Category Archives: Blog

DeveloperSide.NET is converting to a Wiki

I have finally decided to convert DeveloperSide.NET and project into a Wiki.

All Guides, and Articles, will be user editable. Users will also be able to create new pages.

There will be no CAPTCHAs or login-required policies. Just strong spam control. The goal here is to make the entire editing process as painless as possible.

Choosing the right Wiki Engine was not simple… It came down to three choices: MediaWiki, TWiki, MoinMoin.

MediaWiki was too popular and bloated for my taste; which also translated into being insecure and most likely to be targeted by spam bots.

MoinMoin had the benefit of being written in Python, using flat files [simplicity is best], and having ACLs.

The final choice between TWiki and MoinMoin came down to this: Ubuntu, Apache, Fedora, Debain, and Xen all use MoinMoin as their Wiki.

If possible, I might even try to convert the entire site into a Wiki, and make the development of the Suite a community effort.

Due note that this is a big undertaking and might take a while to get up and running.

What Is a Wiki (and How to Use One for Your Projects)

Updated mod_aspdotnet Released

mod_aspdotnet has been resurrected and a new version [2006] released; read more here…
[Announce] (NON-ASF) mod_aspdotnet build 2006 released

Build 2.x.0.2006 is the first freestanding (non-ASF) release from the mod-aspdotnet project home, and includes a number of bug fixes since the final ASF-hosted release.

Note: the 2.2 builds do not seem to be working — it looks [under Dependency Walker] as if the build was linked, partially, against one of the Apache 2.0 libs.

Profit Margins on Commodity PCs

$60 to keep crapware off of a Windows PC?

The question is:

Why are “open source” [no pre-loaded OS] Dell PCs priced $50+ more than identical hardware with Vista pre-loaded?

As it turns out to be, the profit margins on the actual Dell box is close to zero after it reaches your door. Most of the profit comes from the spyware/adware/crippleware [crapware] that Dell ships with the box.

Another great business model has been created; bringing spamming directly to the desktop, included with the hardware for your convenience.

IIS vs. Apache, Reported Vulnerabilities

And round and round we go again: history repeating itself one more time.

So what’s the newest Microsoft FUD [Fear, Uncertainty, and Doubt] tactic these days…

Apparent, its getting a bunch of bloggers and security experts to regurgitate a statement containing the abstract fact that Apache has 33 reported “vulnerabilities” to IIS’ 3.

How exactly those numbers directly translate into a Web Server’s security mark, is of course left out.

Lets look at this issue a bit closer:

Apache serves 2/3rd of the internet. It has thousands of developers and companies around the world working with the codebase: constantly securing, improving, developing, and moving Apache forward.

This is considered to be a *bad thing* by the Micosoft camp? Vulnerabilities should not be looked for, nor reported and fixed.

So I have just one question: how many vulnerabilities would be reported for IIS if the source code was open?

I think it might also be prudent to…

  1. Break down the numbers of vulnerabilities for Apache core and specific modules.
  2. Reflect on the seriousness of the reported vulnerabilities… Is this just theoretical, of insignificant nature, has an exploit been developed [how about 3 years after the fact]?
  3. The time period between a vulnerability being reported and fixed.
  4. How many of the reported vulnerabilities did you actually needed to respond to?

Take a look for yourself… Apache 2.0 Vulnerabilities Apache 2.0 Vulnerabilities and Fixes

Throwing out abstract statistics has no purpose other than spreading FUD.

Instead, why not report on the merits of IIS itself… Specifically, on the improvements and features of IIS 6 and 7.

“Apache Performance Tuning” Article

I’m ashamed to say that its actually been quite a long time since I have written a new article for DeveloperSide.NET… My time has been taken up with other work.

Time-to-time, I have been questioned on the specifics of increasing the performance of an Apache-based Web Server, specifically our Web-Developer Server Suite. Not that the Suite itself, or the end-users, *need* an extra boost; the term *want* describe this odd, yet very familiar, phenomena much better. And one of the things I have learned is that you have to give the people what they _want_, and not what they _need_…

Trying to correct this oversight, I have put up an article that’s ready to squeeze every last bit of performance out of a Server:
Apache Performance Tuning

As all our Articles, and Guides, are works-in-progress, expect for some changes and updates to occur [I even go back and update/rewrite old blog posts].

Windows, the Path of Least Resistance

I was reading my copy of the Unix System Administration Handbook this morning, and came across this passage at the very end…

“We produced the first edition of this book with the UNIX troff package. For the second edition, we used a Macintosh. We produced this third edition entirely on Microsoft Windows 95, 98, and 2000. Oh, such delight! We’ll never touch UNIX again.”

I found the excerpt to be a bit humorous, considering the source [the bible of Unix Administration]. And how Linux is sometimes *pushed* on Windows users, by some. [guilty as charged... but I have changed my ways, I promise.]

Personally, I would rather use the tools that get the most amount of work done for the least amount of effort.