Linked by Howard Fosdick on Sat 24th Nov 2012 17:52 UTC
Editorial Do you depend on your computer for your living? If so, I'm sure you've thought long and hard about which hardware and software to use. I'd like to explain why I use generic "white boxes" running open source software. These give me a platform I rely on for 100% availability. They also provide a low-cost solution with excellent security and privacy.
Thread beginning with comment 543204
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Slashdot Circa 1999
by ze_jerkface on Sun 25th Nov 2012 17:21 UTC in reply to "RE: Slashdot Circa 1999"
ze_jerkface
Member since:
2012-06-22


Maybe with PHP but for sure not with any of the other mentioned alternatives. At least not any more than their Windows counterparts.


LAMP is PHP land and there is no equivalent to .NET on the server.

saying you should throw out your IIS and .Net apps and switch to Linux and what not but your comment is just as clueless as the one you're complaining about.


I work on both LAMP and .NET professionally and it's not my decision to "throw out" anything. I also know what the hell I am talking about since I deal with this problem throughout the year.

Here is an example:

Zencart (one of the top shopping carts)
Zen Cart v1.5.0

Minimum server requirements:

PHP 5.2.14 or higher, or PHP 5.3.5 or higher.
Apache 2.x or newer (Specifically the latest PCI Compliant version)


PHP 5.2.14 came out in 2010. Why should a shopping cart be dependent on the latest version of PHP and a specific series of a web server? Why is there an Apache dependency? What if I don't want to use Apache?

This is the norm in Linuxland. Everyone builds against latest since there isn't anything like .NET to maintain backwards compatibility. The standard strategy is to get latest and tell anyone who has software dependent on PHP or MySQL N-1 to f themselves. I know this first hand since I've had to fix a lot of PHP code that had dependency breaks or was version abandoned by the developer.


That's not my experience. It would seem developers have moved on from the CentOS/RHEL stone age to distros that aren't stuck 5+ years ago.


Well you don't know much about LAMP development then. What developers would like to use and what they build against for business reasons are two entirely different things. CENT/RHEL is the standard for web servers and going outside it increases the conflict risk. That means higher support costs.

Again don't get defensive since all these annoying dependencies benefit Linux when it comes to web servers. It creates inertia and discourages stepping outside the norm.

Reply Parent Score: 2

RE[3]: Slashdot Circa 1999
by Alfman on Sun 25th Nov 2012 17:37 in reply to "RE[2]: Slashdot Circa 1999"
Alfman Member since:
2011-01-28

ze_jerkface,

"Well you don't know much about LAMP development then. What developers would like to use and what they build against for business reasons are two entirely different things. CENT/RHEL is the standard for web servers and going outside it increases the conflict risk. That means higher support costs."

I think Soulbender would already agree with your complaints about PHP, as do I. But you are exaggerating the difficulty of using alternate linux distros for the server. It's practically plug and play no matter which distro you use. Also, I haven't had much trouble replacing apache with alternates like lighttp either, just because it's not officially supported doesn't mean it doesn't work.

I'm not saying we should step outside of "supported" installations willy nilly, but if there is a good reason to then it's certainly feasible.

Reply Parent Score: 6

RE[4]: Slashdot Circa 1999
by ze_jerkface on Sun 25th Nov 2012 18:22 in reply to "RE[3]: Slashdot Circa 1999"
ze_jerkface Member since:
2012-06-22

But you are exaggerating the difficulty of using alternate linux distros for the server. It's practically plug and play no matter which distro you use.


Yes it is plug and play for a basic setup and the same is true for Windows Server and FreeBSD. Want CPANEL? It's only supported in CENT/RHEL. Sure you can probably get it working in Debian but then all it takes is a single module break down the line to make you wish you stayed in the norm. LAMP software is more dependent on CENT/RHEL than it was 5 years ago. The LAMP world is not some hippie software exchange; it's filled with commercial companies and developers that have limited resources and can't afford to test in every distro.


just because it's not officially supported doesn't mean it doesn't work.


That doesn't fly in the business world. You don't stake your reputation on unsupported software.

Edited 2012-11-25 18:25 UTC

Reply Parent Score: 2

RE[3]: Slashdot Circa 1999
by Morgan on Mon 26th Nov 2012 00:14 in reply to "RE[2]: Slashdot Circa 1999"
Morgan Member since:
2005-06-29

Here is an example:

Zencart (one of the top shopping carts)
Zen Cart v1.5.0

Minimum server requirements:

PHP 5.2.14 or higher, or PHP 5.3.5 or higher.
Apache 2.x or newer (Specifically the latest PCI Compliant version)

PHP 5.2.14 came out in 2010. Why should a shopping cart be dependent on the latest version of PHP and a specific series of a web server?


You answered your own question in your example: PCI Compliance. I'm dealing with this exact issue with a client right now. I've almost convinced her to leave Zen Cart behind for a sane solution, but she has a love/hate relationship with it; she loves the power and flexibility, but loathes the compliance issues. If it weren't for the PCI Compliance nightmare, I'd be content to support her Zen Cart instance, but it's making us both pull our hair out.

Reply Parent Score: 4

RE[4]: Slashdot Circa 1999
by ze_jerkface on Mon 26th Nov 2012 00:54 in reply to "RE[3]: Slashdot Circa 1999"
ze_jerkface Member since:
2012-06-22

No that doesn't answer my question because you could have PCI compliance without dependence on a specific web server version. It also doesn't explain why a shopping cart needs the latest PHP.

Most LAMP software lacks data abstraction layers and backwards compatibility. Why is it so hard to admit this? It's not like Linux is threatened on web servers.

Reply Parent Score: 2

RE[3]: Slashdot Circa 1999
by Soulbender on Mon 26th Nov 2012 01:40 in reply to "RE[2]: Slashdot Circa 1999"
Soulbender Member since:
2005-08-18

LAMP is PHP land and there is no equivalent to .NET on the server.


The OP talked about PHP/Perl/Python.

Zencart (one of the top shopping carts)
Zen Cart v1.5.0

Minimum server requirements:

PHP 5.2.14 or higher, or PHP 5.3.5 or higher.
Apache 2.x or newer (Specifically the latest PCI Compliant version)


OH MY GOD! You found an application with some stringent requirements. Wow, good thing there are no .NET apps out there that require a specific .Net or IIS version....

Why should a shopping cart be dependent on the latest version of PHP and a specific series of a web server

...wait. Does it depend on the latest version or 5.2 and 5.3?

What if I don't want to use Apache?


Have you actually tried using it with something else? We have FPM these days and I'm still to find a PHP app that ran with mod_php and not fpm. Maybe zencart is horribly written and won't work outside mod_php but that's a developer problem, not a PHP one.
Also Apache 2.x or later is not a specific version and if you're still using Apache 1.x you have bigger problems.

I know this first hand since I've had to fix a lot of PHP code that had dependency breaks or was version abandoned by the developer.


In other words, a developer problem and not a PHP problem.

Well you don't know much about LAMP development then.

Yeah, sure I don't. Personal attack already? Argument not going well?

CENT/RHEL is the standard for web servers and going outside it increases the conflict risk.


That's an imaginary risk. In terms of web development the differences between RHEL/CNT and, say, Ubuntu Server or SuSE aren't significant.

Reply Parent Score: 8

RE[4]: Slashdot Circa 1999
by ze_jerkface on Tue 27th Nov 2012 18:06 in reply to "RE[3]: Slashdot Circa 1999"
ze_jerkface Member since:
2012-06-22

OH MY GOD! You found an application with some stringent requirements. Wow, good thing there are no .NET apps out there that require a specific .Net or IIS version....


The major difference being you can target older versions of .NET even if the framework or IIS version has been upgraded. There is no pressure to target latest since there is only one framework and security updates are applied uniformly. It's a clean system but on web servers the inertia is behind LAMP so Windows Server ends up with the same chicken and egg problem as Linux on the desktop.


Have you actually tried using it with something else?

I used it merely as an example since it is commonly used. You'll find most of the competition to Zencart also targets a very recent version of PHP. It goes back to the treadmill problem that I was talking about.


That's an imaginary risk. In terms of web development the differences between RHEL/CNT and, say, Ubuntu Server or SuSE aren't significant.


It's only imaginary if you think support risks are imaginary. Can all distros get a LAMP stack up and going through the repository? Of course, but the risks exist in third party software especially where there is a commercial drive to sell to shared hosts where the typical environment is a CENT/RHEL based LAMP setup. There is also a lot of Oracle stuff that isn't supported in minor distros and I'm sure that will get worse over time. In fact I fully expect Oracle to pull a rug shake at some point where they make Unbreakable Linux look like the safer choice for web hosts.

Reply Parent Score: 3

RE[3]: Slashdot Circa 1999
by darkcoder on Tue 27th Nov 2012 15:28 in reply to "RE[2]: Slashdot Circa 1999"
darkcoder Member since:
2006-07-14

PHP 5.2.14 came out in 2010. Why should a shopping cart be dependent on the latest version of PHP and a specific series of a web server? Why is there an Apache dependency? What if I don't want to use Apache?


And why are you using an old version of PHP. PHP developers maintain 2 branches (5.4, 5.3) of their software. For each one they do a point release every month or 2 to fix issues (being security most of the time). So having an old (and probably vulnerable) version exposed to the outside world is not very wise.

What you need to do if you use a Linux distribution that is release based, raise the voice and ask them to provide point releases instead of "backporting" bug fixes which usually came late, if they came after all.

Edited 2012-11-27 15:30 UTC

Reply Parent Score: 3

RE[4]: Slashdot Circa 1999
by ze_jerkface on Wed 28th Nov 2012 18:22 in reply to "RE[3]: Slashdot Circa 1999"
ze_jerkface Member since:
2012-06-22

And why are you using an old version of PHP. PHP developers maintain 2 branches (5.4, 5.3) of their software. For each one they do a point release every month or 2 to fix issues (being security most of the time). So having an old (and probably vulnerable) version exposed to the outside world is not very wise.


Backwards compatibility and security are not mutually exclusive. With .NET hotfixes simply fix the code without requiring anyone to move to a newer version.

FYI I don't maintain older versions of PHP. But I have had to fix plenty of PHP code that was built against an older version. Sadly there are tons of web framework plug-ins and themes that were built without any regard for maintainability which makes the problem even worse.

Reply Parent Score: 2

RE[3]: Slashdot Circa 1999
by darkcoder on Tue 27th Nov 2012 19:33 in reply to "RE[2]: Slashdot Circa 1999"
darkcoder Member since:
2006-07-14

Well you don't know much about LAMP development then. What developers would like to use and what they build against for business reasons are two entirely different things. CENT/RHEL is the standard for web servers and going outside it increases the conflict risk. That means higher support costs.

Again don't get defensive since all these annoying dependencies benefit Linux when it comes to web servers. It creates inertia and discourages stepping outside the norm.


Maybe RHEL is the standard in Linux servers, but their long term release is not the best choice for all the packages that form the RHEL distribution. Yes, a LTS Kernel/Core packages mean a stable system, but why I want backported patches to all the web apps it provides. They don't even trust that system on their own servers. For example, check in RHEL/CENTOS repository which version of Bugzilla they have available for install. I'm sure they don't have the last one, which in fact is the one currently running on their own bug tracking server.
https://bugzilla.redhat.com/

Also (and sorry if I get you down of that cloud), (1) Developers test against the upstream packages, that's why a package said it requires at least X.Y version, and (2) Who told you upstream developers user RHEL in the first place. They usually use more lean and clean distributions (the lest fat, the better).

Edited 2012-11-27 19:51 UTC

Reply Parent Score: 1

RE[4]: Slashdot Circa 1999
by ze_jerkface on Wed 28th Nov 2012 18:46 in reply to "RE[3]: Slashdot Circa 1999"
ze_jerkface Member since:
2012-06-22


Maybe RHEL is the standard in Linux servers, but their long term release is not the best choice for all the packages that form the RHEL distribution.


I think you and others here have taken my criticism as an attack on all non-RHEL distros.

RHEL/CENT is the top choice for web hosts and the best choice for low conflict risk for lamp servers. That doesn't make it the best distro by any means and in fact I haven't met anyone that actually likes it. RHEL is like the Windows 98 of Linux Distros. It's a safe choice for compatibility and support but it didn't win the top spot through technical merit.

Who told you upstream developers user RHEL in the first place. They usually use more lean and clean distributions (the lest fat, the better).


I'm talking about the commercial LAMP industry, not Linux developers in general. That industry targets the most common environment which is RHEL/CENT.

Reply Parent Score: 2