Friday, September 16, 2011

Human factor

Having recently moved to a netbook, I realized again how important performance is for software development. I realized it even more when my Android phone became almost unusable after another software upgrade. As a kid I was a big fan of a computer demoscene where gifted coders showed to the world how to make the hardware do things unimaginable even by its creators (like a famous Commodore 64 FLI graphic mode). Now when the number of small devices connected to the Internet exceeds the number of computers and laptops wired to the global network, writing efficient software is a must: Facebook develops HipHop for PHP (written in C++), Google releases Native Development Kit for Android and makes Go the first compiled programming language available for the Google App Engine platform.

It is commonly argued that ANSI C is the "fastest programming language" that exists. No it's not. The language itself is neither slow nor fast, it's the implementations that are (compare Ruby and JRuby for example). However, it's true that software written in C can be usually compiled to the most efficient executable code (excluding pure assembly). No wonder that the most efficient pieces of software, like operating system kernels (Linux, BSD, Solaris, Windows, etc) or programming language VMs (Common Lisp, Python, PHP, Ruby, and even Java) are all written almost exclusively in C (not even C++).

Out of curiosity I started to look around for web software written in C and found a wonderful web server called G-Wan. It's very small and its performance looks really amazing as compared to other web servers - some enthusiastic reviews even call it The Future of the Internet and wonder why such a brilliant software is not popular. Well, G-Wan is not popular, because there is a problem. A big problem. And the name of the problem of G-Wan is Pierre Gauthier, its author. If you browse through the G-Wan's website and forum you can learn that he is a man with a really huge ego (he calls himself one of the best engineers available), who loves to criticize other people's work (like Poul-Henning Kamp's, the author of Varnish). But at the same time he does not want to publish his own source code nor make it open source, because he perceives other developers as inferior idiots, who would surely break it or at least bring nothing interesting to the existing code base. Moreover, evil government agents will try to introduce backdoors into his software and you are more secure when Pierre hides his code deep under his bed and tells you that you should trust him. And of course you do, don't you? And if you invest your time and money in G-Wan you don't have to worry at all about future development and maintenance, because even though the source code is closed, Pierre also gives you his word that he will not drop the software, and that he will never get hit by a bus (I'm not exaggerating, just read this post). I will not go deeper into his paranoia of his website being constantly attacked by Microsoft and NSA servers, because you already should have an idea about the way the guy thinks.

Edit: On the contrary to the information provided by its author, some security problems have actually been found in G-Wan. The affected version 2.10.6 is no longer available, and the issue was addressed by Pierre in his usual manner (one of the most funny claims is that nobody ever tried to confirm the bugs, while there is no archive of older G-Wan versions to verify it). Also, any links leading to the report are being actively removed from Wiki pages (see the comments to this post for details).

On the other pole there is a true pearl called Tiny C Compiler created by Fabrice Bellard. It's so insanely fast (it can compile the typical Linux kernel in less than 15 seconds!) that it can be used to write scripts or servlets in ANSI C (guess what is used internally by G-Wan to compile the servlets). With another open source project, libmicrohttpd, it can become a good alternative if you want to build a small, fast web server that can use ANSI C servlets (for example as an embedded router software). Libmicrohttpd is fully HTTP 1.0 and 1.1 compliant, and it offers several threading models, so you can tune your software and choose which one suites you best in your environment. If I was supposed to build a tiny embeddable web server, I would definitely choose open source libmicrohttpd + tcc + some personal coding over G-Wan.

P.S. G-Wan's author deleted forum from his website, also ensuring (with carefully crafted robots.txt file) that none of its contents is archived by search engines. The forum contained many important information for G-Wan users, but user support is obviously less important than invalidating links in this and other unfavourable posts. Of course you are still welcome to believe in "source code insurance", and that the same will never happen to G-Wan.

15 comments:

johnny said...

How do you see performance of technologies based on Java against G-Wan and libmicrohttpd ?

kklis said...

I haven't run any benchmarks myself, but I read some interesting results published by Paco Hernandez. In this post he showed that pure Java 7 HTTP server was only 10% slower than G-Wan. After some modifications suggested by Pierre (like using Keep Alive and more intensive concurrency) he ran another set of tests which showed that G-Wan, in some conditions, can beat Java code even by 24%.
As regards libmicrohttpd I think that its performance can rely heavily on how you actually implement the server. As you can learn from discussion between Paco and Pierre it's actually the TCP/IP stack overhead which is a wall you finally hit when trying to improve performance.

AnotherHumanBeing said...

Actually, "G-WAN is 400% faster than this [hello-world-only-Java-server-example] (not 24% faster)" - that's what they agreed on if you keep reading:
http://forum.gwan.com/index.php?p=/discussion/comment/824/#Comment_824

Check the benchmark against real web/caching proxy servers/web accelerator:
http://nbonvin.wordpress.com/2011/03/24/serving-small-static-files-which-server-to-use/

..and they were benchmarked using AB, Lighttpd's Weighttp stress tool is better at it:
http://forum.gwan.com/index.php?p=/discussion/525/webserver-scalability-varnish-nginx-lighttpd-g-wan-rpscpuram

...and better yet wait for/do benchmarks of the new 64bit version:
http://www.gwan.com/en_timeline.html

About the human factor... have you ever worked as support/customer service?

So you are discarting a free, secure, high-performance, unique-feature-rich with easy to use and well documented API that comes with lots of examples, with the optional reasonably priced paid support from the developer himself... because the developer don't want to open the source and aren't scared to share his opinion on the huge amount of people over decades polishing ineffective solutions rather then thinking out of the box, while a single man with a fresh view in a couple of years made the best web/application/mostly any other type (using the handlers) server /fastest no-SLQ DB bundle in a nice 300k file?

kklis said...

Yeah, it seems I forgot to mention about his social marketing skills :)

AnotherHumanBeing said...

I like how people like to switch the focus of the discussion from G-WAN to it's author.

You may disagree with his opinions, object the way he express them, or have any other general or personal dislike... but once you boot up a live CD, download and test G-WAN, or better yet objectively compare it's features and performance to all other solutions - you WILL respect his programming skills.

kklis said...

Software is not only about the code. It's also about development perspectives and further maintenance, no matter how brilliant its author is or how much he thinks of himself. As a user I prefer solutions that are either widely supported or open source and I don't want to be a hostage of one arrogant and potentialy unstable developer. What would happen now to all servers dependent on ReiserFS if its code wasn't open source?

AnotherHumanBeing said...

Worried about development perspectives and further maintenance - as in, he suddenly decides to stop developing/maintaining the platform he needs to build his paid web services on? The source code insurance http://www.gwan.com/insurance will protect you even from that unlikely force majeure case.

Wide support and open source are nice things, but security (zero security problems since the first beta, can any other server say the same or at least for the last 2-3 years?) stability (even in his release candidate state it's more stable then most, no surprise there - how many bugs can squeeze in unnoticed in a 100k executable) and simple configuration and API are way more important - so you don't need to fix or pay to be fixed/configured - it just works.

Anonymous said...

This is an incredibly insightful read, and explains why Pierre thinks the Wikipedia admins are censoring G-WAN: http://en.wikipedia.org/wiki/Wikipedia:Articles_for_deletion/G-WAN_(Web_server)

Anonymous said...

@AnotherHumanBeing

I bet there is lots of security problems in G-Wan. Holes just havent been found yet since G-Wan is so unpopular and rare software that nobody uses it.

Also its closed source so people cant even try to find holes in it.

And btw.. how do we know that Pierre is not implementing hidden backdoor in G-Wan?

Is he even a real person or somekind of alter ego or internet alias for a real "hiding" person?

There is nothing to be found about him online..

AnotherHumanBeing said...

You can start by looking in the about section of G-WAN site...

Are you sure that inserting a backdoor in an already amazingly feature-packed 100k file and security by unpopularity and/or closed source is what have planned a guy concerned with things like these:

http://forum.gwan.com/index.php?p=/discussion/comment/2803

http://forum.gwan.com/index.php?p=/discussion/333/top-10-web-application-security-risks/

http://forum.gwan.com/index.php?p=/discussion/466

If you answer is still "yes" after reading those and all the other security related topics on the forum - do yourself/point anyone with the skills to find security problems/backdoors in it. I would gladly enjoy reading another reply from Pierre like this one :)

http://gwan.ch/en_timeline.html#fredrik_widlund

kklis said...

The size of the executable is no evidence at all. You can have a stunning intro with animation and sound packed in just 4k, and I once wrote a DOS keylogger in assembly which was below 1k.
What you are trying to say is that everybody should trust Pierre, because he is so awesome. In my opinion it would not only be wrong, it would just be plain stupid.

AnotherHumanBeing said...

What I'm trying to say is that stupid is trusting Microsoft, Skype and thousands of other companies developing closed source software that regularly call home to auto-update (or so they say) several megabytes to patch security problems (that sometimes reappear or been active several years and could be avoided by design) and some of them force you to agree to sucpicious (to say the least) terms and conditions and some even have been proven to contain backdoors:

http://forum.gwan.com/index.php?p=/discussion/comment/460/#Comment_460

And even more stupid is trusting each and everyone of the unknown developers employed/fired by a known company and all others unknown companies/freelancers outsorced to... over a single developer that knows: "I would be in jail overnight. Unlike MSFT & Co. I cannot afford to buy
politicians, either at home or abroad..." and he knows that first hand screewed by american competitors and his own frech government:

http://www.twd-industries.com/archives/groupama_exposed.pdf

The fact that BigCos do what they want without any punishment have kept him from opening his code... besides the "security by many eyes" didn't made apache and other open source projects to be exploit-free:

http://forum.gwan.com/index.php?p=/discussion/comment/457/#Comment_457

kklis said...

I have more faith in the community than in one paranoid developer. According to Netcraft webserver usage statistics so does the majority of the world's population - whether you like it or not.

Anonymous said...

Oh wow. Have a look at this: http://www.wikivs.com/index.php?title=G-WAN_vs_Nginx&action=history

Also, I think this is Pierre's StackOverflow account. He didn't use his real name, but it sounds a lot like him judging by his typos, writing style and the ferocity with which he defends G-WAN.

Mojombo said...

I think it's pertinent to point out that "AnotherHumanBeing" is a pseudonym used by Pierre all around the net; you can even tell by the writing style. I find it queer how he continually refers to himself in third person...