmm

[benjymouse]

FWIW, I think the work-around was calling powershell with my script as the parameter instead of calling my script directly.

Yes - you can always invoke powershell.exe with a -command parameter. Given that it can take a script block and/or multiple statements separated by semicolon you can invoke a "script" like that.

Script signing is not designed to be a permission mechanism. Rather it is an integrity mechanism, one that ensures that the script has not been tampered with at rest or in transit. You do not authorize anyone to run a script by signing it, instead you guarantee them that it has not been changed by anyone since it was signed.

As a sysadmin you may receive a script from a developer who instructs you to "run it on the production server". You may (rightfully) be suspicious towards such requests, especially if it is a highly secured server or a server in a regulated domain. But if the script is signed by an auditor/supervisor authority and you have ok through change management, you are in the clear. Script signing supports such a scenario.

The default setting to disallow *all* script file execution is just Microsoft erring on the side of caution. They want you to explicitly and knowingly set the execution policy to something else. The same reason that ps1 files are associated with notepad and *not* with powershell. If you doubleclick a ps1 file, the file doesn't run. Instead notepad pops up. :-)

Re:Hmm

[benjymouse]

I'd use Invoke-WebRequest - which has a standard alias iwr.

For instance:
(iwr http://apache.slashdot.org/story/13/08/12/2236256/apache-web-server-share-falls-below-50-percent-for-first-time-since-2009).ParsedHtml.getElementById('title-49466063').OuterText

will invoke a web request and get this slashdot page and use the COM API to get the title element (getElementById is exposed as an IDispatch method) and print the title.

Re:Hmm

[DuckDodgers]

Some nations - i.e. Denmark, maintain a much higher revenue as percentage of GDP, have much more social welfare benefits, and still have a thriving economy.

Now obviously comparing nations is difficult because of so many factors outside of government control. The US economy grew like gangbusters after World War 2 because we were one of the few first world nations without most of our factories and infrastructure in ruins.

But some of our uncontrolled spending is imprisoning marijuana offenders, which is ludicrous - pot users are idiots, but pot is less dangerous to the user and to others around the user than alcohol.

Re:Hmm

[DuckDodgers]

You're right, of course. But like many people, I'm already comfortable with bash and cmd.exe, so I'm not in the mood to learn something new.

Of course that attitude is self-defeating - few things irritate me more than working with IT professionals that fight tooth and nail against learning new technology. There may be damned good reasons for preferring technology X to technology Y, but you can't make that judgement unless you're highly skilled in both. It just so happens that right now I'm trying to learn new programming languages, and I had put sysadmin tools on the back burner.

Re:Hmm

[benjymouse]

I can't think of anything Powershell could bring to the *nix table that hasn't already been around one way or another for decades.

PowerShell is not a good fit for *nix.

Most Windows APIs (and indeed the Windows kernel with it's concept of handles) are already object-oriented. The low level stuff is typically exposed through native COM APIs. The manageability of kernel, devices etc is exposed through WMI. Applications typically through COM or .NET. PowerShell unifies all these object models.

Not so on *nix. That is not to say that some of the ideas from PowerShell could not be beneficial to *nix shells. But if you ported PowerShell to *nix you would still need some object-oriented view of the system to reap the benefits.

It's just two models with advantages and disadvantages for each OS. *nix use a lot of text files and the traditional tools consume and produce text. Hence, a text oriented shell makes sense, and especially a powerful tool like awk.

Windows does not use a lot of text files. XML files are becoming more prevalent, but mainly configuration is done through object-oriented APIs. Hence, a shell that allows access to those APIs, that speaks objects and makes XML grokking easy makes a lot of sense.

Which is also why a text oriented shell like bash would be inferior (on Windows) to something like PowerShell.

Just different ecosystems. But the days where Windows was lagging *nix on scripting capabilities are definitely over.

Re:Hmm

[DuckDodgers]

Wow. Thanks for all of that explanation.

You are definitely correct that bash's strength - consistency over time - is also its weakness. I suspect people have already worked on much more full-featured, modern shells for Linux that just haven't caught on. But one of the curses of proprietary programming, that the company can take your preferred technology tool that they make and end-of-life it, is also a strength because they can force their customers to move in different directions. Sometimes those directions are backwards or at best sideways, but this is a case where Microsoft is pulling things forward.

Some guy on Sourceforge had started working on Powershell for Mono so that you could use one admin tool on all of your platforms. I think the project was abandoned, but I wonder if he was on to something good.

Re:Hmm

[DuckDodgers]

I think you unfairly got modded down, sorry enthusiasm for FOSS got in the way of fair discussion.

Typically Linux gets more patches because the person has a lot of software installed. If you've got a pretty barebones setup and only pulled in exactly what you need (Apache + PHP + PostgreSQL), I imagine the patch rate isn't too different from something like IIS + PHP + PostgreSQL or IIS + .NET framework + SQL Server.

Re:Hmm

[lgw]

Yeah, different things work in different countries. The only thing that would really change the actual resources available to us would be for the US to become a net exporter. That's not as far-fetched as it sounds. We're a net exporter of energy, and I expect us to be a net exporter of oil in my lifetime. Automated manufacturing is really blossoming, and may make a huge difference in the amount of manufacturing done in the US in the next 10 years (that's never really fallen, though the jobs have gradually been replaced by robots, but its getting cheap enough now to support growth by export).

While everyone has a government program they hate, it's all peanuts aside from defense and "mailing checks to people" (entitlements, plus pensions), and interest on the debt. Everything else combined is down around 20% of the budget, and not really worth worrying too much about. Massive cuts in the defense budget are certain at this point, but rising rates are rising and will likely balance that. There's really nowhere left to go beyond reducing entitlements and pensions - but I just don't believe that will happen short of disastrous collapse of the system. Like all bubbles popping that's going to be quite ugly for a few years, then be far less important long term than it seemed.

Re:Hmm

I never thought linux was technically superior. Having done both userspace and kernel/driver development on both platforms is usually enough to convince someone.

That said, linux is catching up. In userspace things like dbus/systemd all add functionality that has been in windows for a very long time. In the kernel, the addition of loadable modules, kernel debuggers (this has a ways to go yet), fine grained locking, power management, and a dozen other things have also contributed to the idea that linux is catching up.

Saying/thinking something is superior requires concrete examples. For example in windows I can frequently load drivers across multiple windows versions. This is a holy war on linux, but the idea that I can install a piece of hardware newer than the kernel i'm running is frequently not possible without hacking C code. Another area where windows is more "advanced" is its ability to page the kernel RAM as well as the userspace RAM.

Re:Hmm

Well, you have some fine time traveling experience there.. Because 20 years ago (1993) was 4 years before postfix was written, the same year that LDAP was broken off from the X.500 specification and 3 years before SMB was upgraded to CIFS (upgraded because CIFS is the version that runs on TCP/IP and supports links/etc).

Re:Hmm

[turbidostato]

"You realize all you've really said was "I understand Linux and not Windows Server, and I like what I already know"?"

What you don't realize is that I manage (not alone, certainly the other five guys are of help) around 2000 windows servers. You can bet I know my trade.

Re:Hmm

[turbidostato]

"Yeah, but you're running NFS4, Samba4, BIND9, and Postfix with a bunch of extras bolted on (dnsrbl, postscreen, etc.) which didn't exist 20 years ago! :P"

Which means an incremental advantage spread along 20 years, nothing to difficult to cope with.

Re:Hmm

[turbidostato]

Yeah, you're right. Being there-done that has sometimes the nasty side effect that some wikipedia-based toddlers can correct you. Yes, I didn't start using Postfix 20 years ago, I remember using Sendmail till around 1999, so it makes merely 14 years for postfix. First incarnations of SMB I remember using on HP-Ux about 1993/1994 and LDAP no later than 1998.

Is that better for you?

Re:Hmm

[lgw]

And you can't do proper change management and prevent configuration drift? How bizarre. Do you let the servers patch themselves through automatic Windows Updates or something? Do you have stateful servers running software that has some wonky patch scheme? How are you not in precise control of the software running on servers?

Re:Hmm

[turbidostato]

"How are you not in precise control of the software running on servers?"

Who says I am not? Of course I am. Of course we deploy patches in batches over different waves of servers with proper approval processes, proper paper track record, SCCM support, some helping scripts here and there, and the whole of ITIL burden.

That's exactly why I know the difference between doing it properly and what happens in windows-world.

Re:Hmm

[turbidostato]

"Most of the newer admin tools in 2008 R2 can spit out powershell cmdlets at the end of a wizard"

Which is a very good idea but barely new. Google for AIX SMIT.

Re:Hmm

[lgw]

But that's exactly what happens in windows world. Managing change control for Linux and Windows servers differs only in the tools these days (and for stateless servers, not even that - an image is an image). What on Earth are you going on about?

Re:Hmm

[smash]

Never claimed it was new. Parent post commented it was nice that server 2012 did that. Microsoft have been writing the back end of their admin tools in Powershell since about 2006-2007.

Re:Hmm

[Tablizer]

You should have started worrying about that in 2001, when the bad policies began. Nancy Pelosi warned about financial gloom and doom back when W first pushed the tax-cuts, but was laughed off the floor by Republicans as a chicken-little.

It wasn't broken all at once and cannot be fixed all at once.

Re:Hmm

[smash]

... and this behavioural change at Microsoft is to be commended. Its quite a refreshing change from the days of autorun, unsigned VB macros running by default, activeX enabled for the internet and blank SA passwords by default allowed in SQL.

Re:Hmm

[smash]

If you're tying out full powershell cmdlet names you're probably doing it wrong - the shell and IDE both have command completion via tab, parameter completion, etc.

As far as access to /proc goes, the powershell equivalent would be to query wmi. there's a LOT more in WMI than you'll get out of /proc.

Try "get-wmiobject -list" for example. Then get-wmiobject with one of the class names in the list.

Re:Hmm

[smash]

It's a case of using the correct tool for the job. Powershell is not a replacement for Perl. Powershell is not heavily text processing focused, so trying to munge text with it is like driving nails with the blunt end of a screwdriver. Possible? Sure...

Re:Hmm

[smash]

Yes, you can go with Windows or you can do the proper thing: hire competent developments.

Oh really? What if the application your business deems to be mission critical is not available on other platforms?

No, it isn't because, as you say, the trade offs. As Bellovin stated, the most secure platform is the one you know the best: it makes no sense using Windows on most on your servers and then go with a drastically different OS for a minority of them. Given that, Linux offers the best trade off: people will tell OpenBSD makes for a better firewall and maybe they are right but then, Linux can be competently used all the way so it makes an overall better choice.

Maybe you should hire competent administrators. Plural.

Re:Hmm

[smash]

Pretty much that. The tools are available to effectively secure and maintain both platforms. The platform choice comes down to what is supported by your application vendor and/or software developers. I think he perhaps took my "some Linux administrators are muppets" comment personally perhaps, and flew off into a barely coherent, wandering rant.

Re:Hmm

[karbonforms]

"multi-track music synthesizer" In Bash? Per sample processing and timing? Synth? Reverb? Compression? etc? I wrote one in Javascript. It was a struggle. But I'm not superhuman like you! (I jest)

Re:Hmm

[lgw]

2001? 2001?!?!?! What sort of bizarre partisan world are you living in. Please stop rooting for your team in the big game - it adds nothing to the discussion to pretend the parties are different here.

There is no small government party. That's the problem. It's just a fight as to which side can loot the treasury for it's own supporters - and in some cases there's not even a difference there, as a big chuck of the national debt was trillions (!) handed by both sides to banks as spoils of victory.

And what's worse, anyone who suggests "maybe the government could be just a little bit smaller" gets shouted down as an insane libertarian, as if the only choices were "as much government as possible" and "no government at all".

Re:Hmm

[badkarmadayaccount]

D-Bus? The rest of the shit sounds like a customized zsh setup.

Re:Hmm

[turbidostato]

"but that's exactly what happens in windows world."

Exactly. I already told that's the way we managed windows. The point is that you think that's the way to go.

"What on Earth are you going on about?"

See my point? That's the result of 30 long years of marketing and unwise management: you don't even know what the heck I'm talking about.

Re:Hmm

[MooseMiester]

Could not agree more, Linux is incredibly easy to administer. All the same basic functions are on both platforms, but with Microsoft you are constantly searching for the right dialog, or where they hid the stupid context menu in THIS version.

RANT
Why would I trust my website to a company who after 20 years can't create a decent FTP server or talk to WebDAV?
END RANT

Re:Hmm

[Richy_T]

I think the thread's dead but I just spent most of the day yesterday trying to get a powershell script to run either via srvany or vi xp_cmdshell. In the end, I gave up. Weird issues on the srvany (local machine security showed different than when run from the command line and the snapin needed was not available) and xp_cmdshell just had weird hangs. In the end, the powershell itself wasn't needed (it was just calling invoke-sqlcmd) but it was very frustrating.

Editors at it again....

We're not writting camel case code here guys. I suck at both grammer and spealing. I do try and get the company names right though still though. Pretty easy in 2013...

The Go Daddy Group, Inc.
https://www.google.com/finance?q=go+daddy&ei=LXUJUvicE6_p0QGVHg

Re:1st post.

[ackthpt]

apache 4 life!

No kidding. I hate IIS right now. It's so much more time consuming to sort out configuration issues with than Apache.

but the real question is....

did netcraft confirm it???

*ducks*

stand alone nginx?

[mozar]

I always thought nginx was used as a web accelerator, working in conjunction with other web servers like apache. People use nginx as a stand alone web server?

Re:stand alone nginx?

Nginx is a great webserver. We use it for mostly everything. FreeNAS uses it for the GUI.

Re:stand alone nginx?

Netcraft statistics are meaningless currently.

They only analyse the "header" layer of the sites, which means that even if the site uses webserver a, it can post webserver b signature, or none at all (as most would/should do).

What is the benefit of publishing the fact that you run a specific web server?

Re:stand alone nginx?

[rainer_d]

I have a busy Typo3-site running with NGINX+PHP-FPM.
No Apache anymore.
Unless you need complex rewrite rules or the need for user-accessible .htaccess files, there's no need for Apache.

Re:stand alone nginx?

[CadentOrange]

I use nginx as a web server and load balancer. It works very well and I have no need for Apache.

Re:stand alone nginx?

I've always found the rewrite rules in nginx adequate, and I have sites with thousands of rewrite rules.

Re:stand alone nginx?

I have a busty Typo3-site running with NGINX+PHP-FPM

Apaches are welcome

Not "always" dominated

[EmagGeek]

Apparently it did not dominate at some point back in 2009.

Removed parked sites

[Todd+Knarr]

In my book, the stats ought to be excluding "parked" sites, ones which don't have any content beyond a parking page. I'd also exclude sites whose only content is boilerplate advertising (eg. the one you get if you're on Cox Cable's internet service and type a nonexistent domain into your browser). I'm more interested in what servers are being used for productive work without the numbers being skewed by the guy who registered 10,000 domains related to the latest fad and is waiting to see which ones he can sell at a profit.

Re:Removed parked sites

Indeed. Perhaps they could compile a new statistic, listing web servers according to the amount of traffic they handle. They'd probably only have to look at the top 100 sites or so to get the answer down to a 1% margin of error.

As long as it works

IIS has come a long way.
It's still closed proprietary bullshit but it works.
As an end user, I could not care less what engine is the backbone of a given service.

Re:As long as it works

"I could not care less..." - you are a moron!...

Re:As long as it works

He might be a moron, but I could not care less

Re:As long as it works

"I could not care less..." - you are a moron!...

How convenient that you left out the first part of his sentence, which is "as an end user..." Seems pretty clear, as an end user who is viewing/using a website, not as a sysadmin or developer, the webserver used doesn't matter as long as it works. Now, it may be off topic since the intended audience of the article is clearly people in a role where they may care, but saying he couldn't care less as an end user doesn't make him a moron. On the other hand, taking half his quote out of context makes you an asshole.

Re:As long as it works

The alleged asshole here:
The short/lazy quote was not meant to be out of context, it was just a quick write to point out
which part is being criticized.
And to elaborate a little more: End users in general should probably try to care about
what is the impact of their actions. For example that's maybe why people are starting to care about
organic food, fair trade, or made in USA goods (or made in whatever country you happen to live), etc...

I've dealth with both

[kilodelta]

And hands down I prefer Apache. IIS is still closed and tries to be cute but fails miserably both for configuration and security.

Re:1st post.

But IIS is NSA-friendly!

Citation needed - When/why did GoDaddy switch?

[bramp]

I'm curious to find out why GoDaddy switched from Apache to IIS?

Re:Citation needed - When/why did GoDaddy switch?

Money.

Re:Citation needed - When/why did GoDaddy switch?

[dltaylor]

The originally-linked Yahoo finance page is expired, but here's the /. discussion from 2006:

http://slashdot.org/story/06/03/23/008229/godaddycom-dumps-linux-for-microsoft

What about...

[djupedal]

Greg Stein - I'd like to here what he has to say?

Re:1st post.

There hasn't been any serious security holes in IIS for years now. So the government ordered MS to add PHP support.

lighttpd

That's what I use. And what I'll continue to use. Articles like this are just noise.

Re:1st post.

[bprice20]

Seriously though. Apache, nginx, lighthttpd, hell.. mongrel, thin, etc... Anything before IIS. The point and click mentality works for people that know how to follow instructions but don't care how things work. That having been said I guess this news is legit.

Apache?

[Galactic+Dominator]

In many respects, it is the most successful and widely deployed open-source technology today.

Not even close. OpenSSH owns Apache here and that's not even considering things like BSD sockets.

But don't worry?

I'm more interested in what people are doing with their technology, not what technology they use. I'm sick of lunkheaded fanboi bullshit.

Didn't I hear that story YEARS ago?!

[bkgoodman]

I thought I heard this EXACT story *years* ago?! Verbatim. Or is my browser doing some weird caching ;-)

Re:Didn't I hear that story YEARS ago?!

[Tough+Love]

You probably did. From time to time Ballmer issues an order to ramp up the web share for IIS, so a couple M$ salesmen drop by to bribe the usual suspects at godaddy. Of course all they get is parked domains, and only for a while.

Re:Didn't I hear that story YEARS ago?!

Ballmer? I just met her!!

Not the first time either

[MrNemesis]

Dupe! ...and the knock-on.

I'm beginning to wonder if GoDaddy's web server policy follows the solar cycle... :)

From the look of Netcraft's graph, prior to the GoDaddy move it looked like most of the marketshare lost from apache went straight into nginx (itself also frequently used as a caching proxy/frontend to another web server on the backend) so I'm not quite sure what the summary/TFA are trying to imply.

http://news.netcraft.com/archives/2013/04/02/april-2013-web-server-survey.html

Re:Not the first time either

That's because you're not a PHB who sees it as justification for what they've always suspected: that those open source linux hippie guys just can't do Real Business.

The article is meaningless which is great for them; it becomes much harder for people who know what they're talking about to find anything substantial enough to criticize, and our knowledge of GoDaddy's shitty parking practices is just hearsay.

Wow

[synapse7]

Godaddy must have been running apache on Windows server, otherwise the licensing costs would have been a fortune.

What about Linux (the kernal)?

I suspect the Linux kernel in its various incarnations with and without the GNU-slash is the most widely deployed open source project. This is if we count all those backend installations that users never directly interact with. It's in Android smartphones, home routers, USB stick computers, servers, HPC nodes, etc. I've read somewhere that it's not the most widely deployed piece of software by a long, long shot, the honor belonging to some Japanese RTOS, which may or may not be partly open source, that most people don't even know exists.

Re:What about Linux (the kernal)?

[smash]

I suspect the BSD ip stack would give it a good run, given that it is in every i-device, every mac, Windows, Juniper, Netapp, some Cisco devices, etc. It also formed the core of the original Linux IP stack.

Re:What about Linux (the kernal)?

the honor belonging to some Japanese RTOS, which may or may not be partly open source, that most people don't even know exists.

I believe that this is what you're after. http://en.wikipedia.org/wiki/TRON_project.

RE:

They will switch back, it's just a matter of a little time. IIS is junk.

Re:1st post.

I'm not using either. I got burned on the most recent apache/php upgrade where all of my sites went down because of some retarded issue with PHP not handling something or another. I don't know what the problem was nor do I give a fuck, all I know was that it was poorly planned for by Apache and within 2 days of fighting to get any of my sites to keep from crashing I just switched to Nginx. I've had a few issues due to the fact that Nginx wasn't installed initially so all the permissions were still set for apache:apache on some directories but it works much faster and with far less delay than apache ever did. I imagine it will work much better when I do a fresh install where apache isn't included.

What I'm getting at is that these numbers are dropping for a variety of reasons and IIS isn't the whole reason, sometime it's apache.

Version 1.3?

Now that 1.3 is no longer freely supported for the last 3.5 years and 2.0 and 2.2 were too far away for many developers to port custom modules, I wonder how much of an effect that has on the stats and people moving away.

"For the first time since 2009"?

If only there were people still alive who could tell us what happened back then.

How does GoDaddy feel about MS price hikes?

[Required+Snark]

Previous Slashdot topic:

Microsoft will squeeze datacenters on price of Windows Server

http://news.slashdot.org/story/13/08/09/2021205/microsoft-will-squeeze-datacenters-on-price-of-windows-server

I wonder if GoDaddy knew that this was going to happen? If they didn't then they must be angry. If they did then then why did they act so foolishly? Either way, they look really stupid.

For a lot of us, Microsoft == stupid, and this is an example.

Re:How does GoDaddy feel about MS price hikes?

[Tough+Love]

I presume that godaddy only ever moves its parked domains to IIS when M$FT hands over a new bag of payola. Then they drift back to Linux at their convenience, lather, rinse, repeat. Must be a profitable little scam.

Re:How does GoDaddy feel about MS price hikes?

[Tablizer]

When is MS going to run out of money to subsidize itself?

Re:How does GoDaddy feel about MS price hikes?

That price increase is a tiny drop in the ocean. DataCenter version is what you run when using High density Virtual workloads on servers as it includes unlimited virtual machine licenses, or when running very high end DB loads. regardless the datacentre pricing is actually dirt cheap in those situation, You don't run Data Center edition on general servers.

Re:1st post.

Will the NSA honor IE11's do not track default setting?!

Rubbish

[Tough+Love]

it's Microsoft IIS that has picked up share.

No. Microsoft picked up a bunch of parked domains and its long term trend is still down, even for parked domains. In terms of active sites, Microsoft's trend is steadily down, now around 12% and sinking. And it is indeed nginx that is mainly picking up share from Apache, though Google is hanging in there pretty well too. This puff piece glosses over the one fact that can't be denied: Linux servers rule the web by a large and increasing margin.

http://news.netcraft.com/archives/2013/08/09/august-2013-web-server-survey.html#more-12060

back-end security doesn't matter to you?

[dltaylor]

You could care less if the back end that has your credit card numbers or medical info' has less-effective security, either because of the built-in Windows back doors or the MS-certified script followers called admins operating the site?

I've cancelled credit cards because they could not convince me that they even understood the question regarding the boundary between the web access for those that want it and the actual database of account information.

Re:back-end security doesn't matter to you?

Most credit cards users wouldn't cancel, because THEY don't understand that question either.

LOL. PHP will provide plenty of holes

[raymorris]

funny

Microsoft was paying large hosts to switch $10 sit

[raymorris]

A while back Microsoft was paying hosts and registrars with large numbers of domains parked, or $30 / year type, to switch over.
I don't know if that program is still active.

Uh, didn't godaddy switched over years ago?

[the_B0fh]

why is it that everytime I read about a dip in apache stats, it's because of godaddy switching over? Bloody hell, they've been switching over for years, just how many effing sites do they have?

Re:LOL. PHP will provide plenty of holes

[cjb658]

They're gonna tear Microsoft a new one.

Re:1st post.

[smash]

Be that as it may (I hate the IIS administration interface as well), for an enterprise who runs microsoft on the desktop, microsoft SQL, and other microsoft services, IIS integrates far easier into that environment.

And I suspect this is where it is winning share - the web isn't static pages any more.

Sure, Apache can do this, but the environment is totally foreign to your average corporate type.

And as usual, security is probably some way down the priority list.

"admitted" 3rd graders can reboot Windows $4 hosti

[raymorris]

No, he "admitted" than any 3rd grader can reboot Windows. $4 hosting companies don't get server admins, the get phone monkeys. I used to get frustrated with their "admins" being clueless, but then it happened. I was working with HostGator, a top hosts who has the same business model as GoDaddy hosting, and I found out their "admins" don't have access to the datacenter. They are literally just a phone bank and marketing company, with The Planet running the servers. So yeah, it's easier to hire Windows phone monkeys than Linux phone monkeys. (Maybe because Linux users tend not to be the phone monkey type?)

If you want actual qualified admins, people who know the difference between a gigabit and a gigabyte, you're going to pay no matter which OS. (Though I do know a _certified_ Windows admin who doesn't know the difference between bits and bytes ...)

Paying Go Daddy again?

[CODiNE]

This is not the first time this has happened. From 2007:

But Microsoft's recent gains have been so fast that furious open source proponents such as Bruce Perens claimed last year that Microsoft was paying large domain name resellers such as Go Daddy to "park" unused domain names in IIS rather than Apache.

So probably a slashdot story about that first time as well.

Re:1st post.

[MightyMartian]

IIS is an absolute fucking nightmare when you have to deal with a buggered up config. Actually that applies to most MS point and click services. Apache can be a bastard, but at least I can back up the configs with a quick "cp".

Worst experience I ever had was with IIS and Exchange and something going wonky with IIS's settings, and OMA completely screwing up. In the end I literally had to uninstall IIS. Only MS would build things with such fragility and such insanely dangerous solutions.

fork() vs epoll()

[NynexNinja]

I think when Nginx first came on the scene (a little bit after libevent was released), Apache had known about the scalability problems associated with using fork() versus epoll(). This was almost a decade ago. Apache has yet to provide a scalable implementation using epoll similar to what Nginx provides. Its at least a 10x speed improvement on the same hardware.

All that I can say is that all new installations over the past I'd say about 5 years, I've been doing using Nginx only because Apache just can't scale well with their fork() implementation compared to Nginx. I'd say this has something to do with people leaving Apache, at least all the people I know.

Re:fork() vs epoll()

Thanks for the mention of epoll.

I've always used select for networking, so I just did some reading about the pros and cons of select vs epoll. I think I'll give epoll a shot on my next project.

Re:fork() vs epoll()

The event MPM uses epoll is considered stable in 2.4.x:
http://httpd.apache.org/docs/trunk/mod/event.html

Re:fork() vs epoll()

[codealot]

Why are you still using prefork? You have at least two good alternative MPMs, one of which can use epoll().

Re:fork() vs epoll()

Nginx only because Apache just can't scale well with their fork() implementation compared to Nginx.

I'm pretty sure Apache has been preforking for a long time. Preforking is just as fast as using an event loop with callbacks, and it has the added benefit that it inherently takes advantaged of multiple cores (i.e. event loop servers need to do preforking anyway to take advantage of multiple cores). A few years ago, way back when Apache used to create and tear down a thread for each connection, Nginx was obviously the more scalable web server, but if you haven't looked at Apache in a while, you might be surprised how well it holds its own nowadays even in comparison with the likes of Nginx.

I still choose Nginx the most when I need a web server, but Apache really has gotten much faster than it once was.

Re:fork() vs epoll()

The funny thing is he didn't install a single site which needed scaling.

Revelant:
http://youtu.be/b2F-DItXtZs

Re:fork() vs epoll()

Apache is also a horrible monster to configure.

I have scripts which spit out nginx site configs automatically, I could write the same thing for Apache and generate the .htaccess files, but the config files for Apache are far more difficult to comprehend and get right, also the performance would be worse.

And this isn't a difficult problem domain: take a uri, look it up in a map, concatenate from cache -or- concatenate from disk -or- concatenate from backend, send.

It's such a trivial problem, made less trivial by idiots who keep wanting to extend the HTTP protocol, that I'm surprised every application doesn't implement the HTTP server directly with a library. Note: most of the sites I administer are implemented with an http server library and C/C++.

it is getting a LOT better

[raymorris]

Having acknowledged the sometimes extreme security issues PHP has had in the past, I have to say it's getting a LOT better. PHP was designed as something like a blogging system, not a general purpose programming language. Because people are using it for general programming, they have made huge improvements.

Now if only people would read the giant warning at the top of the SuExec documentation: "SuExec can result in severe security risks. Do not consider using SuExec unless you are knowledgeable about ...". That warning is there for a reason. SuExec / suPHP really is dangerous as hell, just like it's documentation says.

Re:it is getting a LOT better

The problem isn't the language, it's the community. Google "php mysql" and the first link teaches you how to create a SQL Injection point. And 'experienced' PHP developers still write code that way. I'm convinced they just don't care.

Re:it is getting a LOT better

Which link is that (google gives different results to different people) and what would you recommend doing instead.

Re:it is getting a LOT better

When PHP came out the term "blog" wasn't even coined yet.

PHP derives from Perl (where it was first implemented) and Service Side Includes (SSI)--http://en.wikipedia.org/wiki/Server_Side_Includes

There's no excuse for why PHP sucked early on. It just sucked. The implementation was crap. Period. End of story.

Is it useful? Of course. That doesn't mean it doesn't suck.

Re:it is getting a LOT better

[aaronb1138]

You're convinced they just don't care, but I've talked to enough "PHP coders" and similar "web designers" who are just dumb by IT and CS standards (though still hover in the 90-110 IQ range). They're the roofers of our industry.

Hrm, is it odd that I meant that metaphor one way and it fits a few others?

Re:it is getting a LOT better

[ko7]

"Hrm, is it odd that I meant that metaphor one way and it fits a few others?"

It's not odd... it just fits...

Re:it is getting a LOT better

W3CSchools.

And, if you don't know the recommended way of doing this, fire yourself, because you are the problem.

Re:it is getting a LOT better

"PHP was designed as something like a blogging system" - You have no idea what you are talking about!

Re:it is getting a LOT better

Roofer is a great analogy.

And of course, HTML/CSS/Content Management isn't a genius-level occupation.

But most programming communities have some sense of best practices and good taste. Only PHP seems to insist on teaching the wrong way to do it before the right way. It's not like it's even any harder. PHP is the language for when someone simply doesn't give a shit and just wants the paycheck.

Re:it is getting a LOT better

My first software job was as a PHP developer. There are numerous problems with PHP, all of which should be obvious to anyone who has spent any time working with it. From what I've seen recently, there's not been much change in these problems since I first encountered them nearly a decade ago.

- Every example is written for PHP 4 compatibility, with a footnote that "there's a better way in PHP 5" but without any hint of an example showing how it works, much less how it's better.
- Every PHP 4 example is poorly-written. It's the "simplest way possible" rather than the "simplest properly-functioning way", and it introduces the same SQL injection bugs into every newbie coder's work when they copy/paste it.
- PHP 5 made things overly complicated by requiring extra modules outside of the default installation to do things the "right" way. The worst offender here is PDO. It should've been included and active by default, but for a number of releases, it wasn't. IIRC, this was changed a few years back, but the delay seriously hindered its adoption and is responsible for many problems.
- PHP 5 refuses to cut ties with old, insecure methods from PHP 4. It even lacks the option to do so. The only options for this kind of thing relate to bad design decisions in PHP 3 (automatic variables from GPC is the most obvious one).

This is why I refuse to work with PHP anymore. It's just too much of a cesspool, and it requires a more-than-competent server admin to fend off its stupidity. Add to that the piss-poor practice of mixing markup with code, and you have a developer-hostile environment to top it off.

Re:it is getting a LOT better

"Hrm, is it odd that I meant that metaphor one way and it fits a few others?"

it's probably because your so fucking smart!

Re:1st post.

Sounds like your gripe should be with the fine PHP people, not the Apache project.

Actually, they are losing share to nginx

[haggholm]

The Netcraft article does have statistics that exclude parked domains, and here IIS doesn't look to have an increasing trend at all. The only webserver with a steadily increasing trend is nginx. In the graph of the top million busiest sites, nginx is again growing the fastest, though "other" is also a growing category.

Re:Microsoft paid GoDaddy for exactly this reason

[couchslug]

Good find, and

citation very much needed.

Re: 1st post.

Asp.net MVC (especially with service stack for rest/ajax stuff) with ef as the orm and take your pick of db is really a pleasure to work with. All the point and click stuff (which I don't actually ever use) is just a shine wrapper over a couple config files that are no harder to work with than Apache. Problem is that the barrier to entry for windows is much lower than Linux so there are a lot more incompetent morons pretending to be sysadmins.

Re:1st post.

[micheas]

It was mostly due to microsoft cutting a check to godaddy to not show apache traffic server in the headers.

Godaddy runs IIS on linux. Well, they run IIS behind apache traffic server so which webserver to count as the webserver is a bit of an academic question. The moral here is that godaddy hosts a lot (hundreds of thousands, if not millions) of inactive sites that they collect 9.95 or so a year for hosting.

Re:1st post.

I have been using apache for years as a reverse proxy for other apaches/php, apaches/perl, tomcats, jboss etc... No CGI, php or anything else running on the reverse proxy. I added mod_security to the reverse proxy a few years ago. Works fine.

I know squid and nginx also but I am satisfied with apache so far, especially since computers get more and more powerful.

Wow, back in 2007 IIS almost caught Apache

[elabs]

According to those graphs IIS almost caught up with Apache in 2007/2008. Very interesting. IIS is actually a very powerful server and has come a long way since it's early days.

Re:1st post.

[aaronb1138]

The bigger part people are missing is security patches and upgrades. The 2.2 -> 2.4 transition sucked because it broke every httpd.conf and lost of others requiring hand audits of configuration files. In IIS, you can safely let the OS update the service weekly. Outside of big players that have the infrastructure for a weekly build test and deploy schedule, who really feels safe rolling out Apache updates with confidence nothing will break. Red Hat, CentOS and most other Linux distros certainly don't, they lag the "stable" release by 6-12 months at a time.

Add to the fire all of the huge issues Apache has had of late versus IIS' lack and the addition of cleanly working PHP the last few years. Yep, this is a no brainer. I bet IIS will be faster to get a non-Zend PHP accelerator or run-time compiler similar to HipHop. The .NET platform is much easier to develop such rich, real applications with tons more power than the limited scripting languages Apache has available. I liked Mono, but it is stillborn with the IIS immigration, plus the need to have .NET on Linux / Apache only demonstrates it's utility.

Read the article?

If you actually read it, it's pretty obvious that the change is in the Server: response header. IIS doesn't run on Linux... The software serving the content is still Apache Traffic Server (which is not the same as Apache HTTPD). ATS is a caching proxy server, the origin server is probably IIS. None of this really matters, the traffic served on these domains is inconsequential.

That explains it!

[bl968]

I was wondering why GoDaddy hosting went to hell... And now we know. Mark this troll if you want, but you would only do so if you didn't actually try to host a web site with GoDaddy after the switch!

StopDaddy.com

That'll fix it!

Even companies can't have it both ways

You can buy dime a dozen admins for your "easy" servers. But you need dozens, too. Whereas for a more mature system (not necessarily linux, there's better to be had) you need admins with better skill levels, making them more expensive per person... but if they're really that good then you need far fewer.

And because unix has a history of being scriptable, with multiple mass-administration approaches and tools for each approach available, you need far fewer expensive admins still than if you'd try the same approach --of a few, highly skilled, expensive admins-- with that "easy" system.

As well as less hardware--the efficacy per system is higher.

Worse, this works out even if you start to demand college degrees from your dime a dozen windows admins, making them more expensive. For it doesn't make them more productive: windows' eagerness to "be intuitive" and "need no training to operate" puts a rather harsh cap on what even experienced, smart, well-trained admins can achieve with it.

So the smart people bugger off to elsewhere.

If companies only look at price per unit and not at total quantity required or any of the other factors that might creep into it, and this goes hardware, software, and for people to run the shop, they're doing themselves a disservice. But hey, at least they're industry standard, ie doing whatever everyone else is also doing, and not getting ahead. Swell, no?

Re:1st post.

[Zenin]

You can backup IIS's config just the same. It's just an XML file (and a surprisingly easy to read/understand one at that).

You can also do your config by editing it as well, although typically you'll use something like AppCmd or more modernly PowerShell.

It's frankly easier to reliably automate/script IIS configuration changes than Apache. Apache's configuration system is incredibly powerful and at times that's needed, but that power also means it's effectively impossible for a random admin script to make sense of it enough to modify. Such a tool must intrinsically know not just Apache's config system...but your specific implementation with it. AppCmd and PowerShell can pretty reliably walk into nearly any IIS setup, no matter how convoluted, and safely make additions, tweaks, etc.

Frankly I'm first and foremost an Apache fan, have been since it was literally A Patchy Server. And I still deploy it more often than not, often in front of IIS to get some clever hack done that just isn't practical in IIS.

But that said...I'm warming up to IIS, especially as C#/.Net gains major traction in the wake of Oracle's kiss of death to Java.

Re:1st post.

[Wootery]

I liked Mono, but it is stillborn with the IIS immigration, plus the need to have .NET on Linux / Apache only demonstrates it's utility.

Say what? Your problem with the Open Source .NET stack is that... it's a .NET stack?

Re:Microsoft was paying large hosts to switch $10

[gbjbaanb]

IIRC, GoDaddy switched to IIS for these parked domains and a dip in Apache usage appeared, then reversed itself a year or so later... now its repeating.

Seems more like a money-making initiative fromGoDaddy, or a money-losing initiative from MS yet again. What's the chances history will repeat itself once the contract runs out...

Re:1st post.

[TheRaven64]

And people say Microsoft doesn't innovate. Making something that's more painful to configure than Apache requires an impressive amount of R&D...

Ease of management

The key word is "easier to manage". Some of the same reasons The German foreign office wen back to windows from linux.

Re:1st post.

According to the article, it seems that most of the new IIS servers are actually Apache servers going through an IIS reverse proxy. Unless I misread and it's the other way around. Well, here's the excerpt:

The bulk of the changes in Apache and Microsoft web server market share this month can be attributed to a single hosting company: Go Daddy was previously hosting 25 million sites using Apache Traffic Server on Linux, but these are now served by Microsoft IIS 7.5. The machines still exhibit the TCP/IP characteristics of Linux, and are likely reverse proxies, each of which is serving an average of about 150 thousand sites.

interpretation of data...

[MS]

Apache isn't below 50%. What counts, are "active sites", not parked domains or similar (see Netcraft). Numbers for active sites fluctuate much less and show us a more realistic picture. Apache is still at 53,62%.

And no, IIS is not the winner, but a distant second with only 11,78% market share. Considering, IIS had once 38% (october 2007), IIS is the biggest looser so far.

Re:1st post.

Nothing is stored in the registry anymore for IIS?!?

http://support.microsoft.com/kb/954864

http://support.microsoft.com/kb/820129

http://blogs.iis.net/ksingla/archive/2007/12/30/list-of-registry-keys-affecting-iis7-behavior.aspx

Prefork is the worse MPM for performance

[kervin]

Prefork plus increased file descriptors? You're kidding right? While you can get Apache to match NGinx, it's definitely nowhere that simple. As optimized as Unix fork() is, processes are going to use more resources than threads in this scenario every time. Prefork is the worse MPM you can use when you need performance. Even the Apache manual spells this out.

You'd have *begin* with worker or event MPM, use Apache 2.4 at least, and finely tune for your Application and specific load.

The benefit of NGinx is that you get a highly optimized web server right out of the box. You don't have to mess with the configs and you're almost there.

Technically the Apache team can do the same if they get rid of Prefork and a whole bunch of decades old legacy configuration options. Remove code processing modules from the webserver application space, i.e. get rid of mod_php for php_fpm, etc. All this can be configured now and you'll get that speed and stability, but it's just not done out of the box.

With NGinx it is. The only way to do things is the 'fast' or optimized way.

Re: Prefork is the worse MPM for performance

[Ash-Fox]

processes are going to use more resources than threads in this scenario every time.

I definitely agree it uses more resources typically - It doesn't however mean that the response time is worse.

Prefork is the worse MPM you can use when you need performance.

System resource wise, not necessarily performance.

The benefit of NGinx is that you get a highly optimized web server right out of the box. You don't have to mess with the configs and you're almost there.

Flipping a few configuration settings in Apache's httpd.conf and Linux's sysctl.conf is trivial for me, it's only a minute or two.

Remove code processing modules from the webserver application space, i.e. get rid of mod_php for php_fpm, etc. All this can be configured now and you'll get that speed and stability, but it's just not done out of the box.

mod_php, php_fpm aren't part of the default Apache configuration? And if you want to remove module support all together, you could just compile Apache with:

./configure --disable-so

Not that I have ever seen any notable speed differences through disabling Dynamic Shared Object (DSO) Support.

With NGinx it is. The only way to do things is the 'fast' or optimized way.

Load testing performed through SOASTA Cloud Test sadly didn't live up to those numbers on my environments. There was no notable improvement over Apache and at the cost of sacrificing useful functionality provided in Apache for what appeared to be no gain. Perhaps it was my environments, but I doubt it.

New CEO

..is ex Microsoft.
So this is all about comfort zone. His.

Say it ain't so, Bob!

This would come up while I'm in a 7 session.

---
The real danger is not that computers will begin to think like men, but that men will begin to think like computers. --Sidney J. Harris

Not 'rubbish' & how/where/when/why... apk

Free vs.payware's = ONLY reason. Even free Linux can't displace or outpace Microsoft @ the desktop level + in the world of business from departmental servers up thru enterprise-class/mission critical servers, combined. Mgt. of Windows in the enterprise is WORLDS ABOVE trying to do the same on Linux because of ActiveDirectory. Device support = better on Windows too. Dev tools are "catching up" some, but were for decades, crude on Linux by comparison to Microsoft Visual Studio or Borland's C++ Builder or Delphi. After how many decades has Linux failed to overtake MS overall when FREE? That's the real point to consider here.

* I don't mind Linux, & have used it on/off since Slackware 1.02 in 1994, Redhat 6.0 in 1999, & KUbuntu 10.04 in 2010 - each for 6 months - 1yr. periods... but, it's still not *quite* as overall as good as Windows is.

APK

P.S.=> Free should have put MS out of business, but it hasn't: That tell you anything? Mr. Ballmer *might* accomplish the job (lol), but Linux, hasn't... fact!

... apk

Re:1st post.

[pr0fessor]

When you need an internal application and you need it yesterday C#. and I'm not just talking about with iis. C# is just so easy and the .Net framework has so much and if you are stuck in an all windows environment anyway...

Switched from FreeBSD Apache to Windows

I switched all my sites from FreeBSD Apache setup that used Perl first. Perl was too slow, so I switched to PHP. PHP was too broken so I tried Java. Java died with Oracle Sun deal while C# kept advancing. So now I have Windows Server 2012 fully automated via Power Shell with C# applications. Being a Cisco certified sys admin with 10+ years of experience, it is much easier to maintain Windows Server 2012 with Power Shell than it is to maintain FreeBSD with Bash. I have not spent too much time with other distros although I remember CentOS for being a nightmare for anything custom.

You can put me down all day long, but that was my experience.

Re:Switched from FreeBSD Apache to Windows

1)Complains about an OS being "a nightmare for anything custom"

2)Uses Windows

BGP for load balancing ?

BGP publishes your *network* routing tables to other routers so eventually the core routers can learn how to get traffic to you. The BGP routing table for the entire internet has some 120k routes in it. No one in their right mind would use BGP for load balancing because the targets are entire networks not single servers and it reacts too slow and the core routers memory is limited already.

BGP allows you to have multihomed routers - have multiple paths to the internet and the other routers would choose the shortest one to get to you. That is part of load distribution, the target IP is the same only the route changes depending on the source, and the router doesn't have to do anything much less hashing source and destination IPs.

Re:BGP for load balancing ?

[Ash-Fox]

BGP publishes your *network* routing tables to other routers so eventually the core routers can learn how to get traffic to you.

You can also use it on 'internal' (they're sort of semi-public in how they route traffic through routers technically) networks without pushing the routes themselves to external networks. It is done via a combination of weights and port hashes to direct traffic to do load balancing on routers. Using BIRD, the announcements can be performed by the servers themselves to route traffic on an internal network, providing their own weights declaring their load etc. Server downtime handled gracefully through BGP, since they stop announcing when that happens.

That is part of load distribution, the target IP is the same only the route changes depending on the source, and the router doesn't have to do anything much less hashing source and destination IPs.

Under the system I described above, you need to apply the port hashing because you're not using BGP to simply direct traffic, you're trying to ensure that a TCP connection is consistently gets routed to a specific server. This would be a non-issue for sessionless protocols like UDP.

Re:Wait Wait Wait

No, it doesn't. Netcraft confirms that Apache no longer holds over 50% of all domains, while ISS still holds a bit more than 20%. Read the fucking title at least!

Re:1st post.

[Zenin]

You do realize many of these options are comparable to compile time options in Apache and/or PHP?

It's extraordinarily rare that they need tweaking...but when they do, I'll take a registry key (trivially managed via PowerShell btw) over a complete reconfigure and recompile from source of Apache and/or PHP, etc.

Godaddy...

[iXam]

Well to my calculation Godaddy has the most "popular" IP-address on the Internet. http://dnsdigger.wordpress.com/2013/05/30/what-single-ip-is-the-most-crowded-on-the-internet/