wkdshadow
Posts: 129
Joined: 2/6/2008
Status: offline
|
Disclamer: I do HPCC for an alexa top 200 site. I can verify that for those that call BS, just send me a message. I'm going to go in detail, most of you will get lost. Don't feel bad.
That said, the answer is unequivocally Linux, or FreeBSD. In both systems, the kernel can be cut down to the bare essentials required for your implimentation, resulting in less clocks to spawn a new thread, and less idle kernel I/O handling other functions of the OS. Both linux and bsd can be made "tickless", further reducing wasted CPU time. SMP and PREEMPT support is better in Linux than in windows, with a much more efficient threading library. conntrack can easily be turned off if you've got enough connections hitting your webserver, making it "stateless", overall reducing stack overhead when you get to that point.
The linux kernel has various options when it comes to cluster computing. Most options don't run in userland. You can do IPVS for IP loadbalancing between machines. You can do OpenMOSIX for application level load balanced, or KTCPVS. It gos without saying, these solutions are free, and you don't have to pay to add another node to the cluster.
Back to the kernel. Anyone here with an opinion actually know the difference inbetween 32 and 64 bit CPUs? It's a rather recent development (last few years) that windows added x86_64 support. Even with it's x86_64 support, memory allocation sucks. The windows kernel isn't compiled for the CPU it's on. Does your CPU support SSE3? Kickass, your kernel doesn't, it's still issuing legacy 386 instructions, and there's nothing you can do to trim that fat. There's nothing you can do to add support for new instruction sets, you're at the mercy of microsoft. In linux, when you compile from source, GCC -O2 optimizes the code to run as fast as possible on the system.
What about mass storage options? Windows has no mount command, and no software raid. You cannot readily create a ramdisk in windows without third party utilities, and then you're hitting userland to do it. While windows has [non standard compliant] SMB(samba) support, it does it's transferers over TCP. TCP has more overhead than UDP, using more of your network resources to do the same task. NFS [which gos over UDP] client support can be installed by installing the Unix Services For Windows, but performance is abysmal. As far as I know, there is no microsoft NFS server. For even more high performance throughput, microsoft leaves you out to dry. There is no SCSI/SATA/ATA over ethernet solution by microsoft. Every solution I've seen is third party, and not operating in the kernel, it's again userland. You're also limited to NTFS or FAT32, of which both filing systems suck in comparison to open source alternatives. There is no support for XFS, AFS, or the sexy sexy SEXY ZFS, let alone any FS.
Security. Heh. Difficult topic here. I've been in Information Security for 12 years(yes, that makes me 8 when I got into it "professionally"), and it's an arguement that I still haven't figured out how to win with my peers. "Linux" is not the software bundled with it. Linux is not apache. Linux is not KDE, or Gnome. Linux is not konquerer, or lynx for that matter. Different distributions of linux ship different packages, compiled with different flags. Just because Ubuntu can get nailed by an exploit, doesn't mean slackware can. Windows on the other hand *is* explorer, is IE. Every copy of windows comes with the same software. There are no differences. In Windows there is very little privledge seperation inbetween applications, and whereever possible everything is mashed together without privledge seperation. It was not designed with security in mind. ACLs are addon. Users by default run as admin. As I said, everything microsoft ties into itself.
If one element of the MS system is exploited, the whole OS is compromised. An example of this is the recent WMF and ANI exploits, which are responsible for the drive-by banner ad attacks that are oh so popular now-a-days. Can you think of a similiar attack vector for linux? Me neither.
Now, that's not to say linux(as in the kernel) hasn't had it's problems. It has. There's been some nasty exploits, but most of them require LOCAL ACCESS. Think of the latest vmsplice exploits, the x86_64 ia32 troubles, or the various 2.6/2.4 exploits like sys_prctl(), uselib(), mremap(), shit like that. But for every linux kernel exploit, how many ones are there for windows?
Another issue is updates. Microsoft will consider it's phone home technology a serious update, but didn't issue ANI/WMF exploit patches for how many weeks? Linux is fixed in hours, and you can grab the code from CVS to fix your shit. With microsoft, you're stuck in the foxhole with no ammo.
What about severity? Most exploits for windows will have you executing code as administrator/owner/system. Not so with linux. With linux, if code is executed and it's not a kernel level exploit(that is, the base operating system), it runs as the user running the application. So if your web browser gets exploited in linux, the whole system isn't owned(unless you're a dumbass running as root). There are far fewer code execution exploits for linux than windows. A majority of them are denial of service exploits. That's the difference inbetween an attacker running a program of their choosing, vs a program crashing annoyingly.
windows firewall vs iptables? HAH! iptables is much more efficient than the routing options built into the kernel of windows(which is a butchered BSD stack from how many years ago?). You can't patch the windows firewall to do what you want, like iptables TARPIT rules(really nifty! If you're still reading, google. No need for labrea tarpit!)
Enough about security, it's getting boring. Back to performance.
While MySQL is bane of my existance, it's still better than MSSQL. It's faster, it's more secure, and it scales better. MSSQL can only support 4gb of memory per server, even on an x86_64 system. MySQL doesn't, it'll take what you give it. And, MSSQL is your only MS branded option for a database... well, other than excel, BAHAHAHA. It's just a great (free!) alternative to MSSQL. You could go with OracleDB if you want, or any other system. There's no lockin.
IIS? Again, IIS has had more holes in it than a white man during the fall of apartheid. It's slow. PHP support was slow to be adopted, and FastCGI support still sucks. IMO, Apache sucks too. IMO, the only real choice is lighttpd. Again, it's fucking free. It's faster than Apache, it'll do the same shit, and it supports memcached.
Oh yeah. memcached. memcached is a nifty cluster-caching system. It'll let you load a whole database, no matter the size, into the ram of your cluster nodes. You can load exabytes of data into memcached, and it doesn't care, so long as you've got the RAM and node count to support it. It doesn't matter what you put into memcached, you can cache anything. The reason this is signifigant is it allows whatever you put into memcached to be read off of solid state, with no seek times. Reading from RAM is much faster than reading from your harddrive, even if you've got an enterprise level solid state drive. microsoft has no such solution.
Plus, linux is free, and you've gotta pay for windows...
In short, Windows < Linux
In long, lighttpd + mysql + memcached > all.
< Message edited by wkdshadow -- 2/22/2008 3:58:10 PM >
|
RE: WebServer: Linux or Windows 2003? - 
Profile
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread