> > * An event management web site for a convention. > > * Gentoo 2004 > > * Linux 2.4 kernel > > * AMD Duron 600mhz w/ 256 meg RAM > > * lighttpd web server > > * C++ cgi > > * sqlite backend database > > I'm heartily glad to hear that I'm not the only poor deluded fool > writing > CGI apps in C and C++. There's an article running in this month's > Linux > Journal on the topic (I'm the author). I found it interesting that > Reuven > Lerner, in his "At The Forge" column in the same issue, mentioned > that > hardly anybody uses C for CGI development. He's right, but I still > found > it humorous given the juxtaposition.
Congrats on getting your article published! :) After being hacked using other distros several times I decided to get serious about security. I also wrote about my adventures in one of the Linux magazines. I picked Gentoo because I could customize my system to *any* degree I desired. That box has almost nothing on it that isn't necessary for its function. The stuff it does run has as few features as possible. Less is more when it reduces vulnerabilities. I haven't been hacked since so it must be working, or I'm very lucky. The minimalist approach also helps it perform well on what's considered 'obsolete' hardware. The previous server was even smaller hardware wise and served 30000+ static pages per day for years. The new server will have more work to do with the dynamic pages. Part of the minimalist approach was to not use interpreted code in web pages. It's harder to hack the box if there's no perl/php/python/ruby interpreter available. The Lighttpd and Boa webservers perform very well with minimal overhead. They both avoid the use of threads and forking for speed. Lighttpd adds the ability to use ssl and access control that boa lacks. I've been told interpreted languages can run as fast as compiled but I've not seen a good example of it. The executable for the interpreter alone is larger than a good fraction of my cgi apps added together. There's enough RAM in the box I suspect everything is in cache, so load time may not be a non issue. I would bet my raw executable is faster than interpreted code, but that's probably not an issue either since the bottleneck is almost certainly the connection to the internet. I probably assemble packets pretty quickly, but if they don't get to the user any faster who cares? I've considered rewriting in FastCGI but so far the performance seems more than adequate. Sqlite performs very well speed wise. It does what I need and helped me remove one more possible vulnerability. If there's no database server nobody can hack it! The only thing I could wish for is the ability to change the locking methodology on the fly. There are times when I really do want to do dirty reads. It's probably not going to be an issue until I get as busy as google though. I believe writing C or C++ code is harder than writing interpreted code. My aim has always been to produce the best product I could, not to produce it with as little effort as possible. I hope the extra effort was worth it. I guess time will tell if I chose correctly. Thanks for letting me know I'm not the only regressive weirdo out there! __________________________________ Celebrate Yahoo!'s 10th Birthday! Yahoo! Netrospective: 100 Moments of the Web http://birthday.yahoo.com/netrospective/