> > * An event management web site for a convention.
> > * Gentoo 2004
> > * Linux 2.4 kernel
> > * AMD Duron 600mhz w/ 256 meg RAM
> > * lighttpd web server
> > * C++ cgi
> > * sqlite backend database
>
> I'm heartily glad to hear that I'm not the only poor deluded fool
> writing
> CGI apps in C and C++. There's an article running in this month's
> Linux
> Journal on the topic (I'm the author). I found it interesting that
> Reuven
> Lerner, in his "At The Forge" column in the same issue, mentioned
> that
> hardly anybody uses C for CGI development. He's right, but I still
> found
> it humorous given the juxtaposition.
Congrats on getting your article published! :)
After being hacked using other distros several times I
decided to get serious about security. I also wrote about
my adventures in one of the Linux magazines.
I picked Gentoo because I could customize my system to *any* degree
I desired. That box has almost nothing on it that isn't
necessary for its function. The stuff it does
run has as few features as possible. Less is more when it reduces
vulnerabilities. I haven't been hacked since so it must be working,
or I'm very lucky.
The minimalist approach also helps it perform well on what's
considered 'obsolete' hardware. The previous server was even
smaller hardware wise and served 30000+ static pages per day
for years. The new server will have more work to do with the
dynamic pages.
Part of the minimalist approach was to not use interpreted code
in web pages. It's harder to hack the box if there's no
perl/php/python/ruby interpreter available.
The Lighttpd and Boa webservers perform very well with minimal
overhead. They both avoid the use of threads and forking for speed.
Lighttpd adds the ability to use ssl and access control that boa lacks.
I've been told interpreted languages can run as fast as compiled
but I've not seen a good example of it. The executable for the
interpreter alone is larger than a good fraction of my cgi apps
added together. There's enough RAM in the box I suspect everything
is in cache, so load time may not be a non issue. I would bet my
raw executable is faster than interpreted code, but that's probably
not an issue either since the bottleneck is almost certainly the
connection to the internet. I probably assemble packets pretty
quickly, but if they don't get to the user any faster who cares?
I've considered rewriting in FastCGI but so far the performance
seems more than adequate.
Sqlite performs very well speed wise. It does what I need and
helped me remove one more possible vulnerability. If there's
no database server nobody can hack it! The only thing I could
wish for is the ability to change the locking methodology on
the fly. There are times when I really do want to do dirty
reads. It's probably not going to be an issue until I get
as busy as google though.
I believe writing C or C++ code is harder than writing interpreted
code. My aim has always been to produce the best product I could,
not to produce it with as little effort as possible. I hope the
extra effort was worth it. I guess time will tell if I chose
correctly.
Thanks for letting me know I'm not the only regressive weirdo out
there!
__________________________________
Celebrate Yahoo!'s 10th Birthday!
Yahoo! Netrospective: 100 Moments of the Web
http://birthday.yahoo.com/netrospective/
