[5043] in WWW Security List Archive
Re: user cgi-advice SUMMARY - let's end this one, shall we?
daemon@ATHENA.MIT.EDU (elroy)
Sat Apr 12 19:14:03 1997
Date: Sat, 12 Apr 1997 09:33:57 -0500 (CDT)
From: elroy <elroy@kcsun3.kcstar.com>
To: Abigail <abigail@fnx.com>
cc: www-security@ns2.rutgers.edu
In-Reply-To: <199704111911.PAA02286@fnx.com>
Errors-To: owner-www-security@ns2.rutgers.edu
On Fri, 11 Apr 1997, Abigail wrote:
> Well, they can still install a binary...
I agree. Thanks to everyone who pointed this out.
> I'm just saying that if you are so paranoid that user disrupt the server,
> or files from other users, it might be better to give them their own
> machine. If they then goof up, they only goof up themselves, and not
> your other customers. And hey, it could even be a marketing ploy:
> "You got your own server - there is noone to share it with".
> But it's your business.
>
A separate machine for each domain I host would cost me more than $100,000.
I spent MUCH less than that, and still have room to grow, both space-
and performance-wise.
I'm also glad I'm not administering 80+ separate machines :)
I'm not going to install a separate machine for each customer - I already
outlined the reasons of maintenance and cost. My time is valuable, and
this isn't a game for me. I'm not suggesting it is for you, either.
> "server" is a function, "PC" is a form of hardware.
Thanks for pointing this out?
There are factors (and I'm sure you've experienced this) that separate
servers from PC's, performance-wise. The most important factor is IO. As
in, PC's don't have enough. Did I mention bus bandwidth?
But lets get back to your original letter, which seems to be a
free-wheeling critique of my grammar, syntax, and technical opinions...
> Bleh, as if freeware isn't software. :)
Freeware definitely isn't commercial software, that much we can agree on.
I prefer to call it "public-domain software", to avoid any negative
connotations for my clients.
> BTW, if they have a problem with 'freeware', why do they want perl?
It's what they've developed their CGI's with. This should have
been clear from my previous postings.
> Personnally, I have a preference for freeware, specially in cases when
> there are bugs. Freeware (at least things like Linux, perl, etc) tend
> to have the reported bugs fixed way faster than large commercial
> software.
My experience has been different. Who do you buy your support
from, that they're so slow? You are on a support plan, right?
I'm curious, what large commercial software have you had direct
experience with? Are you currently using any of the solutions you've
mentioned?
I have replaced a commercial INN with public-domain software, compiled from
source, likewise IRC. They run better, simply put. Likewise with POP3
and Sendmail. But these things are rather off-topic for a www-security
list.
I'm currently running servers with the Netscape server binaries and binaries
compiled from Apache source, and the Netscape httpd out-performs the
Apache httpd. It's also more stable. When something better comes along,
I'll probably use it. Use what works best for you, and keep an open mind about
where the best solution might come from.
I understand what you're saying, and I've tried a lot of different
solutions, so I'm not ignorant either. I've just found a more suitable,
stable, and high-performance solution for my operation. Again, use what
works for you, and focus on that, instead of on my setup.
I'm also aware of the philosophical differences between the noble
freeware developers and the evil commercial developers. I leave
philosophy at home when I go to work, however.
Some of my clients are businesses that have already been burned
by "Web design consultants" who also ran the site, and failed miserably.
They don't want unsupported and untested systems in their
mission-critical operation, any more than you or I would. They appreciate and
pay for my solution, which really is the bottom line.
-elroy (elroy@kcstar.com)
