Re: [Mono-list] ASP.NET - usability/robustness/safety
On Tue, 2004-07-27 at 19:36, Miguel de Icaza wrote: snip/ Any software that does anything remotely interesting today is likely to infringe on a dumb patent in a way or another, specially web sites. (Many apologies for bringing this up now, but I thought it somewhat relevant.) Just to follow up on this, the Foundation for a Free Information Infrastructure put up a site demonstrating how a simple, typical, web page would infringe on 20 European patents. http://webshop.ffii.org/ And to make you *really* scared, these are software patents *already granted* in the software patent free European Union. As soon as software patents are legalized in Europe, all of these can be used for licensing or lawsuits. It's a fair bet that most of these patents also exist in the U.S.A. In short, don't worry about patents: you can guarantee there's a patent already issued on whatever it is you want to do anyway. So you can either do nothing (say bye to the software field), ignore them, or deal with them on a case-by-case basis (effectively ignoring them until you can't ignore them ;-). Or, lobby your lawmakers and get the patent situation fixed. Which is really the only viable solution unless we want to see the death of independent developers for the next 20 years... - Jon ___ Mono-list maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/mono-list
Re: [Mono-list] ASP.NET - usability/robustness/safety
Hello, 1) Is the ASP.NET mono sections + apache plugin ready for primetime -- i.e., has this stuff been load tested, is the security there, can it scale to handle a fairly large website? There are some people using it for medium sized applications, but this is definitely an early adopter group, so possible kinks might not have been worked out yet. We have done a best-effort to make sure that ASP.NET and mod_mono would be secure, and there is a continuous effort to improve its performance, scalability and robustness, but like any other 1.0 product, it is too early to give you hard numbers on this. Today Novell and Mainsoft work as a team in improving the ASP.NET support, and we are both committed to improve the same code base. 2) Are any other non-hobby sites using mono's asp.net implementation? Volcker is using it for rolling out its asset management software to the city of Munich (we talked about this on the Mono announcement, details are there) and the mono site uses it to run a couple of web services and applications. A few small companies have used it, but we only hear from them when they run into a bug, so it is hard to track down the deployments. 4) From what i've read, ASP.NET is not covered under ECMA specs and therefore is not as legally safe from lawsuit from MS as the compiler/JIT/corelibs are. So would it be stupid to risk using mono's ASP.NET implementation for a commercial venture -- i.e., too risky legally? The story is a long story, and this message should not be taken as being legal advise. If you want legal advise, you should consult a lawyer. That being said: Any software that does anything remotely interesting today is likely to infringe on a dumb patent in a way or another, specially web sites. If we are ever notified of a patent infringement by the patent holder in Mono, we will follow the regular process: * Identify whether we do effectively infringe. * If we do, find prior art, to determine whether the patent would hold in court. * If the patent would hold, then we would rewrite the code to avoid infringing the patent claim. * if the above is not possible, we would remove the patented code altogether from Mono. Now if the patent holder (Microsoft or a third party) is willing to license the patent under reasonable terms, we would likely offer a service to Mono users by which they could obtain a copy of Mono with the patent-using software. Miguel ___ Mono-list maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/mono-list
Re: [Mono-list] ASP.NET - usability/robustness/safety
How would you feel though about running a site w/ mono/apache/linux/aspx though that takes credit card transactions and stores credit card #'s in a backend mySQL database? Because the mono mod plugin for Apache is fairly new code (as is the entire mono code base), would people consider this to be too risky? Would there be too many discovered holes that could compromise my system and the credit card #'s on the backend? This is not to knock the plugin or mono by saying its immature, obviously there has been an incredible amount of progress that has been made very very quickly and lots of blood/sweat/tears, but i wonder if using it for commercial backend that holds confidential personal financial information would be unwise at this point. Thanks for all feedback - Ron --- ted leslie [EMAIL PROTECTED] wrote: Ron Afloh wrote: I had a few questions about ASP.NET as supported by mono and apache. In short, i'm considering using it to write a commercial webpage and wanted to get feedback from you guys on how good/bad of an idea this is. 1) Is the ASP.NET mono sections + apache plugin ready for primetime -- i.e., has this stuff been load tested, is the security there, can it scale to handle a fairly large website? 2) Are any other non-hobby sites using mono's asp.net implementation? I used it for the Toronto NXNE music festival web site (the venue schedule and music listing part), it got hit at a pace of about 50,000 page hits (in its busiest period) / day. About 2000 unique vistors per day. Infrequently, the mod_mono process would constantly take some cpu time (even when no hits) and the pages would not serve up, a early-morning cron to restart mod_mono/apache kept it reiable, but I am also using a 4+ month old version on Mono. No other problems except above have been noticed. Id hope the new version doesn't have this issue. 3) If the asp.net stuff is not ready for full blown commercial websites any ideas on when that level of robustness/security/load-handling will be there? 4) From what i've read, ASP.NET is not covered under ECMA specs and therefore is not as legally safe from lawsuit from MS as the compiler/JIT/corelibs are. So would it be stupid to risk using mono's ASP.NET implementation for a commercial venture -- i.e., too risky legally? In our projects, some of the programmers develop in the MS .Net Visual Studio and test on their IIS and with a Postgres DB running on a Linux box, then they simply load it on to the Linux server as they finish it, so it works on the MS environment to begin with then dropped into Linux. If MS flexs some muscles at a later time, worst case, it gets hosted on a MS box, but I think thats unlikely, and if it got to that point, MS would probably have a .NET product for Linux. So to be safe, you might want to make sure what you create runs on both systems (as you create it). There is no IDE for Mono yet (monodevelop doesn't have a html layout - integrate components to DB fields - etc), so you probably will end up using MS Visual studio anyways, so you know it will work on MS, you'll just deploy on Linux to save on the OS cost (perhaps the DB cost), and of course reduce all the time wasted in installing virus defs, service patches, and fighting blue screens .. At this time we have had to avoid (to be functional on both platforms), Server.Transfer (use Response.Redirect), and turning off components, and thus setting Validation for them to false also is buggy, other then these two issues, so far, all we create works between the two environments. I did read the FAQ and searched the last few months of postings and didn't really see anything that answered all of these -- hopefully i didn't miss anything to obvious :) I'm also aware that some of these questions are not black and white and may not have an answer at all -- regardless, i appreciate everyones input and suggestions. Cheers - Ron __ Do you Yahoo!? Vote for the stars of Yahoo!'s next ad campaign! http://advision.webevents.yahoo.com/yahoo/votelifeengine/ ___ Mono-list maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/mono-list ___ Mono-list maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/mono-list __ Do you Yahoo!? Yahoo! Mail - You care about security. So do we. http://promotions.yahoo.com/new_mail ___ Mono-list maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/mono-list
Re: [good] Re: [Mono-list] ASP.NET - usability/robustness/safety
Based on the exploits i have seen on MS-SQL of recent, etc, nothing is going to be safe really, if you really want safe, submit the CC# through a Java App. (or Flash) that will encrypt them, and therefore they never sit anywhere in the publicly accesable side of your system in readable form. Since Mono isn't likely as much of a target ? it might even be safer. For the part of your site that accepts CC#, you could always just do that part SSL to Perl/C cgi script (if that is more proven to you)... I have made a site with primarily Mono but through a bit of Perl in (both having Postgres access). -tl Ron Afloh wrote: How would you feel though about running a site w/ mono/apache/linux/aspx though that takes credit card transactions and stores credit card #'s in a backend mySQL database? Because the mono mod plugin for Apache is fairly new code (as is the entire mono code base), would people consider this to be too risky? Would there be too many discovered holes that could compromise my system and the credit card #'s on the backend? This is not to knock the plugin or mono by saying its immature, obviously there has been an incredible amount of progress that has been made very very quickly and lots of blood/sweat/tears, but i wonder if using it for commercial backend that holds confidential personal financial information would be unwise at this point. Thanks for all feedback - Ron --- ted leslie [EMAIL PROTECTED] wrote: Ron Afloh wrote: I had a few questions about ASP.NET as supported by mono and apache. In short, i'm considering using it to write a commercial webpage and wanted to get feedback from you guys on how good/bad of an idea this is. 1) Is the ASP.NET mono sections + apache plugin ready for primetime -- i.e., has this stuff been load tested, is the security there, can it scale to handle a fairly large website? 2) Are any other non-hobby sites using mono's asp.net implementation? I used it for the Toronto NXNE music festival web site (the venue schedule and music listing part), it got hit at a pace of about 50,000 page hits (in its busiest period) / day. About 2000 unique vistors per day. Infrequently, the mod_mono process would constantly take some cpu time (even when no hits) and the pages would not serve up, a early-morning cron to restart mod_mono/apache kept it reiable, but I am also using a 4+ month old version on Mono. No other problems except above have been noticed. Id hope the new version doesn't have this issue. 3) If the asp.net stuff is not ready for full blown commercial websites any ideas on when that level of robustness/security/load-handling will be there? 4) From what i've read, ASP.NET is not covered under ECMA specs and therefore is not as legally safe from lawsuit from MS as the compiler/JIT/corelibs are. So would it be stupid to risk using mono's ASP.NET implementation for a commercial venture -- i.e., too risky legally? In our projects, some of the programmers develop in the MS .Net Visual Studio and test on their IIS and with a Postgres DB running on a Linux box, then they simply load it on to the Linux server as they finish it, so it works on the MS environment to begin with then dropped into Linux. If MS flexs some muscles at a later time, worst case, it gets hosted on a MS box, but I think thats unlikely, and if it got to that point, MS would probably have a .NET product for Linux. So to be safe, you might want to make sure what you create runs on both systems (as you create it). There is no IDE for Mono yet (monodevelop doesn't have a html layout - integrate components to DB fields - etc), so you probably will end up using MS Visual studio anyways, so you know it will work on MS, you'll just deploy on Linux to save on the OS cost (perhaps the DB cost), and of course reduce all the time wasted in installing virus defs, service patches, and fighting blue screens .. At this time we have had to avoid (to be functional on both platforms), Server.Transfer (use Response.Redirect), and turning off components, and thus setting Validation for them to false also is buggy, other then these two issues, so far, all we create works between the two environments. I did read the FAQ and searched the last few months of postings and didn't really see anything that answered all of these -- hopefully i didn't miss anything to obvious :) I'm also aware that some of these questions are not black and white and may not have an answer at all -- regardless, i appreciate everyones input and suggestions. Cheers - Ron __ Do you Yahoo!? Vote for the stars of Yahoo!'s next ad campaign! http://advision.webevents.yahoo.com/yahoo/votelifeengine/ ___ Mono-list maillist -
[Mono-list] ASP.NET - usability/robustness/safety
I had a few questions about ASP.NET as supported by mono and apache. In short, i'm considering using it to write a commercial webpage and wanted to get feedback from you guys on how good/bad of an idea this is. 1) Is the ASP.NET mono sections + apache plugin ready for primetime -- i.e., has this stuff been load tested, is the security there, can it scale to handle a fairly large website? 2) Are any other non-hobby sites using mono's asp.net implementation? 3) If the asp.net stuff is not ready for full blown commercial websites any ideas on when that level of robustness/security/load-handling will be there? 4) From what i've read, ASP.NET is not covered under ECMA specs and therefore is not as legally safe from lawsuit from MS as the compiler/JIT/corelibs are. So would it be stupid to risk using mono's ASP.NET implementation for a commercial venture -- i.e., too risky legally? I did read the FAQ and searched the last few months of postings and didn't really see anything that answered all of these -- hopefully i didn't miss anything to obvious :) I'm also aware that some of these questions are not black and white and may not have an answer at all -- regardless, i appreciate everyones input and suggestions. Cheers - Ron __ Do you Yahoo!? Vote for the stars of Yahoo!'s next ad campaign! http://advision.webevents.yahoo.com/yahoo/votelifeengine/ ___ Mono-list maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/mono-list
Re: [Mono-list] ASP.NET - usability/robustness/safety
In answer to your question #2, I run a site that we launched a couple of weeks ago (www.edcomp.com) using asp.net and mono. Right now it is getting 2000 visitors a day and 5000 page views. So it's not a hobby site but not a full commercial site either. So far there have been some problems, but nothing that I would consider too severe. I have run into problems where it appears that the mod_mono_server is not releasing memory properly if left to run too long. I end up having to shut down mod_mono_server once a week to prevent it from crashing apache. I'm not sure why this is happening. The other inconvenience is that I use code-behind. Right now mod_mono_server does not recognize changes to the assembly and won't load the new assembly unless you kill and restart the server. I have heard that there is a patch that makes it so you only need to restart apache to get the changes, but I haven't installed it yet. I have been using mono for asp.net for about 5 months now and have been really impressed. I prefer using asp.net on a Windows machine, but where I am limited to using Linux it works great. On Fri, 23 Jul 2004 09:18:02 -0700 (PDT), Ron Afloh [EMAIL PROTECTED] wrote: I had a few questions about ASP.NET as supported by mono and apache. In short, i'm considering using it to write a commercial webpage and wanted to get feedback from you guys on how good/bad of an idea this is. 1) Is the ASP.NET mono sections + apache plugin ready for primetime -- i.e., has this stuff been load tested, is the security there, can it scale to handle a fairly large website? 2) Are any other non-hobby sites using mono's asp.net implementation? 3) If the asp.net stuff is not ready for full blown commercial websites any ideas on when that level of robustness/security/load-handling will be there? 4) From what i've read, ASP.NET is not covered under ECMA specs and therefore is not as legally safe from lawsuit from MS as the compiler/JIT/corelibs are. So would it be stupid to risk using mono's ASP.NET implementation for a commercial venture -- i.e., too risky legally? I did read the FAQ and searched the last few months of postings and didn't really see anything that answered all of these -- hopefully i didn't miss anything to obvious :) I'm also aware that some of these questions are not black and white and may not have an answer at all -- regardless, i appreciate everyones input and suggestions. Cheers - Ron __ Do you Yahoo!? Vote for the stars of Yahoo!'s next ad campaign! http://advision.webevents.yahoo.com/yahoo/votelifeengine/ ___ Mono-list maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/mono-list -- Jeff Love Webmaster EducationOnlineForComputers.com Intelinfo.com ___ Mono-list maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/mono-list
Re: [good] [Mono-list] ASP.NET - usability/robustness/safety
Ron Afloh wrote: I had a few questions about ASP.NET as supported by mono and apache. In short, i'm considering using it to write a commercial webpage and wanted to get feedback from you guys on how good/bad of an idea this is. 1) Is the ASP.NET mono sections + apache plugin ready for primetime -- i.e., has this stuff been load tested, is the security there, can it scale to handle a fairly large website? 2) Are any other non-hobby sites using mono's asp.net implementation? I used it for the Toronto NXNE music festival web site (the venue schedule and music listing part), it got hit at a pace of about 50,000 page hits (in its busiest period) / day. About 2000 unique vistors per day. Infrequently, the mod_mono process would constantly take some cpu time (even when no hits) and the pages would not serve up, a early-morning cron to restart mod_mono/apache kept it reiable, but I am also using a 4+ month old version on Mono. No other problems except above have been noticed. Id hope the new version doesn't have this issue. 3) If the asp.net stuff is not ready for full blown commercial websites any ideas on when that level of robustness/security/load-handling will be there? 4) From what i've read, ASP.NET is not covered under ECMA specs and therefore is not as legally safe from lawsuit from MS as the compiler/JIT/corelibs are. So would it be stupid to risk using mono's ASP.NET implementation for a commercial venture -- i.e., too risky legally? In our projects, some of the programmers develop in the MS .Net Visual Studio and test on their IIS and with a Postgres DB running on a Linux box, then they simply load it on to the Linux server as they finish it, so it works on the MS environment to begin with then dropped into Linux. If MS flexs some muscles at a later time, worst case, it gets hosted on a MS box, but I think thats unlikely, and if it got to that point, MS would probably have a .NET product for Linux. So to be safe, you might want to make sure what you create runs on both systems (as you create it). There is no IDE for Mono yet (monodevelop doesn't have a html layout - integrate components to DB fields - etc), so you probably will end up using MS Visual studio anyways, so you know it will work on MS, you'll just deploy on Linux to save on the OS cost (perhaps the DB cost), and of course reduce all the time wasted in installing virus defs, service patches, and fighting blue screens .. At this time we have had to avoid (to be functional on both platforms), Server.Transfer (use Response.Redirect), and turning off components, and thus setting Validation for them to false also is buggy, other then these two issues, so far, all we create works between the two environments. I did read the FAQ and searched the last few months of postings and didn't really see anything that answered all of these -- hopefully i didn't miss anything to obvious :) I'm also aware that some of these questions are not black and white and may not have an answer at all -- regardless, i appreciate everyones input and suggestions. Cheers - Ron __ Do you Yahoo!? Vote for the stars of Yahoo!'s next ad campaign! http://advision.webevents.yahoo.com/yahoo/votelifeengine/ ___ Mono-list maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/mono-list ___ Mono-list maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/mono-list
