New York Times being Hacked, Implications

We heard this week about The New York Times being hacked by the Chinese government in retaliation for articles they have written. These remind me that we live  in unsafe times. Waiting for the government to make us safe from the outside world is silly. We need to be more thoughtful about security issues. We need to see that our applications are properly secured, and our networks are secured. Many companies use software like Java, or open source applications like Joomla, WordPress, PhpMyAdmin, Drupal, osCommerce, Zend Cart, X Cart, Openx Adserver, which if not updated frequently and properly secured can allow hackers to exploit or corrupt systems.

Antifragile and implications for software

AntifragileI just finished reading Nassim Nicholas Taleb’s book Antifragile: Things That Gain from Disorder. This is a fascinating book, particularly for those interested in statistics and critical thinking and better understanding the world we currently deal with. He is clearly very bright, and makes a lot of good points. However I don’t agree with many of his arguments. I would not like us to go back to MS-DOS and Windows 3.1 or Java 1.3, just because they are old. I tend to take a more careful thinking and evaluation before moving forward toward new technology. For example products like NodeJs. I don’t want to replace nginx or apache webservers with javascript code running in NodeJs, I think NodeJs, the community and a lot of the libraries are far to immature, like things were with Java 1.2 or Microsoft’s first C++ compiler, it takes more time before things develop. I Like Mongodb, but decided to wait before building applications depending on it. Taleb talks about Black Swan events, which remind me of Hurricane Sandy and the damage it left, and several of the Amazon Aws outages. I think companies need to be careful of putting all their operations with one provider or getting too tightly coupled to platforms that, can have outage events, or problems with availability and developers need to build in to their applications handling to deal with problems like availability and alternative schemes that can be switched, for instance local databases in one’s data center. Companies need to anticipates big swings in demand, and assume that’s something you will deal with, not I’ll deal with it when it comes

Moving from Apache to Nginx with php-fpm

In order to address performance issues we have seen, our company has been switching from apache with mod_php to nginx with php-fpm.

Given that apache httpd webserver is an older code base and does not take advantage of event driven and asyncronous technology this seems to be the future. There are numbers of differences between these two.

Nginx webserver is product that came out of Russia, it had been more obscure, though now it is the #2 webserver. Apache webserver has been an important product in web based technologies for many years, and has been the dominant webserver. Php as a technology is often used in a module in apache (mod_php) or run through a cgi type where php runs in a separate process. To improve performance of cgi type operations the php supports fastcgi. Fastcgi runs a server which keeps a number of php processes live and waiting for traffic and runs them as a server, there are numerous advantages to using this.

At high load apache has been shown to not manage memory as efficiently as possible.

Where nginx really shines is in serving static content, where it’s asynchronous technology allows it to serve more content than other webservers.

Switching to Nginx has required changes, for instance taking out use of apache specific functions like getallheaders() which provides the headers in normal http header form, not in the cgi name scheme that you find in the $_SERVER variable, for instance User-Agent vs HTTP_USER_AGENT, and switching configuration from .htacess files to nginx rewrites.

Configuration of Nginx is different from apache, and ins more scripted than the style of apache.

As far as performance, the verdict is mixed, it can take time to tune nginx and php-fpm. If you are switching thinking it will be a fast win for php applications with peformance problems, think again, you need to look at your code. If you serve a lot of static assets, this might be a boost for you.