eWeek: Apache 2.0 Trumps IIS 491
AK47 writes "eWeek has a very positive review of Apache 2.0, entitled "Apache 2.0 Beats IIS at Its Own Game." They recommend the native Apache version on Windows over IIS for production use, citing superior security with no loss in performance."
How well can it run ASP? (Score:5, Insightful)
If it can handle ASP, there could be a lot of changeover. If not, then most 'hard core' M$ shops won't change.
windows version (Score:2, Insightful)
I would hope no one was using the windows version for the last 3 years, this gives little reason to trash their unix to jump to windows.
ASP Support (Score:2, Insightful)
I don't think too many people will switchover, if it means having to rewrite all their ASP code, or if using an ASP parser is slower than using IIS, especially since IIS is free (if you have Windows), whereas the chilisoft asp parser costs money.
I don't know of any other free asp parsers. But, if there were ones that offered comparable performance, I'm sure a lot of people would switch over.
Just awful (Score:3, Insightful)
ISAPI applictions (Score:2, Insightful)
(An ISAPI application is basically a DLL files that is loaded into memory and it stays in memory until it was 'halted' by an administrator, thus giving it a protential performance boost over CGI applications. That's the theory, anyway..)
Eh? (Score:5, Insightful)
Also, they don't even bother to publish any real results, all they say is "Apache kept pace with IIS during the entire test"..WTF does that mean in reality? Were they using dynamic pages or static? What were the software and hardware configs like? Numbers please?
If this article were the other way around harping IIS over Apache 2.0, most Slashdotters would (rightly in that case too) be ripping it to shreds for being a flimsy piece of shit..Hopefully we can all see it for the garbage it is, even if in the end it supports our (well the majority of us, anyway) favorite web server.
IIS6 (Score:5, Insightful)
So, as much as I would like to see the world dump IIS in general, a lot of shops out there will probably just wait and move to IIS6 when
They know how much is riding on this release. If IIS6 isn't tight, fast, and secure, then people will start jumping ship.
Re:Every time (Score:4, Insightful)
looks to be the only negative thing they could say about it.
In fact, it seems to be the only bad thing I ever hear these days about most open source programs.
What the hell is going on? Do we need to hire some UI consultants from Microsoft or something?
I would have to say quite the opposite about trying to admin an IIS machine, you want to change a simple setting? Expect to spend half an hour navigating menus till you find the setting hidden in some illogical unexpected location. Meanwhile to change the setting on almost any open source software package, just grep the config file(s) and you'll find where the option you want is within a couple of seconds.
Re:Every time (Score:4, Insightful)
That's because you're an "expensive expert", donchaknow.
Christ, let's just give them GUI tools for config files and be done with it. It would ease the transition for a lot of IIS "admins" who would like to take a step up in life but have an inertia/familiarity problem. Settings that have a list of valid options to select from, a "help" button next to each item to help them grok the stuff that IIS has been hidig from them...
Point being, don't let your superiority complex get in the way of an effective conversion effort.
.conf files (Score:5, Insightful)
Re:Performance gains (Score:2, Insightful)
Re:Yeah but.. (Score:5, Insightful)
When deriding superior, free alternatives, they claim any baboon can administer Microsoft products.
I'm failing to see the value proposition in a range of products which allow idiots to render a business vulnerable to serious damage.
This article is just reverse-FUD... (Score:4, Insightful)
I'm a big fan of Apache too, but this article is a piece of crap. They assert Apache 2.0 is as fast as IIS 5.0 on Windows but offer no benchmarks. They acknowledge that IIS had 10 security alerts this past week but offer no equivalent stat for Apache. (A thousand? Zero?) They don't even acknowledge that moving from IIS to Apache is a potentially career-ending chore. I love good reviews of OSS as much as the rest but this was more of a videobit than an actual article...
Re:This article is just reverse-FUD... (Score:5, Insightful)
Re:Every time (Score:3, Insightful)
In reality a text file configuration is worth a million GUI config tools.
Managers not Admins (Score:3, Insightful)
So drop a copy on his desk with a little note about "same performance, better security." See how nice that sounds.
Re:IIS6 (Score:3, Insightful)
It will be interesting to see how this "from scratch rewrite" holds up security-wise. History has taught us that it usually takes a long time for a new code base to get the security holes wrung out.
Hard to Configure (Score:4, Insightful)
a downside that Apache doesn't have a point-and-click web-based
configuration tool.
The only advantage of such interfaces is that they're friendly to
novices, which is all well and good when you're dealing with a word
processor or e-mail client, but this is a web server. Anyone
who uses one for anything other than a toy needs to be (or to hire) a
skilled professional just to keep the thing running and up to date.
Anyone who finds editing a text file intimidating has no business
administrating any kind of server.
Heck--I wouldn't hire a web administrator who couldn't write
their own point-and-click configuration tool.
Re:Have we all forgotten (Score:4, Insightful)
Re:How well can it run ASP? (Score:3, Insightful)
I'm not quite sure what this means, but essentially, if your app uses ASP that does more then the simple "Connect to ADO, grab data, and loop over it", then ChiliSoft is not a good solution for serious apps.
The only problem (Score:5, Insightful)
Re:free ASP support would switch small shops (Score:2, Insightful)
Re:Every time (Score:2, Insightful)
And ofcourse you have more flexibility in configuration files, to type in strange custom configurations that a gui designed would never expect.
I smell horseshit in this article (Score:2, Insightful)
Somehow... the numbers don't add up.
Traditionally, IIS on Windows was the leader of the pack [pcmag.com] on static web serving, beating Apache on Linux by a factor of about 4.5 to 1, Windows (5500 req/s vs ~1200 req/s). Apache on Windows scrubbed the bottom of the graph at a measly 500 (yes, five hundred) req/s. Now, suddenly, Apache 2 for Windows is beating/matching IIS? That would effectively place it in the lead of every other web server on the market, free and commercial. Yet at the same time Apache for Linux and other Unicies is retaining "approximately the same performance." (~1200 req/s). So, what's the moral of the story here? Everyone running a unix box should throw it out, install a copy of NT or 2k and install Apache and be home free?
Of course not. The attitude of the journalist is evidently anti-MS.
Which would mean, if these numbers were in fact true (I don't remember reading any numbers in the article anyway), that Apache on Windows is about 4.5 times faster than it is on Linux and Unix.
Once again, it doesn't make sense. This guy is tying two granny knots with a loop, and it ain't happenin'.
I'd really like some information on these tests that they ran. What, did they run an ASP database call on IIS and compare it to a print "Hello, world\n"; perl script on Apache? Come on, there is obviously something fishy going on here.
I trust this article like I trust The Register... about as far as I can throw the box it's running on (and that, my geeky friends, is not very far at all).
wrong way around (Score:1, Insightful)
I wouldn't expect IIS 6 to be that much faster. More secure, probably, given the attention that this aspect of the product has received in the past. The central flaw in the app has almost always been in ISAPI filters. Unicode escaping bugs are mildly nasty, but they've seldom been the showstoppers that the buffer overflows in various filters have been.
Also disastrous for them has been the fact that the overflows generally tend to be in the context of the system user (for the unfamiliar, it's a [usually] non interactive account with privledges ABOVE that of the Administrator account [can kill any process, for instance]). I particularly wonder if they'll be able to address this issue with IIS6. I suspect that changing this will have negative consequences for performance (just a guess; I don't have one of those shared source licenses so I could tell for sure).
The ASP.NET web.config files are already XML based; I guess it's nice. There's lots of options, you can tell they're trying to seem like there's more to their server products than simple admin interfaces for morons.
Re:How well can it run ASP? (Score:3, Insightful)
Put it this way, if they were using ColdFusion, your HTML guys could have written it themselves, rather than relying on an admin (you) to provide them with a custom tag!
And who provides them with the ColdFusion tags? An administrator! Look you big dork, if you think that runninng a freaking web site without a web administrator is a desirable thing then you have much bigger problems to worry about. Somebody is going to have to install the software. Jesus!
Look man, I'm being serious: ColdFusion is dying. If you are basing your career upon it I would seriously advise you to at least look into learning other technologies. It's proprietary, doesn't scale well, and is only supported by a single vendor. And Macromedia's energies seem to be increasing steadily over to JRun. I have been involved with over a dozen web applications from design to launch utilizing several different technologies, of which ColdFusion was a part. Very few people in the industry like ColdFusion or even take it seriously, and they have good reasons for that. Trust me.
Re:This article is just reverse-FUD... (Score:2, Insightful)
I believe this might be alluding to "Q319733: Internet Information Services Security Roll-up Package" which in a nutshell is a cumulative hotfix for all the exploits in IIS up to date. But then again, this guy is just a technical writer; he's probably never seen a server in his life.
What is ZDNet trying to pull? (Score:2, Insightful)
For example, the comment/article about the "10 new security vulnerabilities in IIS!"
What ZDNet fails to tell you, the obvious, is that what MS released was a "Cumulative Patch for IIS" which is all the patches released since IIS 4 was released.
Rather than installing a Win2K server and then having to track down the dozen or so patches, you can just apply this.
There have not been any new vulnerabilities in IIS since May 2001. Almost a year ago!
(Note: there has been a 1 or 2 vulns. found in Index Server and one or two in SMTP, both optional components of IIS, and not related to the web-serving W3SVC portion).
Why does ZDNet lie so flat-out like this?
XML is not crap (Score:2, Insightful)
Re:You got it backwards... (Score:2, Insightful)
While I agree with your accounting analysis... if the place is going to run Win2K servers though, there is no additional cost in running IIS (its part of the OS distro) and so unless they make the switch to an open OS such as Linux, they still have to captialize the OS and server cost. So they get hit twice.
That said, for 90% of places running web servers out there, there are only about a dozen lines in httpd.conf that need to be edited to get the site up and running in a configuration that will suit their needs!
There are also ton's of great application servers that plug right into it (if they aren't bundled to begin with) and only require minor tweeks. If your developers writing the code can't figure this simple stuff out, they shouldn't call themselves developers.
The REAL question (Score:1, Insightful)
But the true question is: Do you want a lamer that can't read a manual and edit a configfile appropriately, to administer your dear webserver???
I mean I'm not against usability this or that,
but for god's sake. You only have to edit a config file. If the admins are too stupid for that then they shouldn't be administering something...
True or not?