OSNews:

OSNews: http://www.osnews.com/story/18280/Netcraft_s_July_2007_Web_Server_Survey Exploring the Future of Computing en-us Copyright 2001-2009, David Adams adam+nospam@osnews.com Tue, 10 Nov 2009 09:48:11 GMT http://www.osnews.com/images/osnews.gif OSNews.com http://www.osnews.com Too bad http://osnews.com/thread?256010 http://osnews.com/thread?256010 Apache is one of the best servers with lighttpd. I don't understand why people still pay for an insecure beast like IIS. Tue, 17 Jul 2007 14:55:00 GMT donotreply@osnews.com (Joe User) Comments indirect effects http://osnews.com/thread?256014 http://osnews.com/thread?256014 It's interesting to see those major changes have happened to the market shares, while there was not any major change over either platform. Tue, 17 Jul 2007 15:02:00 GMT donotreply@osnews.com (vege) Comments http://nginx.net http://osnews.com/thread?256033 http://osnews.com/thread?256033 As lighttpd found some popularity, its time to give some attention to nginx http server which is even lighter and faster then lighttpd. Tue, 17 Jul 2007 15:32:00 GMT donotreply@osnews.com (vermaden) Comments surprised by google active sites http://osnews.com/thread?256038 http://osnews.com/thread?256038 I'm a bit surprised by the number of Google-sites that suddenly pop up in the market share graph... they don't really mention Google as being special, but it's a enormous amount of servers they have there... And it seems a large increase, judging from the graph... perhaps it wasn't counted before this survey?

In regard to nginx (pronounced "engine x"): I must add that I really like it too! It's a good server, nice code and features, just the documentation could be a bit better (primary is in russian). But the author is very helpfull fortunally on the list, and there is a wiki you can contribute to. Tue, 17 Jul 2007 15:38:00 GMT donotreply@osnews.com (pauld) Comments Say what? http://osnews.com/thread?256040 http://osnews.com/thread?256040 IIS I know, Apache I know, Lighttpd I know, what the heck is the Google web server? What is it based on?

After googling for GWS, it appears to be a customized Apache, which would explain some of the apparent Apache loss. To me, it should be a subset of Apache. Am I correct?

[EDIT: results of googling added]Edited 2007-07-17 15:49 Tue, 17 Jul 2007 15:40:00 GMT donotreply@osnews.com (fretinator) Comments RE: surprised by google active sites http://osnews.com/thread?256043 http://osnews.com/thread?256043 Netcraft isn't counting the number of servers (something that would be near impossible for them to do.) They're counting the number of web sites. Google is hosting web sites now with their Google Apps service. This is what Netcraft is counting. Tue, 17 Jul 2007 15:54:00 GMT donotreply@osnews.com (mheath) Comments Not Surprised http://osnews.com/thread?256045 http://osnews.com/thread?256045 First, most companies have large windows support teams, and very small *nix teams (or no *nix team at all). So when they need to put up a web server they of course install windows.

Second, most windows people believe without a doubt that IIS is secure. Weather IIS is secure or not doesn't really matter because they think it is secure, so they install and use it. Tue, 17 Jul 2007 15:57:00 GMT donotreply@osnews.com (Matt Giacomini) Comments Switching and Statistics. http://osnews.com/thread?256050 http://osnews.com/thread?256050 I don't suspect this to be the norm, but I've been told by a few other IT guys that they switched from apache to IIS because of something to do with SharePoint.

I know IIS has gotten safer and better over the years, but I personally would rather support apache or some other open source web server.

At the end of the day though statistics don't really mean a lot to me. You see numbers fluctuate all the time. So many factors and details aren't accounted for or simply left out. Of course the worst part is some people base their buying options on those flawed statistics. Tue, 17 Jul 2007 16:17:00 GMT donotreply@osnews.com (systyrant) Comments RE: Too bad http://osnews.com/thread?256052 http://osnews.com/thread?256052 I don't understand why people still pay for an insecure beast like IIS.

IIS is insecure? How is that?

Please check your facts.. IIS did not have any security problems for years now. I don't think there was a single critical hole found on it in last 4 years or so.

Not to say that it is perfect or that there won't be something found eventually, but to call it "insecure" is simply out of tuch with reality. Tue, 17 Jul 2007 16:23:00 GMT donotreply@osnews.com (gonzo) Comments RE: Too bad http://osnews.com/thread?256056 http://osnews.com/thread?256056 Maybe because IIS 6.0 is secure:

http://secunia.com/product/1438/?task=statistics

in comparison to Apache

http://secunia.com/product/73/?task=statistics

and easy to manage (the latter is my personal opinion and might be wrong). Tue, 17 Jul 2007 16:29:00 GMT donotreply@osnews.com (linumax) Comments RE: Too bad http://osnews.com/thread?256058 http://osnews.com/thread?256058 IIS is not insecure. At least since v6 which has had a near perfect track record.

What annoys me about IIS is how crippled it is (no ModRewrite / htaccess equivalent) and that you have to buy the Pro/Business versions of XP/Vista to get it, when you can download Apache for free and use on any system.

I've seen people who had to buy a £160 WinXP Pro licence just days after buying a new laptop because it came with XP Home and they didn't realise XP Home is crippleware and didn't know any better about servers/software. Tue, 17 Jul 2007 16:30:00 GMT donotreply@osnews.com (Kroc) Comments RE[2]: Too bad http://osnews.com/thread?256064 http://osnews.com/thread?256064 From secunia site:

"PLEASE NOTE: The statistics provided should NOT be used to compare the overall security of products against one another. It is IMPORTANT to understand what the below comments mean when using the statistics, especially when using the statistics to compare the vulnerability aspects of different products."

Apache is equivalent of IIS in security. You just need to read the ENTIRE report to understand why. Tue, 17 Jul 2007 16:41:00 GMT donotreply@osnews.com (CapEnt) Comments Six Months Ago http://osnews.com/thread?256065 http://osnews.com/thread?256065 Six months ago I was having a job interview for a small-ish size company that provides networking & service plans for businesses (the local credit unions, etc), along with a bit of in house webhosting & webdesign.

I remember touting my almost 10 years of experience with unix/linux/bsd & opensource stuff (as I was hoping to get in on their hosting side of things)... wow, that was a big mistake. The reaction I got was basically "none of that is important to business"...

And even worse, they seemed to have it in their minds that OSS was mutually exclusive with all microsoft & windows stuff -- and if I knew OSS stuff that meant I didn't know anything about MS stuff.

This is the kind of strange mentality that many business-type people have -- they create their own self-fulfilling prophecies by making decisions based upon what they think everyone else is doing.

This phenomenon is how A LOT of IIS sites get online. Tue, 17 Jul 2007 16:42:00 GMT donotreply@osnews.com (animus) Comments RE[2]: Too bad http://osnews.com/thread?256074 http://osnews.com/thread?256074 To be more specific, it's IIS6. IIS4 and 5 were buggy and terrible. IIS6 is much more secure and has had very few security holes. Less than apache. Tue, 17 Jul 2007 17:00:00 GMT donotreply@osnews.com (sappyvcv) Comments RE[3]: Too bad http://osnews.com/thread?256079 http://osnews.com/thread?256079 Uh. Ok. 3 vulnerabilities in over 4 years for IIS6. 1 rated not critical, 2 rated Moderately Critical. 1 of the latter 2 only worked if the admin enabled remote administration (probably not a great idea).

33 vulnerabilities for apache 2.0 in over 5 years. 3 still unpatched. 2 of the 33 which were rated highly critical.

How exactly is apache equivalent? Tue, 17 Jul 2007 17:06:00 GMT donotreply@osnews.com (sappyvcv) Comments RE[3]: Too bad http://osnews.com/thread?256081 http://osnews.com/thread?256081 To be more specific, it's IIS6. IIS4 and 5 were buggy and terrible. IIS6 is much more secure and has had very few security holes. Less than apache.

Well, I don't remember any major security holes in IIS 5 in the last 4 (or so) years. It's not like MS didn't fix IIS 5 too. Tue, 17 Jul 2007 17:08:00 GMT donotreply@osnews.com (gonzo) Comments RE[4]: Too bad http://osnews.com/thread?256084 http://osnews.com/thread?256084 Uh...what? That's because IIS6 was released 4 years ago. IIS5 was released somewhere around 7 years ago.

Secunia lists 14 vulnerabilities for IIS5, but their list only dates back to 2002. Some of those are highly and extremely critical. 1 remains unpatched.

IIS4 and 5's security was poor. 6's is good. What point are you trying to make? Tue, 17 Jul 2007 17:16:00 GMT donotreply@osnews.com (sappyvcv) Comments RE: Six Months Ago http://osnews.com/thread?256085 http://osnews.com/thread?256085

And even worse, they seemed to have it in their minds that OSS was mutually exclusive with all microsoft & windows stuff -- and if I knew OSS stuff that meant I didn't know anything about MS stuff.

Funny story about that. Years ago I worked for a company that prided itself on its Microsoft Partner status. Everything was Microsoft. Well, there were two of us Linux dudes at the company. We were considered oddballs. However, in order to be Microsoft Certified Solution Providers, they had to get some people with Microsoft certifications. Well, most of the Microsoft people had trouble passing the tests. So us Linux dudes went off and passed the tests and got certified so the company could meet its goal.

The point is, just because you like Linux, or are an OSS enthusiast, does NOT mean you are ignorant of Microsoft technologies. I am a .NET developer, and am very familiar with setting up Winders boxes. I just prefere Free Software for ethical and personal reasons. Tue, 17 Jul 2007 17:17:00 GMT donotreply@osnews.com (fretinator) Comments RE[5]: Too bad http://osnews.com/thread?256093 http://osnews.com/thread?256093 What point are you trying to make?

What point am I trying to make? That IIS5 is quite secure today, so it is not only IIS6 as you said it. Who cares if IIS5 was insecure in 2001? Today is 2007. Software products get fixed by updates, you know. Tue, 17 Jul 2007 17:40:00 GMT donotreply@osnews.com (gonzo) Comments RE[4]: Too bad http://osnews.com/thread?256096 http://osnews.com/thread?256096 No security advisory in entire 2007 so far and all critical holes as patched.

The ones unpached for such lenght period of time are clearly dismissed by apache dev team, and even secunia agree then to being non critical.

And secunia only lists vendor supplied or publicly listed vulnerabilities, MS stopped making that information available and now silently patches vulnerabilities they detect in-house. Tue, 17 Jul 2007 17:55:00 GMT donotreply@osnews.com (CapEnt) Comments iis is hard to maintain. http://osnews.com/thread?256097 http://osnews.com/thread?256097 iis is really hard to maintain. the settings are spread over multiple pages. with iis6 these are exportable to xml but not really human readable. ever tried to find quickly to which site an hostheader belongs? good luck

the apache way of having a file with all the settings for that site in it is really a bliss. i have a perl script which generates a config file for me, i tried thesame using vbs for iis but the lack of transparency held me back.

iis can handle thesame load as apache and is just as secure, claiming otherwise means most likely the administrator is incompetent. the rise of iis is likely due to many people switching to .net 2.0. so, i expect to see a drop again in about 1 year

Tue, 17 Jul 2007 17:56:00 GMT donotreply@osnews.com (renhoek) Comments RE[6]: Too bad http://osnews.com/thread?256098 http://osnews.com/thread?256098 But IIS5 has a bad history.

IIS6's track record shows there was a true commitment to improving security and is more reliable and worth trusting. Tue, 17 Jul 2007 17:58:00 GMT donotreply@osnews.com (sappyvcv) Comments Webservers http://osnews.com/thread?256128 http://osnews.com/thread?256128 IIS is secure enough. You don't need to choose between it and other webservers for that reason.

Apache is free and there are cheap GUI apps that make Apache very bit as friendly to configure as IIS. Some *nix distros include free GUI programs to configure it as well.

Lighttpd and GWS are gaining marketshare, so they must be an enticing offering. Either way, they run on *nix systems as well. Tue, 17 Jul 2007 20:12:00 GMT donotreply@osnews.com (Xaero_Vincent) Comments RE[2]: Too bad http://osnews.com/thread?256135 http://osnews.com/thread?256135

What annoys me about IIS is how crippled it is (no ModRewrite / htaccess equivalent)

There are a few ISAPI modules out there that bring the ModRewrite functionality to IIS, although I don't recall seeing any high profile web sites using it for search engine friendly URLs.

As for htaccess, doesn't web.config cover some of that functionality? Tue, 17 Jul 2007 20:54:00 GMT donotreply@osnews.com (ThanhLy) Comments RE: indirect effects http://osnews.com/thread?256144 http://osnews.com/thread?256144 That's what happens when hosting services become pawns in a battle for Netcraft superiority. Tue, 17 Jul 2007 21:49:00 GMT donotreply@osnews.com (butters) Comments RE: iis is hard to maintain. http://osnews.com/thread?256146 http://osnews.com/thread?256146 IIS7 is pretty much the same thing, only it uses .config files buried in system32/inetsrv instead of an exportable xml. I am not an admin, but I find at least for development purposes the config tool is very straightforward and easy to use.

I do agree with the rise being due to .net, but I don't agree with it dropping again. I was a diehard Oracle/Java/JSP zealot for years, but now that I am doing freelance work for smaller companies, that stack isn't exactly time efficient for development. Been using ASP.net 2.0 for awhile now, and it is really a dream to code in. I find that they are doing the best job of bringing OO concepts to front end web development, and I am consistently surprised by how quick I can bang out a small webapp. It is far from perfect, and when the nifty tools fall short on something, it often takes some rather ineligent hacks to get things the way you want them. But overall, ASP.net is IMHO one of the best platforms MS has ever put out. Tue, 17 Jul 2007 22:15:00 GMT donotreply@osnews.com (google_ninja) Comments I like both http://osnews.com/thread?256147 http://osnews.com/thread?256147 I've worked with both quite a bit, and have never seen any recent evidence that IIS is less secure than Apache.

Apache is much more flexible than IIS, and its configuration is accordingly more complex, at least in theory. Of course, most people don't use all of the myriad advanced features Apache offers, so its complexity never enters into it.

I don't have a preference. I do both Rails development and ASP.NET development. With Rails I use Apache and with ASP.NET I use IIS. Both work very well. Tue, 17 Jul 2007 22:19:00 GMT donotreply@osnews.com (Phuqker) Comments RE: Too bad http://osnews.com/thread?256154 http://osnews.com/thread?256154 I think that today security, stability and performance are not enough. IIS is closing the gap. Apache needs new features for web authors and developers.

I am quite sure that some variant of ASP-like vbscript and server side javascript would help. Microsoft oriented developers would love vbscript, and almost everybody would like javascript.

It does not have to be 100% ASP compatible, just close enough. I think that there are ASP developers that have not embraced ASP.net, just like VB programmers still use old VB 6. I am sure that those folks would appreciate that a lot. Tue, 17 Jul 2007 22:52:00 GMT donotreply@osnews.com (trenchsol) Comments My question is http://osnews.com/thread?256156 http://osnews.com/thread?256156 Does Netcraft count all the parked web sites that dont belong to anyone? I remember when parking first appeared, it counted for a huge rise in IIS numbers because a large hosting service (godaddy maybe) moved everything to IIS. I dont think those pages should be counted because even a perl script can serve out a static page like that. Tue, 17 Jul 2007 22:56:00 GMT donotreply@osnews.com (TechGeek) Comments RE: My question is http://osnews.com/thread?256158 http://osnews.com/thread?256158 From TFA:

"In active sites, Apache is now at 49.98% share, less than 14.5% ahead of Microsoft. While that's still a considerable lead, Apache had a 33.4% advantage at this time last July, meaning MS has cut its deficit in half in the past 12 months."

NetCraft's definition of an 'active' site:

http://survey.netcraft.com/index-200007.html#active

So in a nutshell, if you only count active sites, MS is actually gaining even more ground than if you count all sites (parked and otherwise). Tue, 17 Jul 2007 23:04:00 GMT donotreply@osnews.com (jayson.knight) Comments RE[3]: Too bad http://osnews.com/thread?256160 http://osnews.com/thread?256160 "although I don't recall seeing any high profile web sites using it for search engine friendly URLs."

A lot of asp.net sites use homegrown solutions for URL rewriting. I'm still surprised that ISAPI_Rewrite (which is functionally equivalent to mod_rewrite) hasn't gained more traction, but then again URL rewriting didn't really even become an asp.net buzzword until just a couple of years ago, which is something else I find a bit odd given other frameworks have had it for ages now. Tue, 17 Jul 2007 23:11:00 GMT donotreply@osnews.com (jayson.knight) Comments RE[5]: Too bad http://osnews.com/thread?256167 http://osnews.com/thread?256167 And secunia only lists vendor supplied or publicly listed vulnerabilities, MS stopped making that information available and now silently patches vulnerabilities they detect in-house.

That makes zero sense. It isn't necessary for MS to provide reports of vulnerabilities because THE FLAWS WILL BE FOUND AND REPORTED BY THIRD PARTIES, ANYWAY. Security through obscurity isn't effective at containing vulnerabilities. This has been proven time and time again. So, really, you're completely speculating when you suggest that MS is hiding vulnerabilities in IIS6, when Apache compares so poorly. Wed, 18 Jul 2007 00:35:00 GMT donotreply@osnews.com (tomcat) Comments RE: Webservers http://osnews.com/thread?256169 http://osnews.com/thread?256169 that make Apache very bit as friendly to configure as IIS

Friendly? I hope you're kidding.
While IIS may seem friendly at first, you are in for a world of hurt when trying to: a) manage a large number of sites or b) want to migrate those sites to another box.

Sure, MS brought in an "xml" format, but that doesn't mean that configuration migration is as easy as copying an xml file between machines. Those config files have *machine specific data* which makes them unportable. While there are scripts out there that can ease the pain, beware if your configuration includes ssl sites ... I've had bad results which resulted in a long night of entering IIS configurations manually. Try adding 100+ sites manually and you'll see how poor the IIS UI really is.

-- former MS network admin Wed, 18 Jul 2007 01:00:00 GMT donotreply@osnews.com (openwookie) Comments RE[2]: Too bad http://osnews.com/thread?256170 http://osnews.com/thread?256170 I am quite sure that some variant of ASP-like vbscript and server side javascript would help. Microsoft oriented developers would love vbscript, and almost everybody would like javascript.

I had often contemplated the same thing, however the problem is that ASP coders use a lot of COM objects. Most are third party (since ASP had such a poor library). For example, if you wanted to do an http GET, you needed a third party component.

In reality PHP is close enough to ASP for those old skool ASP coders, and it works well on windows servers as well. Wed, 18 Jul 2007 01:07:00 GMT donotreply@osnews.com (openwookie) Comments Typical http://osnews.com/thread?256184 http://osnews.com/thread?256184 Everyone concentrating on the percentages and share when fact is...

Everyone had growth in actual numbers. MS didn't 'lose any installations' and neither did Apache. Yes IIS saw more growth, but nobody actually 'LOST' anything.

If you treat Google as Apache (since it is just a fork) adding their numbers for 'active sites' together, Apache had a 2.1% growth in installs and IIS gained a 4.1% growth in installs (at least for active sites).

Bottom line there's room for both and both are growing.. but of course that's not sensationalistic enough so we have to use 'share' to make somebody look like the loser... The article using share makes it sound like there's a great egress from Apache, which is the farthest thing from the truth. More people are using Apache today than a year ago, AND more people are using IIS than a year ago.

Ah, card stacking... Stating some facts while omitting others - at least netcraft lists their actual numbers so you can make the real determination, instead of just throwing out meaningless percentages only like another recent article.Edited 2007-07-18 03:52 Wed, 18 Jul 2007 03:51:00 GMT donotreply@osnews.com (deathshadow) Comments RE[2]: Webservers http://osnews.com/thread?256198 http://osnews.com/thread?256198 iis 7 in Windows 2008 server has one config file (much like httpd.conf) which you can copy to the other 100 sites to duplicate webservers

fyi

cheers
anyweb Wed, 18 Jul 2007 06:26:00 GMT donotreply@osnews.com (anyweb) Comments RE[6]: Too bad http://osnews.com/thread?256221 http://osnews.com/thread?256221 That makes zero sense. It isn't necessary for MS to provide reports of vulnerabilities because THE FLAWS WILL BE FOUND AND REPORTED BY THIRD PARTIES, ANYWAY.

In a perfect world maybe, but in reality not everyone who finds a flaw will report it. Case in point, someone else already provided a link to symantec's website which describes a professional kit called MPack which is sold by a Russia gang. They would obviously have no interest in reporting vulnerabilities they find. Wed, 18 Jul 2007 10:40:00 GMT donotreply@osnews.com (Lettherebemorelight) Comments RE[3]: Too bad http://osnews.com/thread?256239 http://osnews.com/thread?256239 I am aware of COM problem. On Windows, developers are still going to be able to use COM for some time. I've heard that ASP.NET is radically different from old ASP, and supposed "Apache ASP" might be more comaptible even on non Windows platforms.

ASP interface to COM objects are nothing else but wrapper classes and methods which could be rewritten to point to something else by the community of developers who might be interested to use them. Wed, 18 Jul 2007 12:59:00 GMT donotreply@osnews.com (trenchsol) Comments RE: Typical http://osnews.com/thread?256240 http://osnews.com/thread?256240 Uh. Actually Apache did lose market share. Market share is percentage of the total market, and that percentage went down.

It's a pretty simple concept. Wed, 18 Jul 2007 13:00:00 GMT donotreply@osnews.com (sappyvcv) Comments RE[7]: Too bad http://osnews.com/thread?256241 http://osnews.com/thread?256241 The same can be applied to Apache as well, so the point is moot since it is too much of an unknown factor. Wed, 18 Jul 2007 13:01:00 GMT donotreply@osnews.com (sappyvcv) Comments RE: Typical http://osnews.com/thread?256245 http://osnews.com/thread?256245 Everyone concentrating on the percentages and share when fact is...

Absolute numbers mean nothing if not compared to other players. And the only sane way to compare is % share, not absolute value.

Yes, Apache increased its number of websites hosted but, as article correctly states, IIS gap is less than half it was 1 year ago. That's an huge gain.

When numbers are too big to be analyzed as units, % becomes the notable value. That's normal not only for websites but in every field of society. Wed, 18 Jul 2007 13:40:00 GMT donotreply@osnews.com (TBPrince) Comments RE[2]: iis is hard to maintain. http://osnews.com/thread?256246 http://osnews.com/thread?256246 100% agreed. And it's speed and flexibility is quickly filling the gap with Oracle/Java/JSP stack, though I believe the latter still has some advantage. Wed, 18 Jul 2007 13:45:00 GMT donotreply@osnews.com (TBPrince) Comments RE[2]: Too bad http://osnews.com/thread?256270 http://osnews.com/thread?256270

What annoys me about IIS is how crippled it is (no ModRewrite / htaccess equivalent) and that you have to buy the Pro/Business versions of XP/Vista to get it, when you can download Apache for free and use on any system.

IIS does appear to have support for .htaccess files, but it's quite limited. E.g., only works for simple username/password protection of specific folders - doesn't support customizing mimetypes, specifying default documents (or allowing/disallowing directory listings) for an individual folder, etc. Wed, 18 Jul 2007 18:25:00 GMT donotreply@osnews.com (StephenBeDoper) Comments additional analysis here http://osnews.com/thread?256287 http://osnews.com/thread?256287 The analysis here on the 'trend' is pretty thoughtful:

http://searchenterpriselinux.techtarget.com/originalContent/0,28914...

The numbers are a lot more complex than they appear to be at a glance. Wed, 18 Jul 2007 20:49:00 GMT donotreply@osnews.com (anomie) Comments RE[4]: Too bad http://osnews.com/thread?256293 http://osnews.com/thread?256293

Uh. Ok. 3 vulnerabilities in over 4 years for IIS6. 1 rated not critical, 2 rated Moderately Critical. 1 of the latter 2 only worked if the admin enabled remote administration (probably not a great idea).

33 vulnerabilities for apache 2.0 in over 5 years. 3 still unpatched. 2 of the 33 which were rated highly critical.

What you are missing here is that Apache 2.0 is timeline equivalent of IIS3/4, IIS 5/6 are much closer time-wise to Apache 2.1/2.2, which are supposedly much more secure rewrites.

I must admit IIS 6 is getting strong recommendations from my Wintel colleagues, personally I'd stick with what I know as a Unix admin, but given the people telling me things have changed drastically I'd give IIS 6 a go.

The crux of it is, either will be swiss-cheeseware if misconfigured. Wed, 18 Jul 2007 22:20:00 GMT donotreply@osnews.com (spanglywires) Comments RE[3]: iis is hard to maintain. http://osnews.com/thread?256370 http://osnews.com/thread?256370 Oracle/Java/JSP still has alot of advantages. I have yet to be involved in a major asp project, but I can say from experience that J2EE scales up pretty much as far as you need it. The problem is that it doesnt scale down that well. If you are going to be doing big enterprise software, that isnt a problem as you are going to be writing colossal amounts of foundation code anyways. But if you are just banging out a database front end with some real basic business logic for some small business, the differences are pretty big. On the other hand, J2EE is an industry standard for a reason. The platform is stable, robust, secure, and very rich. So far, I have yet to see anything like EJBs in .net. Thu, 19 Jul 2007 03:08:00 GMT donotreply@osnews.com (google_ninja) Comments RE[3]: Too bad http://osnews.com/thread?256372 http://osnews.com/thread?256372 Old school ASP and ASP.net 2.0 are completely and totally different critters, sort of like VB6 and VB.net. Thu, 19 Jul 2007 03:11:00 GMT donotreply@osnews.com (google_ninja) Comments RE[5]: Too bad http://osnews.com/thread?256380 http://osnews.com/thread?256380 Apache 2.0 was released to the public in 2002 and IIS6 in 2003. Not that far off. Thu, 19 Jul 2007 03:29:00 GMT donotreply@osnews.com (sappyvcv) Comments RE[4]: iis is hard to maintain. http://osnews.com/thread?256388 http://osnews.com/thread?256388 A lot of ignorant comments on this thread - most of it from people who have no experience with IIS or ASP.NET and speculating about it. If you don't know the platform, don't criticize it.

IIS is extremely easy to admin, even for 100's of sites - I've done plenty of this - just learn how to use adsutil.vbs. If you are smart enough to work with httpd.conf/.htaccess, etc then you can learn the metabase.

.htaccess/mod_rewrite - .htaccess is handled by the metabase and there are tons of 3rd party/open source projects in ISAPI or ASP.NET where you can do the same thing

security - as mentioned by many posters, saying IIS 6.0 is unsecure is just plain wrong

J2EE vs .NET - don't want to get into a religious debate here, but from a capability perspective their equivalent. From a developer/ease of use/productivity perspective, it's not even close - the .NET platform is the way to go - it's had the advantage of learning from Java/J2EE's mistakes. This by the way is the reason why Microsoft's web server share is increasing. Many J2EE shops are migrating. Thu, 19 Jul 2007 04:22:00 GMT donotreply@osnews.com (jsmith) Comments RE[8]: Too bad http://osnews.com/thread?256776 http://osnews.com/thread?256776 Ah, no it cant. My point was in reality not everyone who finds a flaw will report it, and I assure can you it is neither moot nor unknown. Fri, 20 Jul 2007 12:04:00 GMT donotreply@osnews.com (Lettherebemorelight) Comments