-----Original Message-----
From: Justin Buist [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 31, 2001 9:44 AM
To: CF-Linux
Subject: Re: CF5 ROCKS on Linux SMP!!!
The thing that bothered me most with CF 4.5 was the crashing under heavy
loads. From what I gathered off Allaire's site this was due to too much
data being pushed through the /tmp/cfserver pipe, and timing between
threads would get messed up and basically trash the whole process
requiring a restart.
[jesse]
Yes, there have been threading issues. Now, I'm not about to say that we
(meaning allaire/macr) are clean of responsibility for this, however, we are
also stuck on the whim of the pthreads and other coders of the
threading/library system. Something to note, Red Hat 6.1 had a pretty good
threading system, it just worked. It wasn't great, it just worked. 6.2 come
to find out, has several bug really DEEP inside the threading code, this is
due to redhat altering some of the lower-level stuff. Then, with 7.0/7.1, we
have a whole new array of issues to deal with.
The threading model is in such a state of flux, it's hard to keep up
with the changes and possible bugs. Being written in C++ doesn't help. Linux
had C++ added as an afterthought I sometimes think. (Go C!). In the past, i
think we have suffered from a shortage of people, and a shortage of in-depth
knowledge about the internal workings of the actual linux system (meaning
the libs, the kernel, etc). However, this has nearly been rectified. (Anyone
wanna read every message on Kernel-Devel for me?)
[/jesse]
Granted, there was a workaround to this -- you'd force Apache/Cfserver to
use TCP/IP sockets (versus a Unix socket) and all was fine. Minus the
10-15% documented performance hit.
Then, they released a patch for everything below 5.0, which fixed a
security hole... and introduced a documented 8-10% performance hit. I
really wish they would disclose some sort of exploit and a paper detailing
exactly what was wrong with the 4.x and below architecture that allows
people to view/delete any file on the system.
[jesse]
I can't help you on this one. Having been the old security-guy (now
linux-guy) i can understand the present security maintainer's reticence when
it comes to disclosing a vulnerability that severe. Primarily, to my
knowledge, the reasoning was two-fold,
1: Issue the patch, without vulnerabilities, to allow Sysadmins enough time
to patch before the Crackerz get thier chance
2: Sometimes, you have to allow for the fact that not every single person
running a cf site pays attention tos ecurity stuff. That's a fact of life
alot of us in the market have to face, Microsoft, Oracle, Cisco, BEA, all of
us. I think, and this is just MY OPINION, that when you are playing ball in
the big boy's game, you need to try to keep as much egg of your face as
possible. This means, you have to look at your ratio of high profile
customers, and the severity of the flaw. Now, Microsoft keeps getting
slammed in the news. why? Thier patch dissemenation process is usually a
reactive stance, whereas someone has already PUBLISHED and exploit.
Generally, at that point, multipl customers have been attacked, it's
hit the news, and wham, public opinion of Microsoft goes down. Now,
sometimes microsoft does the same thing we did, we found a bug, and rather
allow our customers be attacked shortly after the flaw was announced, we
wanted to give them time to patch. I honestly don't know if we will publish
the full details of the exploit. Personally, IMHO, we should. As a security
buff and Linux buff, I truly believe in information dissemenation, however,
I do undertsand that larger companies have to answer to thier paying
customers, and do thier best to protect them.
[/jesse]
Not too long ago on the list there was a bug report involving <cfexecute>
under 5.0, which seemed like another threading issue with CF under Linux
under heavy load. I don't remember any report coming across that this
problem was entirely solved either.
[jesse]
To be honest, I have not seen hide nor hair of this bug. I tried for
some time to recreate it. All i know, is that we KNOW that there is a bug
somewhere in the 7.1 thread handling code. This has been verified by other
developers over the redhat-devel mailing lists. To see the bug report we
filed with redhat (unresolved, but we worked around it, and the workaround
is stable and works great) go to:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=38638
That has almost everything in it.
So far, i have not seen, in my own tests, the Cfexecute bug crop up, but if
it does, and i can recreate it, then I will be pushing a fix through.
[/jesse]
So, my question is, has anybody -really- put CF 5.0 through it's paces on
Linux? Buidling a cross-platform SMP aware multi-threaded application
certainly isn't an easy job... and given Allaire's track record (in my
world) I really don't have much confidence in trying out a new version of
the server. Was 5.0 a complete re-write? What sort of architectural
changes were made to it, if any? What sort of tests are done on a CF
server before it's declared ready for the world? As was mentioned in the
long ago posts on <cfexecute> threads sometimes act differently w/
different libraries and kernels, which can vary from distro to distro. Is
there a set of CF pages and corresponding scripts to force the server to
execute them to test things like this? If so, can we play with them?
Sorry, I realize I'm a bit bitter and biased against CF server. But
received a product labled "Enterprise Edition" and having it crash
because the default install isn't setup to handle heavy loads? If I
wanted that I'd have put IIS up to the job on a box w/ 64 megs RAM :)
[jesse]
I understand your issues. We change, well, alot in CF5 (way too much
to go into inline) but among the changes were the threading situation, we
added speed libraries, etc. To be honest? Download an eval copy, and if you
have issues, email me.
As for tests, I run both my own tests, and then we have regression
suites which test the functionality and reliability of the application. We
test each and every tag, generally multiple times.
Now, due to the fact the cfexecute was such a problem in CF5, i
tried doing my own tests. I don't have the templates anymore (they were on
the fileserver that had most of my work on it, it went the way of the dodo).
With the tools I sent out in my last email, you can recreate the tests
though.
Start with simple cfexecute, and just run the tag through it's
paces, that's what i did, cfexecute simple hello world script to reading and
editing log files and starting apache compilations. Yes, there may be bugs,
it is is literally impossible to test every single flag in every single
condition, even Alan Cox and Linux Torvalds state this regularly.
Thats why we had such a big beta program, we wanted the end-user to
run THIER applications on cf5. We wanted to see if we missed something.
Ah, but I wandered off-point. As it is, we ran CF5 under what was basically
a semi-real test, we put an app on CF-linux, and ran it under load. Now, i
don't mean, 50 users, I mean, hundreds of users, for days at a time. So,
think throwing a load of 100 users at your box steadily over a period of 1
month.
We also ran extreme load testing, where we hammer the box with sometimes
over 500 users, then we ran our "regression suites" under load. Once again,
the regressions test just about every database driver, and tag, in a wide
variety on combinations.
Then, I hand-tested the database drivers shipped with cf. I sat
there for about 3 weeks, setting up the client drivers, porting databases,
created the DSNs, and then running a simple app against them.
In the end though, I truly feel that this is a "see for yourself" sort of
thing. No. It's not going to be perfect. Yes, it will be fast. Yes, there
might be a bug. Yes, we will listen if you have issues.
I consider cf-linux to be my baby. heck, it's my livelihood if nothing
else. That's why I watch all of the mailing lists, I don't catch everything,
but I try to.
Serious, try it out, if you have issues, throw me an email I don't
claim to know everything, but i can track down an answer.
-Jesse
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-linux%40houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_linux or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
