Sunday, July 16, 2006

Open-Source and LAMP News Roundup

Interesting collection of news items -- some fresh, others a few weeks old -- assembled into a contextual whole sure to excite the entire family. The speakers at the last few LinuxWorlds were representative of the increasingly corporate face of LAMP: CitiGroup, e-Trade Financial, Cendant Travel (owner of Orbitz and many other sites), and Nationwide among them.

eWeek Grades the Stacks

Last week, eWeek compared a range of popular stacks including Windows JBoss, Windows Python, WAMP, Linux Python, LAMP, Linux JBoss, Linux J2EE and native .NET. Unfortunately, at least from my perspective, the stacks included portal software that clouded the results.

And the portal choices were crucial: SharePoint Portal Server 2003, XOOPS (for PHP), Plone (for Python), and LifeRay and JBoss Portal (for JSP). Certainly for LAMP and J2EE, many other choices were viable contendors.

The biggest surprise? The performance of the WAMP stack was exceptional: its transactions-per-second more than doubled native .NET. In average throughput-per-second, though, native .NET crushed the competition.

Regarding LAMP, eWeek wrote:

This stack's performance numbers suggest what many who have been using PHP for some time now (including some of the busiest blogs on the Web) know to be true—that a pure LAMP-based PHP system can easily handle enterprise-class traffic and loads.

As for WAMP, eWeek reports that it offered the most intriguing results:

The results we saw with the WAMP stacks were probably the biggest surprise in our entire test. Enterprise IT managers shouldn't hesitate to look into the option of deploying open-source stacks on a Windows Server platform.

Stephen J. Vaughan-Nichols adds his two cents regarding the decision to include portal software in the testing:

...I know exactly why these benchmarks produced their results. Indeed, eWEEK Labs agrees with me and points these factors out. For example, all their tests were based on standard portal configuration setups. So, you're not really testing the stacks themselves, you're testing the portals... Given an expert performance tuner's hand on any of the tested configuration stacks, and you would have seen vastly better results from the Linux-based stacks, and better results from the Windows stacks...

In truth, SharePoint has a huge advantage in this sort of analysis: it is tightly integrated from the operating system level all the way through to the application serving framework (.NET). That's not the case with the plethora of OSS portals, which are completely independent projects. Nonetheless, performance results of untuned LAMP and WAMP stacks are exceptionally intriguing.

Enterprise LAMP usage noted by CNet

Last week's CNet article, "Open-Source LAMP a beacon to developers," points to the dramatic rise in enterprise LAMP development:

The so-called LAMP stack of open-source software--which includes the Linux operating system, Apache Web server, MySQL database and scripting languages PHP, Perl or Python--is pushing its way into mainstream corporate computing... Indeed, several companies are staking out businesses around the open-source software rather than aligning with Microsoft's .Net or with Java 2 Enterprise Edition (J2EE) server software and tools...

"What we've seen in the last two years is corporations saying, 'We don't need these big heavy J2EE application servers. Why don't we migrate to something easier to deploy and less costly?'" said Mark Brewer, CEO of Covalent...

"If you look at .Net or J2EE, they are top-controlled by single entities to make decisions--sometimes good decisions, sometimes bad," said Marten Mickos, CEO of MySQL. "In the LAMP stack, the evolutionary powers make sure that only best-of components survive. It is a difference in philosophy."

Both Microsoft and Java vendors are clearly aware of the popularity of LAMP...

Real Meme on J2EE and Mono: Waning

Over at Real Meme, the assertion is that J2EE has topped out and is on the wane. Evidence includes a statistical/quant analysis of the newsgroups and related technology areas (report: Saving J2EE). As for Mono, Real Meme reports, "He's still dead, Jim."

An InternetNews analysis asks, "Is Java EE's Complexity Its Worst Enemy?":

Java Platform, Enterprise Edition is such an unwieldy beast that developers are moving away from it, cherry picking the few pieces they need or looking at open source alternatives. And if the trend continues, Java EE could die on the vine.

That's the conclusion of a report from The Burton Group, written by an analyst who has authored three books on Java 2 Enterprise Edition (its old brand name). "So it's not like I want this to be the case," joked Richard Monson-Haefel, senior analyst for Burton and author of the report...

That's been my experience. Whenever comparable web application projects were delivered in CPG, banking, and healthcare areas -- and one was in J2EE and the other in LAMP/WAMP -- each and every time the latter project beat it to market. And usually with far less FTE count. I'm not sure whether the key factors were complexity, learning curve, ramp-up time, or vagaries of the development/testing environment, but it always seemed the J2EE project lagged. Pfizer is another example of a company that has publicly reported similar results.

Open-source and Security

First came word that Antivirus vendor Trend Micro has definitively stated that open-source software is "more secure". Raimund Genes, Trend's CTO noted:

Open source is more secure. Period... More people control the code base; they can react immediately to vulnerabilities; and open source doesn't have so much of a problem with legacy code because of the number of distributions.

Other news hitting the mainstream media: word of widespread exploitation of a "feature" of the Windows File System (NTFS), which is used to create nearly invisible rootkits (self-hiding malware packages). Some commentators had warned for years that Alternate Data Streams (ADS) were rife for abuse. More recently, rootkit sites, WhiteHat tools, and even CIO Magazine have picked up the drumbeat. All point to a capability in the Windows OS that is extraordinarily difficult to police. Imagine a file -- created right from user-mode -- that is completely invisible to all but the most sophisticated tools. Effectively, that's the net-net of Windows' ADS.

OSS and Microsoft

There has been plenty of speculation about Microsoft's "co-opetition" with the world of OSS. Most recently, Sys-con editorializes MSFT's decision to provide interoperability between Office file formats and the Open Document Format (ODF):

Microsoft has up and made a 180-degree turn and is now saying it's going to half-heartedly support the Oasis-blessed OpenDocument Format (ODF) foist on it by Sun and the sovereign Commonwealth of Massachusetts, whose adoption of the anti-Microsoft format has threatened to start a wholesale defection from the Microsoft standard, particularly by government.

Not to be outdone, Google has joined the burgeoning ODF Alliance, which started with 36 members in March and is now at 240... Anyway, Microsoft says it's created what it calls an open source Open XML Translator program and that the stuff - described as "a technical bridge" between its own Open XML formats and ODF... This is Microsoft's first open source project, new and hostile territory for the company, but it's gone so far as to post a prototype for Word 2007 on Sourceforge.

And at ZDNet, Dana Blankenhorn asks, "What would a Microsoft fade mean for open-source?"

...Just as the cost of starting production rises exponentially as chips get more complex, so the cost of developing and maintaining software rises with complexity.

In hardware, this means the number of companies which can afford a fabrication plant or "fab" declines. In software it means that fewer-and-fewer companies can compete in important niches as software grows more complex... Open source may be software's way out of Moore's Second Law. And that law will continue to bite every remaining competitor in the proprietary realm, including Microsoft.

No comments: